Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

C:\progra~2\browse~1\23765~1.24\{16cdf~1.dll


  • Please log in to reply

#1
brioni

brioni

    New Member

  • Member
  • Pip
  • 7 posts
this pops up every time i try to do anything on my laptop:

C:\progra~2\browse~1\23765~1.24\{16cdf~1.dll is either not designed to run on Windows or it contains an error.

:help:




OTL logfile created on: 15.4.2013. 17:32:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\irena\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy.

1,86 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 52,80% Memory free
3,71 Gb Paging File | 2,06 Gb Available in Paging File | 55,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 7,44 Gb Free Space | 25,49% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 13,91 Gb Free Space | 14,25% Space Free | Partition Type: NTFS
Drive F: | 171,13 Gb Total Space | 160,70 Gb Free Space | 93,90% Space Free | Partition Type: NTFS

Computer Name: NOTEBOOK | User Name: irena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.15 17:31:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\irena\Downloads\OTL.exe
PRC - [2013.03.13 03:07:41 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.02.18 23:23:06 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013.02.18 23:23:06 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.10.23 11:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.10.11 13:18:24 | 002,163,096 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
PRC - [2012.08.01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.16 21:11:48 | 000,081,424 | ---- | M] (Nitro PDF) -- C:\Program Files\Nitro PDF\Reader 2\Nitro_PIPAssistant.exe
PRC - [2012.05.16 21:11:42 | 000,184,848 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2012.05.16 21:11:38 | 003,578,896 | ---- | M] (Nitro PDF) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReader.exe
PRC - [2012.04.12 05:27:08 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.09.09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011.08.18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011.05.23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 23:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.03.29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.03.27 08:38:44 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2010.03.16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\irena\AppData\Roaming\T-Mobile Internet Manager\ouc.exe


========== Modules (No Company Name) ==========

MOD - [2013.04.15 15:38:44 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFF7.tmp
MOD - [2013.04.15 15:38:44 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFB4.tmp
MOD - [2013.04.15 15:38:44 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM11A0.tmp
MOD - [2013.04.15 15:38:44 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM10B4.tmp
MOD - [2013.04.15 15:38:44 | 000,033,792 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\YTMP7MC8AA\TAAFE5.tmp
MOD - [2013.04.15 15:38:43 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMC27.tmp
MOD - [2013.04.15 15:38:43 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMB2C.tmp
MOD - [2013.04.15 15:38:42 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMA40.tmp
MOD - [2013.04.15 15:38:42 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM8F6.tmp
MOD - [2013.04.15 15:38:42 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM77E.tmp
MOD - [2013.04.15 15:38:42 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM6B1.tmp
MOD - [2013.04.15 15:38:41 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM623.tmp
MOD - [2013.04.15 15:38:41 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM565.tmp
MOD - [2013.04.15 15:38:41 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM4B8.tmp
MOD - [2013.04.15 15:38:41 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM3EB.tmp
MOD - [2013.04.15 15:38:41 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM35D.tmp
MOD - [2013.04.15 15:38:40 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFFAF.tmp
MOD - [2013.04.15 15:38:40 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFF11.tmp
MOD - [2013.04.15 15:38:40 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMD9.tmp
MOD - [2013.04.15 15:38:40 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM196.tmp
MOD - [2013.04.15 15:38:39 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFE73.tmp
MOD - [2013.04.15 15:38:39 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFDF4.tmp
MOD - [2013.04.15 15:38:39 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFCF8.tmp
MOD - [2013.04.15 15:38:39 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFC2B.tmp
MOD - [2013.04.15 15:38:39 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFB3E.tmp
MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF811.tmp
MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF7FF.tmp
MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF7CE.tmp
MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF71F.tmp
MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF6EE.tmp
MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF6AE.tmp
MOD - [2013.04.15 15:38:38 | 000,072,704 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF9B2.tmp
MOD - [2013.04.15 15:38:38 | 000,072,192 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFAA0.tmp
MOD - [2013.04.15 15:38:38 | 000,072,192 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFA22.tmp
MOD - [2013.04.15 15:38:38 | 000,072,192 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF982.tmp
MOD - [2013.04.15 15:38:38 | 000,064,000 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF872.tmp
MOD - [2013.04.15 15:38:38 | 000,057,344 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF932.tmp
MOD - [2013.04.15 15:38:38 | 000,056,320 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF750.tmp
MOD - [2013.04.15 15:38:38 | 000,053,760 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF901.tmp
MOD - [2013.04.15 15:38:38 | 000,053,760 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF842.tmp
MOD - [2013.04.15 15:38:37 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF64C.tmp
MOD - [2013.04.15 15:38:37 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF63A.tmp
MOD - [2013.04.15 15:38:37 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF60A.tmp
MOD - [2013.04.15 15:38:37 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF4AA.tmp
MOD - [2013.04.15 15:38:37 | 000,068,608 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF5E8.tmp
MOD - [2013.04.15 15:38:37 | 000,056,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF65E.tmp
MOD - [2013.04.15 15:38:37 | 000,056,320 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF4EB.tmp
MOD - [2013.04.15 15:38:37 | 000,055,296 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF54A.tmp
MOD - [2013.03.13 03:07:40 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.03.07 16:29:21 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.02.18 23:23:06 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013.02.18 23:23:06 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2012.10.11 13:18:26 | 000,124,312 | ---- | M] () -- C:\Program Files\ManyCam\Bin\CrashRpt.dll
MOD - [2012.10.11 13:15:40 | 002,010,624 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_core220.dll
MOD - [2012.10.11 13:15:40 | 001,242,112 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2012.10.11 13:15:40 | 000,776,192 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_highgui220.dll
MOD - [2012.10.11 13:15:40 | 000,241,152 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_objdetect220.dll
MOD - [2012.10.11 13:15:40 | 000,201,216 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_video220.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.16 21:11:52 | 000,123,408 | ---- | M] () -- C:\Program Files\Nitro PDF\Reader 2\wxbase28u_xml_vc_pro7.dll
MOD - [2012.05.16 21:11:50 | 001,145,872 | ---- | M] () -- C:\Program Files\Nitro PDF\Reader 2\wxbase28u_vc_pro7.dll
MOD - [2012.01.10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010.03.24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2005.06.28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll


========== Services (SafeList) ==========

SRV - [2013.03.13 03:07:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.18 23:23:06 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.10.23 11:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.16 21:11:42 | 000,184,848 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.04.12 05:27:08 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.10.25 23:36:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.24 20:32:55 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011.03.09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2013.02.18 23:23:06 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.11.12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.10.11 05:08:38 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012.10.11 05:08:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012.08.30 11:20:30 | 000,034,016 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.05.27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011.02.10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010.04.09 15:24:18 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.02.24 16:38:48 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2010.02.24 16:38:48 | 000,043,520 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.12.15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.12.15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007.07.31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.01.25 22:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00074f06dbc3c61
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=670
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00074f06dbc3c61
IE - HKCU\..\SearchScopes\{51989430-C455-4812-9D28-CE7DA8F2973D}: "URL" = http://search.softon...rce=4&cc=&r=427
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-11-30 12:30:14&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.hr/"
FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011.09.16 17:17:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.06.06 16:35:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013.04.10 12:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 23:23:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.14 19:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.06.06 22:41:50 | 000,000,000 | ---D | M]

[2011.06.03 18:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irena\AppData\Roaming\mozilla\Extensions
[2011.06.03 18:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irena\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.31 21:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irena\AppData\Roaming\mozilla\Firefox\Profiles\3rem0dk3.default\extensions
[2012.12.31 21:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irena\AppData\Roaming\mozilla\Firefox\Profiles\3rem0dk3.default\extensions\staged
[2013.02.22 00:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irena\AppData\Roaming\mozilla\Firefox\Profiles\kxc11fka.default\extensions
[2013.03.14 19:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.03.03 18:17:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.03.03 18:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011.06.06 16:35:04 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\T-MOBILE\INTERNETMANAGER_H\OCX32\ADDON
[2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 19:48:33 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013.02.18 23:23:41 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.10.10 17:32:11 | 000,002,359 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013.03.07 19:48:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 19:48:33 | 000,000,972 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013.03.07 19:48:33 | 000,000,999 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2013.03.07 19:48:33 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013.03.07 19:48:33 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.c...q=t&channel=rcs
CHR - default_search_provider: suggest_url = https://www.google.c...q={searchTerms},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - Extension: Learn German - Wie Geht's = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aglfgpioobpcmdheljepehachdjeopad\1.46_0\
CHR - Extension: YouTube = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google pretra\u017Eivanje = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Notty Notes = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbmjahbkbhakkfgjiggdclpmmpmhajn\1.3_0\
CHR - Extension: CPDD-Vintage = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoilddlbdfnfcdghecjecddbanfdingj\1.0_0\
CHR - Extension: German Flashcards = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijecamokjmiajijbajfnlbkfknpplkdf\1.0.1_0\
CHR - Extension: AVG Safe Search = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Autodesk Homestyler = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
CHR - Extension: Planner 5D = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: AVG Security Toolbar = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Gmail = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\irena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE7F5C6-FB89-4EB5-A4CA-38667E2B20D9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23765~1.24\{16cdf~1\browse~1.dll) - c:\ProgramData\BROWSE~1\23765~1.24\{16CDF~1\BROWSE~1.DLL ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\rootsetup\setupChecker.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00a47c6d-a71e-11e0-b763-74f06dbc3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{00a47c6d-a71e-11e0-b763-74f06dbc3c61}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c24bcf48-9048-11e0-9b89-74f06dbc3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{c24bcf48-9048-11e0-9b89-74f06dbc3c61}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c24bcf5b-9048-11e0-9b89-74f06dbc3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{c24bcf5b-9048-11e0-9b89-74f06dbc3c61}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f7e4ef5d-9cbb-11e0-b712-74f06dbc3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{f7e4ef5d-9cbb-11e0-b712-74f06dbc3c61}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{feac337e-7c1a-11e2-9d59-74f06dbc3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{feac337e-7c1a-11e2-9d59-74f06dbc3c61}\Shell\AutoRun\command - "" = G:\AurLaunch\LaunchScreen.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========

[2013.04.15 17:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.15 16:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.15 15:54:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.15 15:38:17 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.04.15 15:20:15 | 000,654,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.15 15:20:15 | 000,121,424 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.15 15:19:56 | 117,525,860 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013.04.15 15:15:36 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.04.15 15:15:35 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.04.15 15:15:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 15:15:19 | 1494,523,904 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.14 21:29:00 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013.04.14 15:46:33 | 000,226,325 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013.04.14 02:27:04 | 000,000,783 | ---- | M] () -- C:\Users\irena\Desktop\New WinRAR ZIP archive.zip
[2013.04.10 17:54:54 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.10 12:06:00 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

========== Files Created - No Company Name ==========

[2013.02.21 22:21:54 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012.10.11 16:33:53 | 000,000,838 | ---- | C] () -- C:\Users\irena\AppData\Local\recently-used.xbel
[2012.09.04 02:16:47 | 000,003,584 | ---- | C] () -- C:\Users\irena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.05 16:43:09 | 000,001,656 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012.01.10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.10.27 20:00:53 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL
[2011.06.24 21:29:34 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.06.24 17:57:50 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.06.04 19:59:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 23:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.09.16 01:49:07 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\.spotflux
[2011.06.04 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\AVG10
[2012.10.10 17:31:55 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Babylon
[2012.10.23 18:31:35 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Downloaded Installations
[2012.05.21 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\FileOpen
[2012.11.24 19:44:43 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\ManyCam
[2012.10.23 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Nitro
[2012.10.28 10:17:43 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Nitro PDF
[2012.03.15 21:43:44 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Notepad++
[2012.05.05 16:44:03 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Systweak
[2011.06.06 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\T-Mobile
[2011.08.15 21:31:02 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\T-Mobile Internet Manager
[2012.11.24 15:25:26 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\TeamViewer
[2011.06.06 22:41:50 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Thunderbird
[2013.04.15 02:49:57 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >

Edited by brioni, 15 April 2013 - 09:45 AM.

  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, brioni and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please, wait for a while, currently I'm analyzing your log. This can take some time, because my answers are reviewed by teacher.
  • 0

#3
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hey, fix is here!

Please, follow these steps:

Step 1. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2013.04.15 15:38:44 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFF7.tmp
    MOD - [2013.04.15 15:38:44 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFB4.tmp
    MOD - [2013.04.15 15:38:44 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM11A0.tmp
    MOD - [2013.04.15 15:38:44 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM10B4.tmp
    MOD - [2013.04.15 15:38:44 | 000,033,792 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\YTMP7MC8AA\TAAFE5.tmp
    MOD - [2013.04.15 15:38:43 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMC27.tmp
    MOD - [2013.04.15 15:38:43 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMB2C.tmp
    MOD - [2013.04.15 15:38:42 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMA40.tmp
    MOD - [2013.04.15 15:38:42 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM8F6.tmp
    MOD - [2013.04.15 15:38:42 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM77E.tmp
    MOD - [2013.04.15 15:38:42 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM6B1.tmp
    MOD - [2013.04.15 15:38:41 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM623.tmp
    MOD - [2013.04.15 15:38:41 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM565.tmp
    MOD - [2013.04.15 15:38:41 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM4B8.tmp
    MOD - [2013.04.15 15:38:41 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM3EB.tmp
    MOD - [2013.04.15 15:38:41 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM35D.tmp
    MOD - [2013.04.15 15:38:40 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFFAF.tmp
    MOD - [2013.04.15 15:38:40 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFF11.tmp
    MOD - [2013.04.15 15:38:40 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMD9.tmp
    MOD - [2013.04.15 15:38:40 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM196.tmp
    MOD - [2013.04.15 15:38:39 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFE73.tmp
    MOD - [2013.04.15 15:38:39 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFDF4.tmp
    MOD - [2013.04.15 15:38:39 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFCF8.tmp
    MOD - [2013.04.15 15:38:39 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFC2B.tmp
    MOD - [2013.04.15 15:38:39 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFB3E.tmp
    MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF811.tmp
    MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF7FF.tmp
    MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF7CE.tmp
    MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF71F.tmp
    MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF6EE.tmp
    MOD - [2013.04.15 15:38:38 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF6AE.tmp
    MOD - [2013.04.15 15:38:38 | 000,072,704 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF9B2.tmp
    MOD - [2013.04.15 15:38:38 | 000,072,192 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFAA0.tmp
    MOD - [2013.04.15 15:38:38 | 000,072,192 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFA22.tmp
    MOD - [2013.04.15 15:38:38 | 000,072,192 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF982.tmp
    MOD - [2013.04.15 15:38:38 | 000,064,000 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF872.tmp
    MOD - [2013.04.15 15:38:38 | 000,057,344 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF932.tmp
    MOD - [2013.04.15 15:38:38 | 000,056,320 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF750.tmp
    MOD - [2013.04.15 15:38:38 | 000,053,760 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF901.tmp
    MOD - [2013.04.15 15:38:38 | 000,053,760 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF842.tmp
    MOD - [2013.04.15 15:38:37 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF64C.tmp
    MOD - [2013.04.15 15:38:37 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF63A.tmp
    MOD - [2013.04.15 15:38:37 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF60A.tmp
    MOD - [2013.04.15 15:38:37 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF4AA.tmp
    MOD - [2013.04.15 15:38:37 | 000,068,608 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF5E8.tmp
    MOD - [2013.04.15 15:38:37 | 000,056,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF65E.tmp
    MOD - [2013.04.15 15:38:37 | 000,056,320 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF4EB.tmp
    MOD - [2013.04.15 15:38:37 | 000,055,296 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMF54A.tmp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00074f06dbc3c61
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00074f06dbc3c61
    IE - HKCU\..\SearchScopes\{51989430-C455-4812-9D28-CE7DA8F2973D}: "URL" = http://search.softon...rce=4&cc=&r=427
    [2012.10.10 17:32:11 | 000,002,359 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2013.03.03 18:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O20 - AppInit_DLLs: (c:\progra~2\browse~1\23765~1.24\{16cdf~1\browse~1.dll) - c:\ProgramData\BROWSE~1\23765~1.24\{16CDF~1\BROWSE~1.DLL ()
    O20 - HKLM Winlogon: TaskMan - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: TaskMan - (C:\rootsetup\setupChecker.exe) - File not found
    [2012.10.10 17:31:55 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Babylon
    
    :Files
    c:\ProgramData\BROWSE~1
    C:\rootsetup
    
    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, how your computer is running after all that fixes?

So, please, don't forget to post in your next message:

  • OTL log
  • AdwCleaner log

  • 0

#4
brioni

brioni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
# AdwCleaner v2.200 - Logfile created 04/15/2013 at 20:26:15
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : irena - NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Users\irena\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\irena\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\irena\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\irena\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\irena\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\irena\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\irena\AppData\Roaming\Babylon
Folder Deleted : C:\Users\irena\AppData\Roaming\Mozilla\Firefox\Profiles\3rem0dk3.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\5dedc88bc3fef46
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\5dedc88bc3fef46
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=111511&tt=091012_24_4112_6&babsrc=HP_ss&mntrId=682a833700000000000074f06dbc3c61 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (hr)

File : C:\Users\irena\AppData\Roaming\Mozilla\Firefox\Profiles\kxc11fka.default\prefs.js

C:\Users\irena\AppData\Roaming\Mozilla\Firefox\Profiles\kxc11fka.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "682a833700000000000074f06dbc3c61");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15623");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.717:32:21");
Deleted : user_pref("extensions.Softonic.admin", false);
Deleted : user_pref("extensions.Softonic.aflt", "SD");
Deleted : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Deleted : user_pref("extensions.Softonic.dfltLng", "");
Deleted : user_pref("extensions.Softonic.dfltSrch", true);
Deleted : user_pref("extensions.Softonic.excTlbr", false);
Deleted : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=13&[...]
Deleted : user_pref("extensions.Softonic.hpOld0", "hxxp://www.google.hr/");
Deleted : user_pref("extensions.Softonic.id", "682a833700000000000074f06dbc3c61");
Deleted : user_pref("extensions.Softonic.instlDay", "15756");
Deleted : user_pref("extensions.Softonic.instlRef", "INF00176");
Deleted : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=2&cc[...]
Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=1[...]
Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Deleted : user_pref("extensions.Softonic.rvrt", "true");
Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive");
Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF00176/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.vrsn", "1.8.8.11");
Deleted : user_pref("extensions.Softonic.vrsni", "1.8.8.11");
Deleted : user_pref("extensions.Softonic_i.dnsErr", true);
Deleted : user_pref("extensions.Softonic_i.excTlbr", false);
Deleted : user_pref("extensions.Softonic_i.hmpg", true);
Deleted : user_pref("extensions.Softonic_i.newTab", true);
Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");
Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.8.8.1118:00:09");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [12951 octets] - [15/04/2013 20:26:15]

########## EOF - C:\AdwCleaner[S1].txt - [13012 octets] ##########
  • 0

#5
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
What about this?

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


  • 0

#6
brioni

brioni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 15.4.2013. 20:51:51 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\irena\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy.

1,86 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 55,73% Memory free
3,71 Gb Paging File | 2,47 Gb Available in Paging File | 66,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 9,63 Gb Free Space | 32,97% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 13,91 Gb Free Space | 14,25% Space Free | Partition Type: NTFS
Drive F: | 171,13 Gb Total Space | 160,70 Gb Free Space | 93,90% Space Free | Partition Type: NTFS

Computer Name: NOTEBOOK | User Name: irena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.15 17:31:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\irena\Downloads\OTL.exe
PRC - [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.02.18 23:23:06 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.10.23 11:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.10.11 13:18:24 | 002,163,096 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
PRC - [2012.08.01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.16 21:11:42 | 000,184,848 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2012.04.12 05:27:08 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.09.09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011.08.18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011.05.23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 23:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.03.29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.03.16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\irena\AppData\Roaming\T-Mobile Internet Manager\ouc.exe


========== Modules (No Company Name) ==========

MOD - [2013.04.15 20:49:39 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM935.tmp
MOD - [2013.04.15 20:49:39 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM8F4.tmp
MOD - [2013.04.15 20:49:38 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM718.tmp
MOD - [2013.04.15 20:49:38 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM6B9.tmp
MOD - [2013.04.15 20:49:38 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM61B.tmp
MOD - [2013.04.15 20:49:38 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM59C.tmp
MOD - [2013.04.15 20:49:38 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM52B.tmp
MOD - [2013.04.15 20:49:38 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM8D3.tmp
MOD - [2013.04.15 20:49:38 | 000,086,016 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM893.tmp
MOD - [2013.04.15 20:49:38 | 000,033,792 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\YTMP7MC8AA\TAA56B.tmp
MOD - [2013.04.15 20:49:37 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM4BB.tmp
MOD - [2013.04.15 20:49:37 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM41D.tmp
MOD - [2013.04.15 20:49:37 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM3AE.tmp
MOD - [2013.04.15 20:49:37 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM35E.tmp
MOD - [2013.04.15 20:49:37 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM2EF.tmp
MOD - [2013.04.15 20:49:37 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM28F.tmp
MOD - [2013.04.15 20:49:37 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM230.tmp
MOD - [2013.04.15 20:49:37 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM1EF.tmp
MOD - [2013.04.15 20:49:37 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM142.tmp
MOD - [2013.04.15 20:49:36 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFFB4.tmp
MOD - [2013.04.15 20:49:36 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFF45.tmp
MOD - [2013.04.15 20:49:36 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFEC5.tmp
MOD - [2013.04.15 20:49:36 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMD3.tmp
MOD - [2013.04.15 20:49:36 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM63.tmp
MOD - [2013.04.15 20:49:36 | 000,120,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEM4.tmp
MOD - [2013.04.15 20:49:36 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFD5C.tmp
MOD - [2013.04.15 20:49:36 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFD3A.tmp
MOD - [2013.04.15 20:49:36 | 000,072,704 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFE32.tmp
MOD - [2013.04.15 20:49:36 | 000,072,192 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFE75.tmp
MOD - [2013.04.15 20:49:36 | 000,072,192 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFE54.tmp
MOD - [2013.04.15 20:49:36 | 000,072,192 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFE21.tmp
MOD - [2013.04.15 20:49:36 | 000,064,000 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFD9E.tmp
MOD - [2013.04.15 20:49:36 | 000,057,344 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFDD1.tmp
MOD - [2013.04.15 20:49:36 | 000,053,760 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFDB0.tmp
MOD - [2013.04.15 20:49:36 | 000,053,760 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFD6D.tmp
MOD - [2013.04.15 20:49:35 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFC2D.tmp
MOD - [2013.04.15 20:49:35 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFC0C.tmp
MOD - [2013.04.15 20:49:35 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFBCC.tmp
MOD - [2013.04.15 20:49:35 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFB99.tmp
MOD - [2013.04.15 20:49:35 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFB87.tmp
MOD - [2013.04.15 20:49:35 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFB66.tmp
MOD - [2013.04.15 20:49:35 | 000,075,776 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFAF1.tmp
MOD - [2013.04.15 20:49:35 | 000,068,608 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFB54.tmp
MOD - [2013.04.15 20:49:35 | 000,056,832 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFBAA.tmp
MOD - [2013.04.15 20:49:35 | 000,056,320 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFC4E.tmp
MOD - [2013.04.15 20:49:35 | 000,056,320 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFB12.tmp
MOD - [2013.04.15 20:49:35 | 000,055,296 | ---- | M] () -- C:\Users\irena\AppData\Local\Temp\XTMP1MC3VE\DEMFB33.tmp
MOD - [2013.03.07 16:29:21 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.10.11 13:18:26 | 000,124,312 | ---- | M] () -- C:\Program Files\ManyCam\Bin\CrashRpt.dll
MOD - [2012.10.11 13:15:40 | 002,010,624 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_core220.dll
MOD - [2012.10.11 13:15:40 | 001,242,112 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2012.10.11 13:15:40 | 000,776,192 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_highgui220.dll
MOD - [2012.10.11 13:15:40 | 000,241,152 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_objdetect220.dll
MOD - [2012.10.11 13:15:40 | 000,201,216 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_video220.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.01.10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010.03.24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - [2013.03.13 03:07:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.18 23:23:06 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.10.23 11:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.16 21:11:42 | 000,184,848 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.04.12 05:27:08 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.10.25 23:36:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.24 20:32:55 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011.03.09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2013.02.18 23:23:06 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.11.12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.10.11 05:08:38 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012.10.11 05:08:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012.08.30 11:20:30 | 000,034,016 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.05.27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011.02.10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010.04.09 15:24:18 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.02.24 16:38:48 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2010.02.24 16:38:48 | 000,043,520 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.12.15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.12.15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007.07.31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.01.25 22:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=670
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.hr/"
FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011.09.16 17:17:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.06.06 16:35:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013.04.10 12:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.14 19:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.06.06 22:41:50 | 000,000,000 | ---D | M]

[2011.06.03 18:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irena\AppData\Roaming\mozilla\Extensions
[2011.06.03 18:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irena\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.15 20:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irena\AppData\Roaming\mozilla\Firefox\Profiles\3rem0dk3.default\extensions
[2013.02.22 00:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irena\AppData\Roaming\mozilla\Firefox\Profiles\kxc11fka.default\extensions
[2013.04.15 20:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.03.03 18:17:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011.06.06 16:35:04 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\T-MOBILE\INTERNETMANAGER_H\OCX32\ADDON
[2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 19:48:33 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013.03.07 19:48:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 19:48:33 | 000,000,972 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013.03.07 19:48:33 | 000,000,999 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2013.03.07 19:48:33 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013.03.07 19:48:33 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.c...q=t&channel=rcs
CHR - default_search_provider: suggest_url = https://www.google.c...q={searchTerms},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - Extension: Learn German - Wie Geht's = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aglfgpioobpcmdheljepehachdjeopad\1.46_0\
CHR - Extension: YouTube = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google pretra\u017Eivanje = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Notty Notes = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbmjahbkbhakkfgjiggdclpmmpmhajn\1.3_0\
CHR - Extension: CPDD-Vintage = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoilddlbdfnfcdghecjecddbanfdingj\1.0_0\
CHR - Extension: German Flashcards = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijecamokjmiajijbajfnlbkfknpplkdf\1.0.1_0\
CHR - Extension: Autodesk Homestyler = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
CHR - Extension: Planner 5D = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: AVG Security Toolbar = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Gmail = C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\irena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE7F5C6-FB89-4EB5-A4CA-38667E2B20D9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00a47c6d-a71e-11e0-b763-74f06dbc3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{00a47c6d-a71e-11e0-b763-74f06dbc3c61}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c24bcf48-9048-11e0-9b89-74f06dbc3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{c24bcf48-9048-11e0-9b89-74f06dbc3c61}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c24bcf5b-9048-11e0-9b89-74f06dbc3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{c24bcf5b-9048-11e0-9b89-74f06dbc3c61}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f7e4ef5d-9cbb-11e0-b712-74f06dbc3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{f7e4ef5d-9cbb-11e0-b712-74f06dbc3c61}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{feac337e-7c1a-11e2-9d59-74f06dbc3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{feac337e-7c1a-11e2-9d59-74f06dbc3c61}\Shell\AutoRun\command - "" = G:\AurLaunch\LaunchScreen.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.15 20:37:06 | 000,000,000 | ---D | C] -- C:\_OTL

========== Files - Modified Within 30 Days ==========

[2013.04.15 20:55:29 | 000,654,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.15 20:55:29 | 000,121,424 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.15 20:54:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.15 20:48:22 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.15 20:48:22 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.04.15 20:48:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.04.15 20:48:04 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.04.15 20:48:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 20:47:59 | 1494,523,904 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.15 20:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.15 15:19:56 | 117,525,860 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013.04.14 21:29:00 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013.04.14 15:46:33 | 000,226,325 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013.04.14 02:27:04 | 000,000,783 | ---- | M] () -- C:\Users\irena\Desktop\New WinRAR ZIP archive.zip
[2013.04.10 17:54:54 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.10 12:06:00 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

========== Files Created - No Company Name ==========

[2013.02.21 22:21:54 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012.10.11 16:33:53 | 000,000,838 | ---- | C] () -- C:\Users\irena\AppData\Local\recently-used.xbel
[2012.09.04 02:16:47 | 000,003,584 | ---- | C] () -- C:\Users\irena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.05 16:43:09 | 000,001,656 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012.01.10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.10.27 20:00:53 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL
[2011.06.24 21:29:34 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.06.24 17:57:50 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.06.04 19:59:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 23:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.09.16 01:49:07 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\.spotflux
[2011.06.04 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\AVG10
[2012.10.23 18:31:35 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Downloaded Installations
[2012.05.21 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\FileOpen
[2012.11.24 19:44:43 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\ManyCam
[2012.10.23 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Nitro
[2012.10.28 10:17:43 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Nitro PDF
[2012.03.15 21:43:44 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Notepad++
[2012.05.05 16:44:03 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Systweak
[2011.06.06 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\T-Mobile
[2011.08.15 21:31:02 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\T-Mobile Internet Manager
[2012.11.24 15:25:26 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\TeamViewer
[2011.06.06 22:41:50 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\Thunderbird
[2013.04.15 20:24:33 | 000,000,000 | ---D | M] -- C:\Users\irena\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
  • 0

#7
brioni

brioni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I think you fixed it, no more pop-ups :)

Thank you

Edited by brioni, 15 April 2013 - 01:04 PM.

  • 0

#8
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
No-no-no, that's not over. Some pieces of infection could be left.

Step 1. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • AdwCleaner window should appear.
  • Click on the Search button.
  • After scan Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. MBAM scan.

Run Malwarebytes Anti-Malware.
  • Go to the Update tab.
  • Click on the Check for updates button. New small window should appear.
  • If an update is found, it will download and install the latest definitions.
  • Go back to the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

So, please, don't forget to post in your next message:

  • ESET Online Scanner's log
  • MBAM log

  • 0

#9
brioni

brioni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
# AdwCleaner v2.200 - Logfile created 04/16/2013 at 21:39:37
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : irena - NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Users\irena\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (hr)

File : C:\Users\irena\AppData\Roaming\Mozilla\Firefox\Profiles\kxc11fka.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [873 octets] - [16/04/2013 21:39:37]
AdwCleaner[S1].txt - [13082 octets] - [15/04/2013 20:26:15]

########## EOF - C:\AdwCleaner[R1].txt - [993 octets] ##########









Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.16.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
irena :: NOTEBOOK [administrator]

Protection: Enabled

16.4.2013. 21:54:54
mbam-log-2013-04-16 (21-54-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201264
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (2) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff70db27a0652c488ebbfdfe6cd6aee9
# engine=13633
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2013-04-16 08:58:31
# local_time=2013-04-16 10:58:31 (+0100, Central European Daylight Time)
# country="Croatia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1032 16777213 100 98 7269 109317255 0 0
# compatibility_mode=5893 16776574 66 85 75010782 117777102 0 0
# scanned=126166
# found=2
# cleaned=2
# scan_time=2463
sh=1622FB00926D594E965E0B06EE13E3D95DBCB056 ft=1 fh=bfd80d96c144b1dc vn="probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\irena\Downloads\vioplayer2.exe"
sh=476EA5ED65F8B359C2CA11B3A9D575F39E300161 ft=1 fh=c71c0011e22dec9d vn="probably a variant of Win32/AutoRun.VB.ANX worm (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\04152013_203706\C_\rootsetup\mafw.dat"
  • 0

#10
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
How your computer is running now?
  • 0

#11
brioni

brioni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Great, thank you for fixing it
  • 0

#12
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Congratulations, your PC is clean now. :)

However, you need to follow some important steps to remove tools and prevent infection again.

Step 1. Uninstalling Programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

  • ESET Online Scanner

Step 2. Uninstall AdwCleaner.

  • Run AdwCleaner on your Desktop.
  • Click Uninstall button.
  • AdwCleaner will be removed from your computer.

Step 3. CleanUp.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • After reboot run OTL again.
  • Click on CleanUp button.
  • OTL will be removed from your computer.

Here are some recommendations for you, how to stay safe in the internet.

  • Keep your system up-to-date. It will increase your protection level, because a lot of malware uses system vulnerabilities.

    To learn more, how to turn Automatic Updates on, click here.
  • Keep another software up-to-date too. Malware often uses third party software vulnerabilities.

    You can monitor news about vulnerabilities or simply install software which will scan your computer for outdated and vulnerable software and will notify you about results. Some of these programs are Secunia PSI (Requires installation, you can download it here) and Secunia OSI (java applet, requires Java Runtime Environment, learn more here).
  • Keep your antivirus software up-to-date.

    Turn on automatic updates for your antivirus, it's a basis of protection. Don't forget to keep your antivirus version up-to-date, new versions usually have advanced functionality, clean and prevent infection more effectively, than outdated versions.
  • Use limited user account. It will considerably increase your level of protection.

    90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing on the internet.
  • Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.

    Some malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. For each account on the internet invent individual password.

Hope, that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you! :)
  • 0

#13
brioni

brioni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Phel, thanks for your help one more time, its been a pleasure working with you
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP