Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USB .Trashes and shortcuts problem; No Trash icon on desktop


  • This topic is locked This topic is locked
40 replies to this topic

#1 AnBoKi

AnBoKi

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 31 October 2013 - 03:15 AM

Greetings. I've been having this problem for several months and just can't get rid of it. When I plug in any storage device (USB stick, iPod nano, SD cards etc.) and open it all I see are shortcuts. And .Trashes folder always appears. I can open folders and then access files in these folders, but if a file is in the root of USB it will be categorized is unknown file and I won't be able to open it. I use cmd command (attrib -s -r -h X:*.* /s /d) so that my computer shows me files, but I have to do it every time. And it just duplicates files and folders. I also don't have Trash icon on my desktop. I use Avast Antivirus and update it regularly. When I scan USB drives it finds threats: Trashes and few more. It says it is a dropper and trojan virus. Deleting doesn't help because it is all the same next time I plug in USB drive. I tried formatting drives but it is still the same. 

Here is a log: 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Dujmenovic at 9:01:50 on 2013-10-31
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1295 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\Mobilni internet\OnlineUpdate\ouc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.a-searchpage.info/?pid=946&r=2013/06/01&hid=1029744405&lg=EN&cc=BA&unqvl=18
mStart Page = hxxp://websearch.a-searchpage.info/?pid=946&r=2013/06/01&hid=1029744405&lg=EN&cc=BA&unqvl=18
mWinlogon: SFCDisable = dword:-99
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
dRun: [LClock] c:\program files\lclock\LClock.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uExplorerRun: [Windows Update] "c:\documents and settings\dujmenovic\application data\microsoft\avsic\avsic.exe" -shell
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
TCP: NameServer = 79.143.160.20 62.68.96.8 79.143.168.8
TCP: Interfaces\{764B1011-E795-4837-AFA2-416C782F88EB} : DHCPNameServer = 79.143.160.20 62.68.96.8 79.143.168.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\kloehk.dll c:\progra~1\wxdown~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-6-17 20744]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2012-12-17 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-9-22 165456]
R1 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys [2003-2-25 56261]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2012-12-17 39352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-10-20 242240]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-12-17 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-9-22 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2013-9-22 40384]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2013-9-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2013-9-22 40384]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-7-24 76544]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S2 Mobilni internet. RunOuc;Mobilni internet. OUC;c:\program files\mobilni internet\updatedog\ouc.exe [2013-7-24 655712]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-10-12 1684736]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-6-17 29192]
S3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2007-1-5 93056]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys --> c:\windows\system32\drivers\cv2k1.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-7-24 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-7-24 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-7-24 95744]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2013-7-24 67584]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2013-7-24 27520]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-6-17 25480]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [2005-4-8 162176]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2013-4-18 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2013-4-18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2013-4-18 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2013-4-18 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2013-4-18 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2013-4-18 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2013-4-18 109864]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2013-10-7 155824]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-10-24 06:25:33 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-10-24 06:25:26 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-09-21 13:00:56 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-09-20 19:33:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-09-18 12:12:41 0 ----a-w- c:\documents and settings\dujmenovic\application data\5.tmp
.
============= FINISH:  9:02:28,73 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 31 October 2013 - 04:06 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • I'll catch you tomorror sinice I need my sleep. :)

 

 

Regards,
Georgi


cXfZ4wS.png


#3 AnBoKi

AnBoKi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 01 November 2013 - 02:14 PM

 

Thanks for answering so fast. Here's a log. Can't figure out how to attach a file.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Dujmenovic (administrator) on DUJMENOV-65EED6 on 01-11-2013 20:00:57
Running from C:\Documents and Settings\Dujmenovic\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3, v.6284 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Documents and Settings\All Users\Application Data\Mobilni internet\OnlineUpdate\ouc.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\WINDOWS\System32\PAStiSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2837864 2010-06-28] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
HKCU\...\Policies\Explorer\Run: [Windows Update] - "C:\Documents and Settings\Dujmenovic\Application Data\Microsoft\avsic\avsic.exe" -shell No File
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {25ab776e-73b0-11e2-b495-485b39d814b8} - "I:\WD SmartWare.exe" autoplay=true
MountPoints2: {5105bb1e-155d-11e3-8bf4-485b39d814b8} - I:\AutoRun.exe
MountPoints2: {85ab85d0-f45e-11e2-8be0-485b39d814b8} - I:\AutoRun.exe
MountPoints2: {85ab85d3-f45e-11e2-8be0-485b39d814b8} - I:\AutoRun.exe
HKU\Administrator\...\Run: [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe"
HKU\Administrator\...\Run: [LClock] - C:\Program Files\LClock\LClock.exe
HKU\Administrator\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\Administrator\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\Administrator\...\RunOnce: [IE7-10] - rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
HKU\Administrator.DUJMENOV-65EED6\...\Run: [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe"
HKU\Administrator.DUJMENOV-65EED6\...\Run: [LClock] - C:\Program Files\LClock\LClock.exe
HKU\Administrator.DUJMENOV-65EED6\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\Administrator.DUJMENOV-65EED6\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\Administrator.DUJMENOV-65EED6\...\RunOnce: [IE7-10] - rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
HKU\Administrator.DUJMENOV-65EED6.000\...\Run: [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe"
HKU\Administrator.DUJMENOV-65EED6.000\...\Run: [LClock] - C:\Program Files\LClock\LClock.exe
HKU\Administrator.DUJMENOV-65EED6.000\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\Administrator.DUJMENOV-65EED6.000\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\Administrator.DUJMENOV-65EED6.000\...\RunOnce: [IE7-10] - rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
HKU\Administrator.DUJMENOV-65EED6.001\...\Run: [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe"
HKU\Administrator.DUJMENOV-65EED6.001\...\Run: [LClock] - C:\Program Files\LClock\LClock.exe
HKU\Administrator.DUJMENOV-65EED6.001\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\Administrator.DUJMENOV-65EED6.001\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\Administrator.DUJMENOV-65EED6.001\...\RunOnce: [IE7-10] - rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
HKU\Default User\...\Run: [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe"
HKU\Default User\...\Run: [LClock] - C:\Program Files\LClock\LClock.exe
HKU\Default User\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\Default User\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\Default User\...\RunOnce: [IE7-10] - rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\kloehk.dll c:\progra~1\wxdown~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll [ 2012-10-03] ()
BootExecute: autocheck autochk /r \??\I:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.a-searchpage.info/?pid=946&r=2013/06/01&hid=1029744405&lg=EN&cc=BA&unqvl=18
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.a-searchpage.info/?pid=946&r=2013/06/01&hid=1029744405&lg=EN&cc=BA&unqvl=18
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=946&r=2013/06/01&hid=1029744405&lg=EN&cc=BA&unqvl=18
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=946&r=2013/06/01&hid=1029744405&lg=EN&cc=BA&unqvl=18
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2210608 2006-10-26] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 79.143.160.20 62.68.96.8 79.143.168.8
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default
FF user.js: detected! => C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: SearchNewTab - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\4e_6laxa@iioaaovyaq.com
FF Extension: wxDownload - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\50e9888d14268@50e9888d142a2.com
FF Extension: coNtoinuieTosave - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\rl.4@kiut-aau.co.uk
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [50e9888d14268@50e9888d142a2.com] - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\50e9888d14268@50e9888d142a2.com
FF Extension: wxDownload - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\50e9888d14268@50e9888d142a2.com
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [rl.4@kiut-aau.co.uk] - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\rl.4@kiut-aau.co.uk
FF Extension: coNtoinuieTosave - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\rl.4@kiut-aau.co.uk
FF HKLM\...\Firefox\Extensions: [4e_6laxa@iioaaovyaq.com] - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\4e_6laxa@iioaaovyaq.com
FF Extension: SearchNewTab - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\4e_6laxa@iioaaovyaq.com
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt
 
Chrome: 
=======
CHR Extension: (Lockify) - C:\DOCUME~1\DUJMEN~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aiigoloogeminempipceaikpnaimbekd\0.9.21.503_0
CHR Extension: (LoopDaLoop) - C:\DOCUME~1\DUJMEN~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\clhambhgmoihmhbfjmmaciggnfcfkflo\0.2.1_0
CHR Extension: (Lucidchart Diagrams - Desktop) - C:\DOCUME~1\DUJMEN~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj\1.73_0
CHR Extension: (WorkFlowy) - C:\DOCUME~1\DUJMEN~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm\1.0.4_0
CHR Extension: (Exfm) - C:\DOCUME~1\DUJMEN~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mleeljpaahmfjalppocodgakabmgekim\1.0.4_0
CHR Extension: (Google Wallet) - C:\DOCUME~1\DUJMEN~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
 
========================== Services (Whitelisted) =================
 
R2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Mobilni internet. RunOuc; C:\Program Files\Mobilni internet\UpdateDog\ouc.exe [655712 2012-02-24] ()
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2013-09-21] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [53248 2005-01-14] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 WMPNetworkSvc; "C:\Program Files\Windows Media Player\WMPNetwk.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [28880 2010-06-28] (ALWIL Software)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [17744 2010-06-28] (ALWIL Software)
R2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [100176 2010-06-28] (ALWIL Software)
R3 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23376 2010-06-28] (ALWIL Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [165456 2010-06-28] (ALWIL Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [46672 2010-06-28] (ALWIL Software)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
S3 Cardex; C:\WINDOWS\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows ® 2000 DDK provider)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
R1 cdawdm; C:\Windows\System32\DRIVERS\CDAWDM.sys [56261 2003-02-25] (Far Stone Inc.)
S3 CMISTOR; C:\Windows\System32\DRIVERS\cmiucr.SYS [93056 2007-01-05] (C-Media Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39352 2009-12-14] (Infowatch)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-20] (DT Soft Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95744 2011-11-24] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [67584 2011-11-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2011-11-24] (Huawei Technologies Co., Ltd.)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
R1 kl1; C:\WINDOWS\system32\drivers\kl1.sys [128016 2009-09-01] (Kaspersky Lab)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [36880 2009-10-14] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [315408 2012-12-17] (Kaspersky Lab)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [32272 2009-09-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-10-02] (Kaspersky Lab)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2006-02-26] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [58600 2010-01-28] (NVIDIA Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\pfc027.sys [162176 2005-04-08] ()
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Standard 2004.SP2b (Win32 x86)\Sandra.sys [13824 2004-08-12] (SiSoftware)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113104 2012-08-24] (Power Software Ltd)
R2 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows ® 2000 DDK provider)
R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [90968 2004-03-19] (VM)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [x]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [x]
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S3 Btcsrusb; System32\Drivers\btcusb.sys [x]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]
S3 CV2K1; system32\DRIVERS\cv2k1.sys [x]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [245376 2011-12-31] (Huawei Technologies Co., Ltd.)
S4 IntelIde; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2008-05-02] ()
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-01 20:00 - 2013-11-01 20:00 - 00000000 ____D C:\FRST
2013-10-30 13:46 - 2013-10-30 13:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-30 13:46 - 2013-10-30 13:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-30 13:46 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-30 13:46 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-30 13:46 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-30 13:46 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-30 13:46 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-30 13:45 - 2013-10-30 13:46 - 00004639 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-28 20:04 - 2013-10-28 20:04 - 00001739 _____ C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2013-10-26 13:41 - 2013-10-26 13:41 - 00000000 ____D C:\Documents and Settings\Dujmenovic\My Documents\GTA San Andreas User Files
2013-10-25 12:05 - 2013-10-25 12:05 - 00000665 _____ C:\Documents and Settings\All Users\Desktop\Look 312P.lnk
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Program Files\Look 312P
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Program Files\Common Files\Look312P
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Look 312P
2013-10-25 12:05 - 2005-06-27 17:24 - 00184392 _____ (VM) C:\WINDOWS\system32\VM31bPrp.Ax
2013-10-25 12:05 - 2004-03-19 17:11 - 00090968 _____ (VM) C:\WINDOWS\system32\Drivers\usbVM31b.sys
2013-10-25 12:05 - 2003-05-15 16:17 - 00061440 _____ (VM) C:\WINDOWS\system32\VM31bSTI.dll
2013-10-25 11:44 - 2013-10-25 11:44 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\SlimWare Utilities Inc
2013-10-25 11:44 - 2013-10-25 11:44 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Downloaded Installers
2013-10-23 21:01 - 2013-10-23 21:01 - 00040273 _____ C:\Documents and Settings\Dujmenovic\Desktop\Jaguar+XJ220-93+.rar
2013-10-18 20:12 - 2013-10-18 20:12 - 00000000 ____D C:\Program Files\Activision Value
2013-10-18 16:57 - 2013-10-18 16:57 - 00921632 _____ C:\StiImg.dat
2013-10-18 16:56 - 2008-04-14 03:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfwwdm32.dll
2013-10-18 16:56 - 2005-01-14 08:32 - 00053248 _____ C:\WINDOWS\system32\PAStiSvc.exe
2013-10-18 16:54 - 2013-10-18 16:54 - 00000000 ____D C:\WINDOWS\PixArt
2013-10-18 16:54 - 2013-10-18 16:54 - 00000000 ____D C:\WINDOWS\Album
2013-10-18 16:54 - 2013-10-18 16:54 - 00000000 ____D C:\Program Files\VideoCAM GE111
2013-10-18 16:54 - 2013-10-18 16:54 - 00000000 ____D C:\Program Files\Common Files\PCCamera
2013-10-18 16:54 - 2013-10-18 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoCAM GE111
2013-10-18 16:53 - 2013-10-18 16:53 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2013-10-18 14:20 - 2013-10-18 14:20 - 00000000 ____D C:\Program Files\ValuSoft
2013-10-18 13:31 - 2013-10-27 20:08 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Start Menu\Programs\Activision Value
2013-10-18 13:31 - 2013-10-18 13:32 - 00000000 ____D C:\Program Files\Trymedia
2013-10-07 15:08 - 2013-10-07 15:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sony
2013-10-07 14:36 - 2013-10-07 14:36 - 00000000 ____D C:\Documents and Settings\Dujmenovic\My Documents\My Podcasts
2013-10-07 14:36 - 2013-10-07 14:36 - 00000000 ____D C:\Documents and Settings\Dujmenovic\My Documents\Media Go
2013-10-03 19:11 - 2013-10-03 19:11 - 00000000 ____D C:\Program Files\Graph
2013-10-03 19:11 - 2013-10-03 19:11 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Start Menu\Programs\Graph
 
==================== One Month Modified Files and Folders =======
 
2013-11-01 20:00 - 2013-11-01 20:00 - 00000000 ____D C:\FRST
2013-11-01 19:36 - 2013-01-03 11:11 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-01 18:57 - 2012-10-12 16:58 - 00513916 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-01 18:53 - 2013-01-03 11:11 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-01 18:53 - 2012-12-28 13:13 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-11-01 18:53 - 2012-11-22 09:24 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-11-01 18:53 - 2012-10-14 09:59 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2013-11-01 18:53 - 2012-10-12 17:01 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-01 18:53 - 2012-10-12 15:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-01 18:53 - 2010-03-16 02:37 - 00276202 _____ C:\WINDOWS\system32\NvApps.xml
2013-11-01 18:01 - 2012-10-12 15:26 - 00000000 ____D C:\Documents and Settings\Dujmenovic
2013-10-31 23:15 - 2012-10-12 15:24 - 00032542 ____N C:\WINDOWS\SchedLgU.Txt
2013-10-31 19:28 - 2013-03-02 21:50 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Desktop\AKORDI
2013-10-31 09:03 - 2013-09-23 19:14 - 00010512 _____ C:\Documents and Settings\Dujmenovic\Desktop\dds.txt
2013-10-31 09:03 - 2013-09-23 19:14 - 00006522 _____ C:\Documents and Settings\Dujmenovic\Desktop\attach.txt
2013-10-30 17:29 - 2012-10-12 15:26 - 00000178 ___SH C:\Documents and Settings\Dujmenovic\ntuser.ini
2013-10-30 13:46 - 2013-10-30 13:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-30 13:46 - 2013-10-30 13:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-30 13:46 - 2013-10-30 13:45 - 00004639 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-30 13:46 - 2012-11-16 23:29 - 00000000 ____D C:\Program Files\Java
2013-10-29 13:53 - 2013-01-13 00:33 - 00000000 ___RD C:\Documents and Settings\Dujmenovic\Desktop\Unused Desktop Shortcuts
2013-10-28 20:04 - 2013-10-28 20:04 - 00001739 _____ C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2013-10-28 20:04 - 2013-04-18 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sony
2013-10-28 20:04 - 2012-10-12 19:44 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-28 20:03 - 2012-10-12 15:24 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-27 20:08 - 2013-10-18 13:31 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Start Menu\Programs\Activision Value
2013-10-27 18:42 - 2012-11-18 12:48 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Application Data\uTorrent
2013-10-27 18:36 - 2013-06-04 15:08 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-26 15:38 - 2008-04-14 13:00 - 00000877 _____ C:\WINDOWS\win.ini
2013-10-26 13:41 - 2013-10-26 13:41 - 00000000 ____D C:\Documents and Settings\Dujmenovic\My Documents\GTA San Andreas User Files
2013-10-25 15:42 - 2012-12-07 09:36 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Application Data\Skype
2013-10-25 12:59 - 2012-10-12 16:51 - 00000000 ____D C:\WINDOWS\twain_32
2013-10-25 12:05 - 2013-10-25 12:05 - 00000665 _____ C:\Documents and Settings\All Users\Desktop\Look 312P.lnk
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Program Files\Look 312P
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Program Files\Common Files\Look312P
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Look 312P
2013-10-25 11:44 - 2013-10-25 11:44 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\SlimWare Utilities Inc
2013-10-25 11:44 - 2013-10-25 11:44 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Downloaded Installers
2013-10-24 07:25 - 2013-09-21 14:01 - 00103736 _____ C:\WINDOWS\system32\PnkBstrB.exe
2013-10-24 07:25 - 2013-09-21 14:01 - 00022328 _____ C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2013-10-23 21:01 - 2013-10-23 21:01 - 00040273 _____ C:\Documents and Settings\Dujmenovic\Desktop\Jaguar+XJ220-93+.rar
2013-10-22 19:43 - 2012-10-13 10:42 - 00000000 ___RD C:\Documents and Settings\Dujmenovic\Desktop\Igrice
2013-10-20 10:43 - 2012-12-07 09:36 - 00000000 ___RD C:\Program Files\Skype
2013-10-20 10:43 - 2012-12-07 09:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-10-19 20:05 - 2012-11-21 08:00 - 02425288 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-10-19 15:19 - 2008-04-14 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-18 20:12 - 2013-10-18 20:12 - 00000000 ____D C:\Program Files\Activision Value
2013-10-18 16:57 - 2013-10-18 16:57 - 00921632 _____ C:\StiImg.dat
2013-10-18 16:54 - 2013-10-18 16:54 - 00000000 ____D C:\WINDOWS\PixArt
2013-10-18 16:54 - 2013-10-18 16:54 - 00000000 ____D C:\WINDOWS\Album
2013-10-18 16:54 - 2013-10-18 16:54 - 00000000 ____D C:\Program Files\VideoCAM GE111
2013-10-18 16:54 - 2013-10-18 16:54 - 00000000 ____D C:\Program Files\Common Files\PCCamera
2013-10-18 16:54 - 2013-10-18 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoCAM GE111
2013-10-18 16:53 - 2013-10-18 16:53 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2013-10-18 14:20 - 2013-10-18 14:20 - 00000000 ____D C:\Program Files\ValuSoft
2013-10-18 13:32 - 2013-10-18 13:31 - 00000000 ____D C:\Program Files\Trymedia
2013-10-16 19:01 - 2013-09-13 14:49 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Start Menu\Programs\Google Chrome
2013-10-16 18:44 - 2012-11-07 01:22 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-12 20:33 - 2012-10-12 16:55 - 00000232 ___SH C:\boot.ini
2013-10-12 20:33 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-08 07:50 - 2013-10-30 13:46 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-08 07:46 - 2013-10-30 13:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-08 07:46 - 2013-10-30 13:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-08 07:46 - 2013-10-30 13:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-08 07:29 - 2013-10-30 13:46 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-07 15:13 - 2012-10-12 15:19 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2013-10-07 15:10 - 2013-03-17 19:27 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-10-07 15:08 - 2013-10-07 15:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sony
2013-10-07 15:08 - 2013-04-18 15:02 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\Sony
2013-10-07 15:08 - 2013-04-18 14:36 - 00000000 ____D C:\Program Files\Sony
2013-10-07 15:08 - 2013-04-18 14:16 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\Sony Ericsson
2013-10-07 15:08 - 2013-04-18 14:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2013-10-07 14:36 - 2013-10-07 14:36 - 00000000 ____D C:\Documents and Settings\Dujmenovic\My Documents\My Podcasts
2013-10-07 14:36 - 2013-10-07 14:36 - 00000000 ____D C:\Documents and Settings\Dujmenovic\My Documents\Media Go
2013-10-06 15:37 - 2012-10-12 15:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-10-03 19:11 - 2013-10-03 19:11 - 00000000 ____D C:\Program Files\Graph
2013-10-03 19:11 - 2013-10-03 19:11 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Start Menu\Programs\Graph
 
Files to move or delete:
====================
C:\Documents and Settings\All Users\hash.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 02 November 2013 - 06:25 PM

Hello,

 

I am sorry about the delay. I was in place with no internet connection...

 

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Kaspersky or avast!.

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Next please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 04 November 2013 - 05:38 PM

Hi,

 

Are you still with me?

 

 

Regards,

Georgi


cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 09 November 2013 - 11:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 18 November 2013 - 06:59 AM

Topic unlocked per user request...

 

Hi please continue with the previous instructions from post #4 or re-run FRST and attach the fresh logs to your next reply.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 18 November 2013 - 07:00 AM.

cXfZ4wS.png


#8 AnBoKi

AnBoKi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 18 November 2013 - 09:07 AM

I can't run DDS tool. It says it can't find cmd.exe



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 18 November 2013 - 10:58 AM

Hi,

 

I told you to run FRST and to make a new scan and then go ahead and attach the logs to your next reply. ;)

 

 

Regards,

Georgi


cXfZ4wS.png


#10 AnBoKi

AnBoKi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 19 November 2013 - 02:06 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Dujmenovic (administrator) on DUJMENOV-65EED6 on 19-11-2013 08:05:50
Running from C:\Documents and Settings\Dujmenovic\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3, v.6284 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(AVAST Software) C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
() C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Documents and Settings\All Users\Application Data\Mobilni internet\OnlineUpdate\ouc.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\WINDOWS\System32\PAStiSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Dujmenovic\My Documents\Downloads\FRST (1).exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2837864 2010-06-28] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSConfig] - C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
HKCU\...\Policies\Explorer\Run: [Windows Update] - "C:\Documents and Settings\Dujmenovic\Application Data\Microsoft\avsic\avsic.exe" -shell No File
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {25ab776e-73b0-11e2-b495-485b39d814b8} - "I:\WD SmartWare.exe" autoplay=true
MountPoints2: {5105bb1e-155d-11e3-8bf4-485b39d814b8} - I:\AutoRun.exe
MountPoints2: {85ab85d0-f45e-11e2-8be0-485b39d814b8} - I:\AutoRun.exe
MountPoints2: {85ab85d3-f45e-11e2-8be0-485b39d814b8} - I:\AutoRun.exe
AppInit_DLLs: C:\Program Files\WxDownload\sprotector.dll [ 2012-10-03] ()
BootExecute: autocheck autochk /r \??\I:autocheck autochk * 
AlternateShell: 
 
==================== Internet (Whitelisted) ====================
 
BHO: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2210608 2006-10-26] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 79.143.160.20 62.68.96.8 79.143.168.8
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default
FF user.js: detected! => C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: SearchNewTab - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\4e_6laxa@iioaaovyaq.com
FF Extension: wxDownload - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\50e9888d14268@50e9888d142a2.com
FF Extension: coNtoinuieTosave - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\rl.4@kiut-aau.co.uk
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [50e9888d14268@50e9888d142a2.com] - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\50e9888d14268@50e9888d142a2.com
FF Extension: wxDownload - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\50e9888d14268@50e9888d142a2.com
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [rl.4@kiut-aau.co.uk] - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\rl.4@kiut-aau.co.uk
FF Extension: coNtoinuieTosave - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\rl.4@kiut-aau.co.uk
FF HKLM\...\Firefox\Extensions: [4e_6laxa@iioaaovyaq.com] - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\4e_6laxa@iioaaovyaq.com
FF Extension: SearchNewTab - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\4e_6laxa@iioaaovyaq.com
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt
 
Chrome: 
=======
CHR Extension: (Lockify) - C:\DOCUME~1\DUJMEN~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aiigoloogeminempipceaikpnaimbekd\0.9.22.506_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
 
========================== Services (Whitelisted) =================
 
R2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobilni internet. RunOuc; C:\Program Files\Mobilni internet\UpdateDog\ouc.exe [655712 2012-02-24] ()
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2013-09-21] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [53248 2005-01-14] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 WMPNetworkSvc; "C:\Program Files\Windows Media Player\WMPNetwk.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [28880 2010-06-28] (ALWIL Software)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [17744 2010-06-28] (ALWIL Software)
R2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [100176 2010-06-28] (ALWIL Software)
R3 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23376 2010-06-28] (ALWIL Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [165456 2010-06-28] (ALWIL Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [46672 2010-06-28] (ALWIL Software)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
S3 Cardex; C:\WINDOWS\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows ® 2000 DDK provider)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
R1 cdawdm; C:\Windows\System32\DRIVERS\CDAWDM.sys [56261 2003-02-25] (Far Stone Inc.)
S3 CMISTOR; C:\Windows\System32\DRIVERS\cmiucr.SYS [93056 2007-01-05] (C-Media Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39352 2009-12-14] (Infowatch)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-20] (DT Soft Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95744 2011-11-24] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [67584 2011-11-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2011-11-24] (Huawei Technologies Co., Ltd.)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
R1 kl1; C:\WINDOWS\system32\drivers\kl1.sys [128016 2009-09-01] (Kaspersky Lab)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [36880 2009-10-14] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [315408 2012-12-17] (Kaspersky Lab)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [32272 2009-09-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-10-02] (Kaspersky Lab)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2006-02-26] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [58600 2010-01-28] (NVIDIA Corporation)
R3 PAC207; C:\Windows\System32\DRIVERS\pfc027.sys [162176 2005-04-08] ()
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Standard 2004.SP2b (Win32 x86)\Sandra.sys [13824 2004-08-12] (SiSoftware)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113104 2012-08-24] (Power Software Ltd)
R2 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows ® 2000 DDK provider)
R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [90968 2004-03-19] (VM)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [x]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [x]
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S3 Btcsrusb; System32\Drivers\btcusb.sys [x]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]
S3 CV2K1; system32\DRIVERS\cv2k1.sys [x]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [245376 2011-12-31] (Huawei Technologies Co., Ltd.)
S4 IntelIde; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2008-05-02] ()
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-18 13:42 - 2013-11-18 13:42 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 13:42 - 2013-11-18 13:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-18 13:42 - 2013-11-18 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-18 13:42 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-18 11:20 - 2013-11-18 11:20 - 00098304 _____ C:\WINDOWS\Minidump\Mini111813-01.dmp
2013-11-18 11:19 - 2013-11-18 11:21 - 00007918 _____ C:\WINDOWS\setupapi.log
2013-11-17 12:37 - 2013-11-18 16:09 - 00003364 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-12 16:20 - 2013-11-12 16:20 - 00001979 _____ C:\WINDOWS\system32\cmd.exe.manifest
2013-11-01 23:33 - 2013-11-01 23:33 - 00001875 _____ C:\Documents and Settings\Dujmenovic\Desktop\Pokretač aplikacija sustava Chrome.lnk
2013-11-01 23:31 - 2013-11-01 23:31 - 00006144 ___SH C:\WINDOWS\Thumbs.db
2013-11-01 22:07 - 2013-11-01 22:07 - 00000696 _____ C:\Documents and Settings\All Users\Desktop\Photoshop CS6.lnk
2013-11-01 22:05 - 2013-11-01 22:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2013-11-01 22:01 - 2013-11-01 22:08 - 00000000 ____D C:\Program Files\Photoshop
2013-11-01 20:30 - 2013-11-01 20:30 - 00000000 ____D C:\Program Files\ABC
2013-11-01 20:30 - 2013-11-01 20:30 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Start Menu\Programs\Analytical Business Calculator
2013-11-01 20:30 - 1996-06-15 12:01 - 00095072 _____ (VideoSoft) C:\WINDOWS\system\VSVBX.VBX
2013-11-01 20:30 - 1995-09-27 00:00 - 00018688 _____ C:\WINDOWS\system\CMDIALOG.VBX
2013-11-01 20:30 - 1995-08-16 15:23 - 00058032 _____ (Crescent division of Progress Software Corporation) C:\WINDOWS\system\QPRO200.DLL
2013-11-01 20:30 - 1995-05-12 15:29 - 00529312 _____ C:\WINDOWS\system\SPREAD20.VBX
2013-11-01 20:30 - 1994-02-18 02:51 - 00262704 _____ (Bits Per Second Ltd) C:\WINDOWS\system\GSW.EXE
2013-11-01 20:30 - 1994-02-18 02:51 - 00073296 _____ (Bits Per Second Ltd) C:\WINDOWS\system\GRAPH.VBX
2013-11-01 20:30 - 1994-02-18 02:51 - 00045584 _____ (Bits Per Second Ltd) C:\WINDOWS\system\GSWDLL.DLL
2013-11-01 20:30 - 1993-07-20 03:01 - 00036096 _____ (Cresent Software, Inc.) C:\WINDOWS\system\CSFORM.VBX
2013-11-01 20:30 - 1993-07-16 15:28 - 00064432 _____ (Sheridan Software Systems, Inc.) C:\WINDOWS\system\THREED.VBX
2013-11-01 20:30 - 1993-06-24 03:01 - 00000416 _____ C:\WINDOWS\system\QPRO.LIC
2013-11-01 20:30 - 1993-05-12 00:00 - 00398416 _____ (Microsoft Corporation) C:\WINDOWS\system\VBRUN300.DLL
2013-11-01 20:30 - 1993-04-28 00:00 - 00031744 _____ (Microsoft Corp.) C:\WINDOWS\system\MSAFINX.DLL
2013-11-01 20:30 - 1993-04-28 00:00 - 00022528 _____ (Outrider Systems, Inc.) C:\WINDOWS\system\SPIN.VBX
2013-11-01 20:07 - 2013-11-01 20:07 - 00017468 _____ C:\Documents and Settings\Dujmenovic\Desktop\Addition.txt
2013-11-01 20:00 - 2013-11-01 20:00 - 00000000 ____D C:\FRST
2013-10-30 13:46 - 2013-10-30 13:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-30 13:46 - 2013-10-30 13:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-30 13:46 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-30 13:46 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-30 13:46 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-30 13:46 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-30 13:46 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-30 13:45 - 2013-10-30 13:46 - 00004639 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-28 20:04 - 2013-11-11 18:49 - 00001739 _____ C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2013-10-26 13:41 - 2013-10-26 13:41 - 00000000 ____D C:\Documents and Settings\Dujmenovic\My Documents\GTA San Andreas User Files
2013-10-25 12:05 - 2013-10-25 12:05 - 00000665 _____ C:\Documents and Settings\All Users\Desktop\Look 312P.lnk
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Program Files\Look 312P
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Program Files\Common Files\Look312P
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Look 312P
2013-10-25 12:05 - 2005-06-27 17:24 - 00184392 _____ (VM) C:\WINDOWS\system32\VM31bPrp.Ax
2013-10-25 12:05 - 2004-03-19 17:11 - 00090968 _____ (VM) C:\WINDOWS\system32\Drivers\usbVM31b.sys
2013-10-25 12:05 - 2003-05-15 16:17 - 00061440 _____ (VM) C:\WINDOWS\system32\VM31bSTI.dll
2013-10-25 11:44 - 2013-10-25 11:44 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\SlimWare Utilities Inc
2013-10-25 11:44 - 2013-10-25 11:44 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Downloaded Installers
2013-10-23 21:01 - 2013-10-23 21:01 - 00040273 _____ C:\Documents and Settings\Dujmenovic\Desktop\Jaguar+XJ220-93+.rar
 
==================== One Month Modified Files and Folders =======
 
2013-11-19 08:03 - 2012-12-28 13:13 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-19 08:03 - 2012-10-12 17:01 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-19 08:02 - 2013-01-03 11:11 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 08:02 - 2012-10-14 09:59 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2013-11-19 08:02 - 2012-10-12 15:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-19 08:02 - 2010-03-16 02:37 - 00276202 _____ C:\WINDOWS\system32\NvApps.xml
2013-11-18 16:09 - 2013-11-17 12:37 - 00003364 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-18 16:09 - 2012-11-21 08:00 - 02425288 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-11-18 16:09 - 2012-10-12 15:24 - 00032426 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-18 15:36 - 2013-01-03 11:11 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-18 13:47 - 2013-06-01 17:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SearchNewTab
2013-11-18 13:47 - 2013-06-01 17:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\coNtoinuieTosave
2013-11-18 13:47 - 2012-10-13 10:35 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-11-18 13:42 - 2013-11-18 13:42 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 13:42 - 2013-11-18 13:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-18 13:42 - 2013-11-18 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-18 11:24 - 2012-10-12 16:58 - 00513916 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-18 11:21 - 2013-11-18 11:19 - 00007918 _____ C:\WINDOWS\setupapi.log
2013-11-18 11:20 - 2013-11-18 11:20 - 00098304 _____ C:\WINDOWS\Minidump\Mini111813-01.dmp
2013-11-18 11:20 - 2013-06-04 15:08 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-18 09:59 - 2012-10-12 16:55 - 00000232 ___SH C:\boot.ini
2013-11-18 09:59 - 2008-04-14 13:00 - 00000877 _____ C:\WINDOWS\win.ini
2013-11-18 09:59 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-17 18:45 - 2012-11-22 09:24 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-11-17 10:45 - 2012-10-12 15:26 - 00000000 ____D C:\Documents and Settings\Dujmenovic
2013-11-17 00:19 - 2012-10-12 15:26 - 00000178 ___SH C:\Documents and Settings\Dujmenovic\ntuser.ini
2013-11-16 21:20 - 2012-11-18 12:48 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Application Data\uTorrent
2013-11-16 12:31 - 2013-09-03 20:20 - 00000000 ___RD C:\Documents and Settings\Dujmenovic\My Documents\Andrej
2013-11-13 23:16 - 2013-01-03 21:12 - 00000000 ____D C:\Program Files\Opera
2013-11-13 19:44 - 2012-11-07 01:22 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-11-13 19:20 - 2013-03-02 21:50 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Desktop\AKORDI
2013-11-12 23:13 - 2012-12-07 09:36 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Application Data\Skype
2013-11-12 16:20 - 2013-11-12 16:20 - 00001979 _____ C:\WINDOWS\system32\cmd.exe.manifest
2013-11-11 18:49 - 2013-10-28 20:04 - 00001739 _____ C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2013-11-11 18:49 - 2013-04-18 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sony
2013-11-11 18:49 - 2012-10-12 19:44 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-10 11:36 - 2012-11-03 00:27 - 00000000 ____D C:\WINDOWS\system32\Adobe
2013-11-05 19:58 - 2012-10-12 15:29 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Application Data\Adobe
2013-11-04 19:14 - 2012-10-12 15:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-11-02 20:20 - 2012-10-18 17:25 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\Adobe
2013-11-01 23:33 - 2013-11-01 23:33 - 00001875 _____ C:\Documents and Settings\Dujmenovic\Desktop\Pokretač aplikacija sustava Chrome.lnk
2013-11-01 23:33 - 2013-01-03 11:13 - 00001813 _____ C:\Documents and Settings\Dujmenovic\Desktop\Google Chrome.lnk
2013-11-01 23:31 - 2013-11-01 23:31 - 00006144 ___SH C:\WINDOWS\Thumbs.db
2013-11-01 22:36 - 2012-10-18 17:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-11-01 22:08 - 2013-11-01 22:01 - 00000000 ____D C:\Program Files\Photoshop
2013-11-01 22:07 - 2013-11-01 22:07 - 00000696 _____ C:\Documents and Settings\All Users\Desktop\Photoshop CS6.lnk
2013-11-01 22:06 - 2012-10-12 15:32 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\Google
2013-11-01 22:05 - 2013-11-01 22:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2013-11-01 22:05 - 2012-10-18 17:24 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-01 20:30 - 2013-11-01 20:30 - 00000000 ____D C:\Program Files\ABC
2013-11-01 20:30 - 2013-11-01 20:30 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Start Menu\Programs\Analytical Business Calculator
2013-11-01 20:30 - 2012-10-12 16:51 - 00000000 ____D C:\WINDOWS\system
2013-11-01 20:10 - 2012-11-29 18:17 - 00033792 ___SH C:\Documents and Settings\Dujmenovic\My Documents\Thumbs.db
2013-11-01 20:07 - 2013-11-01 20:07 - 00017468 _____ C:\Documents and Settings\Dujmenovic\Desktop\Addition.txt
2013-11-01 20:00 - 2013-11-01 20:00 - 00000000 ____D C:\FRST
2013-10-31 09:03 - 2013-09-23 19:14 - 00010512 _____ C:\Documents and Settings\Dujmenovic\Desktop\dds.txt
2013-10-31 09:03 - 2013-09-23 19:14 - 00006522 _____ C:\Documents and Settings\Dujmenovic\Desktop\attach.txt
2013-10-30 13:46 - 2013-10-30 13:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-30 13:46 - 2013-10-30 13:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-30 13:46 - 2013-10-30 13:45 - 00004639 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-30 13:46 - 2012-11-16 23:29 - 00000000 ____D C:\Program Files\Java
2013-10-29 13:53 - 2013-01-13 00:33 - 00000000 ___RD C:\Documents and Settings\Dujmenovic\Desktop\Unused Desktop Shortcuts
2013-10-28 20:03 - 2012-10-12 15:24 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-27 20:08 - 2013-10-18 13:31 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Start Menu\Programs\Activision Value
2013-10-26 13:41 - 2013-10-26 13:41 - 00000000 ____D C:\Documents and Settings\Dujmenovic\My Documents\GTA San Andreas User Files
2013-10-25 12:59 - 2012-10-12 16:51 - 00000000 ____D C:\WINDOWS\twain_32
2013-10-25 12:05 - 2013-10-25 12:05 - 00000665 _____ C:\Documents and Settings\All Users\Desktop\Look 312P.lnk
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Program Files\Look 312P
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Program Files\Common Files\Look312P
2013-10-25 12:05 - 2013-10-25 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Look 312P
2013-10-25 11:44 - 2013-10-25 11:44 - 00000000 ____D C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\SlimWare Utilities Inc
2013-10-25 11:44 - 2013-10-25 11:44 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Downloaded Installers
2013-10-24 07:25 - 2013-09-21 14:01 - 00103736 _____ C:\WINDOWS\system32\PnkBstrB.exe
2013-10-24 07:25 - 2013-09-21 14:01 - 00022328 _____ C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2013-10-23 21:01 - 2013-10-23 21:01 - 00040273 _____ C:\Documents and Settings\Dujmenovic\Desktop\Jaguar+XJ220-93+.rar
2013-10-22 19:43 - 2012-10-13 10:42 - 00000000 ___RD C:\Documents and Settings\Dujmenovic\Desktop\Igrice
2013-10-20 10:43 - 2012-12-07 09:36 - 00000000 ___RD C:\Program Files\Skype
2013-10-20 10:43 - 2012-12-07 09:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
 
Files to move or delete:
====================
C:\Documents and Settings\All Users\hash.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 1033728 ____A (Microsoft Corporation) 
 
C:\Windows\System32\winlogon.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0507904 ____A (Microsoft Corporation) 
 
C:\Windows\System32\svchost.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 
 
C:\Windows\System32\services.exe
[2008-04-14 13:00] - [2009-02-06 12:11] - 0110592 ____A (Microsoft Corporation) 
 
C:\Windows\System32\User32.dll
[2008-04-14 13:00] - [2008-04-14 13:00] - 0578560 ____A (Microsoft Corporation) 
 
C:\Windows\System32\userinit.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0026112 ____A (Microsoft Corporation) 
 
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 13:00] - [2008-04-14 13:00] - 0052352 ____A (Microsoft Corporation) 
 
 
==================== End Of Log ============================


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 19 November 2013 - 07:59 AM

Hello,

 

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Kaspersky or avast!.

 

If you uninstalled Kaspersky already then go ahead and remove the leftovers...check this out:

http://support.kaspersky.com/common/service.aspx?el=1464

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Next please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Regards,

Georgi


cXfZ4wS.png


#12 AnBoKi

AnBoKi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 20 November 2013 - 05:59 AM

It confused me at fist when you said I have two antivirus software. But I guess I had Kaspersky leftovers. I ran kavremover.exe.

 

Here is fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by Dujmenovic at 2013-11-20 11:53:20 Run:1
Running from C:\Documents and Settings\Dujmenovic\My Documents\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
HKCU\...\Policies\Explorer\Run: [Windows Update] - "C:\Documents and Settings\Dujmenovic\Application Data\Microsoft\avsic\avsic.exe" -shell No File
C:\Documents and Settings\Dujmenovic\Application Data\Microsoft\avsic
AppInit_DLLs: C:\Program Files\WxDownload\sprotector.dll [ 2012-10-03] ()
BootExecute: autocheck autochk /r \??\I:autocheck autochk * 
BHO: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset
FF Extension: SearchNewTab - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\4e_6laxa@iioaaovyaq.com
FF Extension: wxDownload - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\50e9888d14268@50e9888d142a2.com
FF Extension: coNtoinuieTosave - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\rl.4@kiut-aau.co.uk
FF HKLM\...\Firefox\Extensions: [50e9888d14268@50e9888d142a2.com] - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\50e9888d14268@50e9888d142a2.com
FF Extension: wxDownload - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\50e9888d14268@50e9888d142a2.com
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [rl.4@kiut-aau.co.uk] - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\rl.4@kiut-aau.co.uk
FF Extension: coNtoinuieTosave - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\rl.4@kiut-aau.co.uk
FF HKLM\...\Firefox\Extensions: [4e_6laxa@iioaaovyaq.com] - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\4e_6laxa@iioaaovyaq.com
FF Extension: SearchNewTab - C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\4e_6laxa@iioaaovyaq.com
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
2013-11-18 13:47 - 2013-06-01 17:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SearchNewTab
2013-11-18 13:47 - 2013-06-01 17:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\coNtoinuieTosave
c:\progra~1\wxdown~1
c:\progra~1\websea~1
C:\Documents and Settings\All Users\hash.dat
reg: reg delete hKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v msconfig /f
reg: reg delete hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v KernelFaultCheck /f
end
 
 
 
 
*****************
 
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Windows Update => Value deleted successfully.
C:\Documents and Settings\Dujmenovic\Application Data\Microsoft\avsic => Moved successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => Key deleted successfully.
HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
 
=========  netsh winsock reset =========
 
 
========= End of CMD: =========
 
C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\4e_6laxa@iioaaovyaq.com => Moved successfully.
C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\50e9888d14268@50e9888d142a2.com => Moved successfully.
C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\Extensions\rl.4@kiut-aau.co.uk => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\50e9888d14268@50e9888d142a2.com => Value deleted successfully.
C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\50e9888d14268@50e9888d142a2.com => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => Value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => Value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\rl.4@kiut-aau.co.uk => Value deleted successfully.
C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\rl.4@kiut-aau.co.uk => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\4e_6laxa@iioaaovyaq.com => Value deleted successfully.
C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\extensions\4e_6laxa@iioaaovyaq.com => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key not found.
"C:\Program Files\IB Updater\source.crx" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\SearchNewTab => Moved successfully.
C:\Documents and Settings\All Users\Application Data\coNtoinuieTosave => Moved successfully.
c:\progra~1\wxdown~1 => Moved successfully.
"c:\progra~1\websea~1" => File/Directory not found.
C:\Documents and Settings\All Users\hash.dat => Moved successfully.
 
========= reg delete hKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v msconfig /f =========
 
 
 
========= End of Reg: =========
 
 
========= reg delete hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v KernelFaultCheck /f =========
 
 
 
========= End of Reg: =========
 
 

==== End of Fixlog ====



#13 AnBoKi

AnBoKi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 20 November 2013 - 06:01 AM

And this is AdwCleaner .txt file. I'm not sure if I should keep any of these. I checked it, but didn't find anything that seems necessary to be kept.  

 

# AdwCleaner v3.012 - Report created 20/11/2013 at 11:54:03
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3, v.6284 (32 bits)
# Username : Dujmenovic - DUJMENOV-65EED6
# Running from : C:\Documents and Settings\Dujmenovic\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\Administrator.DUJMENOV-65EED6.001\Desktop\eBay.lnk
File Found : C:\Documents and Settings\Administrator.DUJMENOV-65EED6.001\Start Menu\eBay.lnk
File Found : C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\user.js
File Found : C:\Documents and Settings\Dujmenovic\Start Menu\eBay.lnk
Folder Found : C:\Documents and Settings\Administrator.DUJMENOV-65EED6.001\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found C:\Documents and Settings\Administrator.DUJMENOV-65EED6.001\Application Data\Desktopicon
Folder Found C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found C:\Documents and Settings\All Users\Application Data\StarApp
Folder Found C:\Documents and Settings\All Users\Application Data\wxDownload
Folder Found C:\Documents and Settings\Dujmenovic\Application Data\Desktopicon
Folder Found C:\Documents and Settings\Dujmenovic\Application Data\NCH Software
Folder Found C:\Documents and Settings\Dujmenovic\Application Data\OpenCandy
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\NCH Software
Folder Found C:\Program Files\Trymedia
Folder Found C:\WINDOWS\system32\jmdp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IB Updater
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKCU\Software\wnlt
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111110}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111111}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111112}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111114}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111116}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111117}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111118}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111119}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111120}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111121}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111122}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111123}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111124}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111125}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111126}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111127}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111128}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_1d79ba3d
Key Found : HKLM\Software\NCH Software
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.a-searchpage.info/?pid=946&r=2013/06/01&hid=1029744405&lg=EN&cc=BA&unqvl=18&l=1&q=");
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator.DUJMENOV-65EED6.001\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [8381 octets] - [20/11/2013 11:54:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8441 octets] ##########


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 21 November 2013 - 01:49 PM

Hi,

 

 

STEP 1

 

 

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished and this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

Next let's check for leftovers.

The most of them should take no more than 10 minutes each.

 

 

 

STEP 1

 

 

thisisujrt.gif  Please download the latest version of Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

STEP 2

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 3




  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 5




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.

 

STEP 6

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.

 

Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#15 AnBoKi

AnBoKi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 22 November 2013 - 06:38 AM

Here is the AdwCleaner log 

 

# AdwCleaner v3.012 - Report created 22/11/2013 at 12:34:50
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3, v.6284 (32 bits)
# Username : Dujmenovic - DUJMENOV-65EED6
# Running from : C:\Documents and Settings\Dujmenovic\My Documents\Bleepingcomp\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\StarApp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\wxDownload
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\Documents and Settings\Dujmenovic\Application Data\Desktopicon
Folder Deleted : C:\Documents and Settings\Dujmenovic\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Dujmenovic\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Administrator.DUJMENOV-65EED6.001\Application Data\Desktopicon
[!] Folder Deleted : C:\Documents and Settings\Administrator.DUJMENOV-65EED6.001\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
File Deleted : C:\Documents and Settings\Dujmenovic\Start Menu\eBay.lnk
File Deleted : C:\Documents and Settings\Administrator.DUJMENOV-65EED6.001\Start Menu\eBay.lnk
File Deleted : C:\Documents and Settings\Administrator.DUJMENOV-65EED6.001\Desktop\eBay.lnk
File Deleted : C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_1d79ba3d
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111110}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111111}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111112}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111114}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111116}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111117}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111118}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111120}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111121}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111122}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111123}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111124}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111125}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111126}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111127}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111128}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IB Updater
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Documents and Settings\Dujmenovic\Application Data\Mozilla\Firefox\Profiles\t73alucb.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.a-searchpage.info/?pid=946&r=2013/06/01&hid=1029744405&lg=EN&cc=BA&unqvl=18&l=1&q=");
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Documents and Settings\Dujmenovic\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator.DUJMENOV-65EED6.001\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [8521 octets] - [20/11/2013 11:54:03]
AdwCleaner[R1].txt - [8584 octets] - [22/11/2013 12:32:55]
AdwCleaner[S0].txt - [8715 octets] - [22/11/2013 12:34:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8775 octets] ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users