Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 01
- Ran by Hamid Sabovic (administrator) on HAMIDSABOVIC on 31-10-2014 14:05:19
- Running from C:\Users\Hamid Sabovic\Downloads
- Loaded Profile: Hamid Sabovic (Available profiles: Hamid Sabovic)
- Platform: Microsoft Windows 7 Professional (X86) OS Language: English (United States)
- Internet Explorer Version 8
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
- (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
- (Intel Corporation) C:\Windows\System32\igfxtray.exe
- (Intel Corporation) C:\Windows\System32\hkcmd.exe
- (Intel Corporation) C:\Windows\System32\igfxpers.exe
- (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
- (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
- (Microsoft Corporation) C:\Windows\System32\wscript.exe
- (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
- (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
- ==================== Registry (Whitelisted) ==================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
- HKU\S-1-5-21-3468699941-1697581286-2913422694-1000\...\Run: [prncnfg] => wscript.exe //B "C:\Users\Hamid Sabovic\AppData\Roaming\prncnfg.vbs"
- HKU\S-1-5-21-3468699941-1697581286-2913422694-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
- Startup: C:\Users\Hamid Sabovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prncnfg.vbs ()
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- ProxyEnable: Internet Explorer proxy is enabled.
- ProxyServer: array01.isu.gov.me:8080
- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xADADE66D5AE9CB01
- BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
- BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
- BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
- BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
- DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
- DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
- DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
- DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
- DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
- DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
- Tcpip\Parameters: [DhcpNameServer] 10.3.2.11 10.3.2.12
- FireFox:
- ========
- FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
- FF Plugin: @microsoft.com/GENUINE -> disabled No File
- FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
- FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
- FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
- FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
- FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
- Chrome:
- =======
- CHR HomePage: Default -> hxxp://www.google.com/
- CHR StartupUrls: Default -> "hxxp://www.google.com/"
- CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
- CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
- CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
- CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
- CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
- CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
- CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
- CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
- CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
- CHR Plugin: (Default Plug-in) - default_plugin No File
- CHR Profile: C:\Users\Hamid Sabovic\AppData\Local\Google\Chrome\User Data\Default
- CHR Extension: (Entanglement Web App) - C:\Users\Hamid Sabovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-04]
- CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hamid Sabovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
- CHR Extension: (Avira Browser Safety) - C:\Users\Hamid Sabovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-31]
- CHR Extension: (Poppit!) - C:\Users\Hamid Sabovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-04]
- CHR Extension: (Google Wallet) - C:\Users\Hamid Sabovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-12]
- ========================== Services (Whitelisted) =================
- (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
- R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
- S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]
- S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
- R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
- R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-02-08] (Hewlett-Packard) [File not signed]
- R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-02-08] (Hewlett-Packard) [File not signed]
- S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
- ==================== Drivers (Whitelisted) ====================
- (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
- S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-04-22] (Hewlett Packard)
- S3 HPFXFAX; C:\Windows\System32\drivers\hppcfaxio.sys [21528 2010-04-22] (Hewlett Packard)
- R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
- R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
- ==================== NetSvcs (Whitelisted) ===================
- (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
- ==================== One Month Created Files and Folders ========
- (If an entry is included in the fixlist, the file\folder will be moved.)
- 2014-10-31 13:59 - 2014-10-31 13:59 - 00019320 _____ () C:\Users\Hamid Sabovic\Desktop\Addition.txt
- 2014-10-31 13:59 - 2014-10-31 13:59 - 00014354 _____ () C:\Users\Hamid Sabovic\Desktop\FRST.txt
- 2014-10-31 13:55 - 2014-10-31 13:57 - 00019320 _____ () C:\Users\Hamid Sabovic\Downloads\Addition.txt
- 2014-10-31 13:53 - 2014-10-31 14:06 - 00009263 _____ () C:\Users\Hamid Sabovic\Downloads\FRST.txt
- 2014-10-31 13:53 - 2014-10-31 14:05 - 00000000 ____D () C:\FRST
- 2014-10-31 13:52 - 2014-10-31 13:52 - 01105408 _____ (Farbar) C:\Users\Hamid Sabovic\Downloads\FRST.exe
- 2014-10-31 13:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
- 2014-10-31 13:46 - 2014-10-31 13:46 - 00000380 _____ () C:\DelFix.txt
- 2014-10-31 13:43 - 2014-10-31 13:43 - 01375089 ____N () C:\Users\Hamid Sabovic\Downloads\AdwCleaner.exe
- 2014-10-31 13:22 - 2014-10-31 13:22 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
- 2014-10-31 13:22 - 2014-10-31 13:22 - 00000000 ____D () C:\ProgramData\Package Cache
- 2014-10-31 13:22 - 2014-10-31 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
- 2014-10-31 13:22 - 2014-10-31 13:22 - 00000000 ____D () C:\ProgramData\Avira
- 2014-10-31 13:22 - 2014-10-31 13:22 - 00000000 ____D () C:\Program Files\Avira
- 2014-10-31 11:34 - 2014-10-31 14:03 - 00000000 ____D () C:\ProgramData\MCShield
- 2014-10-31 11:34 - 2014-10-31 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
- 2014-10-31 11:34 - 2014-10-31 11:34 - 00000000 ____D () C:\Program Files\MCShield
- 2014-10-30 14:45 - 2014-10-31 11:08 - 00000000 ____D () C:\Users\Hamid Sabovic\Desktop\MB LEASING TRANS 2014 dopuna
- 2014-10-30 09:42 - 2014-07-11 19:22 - 04350035 ___SH () C:\Users\Hamid Sabovic\AppData\Roaming\prncnfg.vbs
- 2014-10-29 10:33 - 2014-10-30 15:17 - 00000000 ____D () C:\Users\Hamid Sabovic\Desktop\za snimanje brisano sa računara Agencije X 2014
- 2014-10-28 08:16 - 2014-10-28 08:16 - 00000516 _____ () C:\Users\Hamid Sabovic\Downloads\statistika cijena.htm
- 2014-10-27 08:16 - 2014-10-28 13:17 - 00000000 ____D () C:\Users\Hamid Sabovic\Documents\NALAZ LUKA BAR FAB LIVE 2014
- 2014-10-22 06:55 - 2014-10-29 10:56 - 00000000 ____D () C:\Users\Hamid Sabovic\Documents\VDT
- ==================== One Month Modified Files and Folders =======
- (If an entry is included in the fixlist, the file\folder will be moved.)
- 2014-10-31 13:39 - 2009-07-14 05:34 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2014-10-31 13:39 - 2009-07-14 05:34 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2014-10-31 13:38 - 2011-03-23 14:06 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
- 2014-10-31 13:34 - 2011-03-23 21:53 - 01190611 _____ () C:\Windows\WindowsUpdate.log
- 2014-10-31 13:31 - 2011-04-07 13:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- 2014-10-31 13:31 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
- 2014-10-31 13:31 - 2009-07-14 05:39 - 00111316 _____ () C:\Windows\setupact.log
- 2014-10-31 13:07 - 2011-04-07 13:40 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- 2014-10-30 15:13 - 2011-10-11 08:17 - 00000000 ____D () C:\ProgramData\Roxio
- 2014-10-29 10:51 - 2014-01-13 09:34 - 00000000 ____D () C:\Users\Hamid Sabovic\Documents\2014
- 2014-10-29 10:46 - 2013-01-17 14:40 - 00000000 ____D () C:\Users\Hamid Sabovic\Documents\2013
- 2014-10-29 10:41 - 2012-01-09 07:33 - 00000000 ____D () C:\Users\Hamid Sabovic\Documents\2012
- 2014-10-29 10:34 - 2011-03-23 15:59 - 00000000 ____D () C:\Users\Hamid Sabovic\Documents\2011
- 2014-10-29 10:33 - 2013-09-27 08:18 - 00000000 ____D () C:\Users\Hamid Sabovic\Documents\Outlook Files
- 2014-10-15 13:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
- 2014-10-14 09:21 - 2014-06-16 11:08 - 00000000 ____D () C:\Users\Hamid Sabovic\Documents\BUDZET 2015
- Some content of TEMP:
- ====================
- C:\Users\Hamid Sabovic\AppData\Local\Temp\AskSLib.dll
- C:\Users\Hamid Sabovic\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
- C:\Users\Hamid Sabovic\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
- C:\Users\Hamid Sabovic\AppData\Local\Temp\ose00000.exe
- C:\Users\Hamid Sabovic\AppData\Local\Temp\Quarantine.exe
- ==================== Bamital & volsnap Check =================
- (There is no automatic fix for files that do not pass verification.)
- C:\Windows\explorer.exe => File is digitally signed
- C:\Windows\system32\winlogon.exe => File is digitally signed
- C:\Windows\system32\wininit.exe => File is digitally signed
- C:\Windows\system32\svchost.exe => File is digitally signed
- C:\Windows\system32\services.exe => File is digitally signed
- C:\Windows\system32\User32.dll => File is digitally signed
- C:\Windows\system32\userinit.exe => File is digitally signed
- C:\Windows\system32\rpcss.dll => File is digitally signed
- C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2014-10-27 11:13
- ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement