Ga naar inhoud

philspain

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    156

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door philspain

  1. philspain
    Hallo hier is die late weer. Ja het werkt prima, ontzettend bedankt voor de hulp.
  2. philspain
    Hallo Porrelaar, Alweer sorry voor mijn late reactie. Ontzettend bedankt, ik heb het werkgeheugen van mijn macbook vergroot. Perfekt ! Many thanks, Philspain
  3. philspain
    Hallo Porrelaar, Sorry dat ik niet eerder gereageerd heb maar ben net terug uit vakantie. Dank je voor je reactie. Jammer dan, het werkgeheugen is niet genoeg in mijn macbook om een upgrade te maken. Ik heb maar 1GB werkgeheugen. Een nieuwe mac kopen dan maar. Bedankt, Philspain
  4. philspain
    Hallo, Ik heb een macbook 2,1 met versie 10.6.8 Kan ik die nog upgraden ? Ik kreeg net een bericht van Spotify dat ik weldra Spotify niet meer kan gebruiken op deze macbook. Thnx Phil
  5. philspain
    De snelheid is beduidend beter dank je ! Alleen geeft ie soms een fout bij het laden van AVG ! Misschien moet ik dat eens opnieuw installeren ?
  6. philspain
    In bijlage het Adw-cleaner logje AdwCleaner[S0].txt
  7. philspain
    Hallo, Ik denk dat ik zonder weten mijn java heb verwijderd van mijn pc, want ik vond totaal geen oudere versies terug ! Hieronder het nieuwe zoek-logje na het installeren van Java ! Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by User on 08/06/2014 at 13:30:49.66. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-06-06-100023.log 45661 bytes C:\zoek-results2014-06-08-112328.log 31989 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe C:\Windows\System32\spool\drivers\w32x86\3\E_TATIIVE.EXE C:\Windows\system32\conime.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\Dwm.exe C:\Users\User\Desktop\zoek.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} not found ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 3070 MB CPU Info: Intel® Core2 Duo CPU T5750 @ 2.00GHz CPU Speed: 2057.5 MHz Sound Card: Speakers (Realtek High Definiti | Realtek HDMI Output (Realtek Hi | Digital Output Device (HDMI) (2 | Realtek Digital Output(Optical) | Display Adapters: ATI Mobility Radeon HD 3470 | ATI Mobility Radeon HD 3470 | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1024 X 768 - 32 bit Network: Network Present Network Adapters: Intel® PRO/Wireless 3945ABG Network Connection | Broadcom NetLink Gigabit Ethernet CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GSA-T40N Ports: COM13 | COM14 | COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 111.2GB | D: 107.7GB Hard Disks - Free: C: 58.9GB | D: 100.1GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 06/18/08 | ACRSYS - 6040000 Time Zone: Romance Standard Time Motherboard *: Acer, Inc. Chapala Country: United Kingdom Language: ENG ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated) Default Browser: Firefox 29.0.1 Internet Explorer version: 8.0.6001.19088 Mozilla Firefox version: 29.0.1 (x86 en-GB) Google Chrome version: 35.0.1916.114 Adobe Reader version: 9.5.5.316 Sun Java version: 1.7.0_60 (32-bit) Flash Player version: 13.0.0.214 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\User\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-06-08 10:58:29 CEE4C9E092168CEBD187491AF6FDA8FB 264616 ----a-w- C:\Windows\System32\javaws.exe 2014-06-08 10:58:17 ECB3AB701D6E26F5E54C58957E34E719 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-06-08 10:58:17 B1799EE2C6B8435E7227844C5FC08BCC 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-06-08 10:58:17 2251971694E17BAC4E344DC2B7CD7ADD 175528 ----a-w- C:\Windows\System32\java.exe 2014-06-02 13:48:17 EB4A8F35A70A887FE32F43A3AA7D4E9A 203976 ----a-w- C:\Windows\System32\RICHTX32.OCX 2014-06-02 13:48:17 CD253C31CA5811007241BAE3173E7FBC 166160 ----a-w- C:\Windows\System32\msltus35.dll 2014-06-02 13:48:17 A975D60B223E683C987162BEB291B748 415504 ----a-w- C:\Windows\System32\msrepl35.dll 2014-06-02 13:48:17 9F6FAF209BEC2362523A0E9509F78964 1046288 ----a-w- C:\Windows\System32\msjet35.dll 2014-06-02 13:48:17 72F160302EE06A2CB12FA2FFA10BA3F0 24848 ----a-w- C:\Windows\System32\msjter35.dll 2014-06-02 13:48:17 4FB4A9FBB17ED82EDC6AC5C3C6E71C6D 123664 ----a-w- C:\Windows\System32\Msjint35.dll 2014-06-02 13:48:17 42A98FDCC6C0E8B154B695A5688EDFCE 1234704 ----a-w- C:\Windows\System32\msjt4jlt.dll 2014-06-02 13:48:17 176BB4A7C09D4953C27C6C9472D84895 250640 ----a-w- C:\Windows\System32\msexcl35.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== 2014-06-02 14:43:11 A8A862B0B1FED818C1102649FACA9761 3220 ----a-w- C:\Windows\system32\Tasks\GPUpdate 2014-06-02 14:43:10 11C448F9BF390577BC63C76AEA557B55 3406 ----a-w- C:\Windows\system32\Tasks\GPUpdateCheck ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-08 10:59:38 -------- d-----w- C:\Program Files\Common Files\Java 2014-06-02 13:48:16 -------- d-----w- C:\Program Files\Winlive FREE ======= C: ===== ====== C:\Users\User\AppData\Roaming ====== 2014-06-08 11:23:28 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-06-08 11:23:28 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-06-08 11:23:27 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-06-08 11:23:27 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-06-06 09:55:37 -------- d-----w- C:\Users\User\AppData\Local\Temp 2014-06-02 14:43:06 -------- d-----w- C:\Users\User\AppData\Roaming\GetPrivate 2014-06-02 14:43:03 -------- d-----w- C:\Users\User\AppData\Roaming\wi_upd 2014-06-02 12:25:54 -------- d-----w- C:\Users\User\AppData\Roaming\Settings Manager 2014-06-02 12:25:31 -------- d-----w- C:\Users\User\AppData\Local\pgcchelper ====== C:\Users\User ====== 2014-06-08 11:03:37 -------- d-----w- C:\ProgramData\Oracle 2014-06-08 10:58:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-04 10:08:08 DBA3C842E685F0EA6A1FEE308FD11214 604973 ----a-w- C:\Users\User\microphone.jpg 2014-06-02 13:48:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winlive FREE 2014-06-02 12:19:23 ADB36249FFC8BCC36E2DBA2A2F218354 3895224 ----a-w- C:\Users\User\Downloads\FinalTorrentSetup [1].exe ====== C: exe-files == 2014-06-08 11:27:51 CCD9A576C10BA9C0C049BC7FF20751A0 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2286521827-2552126233-756588910-1000\$I0VMZBB.exe 2014-06-08 10:58:29 CEE4C9E092168CEBD187491AF6FDA8FB 264616 ----a-w- C:\Windows\System32\javaws.exe 2014-06-08 10:58:17 ECB3AB701D6E26F5E54C58957E34E719 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-06-08 10:58:17 2251971694E17BAC4E344DC2B7CD7ADD 175528 ----a-w- C:\Windows\System32\java.exe 2014-06-08 10:58:06 F9DE7324BDF83F5AFE174354F47C2AE0 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-06-08 10:58:06 E0FE8B7BE802F8C4A71317AC35E44B00 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-06-08 10:58:06 C7C5FF4B0E83702EFBC0C886D87E9743 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-06-08 10:58:06 B5C9699AA60F74F144DB5A566F6E58F8 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-06-08 10:58:06 84FB0EC0581C996F445433BD2379A5CC 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-06-08 10:58:06 8140DCC3064BA8ADC407D956BE19D764 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-06-08 10:58:06 3427C247AFEC295CD4A20B53EE445F23 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-06-08 10:58:06 3002E7E937FCB8985320AA807E762845 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-06-08 10:58:06 0595B07F96E4F48784A4B772B887AD68 49576 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-06-08 10:58:05 E87885A59FDC241B6575943A75E495D9 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe 2014-06-08 10:58:05 E2C8F178A57D011518785CF75044CD69 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-06-08 10:58:05 AEA4E94FC2A2F88FA5EC7FB6BC349E1B 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-06-08 10:58:05 62CA7ABA57A4FCDB3844F73A156BAE26 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-06-08 10:58:05 235A2E87C34995F1837283FE76CD2E46 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-06-08 10:58:05 1EFC992CA271E6D40034FBE7BCEDB724 52648 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-06-08 10:57:59 ECB3AB701D6E26F5E54C58957E34E719 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-06-08 10:57:59 CEE4C9E092168CEBD187491AF6FDA8FB 264616 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-06-08 10:57:59 96777405AB93AF8FCF6C9B6F5C3F1E51 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-06-08 10:57:59 82517DE5984F3EA3A49E0B5C8825DA63 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-06-08 10:57:59 2251971694E17BAC4E344DC2B7CD7ADD 175528 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-06-08 10:57:59 07643C3AF27179144C9800AF0819DE75 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-06-08 10:55:17 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\User\AppData\LocalLow\Sun\Java\jre1.7.0_60\lzma.exe 2014-06-08 10:17:42 B8D51D13AA9516ECB78AB0EB9217CB2E 918952 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2286521827-2552126233-756588910-1000\$R0VMZBB.exe 2014-06-02 14:43:06 0BAA7951047AEA39465AF38991E49C56 808960 ----a-w- C:\Users\User\AppData\Roaming\GetPrivate\gp_upd.exe 2014-06-02 14:43:03 47E618A0D2477068741D73A0F2C5A10C 826392 ----a-w- C:\Users\User\AppData\Roaming\wi_upd\si.exe 2014-06-02 13:48:16 EC1BDAAEEAF1D03BA0B6CE0E61A8AF85 6295552 ----a-w- C:\Program Files\Winlive FREE\WinliveF.exe 2014-06-02 13:48:16 BEA47D146343C54CA911449C3C0F35F9 172032 ----a-w- C:\Program Files\Winlive FREE\WLCDP.exe 2014-06-02 13:48:16 B3F2BF6771832696A267E39A1045F99F 718497 ----a-w- C:\Program Files\Winlive FREE\unins000.exe 2014-06-02 13:48:16 18B78D0B8F6B22385B24207C58890284 371712 ----a-w- C:\Program Files\Winlive FREE\syb.exe 2014-06-02 12:25:31 8D47BE17C7331B962E79BFDA16F5C29A 34106 ----a-w- C:\Users\User\AppData\Local\pgcchelper\pgcchelper_uninstaller.exe 2014-06-02 12:19:23 ADB36249FFC8BCC36E2DBA2A2F218354 3895224 ----a-w- C:\Users\User\Downloads\FinalTorrentSetup [1].exe === C: other files == 2014-06-08 10:58:06 8E29BBCCC8D802D36701633A7842FE74 18636 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT EPLTarget\P0000000000000001 /M WF-2530 Series" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "PLFSetL"="C:\Windows\PLFSetL.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT EPLTarget\P0000000000000001 /M WF-2530 Series" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccleaner] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccleaner" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /AUTO" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware (reboot)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Malwarebytes Anti-Malware (reboot)" "hkey"="HKLM" "command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Messenger (Yahoo!)" "hkey"="HKCU" "command"="\"C:\\PROGRA~1\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileBroadband] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MobileBroadband" "hkey"="HKLM" "command"="C:\\Program Files\\Vodafone\\Vodafone Mobile Broadband\\Bin\\MobileBroadband.exe /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PLFSetL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PLFSetL" "hkey"="HKLM" "command"="C:\\Windows\\PLFSetL.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skytel" "hkey"="HKLM" "command"="Skytel.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk" "backup"="C:\\Windows\\pss\\Adobe Gamma Loader.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk] "path"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\IMVU.lnk" "backup"="C:\\Windows\\pss\\IMVU.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\User\\AppData\\Roaming\\IMVUClient\\IMVUQualityAgent.exe \"--startup\"" "item"="IMVU" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14/05/2014 15:39] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19/01/2011 13:30] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19/01/2011 13:30] C:\Windows\tasks\PerfectOptimizer_home.job --a------ C:\Program Files\Perfect Optimizer\PerfectOptimizer.exe [] C:\Windows\tasks\User_Feed_Synchronization-{D6A5BA18-8CD6-4C00-B34F-1C1CF83A5543}.job --ah----- C:\Windows\system32\msfeedssync.exe [28/05/2011 06:32] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GPUpdate" [C:\Users\User\AppData\Roaming\GetPrivate\gp_upd.exe] "C:\Windows\system32\tasks\GPUpdateCheck" [C:\Users\User\AppData\Roaming\GetPrivate\gp_upd.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{D6A5BA18-8CD6-4C00-B34F-1C1CF83A5543}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\{E4291A95-133E-4E34-835B-7FA58313E81B}" [C:\Program Files\Skype\Phone\Skype.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [21/02/2013 14:58] ==== Firefox Extensions ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default - BlackFox V2 - %ProfilePath%\extensions\zigboom@hotmail.com - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi - flaminglow - %ProfilePath%\extensions\flaminglow-ff3-30@glowplug.bitasylum.net.xpi - glowygold - %ProfilePath%\extensions\glowygold-ff3-30@glowplug.bitasylum.net.xpi - NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi - ScrapBook - %ProfilePath%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi - Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Red Cats blue flavor - %ProfilePath%\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default 6897943E58D779D1C7CB74191931B1D5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U60 7BF7103176DBFC80A31E275F7ED7918C - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.600.19 785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash 49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 7F776D29CE1EC62F9D30BD877A40D419 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in C3E42CBF8215171A524D123A54AE3233 - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll - Silverlight Plug-In 60365D4C8743A4065B1C1B493BC29171 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll - RIM Handheld Application Loader 65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) 01F0264937036BD962563F1ADF35CE72 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin 683E6C0D2DE6B09E173B193D6B8D1CB1 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.5 E08E67CD1D53C83C696B7E731F3794C0 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.5 CE34BB9EC3ADB3E88BE810D0C5FDDE4B - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.5 A60B3186F98F589E4F8001A4C720702A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.5 EE450CC159F2650E70ACFB99D45494DE - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.5 840C5A58162FB6F02AAC2ED76E0B6641 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.5 DA548872C3126B09D7832B4ABEB54116 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.5 AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation AEA2784CF359F361D454B9B39E07C56B - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrlui.dll - Microsoft ® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[07/02/2013 07:47] Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo\u003E - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2530 Series" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CSPEH - Unknown owner - C:\Users\User\AppData\Local\Temp\CSPEH.exe (file missing) O23 - Service: Servicio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\gca71xw1.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1125 folders=252 561226464 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\User\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on 08/06/2014 at 13:50:47.67 ======================
  8. philspain
    i heb windows Vista zo ik heb geen configuratiescherm en software ? Ik ga naar start en dan .....?
  9. philspain
    Hieronder het Zoek-logje ! Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by User on 06/06/2014 at 11:38:23.25. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe C:\Windows\system32\conime.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Windows\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\User\Desktop\zoek.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 06/06/2014 11:40:19 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\SiteLookup deleted successfully C:\Users\User\AppData\Roaming\SupTab deleted successfully C:\Users\User\AppData\Local\genienext deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7EC7CE77-8760-4617-B27D-63A7D37464C8} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) 4shared Desktop ABBYY FineReader 6.0 Sprint Acer Crystal Eye Webcam Video Class Camera Adobe Flash Player 13 Plugin Adobe Photoshop 7.0 Adobe Reader 9.5.5 Alcatech BPM Studio Professional v4.9.1 APLI Soft SE Apple Application Support Apple Mobile Device Support Apple Software Update Applian Director ATI Catalyst Install Manager AVG 2014 Beta Bugs BugPack1 VST BlackBerry Desktop Software 6.0 Bonjour Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista ccc-core-static ccc-utility CCC Help English CCleaner CodeStuff Starter D3DX10 Disketch Disc Label Software DivX Setup Epson Connect Guide Epson Easy Photo Print 2 Epson Event Manager Epson FAX Utility Epson Network Guide WF-2530 Series Epson PC-FAX Driver EPSON Scan EPSON SX110 Series Printer Uninstall Epson User's Guide WF-2530 Series EPSON WF-2530 Series Printer Uninstall EpsonNet Print ERUNT 1.1j Express Burn FLV Player 2.0 (build 25) Free Audio Converter version 5.0.22.128 Free Easy Burner V 5.0 Free YouTube to MP3 Converter version 3.10.15.1228 Google Chrome Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) InfraRecorder iTunes Java 7 Update 15 Java Auto Updater Junk Mail filter update jZip KaraFun 1.18 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 29.0.1 (x86 en-GB) Mozilla Maintenance Service MSVCRT MUkoTE QuickTime Realtek High Definition Audio Driver Replay Music 6 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office 2007 System (KB2541012) Security Update for Microsoft Office Excel 2007 (KB2541007) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Segoe UI Skins SkypeT 6.3 Software Informer 1.0 BETA Software Updater Spotify Steinberg Cubase LE 4 Syncrosoft License Control TuneUp Utilities 2014 (en-US) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Outlook 2007 (KB2509470) Update for Outlook 2007 Junk Email Filter (KB2536413) US-122L / US-144 driver Van Dale pocketwoordenboeken vanBasco's Karaoke Player VC80CRTRedist - 8.0.50727.6195 Vista Codec Package Visual Studio 2012 x86 Redistributables Vodafone Mobile Broadband Lite Voipwise Windows Installer Clean Up Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinLiveFree5.5 Xvid 1.2.1 final uninstall Yahoo Messenger ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDYEHKZ deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HDYEHKZ deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SGNITIQPEOFL deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SGNITIQPEOFL deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default user.js not found ---- Lines Softonic removed from prefs.js ---- user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "SD"); user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.dfltSrch", true); user_pref("extensions.Softonic.dnsErr", true); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.ffxUnstlRst", false); user_pref("extensions.Softonic.hmpg", true); user_pref("extensions.Softonic.hmpgUrl", "http://search.softonic.com/MOY00013/tb_v1?SearchSource=13&cc=&mi=b4998904000000000000001f3c2a7970&toi=16090" user_pref("extensions.Softonic.hpOld0", ""); user_pref("extensions.Softonic.id", "b4998904000000000000001f3c2a7970"); user_pref("extensions.Softonic.instlDay", "16090"); user_pref("extensions.Softonic.instlRef", "MOY00013"); user_pref("extensions.Softonic.kw_url", "http://search.softonic.com/MOY00013/tb_v1?SearchSource=2&cc=&mi=b4998904000000000000001f3c2a7970&toi=16090&q= user_pref("extensions.Softonic.newTab", true); user_pref("extensions.Softonic.newTabUrl", "http://search.softonic.com/MOY00013/tb_v1/?SearchSource=15&cc=&mi=b4998904000000000000001f3c2a7970&toi=160 user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.rvrt", "false"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); user_pref("extensions.Softonic.tlbrId", "2013desingbrand"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MOY00013/tb_v1?SearchSource=1&cc=&mi=b4998904000000000000001f3c2a7970&toi=160 user_pref("extensions.Softonic.vrsn", "1.8.29.3"); user_pref("extensions.Softonic.vrsnTs", "1.8.29.312:38:35"); user_pref("extensions.Softonic.vrsni", "1.8.29.3"); ---- Lines search.net removed from prefs.js ---- user_pref("browser.search.order.1", "default-search.net"); user_pref("keyword.URL", "http://www.default-search.net/search?sid=492&aid=104&itype=n&ver=12565&tm=366&src=ds&p="); ---- Lines mysearch removed from prefs.js ---- user_pref("extensions.irmysearch.aflt", "dnldmsd"); user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtC0FtA0CtB0AyBzyyBtDzzzytDyEtN0D0Tzu0CyDzztDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1 user_pref("extensions.irmysearch.cr", "1289320101"); user_pref("extensions.irmysearch.instlRef", ""); ---- FireFox user.js and prefs.js backups ---- prefs_062014_1150_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] ==== Deleting Files \ Folders ====================== C:\Users\User\AppData\Roaming\DIGITA~1 deleted C:\Users\User\.android deleted C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\Program Files\jZip deleted C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\Program Files\Yahoo! deleted C:\Users\User\AppData\Roaming\Smiley.ico deleted C:\Users\User\AppData\Roaming\sweet-page deleted C:\Users\User\AppData\Roaming\Yahoo! deleted C:\Users\User\AppData\Roaming\Systweak deleted C:\PROGRA~2\Yahoo! deleted C:\PROGRA~2\IePluginServices deleted C:\Users\User\AppData\Local\jZip deleted C:\Users\User\AppData\Local\Mobogenie deleted C:\Users\User\AppData\Local\cache deleted C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk deleted C:\Users\User\AppData\LocalLow\uTorrentBar deleted C:\Windows\system32\tasks\Digital Sites deleted C:\Windows\tasks\Digital Sites.job deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\conduit-search.xml deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\default-search.xml deleted C:\Users\User\APLI_Soft_37_1.exe deleted "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\softonic.xml" deleted "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\softonic.xml" deleted "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome.manifest" deleted "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\install.rdf" deleted "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\license.txt" deleted "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome\dvsmenuext.jar" deleted "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}" deleted "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome" deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 3070 MB CPU Info: Intel® Core2 Duo CPU T5750 @ 2.00GHz CPU Speed: 2031.8 MHz Sound Card: Speakers (Realtek High Definiti | Realtek HDMI Output (Realtek Hi | Digital Output Device (HDMI) (2 | Realtek Digital Output(Optical) | Display Adapters: ATI Mobility Radeon HD 3470 | ATI Mobility Radeon HD 3470 | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1024 X 768 - 32 bit Network: Network Present Network Adapters: Intel® PRO/Wireless 3945ABG Network Connection | Broadcom NetLink Gigabit Ethernet CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GSA-T40N Ports: COM13 | COM14 | COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 111.2GB | D: 107.7GB Hard Disks - Free: C: 57.6GB | D: 100.1GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 06/18/08 | ACRSYS - 6040000 Time Zone: Romance Standard Time Motherboard *: Acer, Inc. Chapala Country: United Kingdom Language: ENG ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated) Default Browser: Firefox 29.0.1 Internet Explorer version: 8.0.6001.19088 Mozilla Firefox version: 29.0.1 (x86 en-GB) Google Chrome version: 35.0.1916.114 Adobe Reader version: 9.5.5.316 Sun Java version: 1.7.0_15 (32-bit) Flash Player version: 13.0.0.214 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\User\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-06-02 13:48:17 EB4A8F35A70A887FE32F43A3AA7D4E9A 203976 ----a-w- C:\Windows\System32\RICHTX32.OCX 2014-06-02 13:48:17 CD253C31CA5811007241BAE3173E7FBC 166160 ----a-w- C:\Windows\System32\msltus35.dll 2014-06-02 13:48:17 A975D60B223E683C987162BEB291B748 415504 ----a-w- C:\Windows\System32\msrepl35.dll 2014-06-02 13:48:17 9F6FAF209BEC2362523A0E9509F78964 1046288 ----a-w- C:\Windows\System32\msjet35.dll 2014-06-02 13:48:17 72F160302EE06A2CB12FA2FFA10BA3F0 24848 ----a-w- C:\Windows\System32\msjter35.dll 2014-06-02 13:48:17 4FB4A9FBB17ED82EDC6AC5C3C6E71C6D 123664 ----a-w- C:\Windows\System32\Msjint35.dll 2014-06-02 13:48:17 42A98FDCC6C0E8B154B695A5688EDFCE 1234704 ----a-w- C:\Windows\System32\msjt4jlt.dll 2014-06-02 13:48:17 176BB4A7C09D4953C27C6C9472D84895 250640 ----a-w- C:\Windows\System32\msexcl35.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== 2014-06-02 14:43:11 A8A862B0B1FED818C1102649FACA9761 3220 ----a-w- C:\Windows\system32\Tasks\GPUpdate 2014-06-02 14:43:10 2DEB5E30CDDC84B01268FE8BA36BCA79 3406 ----a-w- C:\Windows\system32\Tasks\GPUpdateCheck 2014-05-07 12:44:26 -------- d-----w- C:\Windows\system32\Tasks\NCH Software ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-02 13:48:16 -------- d-----w- C:\Program Files\Winlive FREE 2014-05-07 13:11:36 -------- d-----w- C:\Program Files\Apli 2014-05-07 12:44:08 -------- d-----w- C:\Program Files\NCH Software ======= C: ===== ====== C:\Users\User\AppData\Roaming ====== 2014-06-02 14:43:06 -------- d-----w- C:\Users\User\AppData\Roaming\GetPrivate 2014-06-02 14:43:03 -------- d-----w- C:\Users\User\AppData\Roaming\wi_upd 2014-06-02 12:25:54 -------- d-----w- C:\Users\User\AppData\Roaming\Settings Manager 2014-06-02 12:25:31 -------- d-----w- C:\Users\User\AppData\Local\pgcchelper 2014-05-07 13:12:46 -------- d-----w- C:\Users\User\AppData\Roaming\APLI 2014-05-07 13:12:18 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\APLI Soft 2014-05-07 12:44:33 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-05-07 12:44:06 -------- d-----w- C:\Users\User\AppData\Roaming\NCH Software ====== C:\Users\User ====== 2014-06-04 10:08:08 DBA3C842E685F0EA6A1FEE308FD11214 604973 ----a-w- C:\Users\User\microphone.jpg 2014-06-02 13:48:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winlive FREE 2014-06-02 12:19:23 ADB36249FFC8BCC36E2DBA2A2F218354 3895224 ----a-w- C:\Users\User\Downloads\FinalTorrentSetup [1].exe 2014-05-07 13:12:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APLI Soft 2014-05-07 12:44:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs 2014-05-07 12:44:26 -------- d-----w- C:\ProgramData\NCH Software 2014-05-07 12:44:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-05-07 12:44:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs ====== C: exe-files == 2014-06-02 14:43:06 0BAA7951047AEA39465AF38991E49C56 808960 ----a-w- C:\Users\User\AppData\Roaming\GetPrivate\gp_upd.exe 2014-06-02 14:43:03 47E618A0D2477068741D73A0F2C5A10C 826392 ----a-w- C:\Users\User\AppData\Roaming\wi_upd\si.exe 2014-06-02 13:48:16 EC1BDAAEEAF1D03BA0B6CE0E61A8AF85 6295552 ----a-w- C:\Program Files\Winlive FREE\WinliveF.exe 2014-06-02 13:48:16 BEA47D146343C54CA911449C3C0F35F9 172032 ----a-w- C:\Program Files\Winlive FREE\WLCDP.exe 2014-06-02 13:48:16 B3F2BF6771832696A267E39A1045F99F 718497 ----a-w- C:\Program Files\Winlive FREE\unins000.exe 2014-06-02 13:48:16 18B78D0B8F6B22385B24207C58890284 371712 ----a-w- C:\Program Files\Winlive FREE\syb.exe 2014-06-02 12:25:31 8D47BE17C7331B962E79BFDA16F5C29A 34106 ----a-w- C:\Users\User\AppData\Local\pgcchelper\pgcchelper_uninstaller.exe 2014-06-02 12:19:23 ADB36249FFC8BCC36E2DBA2A2F218354 3895224 ----a-w- C:\Users\User\Downloads\FinalTorrentSetup [1].exe 2014-05-31 09:16:41 3AF5806AAB54D86CDA7AAA034FD2C35E 38382160 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\35.0.1916.114\35.0.1916.114_chrome_installer.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT EPLTarget\P0000000000000001 /M WF-2530 Series" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "PLFSetL"="C:\Windows\PLFSetL.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT EPLTarget\P0000000000000001 /M WF-2530 Series" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccleaner] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccleaner" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /AUTO" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware (reboot)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Malwarebytes Anti-Malware (reboot)" "hkey"="HKLM" "command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Messenger (Yahoo!)" "hkey"="HKCU" "command"="\"C:\\PROGRA~1\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileBroadband] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MobileBroadband" "hkey"="HKLM" "command"="C:\\Program Files\\Vodafone\\Vodafone Mobile Broadband\\Bin\\MobileBroadband.exe /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PLFSetL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PLFSetL" "hkey"="HKLM" "command"="C:\\Windows\\PLFSetL.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skytel" "hkey"="HKLM" "command"="Skytel.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk" "backup"="C:\\Windows\\pss\\Adobe Gamma Loader.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk] "path"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\IMVU.lnk" "backup"="C:\\Windows\\pss\\IMVU.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\User\\AppData\\Roaming\\IMVUClient\\IMVUQualityAgent.exe \"--startup\"" "item"="IMVU" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14/05/2014 15:39] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19/01/2011 13:30] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19/01/2011 13:30] C:\Windows\tasks\PerfectOptimizer_home.job --a------ C:\Program Files\Perfect Optimizer\PerfectOptimizer.exe [] C:\Windows\tasks\User_Feed_Synchronization-{D6A5BA18-8CD6-4C00-B34F-1C1CF83A5543}.job --ah----- C:\Windows\system32\msfeedssync.exe [28/05/2011 06:32] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GPUpdate" [C:\Users\User\AppData\Roaming\GetPrivate\gp_upd.exe] "C:\Windows\system32\tasks\GPUpdateCheck" [C:\Users\User\AppData\Roaming\GetPrivate\gp_upd.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{D6A5BA18-8CD6-4C00-B34F-1C1CF83A5543}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\{E4291A95-133E-4E34-835B-7FA58313E81B}" [C:\Program Files\Skype\Phone\Skype.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [21/02/2013 14:58] ==== Firefox Extensions ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default - BlackFox V2 - %ProfilePath%\extensions\zigboom@hotmail.com - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi - flaminglow - %ProfilePath%\extensions\flaminglow-ff3-30@glowplug.bitasylum.net.xpi - glowygold - %ProfilePath%\extensions\glowygold-ff3-30@glowplug.bitasylum.net.xpi - NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi - ScrapBook - %ProfilePath%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi - Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Red Cats blue flavor - %ProfilePath%\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi AppDir: C:\Program Files\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default 785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash 49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat AFD9010DC500096809C2784551909304 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U15 1B197A0ED28DB310AB67591567C3787A - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.150.3 7F776D29CE1EC62F9D30BD877A40D419 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in C3E42CBF8215171A524D123A54AE3233 - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll - Silverlight Plug-In 60365D4C8743A4065B1C1B493BC29171 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll - RIM Handheld Application Loader 65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) 01F0264937036BD962563F1ADF35CE72 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin 683E6C0D2DE6B09E173B193D6B8D1CB1 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.5 E08E67CD1D53C83C696B7E731F3794C0 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.5 CE34BB9EC3ADB3E88BE810D0C5FDDE4B - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.5 A60B3186F98F589E4F8001A4C720702A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.5 EE450CC159F2650E70ACFB99D45494DE - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.5 840C5A58162FB6F02AAC2ED76E0B6641 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.5 DA548872C3126B09D7832B4ABEB54116 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.5 AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation AEA2784CF359F361D454B9B39E07C56B - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrlui.dll - Microsoft ® Silverlight DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[07/02/2013 07:47] Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo\u003E - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.sweet-page.com/web/?type=ds&ts=1401711593&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE508EV4388V4388&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VMidi deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2530 Series" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CSPEH - Unknown owner - C:\Users\User\AppData\Local\Temp\CSPEH.exe (file missing) O23 - Service: Servicio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\gca71xw1.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1111 folders=227 561222148 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\User\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on 06/06/2014 at 12:00:23.40 ======================
  10. philspain
    Hieronder het logje ! Logfile of random's system information tool 1.10 (written by random/random) Run by User at 2014-06-05 14:20:04 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 60 GB (53%) free of 114 GB Total RAM: 3069 MB (46% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:20:09, on 05/06/2014 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\User\AppData\Roaming\Spotify\spotify.exe C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Windows\system32\msfeedssync.exe C:\Users\User\Desktop\RSIT.exe C:\Program Files\trend micro\User.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1401711593&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE508EV4388V4388&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2530 Series" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CSPEH - Unknown owner - C:\Users\User\AppData\Local\Temp\CSPEH.exe (file missing) O23 - Service: Servicio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HDYEHKZ - Unknown owner - C:\Users\User\AppData\Local\Temp\HDYEHKZ.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: SGNITIQPEOFL - Unknown owner - C:\Users\User\AppData\Local\Temp\SGNITIQPEOFL.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6279 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\Digital Sites.job - C:\Users\User\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE /Check C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\Windows\tasks\PerfectOptimizer_home.job - C:\Program Files\Perfect Optimizer\PerfectOptimizer.exe /home C:\Windows\tasks\User_Feed_Synchronization-{D6A5BA18-8CD6-4C00-B34F-1C1CF83A5543}.job - C:\Windows\system32\msfeedssync.exe sync =========Mozilla firefox========= ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default prefs.js - "browser.startup.homepage" - "www.google.com" prefs.js - "keyword.URL" - "http://www.default-search.net/search?sid=492&aid=104&itype=n&ver=12565&tm=366&src=ds&p=" "{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 13.0.0.214 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0] "Description"=DivX Plus Web Player "Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] "Description"=DivX VOD Helper Plug-in "Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.15.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Windows\system32\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6] "Description"=Yahoo Messenger State Plugin "Path"=C:\Program Files\Yahoo!\Shared\npYState.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448] "Description"=RealPlayer LiveConnect-Enabled Plug-In "Path"=C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448] "Description"=6.0.12.448 "Path"=C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0] "Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers "Path"=C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\plugins\ np-mswmp.dll nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll QuickTimePlugin.class WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\ zigboom@hotmail.com {ACAA314B-EEBA-48e4-AD47-84E31C44796C} {b9db16a4-6edc-47ec-a1f4-b86292ed211d} C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\ conduit-search.xml default-search.xml softonic.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}] DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07 194912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-23 461216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-23 170912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240] {ae07101b-46d4-4a98-af68-0333ea26e113} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2014-04-06 5180432] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "PLFSetL"=C:\Windows\PLFSetL.exe [2007-07-05 94208] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2014-02-21 152392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "fsm"= [] "Spotify Web Helper"=C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-06-01 1176632] "EPLTarget\P0000000000000001"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE [2012-02-27 249440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-02-12 43848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] C:\Program Files\CCleaner\CCleaner.exe [2009-10-22 1700664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04 887432] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2009-11-10 5244216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [2011-06-28 279552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL] C:\Windows\PLFSetL.exe [2007-07-05 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2007-09-27 4702208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] C:\Windows\Skytel.exe [2007-09-27 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-04-19 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk] C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe --startup [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "VIDC.I420"=msh263.drv "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "mixer2"=wdmaud.drv "midi2"=wdmaud.drv "msacm.siren"=sirenacm.dll "VIDC.FFDS"=ff_vfw.dll "vidc.XVID"=xvidvfw.dll "msacm.ac3filter"=ac3filter.acm "msacm.avis"=ff_acm.acm "vidc.DIVX"=DivX.dll "vidc.yv12"=DivX.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2014-06-02 16:43:06 ----D---- C:\Users\User\AppData\Roaming\GetPrivate 2014-06-02 16:43:03 ----D---- C:\Users\User\AppData\Roaming\wi_upd 2014-06-02 15:48:17 ----A---- C:\Windows\system32\msrepl35.dll 2014-06-02 15:48:17 ----A---- C:\Windows\system32\msltus35.dll 2014-06-02 15:48:17 ----A---- C:\Windows\system32\msjter35.dll 2014-06-02 15:48:17 ----A---- C:\Windows\system32\msjt4jlt.dll 2014-06-02 15:48:17 ----A---- C:\Windows\system32\Msjint35.dll 2014-06-02 15:48:17 ----A---- C:\Windows\system32\msjet35.dll 2014-06-02 15:48:17 ----A---- C:\Windows\system32\msexcl35.dll 2014-06-02 15:48:16 ----D---- C:\Program Files\Winlive FREE 2014-06-02 14:25:54 ----D---- C:\Users\User\AppData\Roaming\Settings Manager 2014-06-02 14:25:28 ----D---- C:\Program Files\SiteLookup 2014-06-02 14:25:24 ----D---- C:\Users\User\AppData\Roaming\Systweak 2014-06-02 14:24:51 ----D---- C:\Users\User\AppData\Roaming\DigitalSites 2014-06-02 14:20:32 ----D---- C:\Users\User\AppData\Roaming\SupTab 2014-06-02 14:20:32 ----D---- C:\ProgramData\IePluginServices 2014-06-02 14:20:01 ----D---- C:\Users\User\AppData\Roaming\sweet-page 2014-05-16 12:42:46 ----D---- C:\Program Files\Mozilla Firefox 2014-05-16 12:03:45 ----A---- C:\Windows\system32\E_DCINST.DLL 2014-05-16 12:03:41 ----A---- C:\Windows\system32\E_TD4BIVE.DLL 2014-05-14 15:57:59 ----D---- C:\NEW CD2014 2014-05-07 15:12:46 ----D---- C:\Users\User\AppData\Roaming\APLI 2014-05-07 15:11:36 ----D---- C:\Program Files\Apli 2014-05-07 15:11:36 ----A---- C:\Windows\system32\Leon3_32.dll 2014-05-07 15:11:36 ----A---- C:\Windows\system32\Dav3_32.dll 2014-05-07 14:44:26 ----D---- C:\ProgramData\NCH Software 2014-05-07 14:44:08 ----D---- C:\Program Files\NCH Software 2014-05-07 14:44:06 ----D---- C:\Users\User\AppData\Roaming\NCH Software ======List of files/folders modified in the last 1 month====== 2014-06-05 14:20:08 ----D---- C:\Program Files\trend micro 2014-06-05 14:20:03 ----D---- C:\Windows\Temp 2014-06-05 14:16:54 ----D---- C:\Windows\Prefetch 2014-06-05 14:05:39 ----D---- C:\Users\User\AppData\Roaming\Spotify 2014-06-05 11:36:52 ----SHD---- C:\System Volume Information 2014-06-05 10:18:47 ----SHD---- C:\Windows\Installer 2014-06-05 10:12:22 ----D---- C:\Windows\System32 2014-06-05 10:12:22 ----D---- C:\Windows\inf 2014-06-05 10:12:22 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-06-05 10:09:49 ----D---- C:\Windows 2014-06-05 09:48:50 ----D---- C:\ProgramData\MFAData 2014-06-04 15:24:04 ----D---- C:\Windows\ModemLogs 2014-06-04 15:24:03 ----D---- C:\Windows\system32\drivers 2014-06-02 17:59:23 ----D---- C:\ProgramData\Malwarebytes 2014-06-02 17:59:23 ----D---- C:\ProgramData\AVG2014 2014-06-02 17:56:34 ----D---- C:\Program Files 2014-06-02 17:56:33 ----D---- C:\Windows\Applian Director 2014-06-02 17:03:54 ----D---- C:\Windows\system32\catroot2 2014-06-02 16:46:06 ----RSD---- C:\Windows\assembly 2014-06-02 16:43:11 ----D---- C:\Windows\system32\Tasks 2014-06-02 14:30:05 ----HD---- C:\ProgramData 2014-06-02 14:29:57 ----D---- C:\Windows\Tasks 2014-05-20 14:12:00 ----D---- C:\Program Files\Mozilla Maintenance Service 2014-05-16 12:08:27 ----D---- C:\Windows\system32\catroot 2014-05-14 15:39:14 ----A---- C:\Windows\system32\FlashPlayerApp.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2014-03-27 150296] R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2014-03-27 238872] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2014-03-31 108312] R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2014-03-27 28440] R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2014-03-27 123160] R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2014-04-18 199960] R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2014-03-27 22296] R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2014-03-27 193304] R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2014-03-31 211224] R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2013-08-01 37664] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-08-07 12672] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 8704] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-09 3552256] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840] R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-08-07 984064] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-08-07 208384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-27 1950552] R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664] R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-13 1749376] R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE); C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 80000] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-08-07 660480] R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008] S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384] S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-21 10752] S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [] S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784] S3 SynasUSB;SynasUSB; C:\Windows\system32\drivers\SynasUSB.sys [2006-11-23 18432] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver; C:\Windows\System32\Drivers\tascusb2.sys [2008-07-25 367616] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device; C:\Windows\system32\drivers\tscusb2m.sys [2008-07-25 18944] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM; C:\Windows\system32\drivers\tscusb2a.sys [2008-07-25 33792] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-12-13 45056] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE); C:\Windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [2010-09-01 85888] S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm; C:\Windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [2010-09-01 50304] S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install; C:\Windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys [2010-09-01 9728] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-11 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-08 671744] R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2014-04-18 3645456] R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2014-03-27 291912] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504] R2 VmbService;Vodafone Mobile Broadband Service; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-06-28 9216] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-08-07 386560] R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-02-21 553288] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Servicio Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-19 136176] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-03-01 161384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 CSPEH;CSPEH; C:\Users\User\AppData\Local\Temp\CSPEH.exe [] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-19 136176] S3 HDYEHKZ;HDYEHKZ; C:\Users\User\AppData\Local\Temp\HDYEHKZ.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-16 119408] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SGNITIQPEOFL;SGNITIQPEOFL; C:\Users\User\AppData\Local\Temp\SGNITIQPEOFL.exe [] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF-----------------
  11. philspain
    Hallo. Ik heb een vista pc en hij loopt opeens erg traag ! Ik heb een AVG en Malwarbytes test gedaan en er waren wat problemen maar ze zouden allemaal zijn verwijderd ! Doch het probleem blijft ! Daarom plaats ik even een logje ! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:23:49, on 05/06/2014 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Windows\System32\spool\drivers\w32x86\3\E_TATIIVE.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\trend micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1401711593&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE508EV4388V4388&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2530 Series" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CSPEH - Unknown owner - C:\Users\User\AppData\Local\Temp\CSPEH.exe (file missing) O23 - Service: Servicio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HDYEHKZ - Unknown owner - C:\Users\User\AppData\Local\Temp\HDYEHKZ.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: SGNITIQPEOFL - Unknown owner - C:\Users\User\AppData\Local\Temp\SGNITIQPEOFL.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 5750 bytes
  12. philspain
    Kan iemand mij nog helpen ?
  13. philspain
    Hallo Passer, dank voor je reactie ! Ik heb de eerste 2 opties geprobeerd die je hebt voorgesteld doch zonder resultaat ! Ik ben daarna naar de andere link gegaan en ik ben nu zover dat ik de pc terug heb kunnen opstarten met mn USB stick ! Het probleem nu is dat ik telkens weer mn USB stick moet insteken om m'n computer op te starten ! Als ik het probeer zonder usb stick dan krijg ik dezelfde melding dat mn NTLDR is missing ! Wat kan ik nu doen ?
  14. philspain
    Hello, Ik heb een Samsung NC10 netbook ! I heb enkel een usb-stick om op te starten omdat m'n netbook geen cd-rom lader heeft ! Kort na opstarten krijg ik het bericht dat m'n ntldr is missing ! Ik heb dus geprobeerd een restart te doen vanaf m'n usb-stick ! Deze recovery lukte zover tot ik het bericht kreeg : Which windows installation would you like to log into Ik voerde nummer 1 in en kwam dan bij C:\WINDOWS>_ Als ik nu EXIT invoer start ie opnieuw op (zonder usb-stick) maar er komt weer ntldr is missing ! Zo nu weet ik niet meer wat te doen !
  15. philspain
    dank je voor de hulp !
  16. philspain
    Ik denk dat de problemen opgelost zijn, ik ga een paar dagen proberen en zien hoe het gaat ! Mocht ik nog iets abnormaals ondervinden dan laat ik het wel weten ! Bedankt !
  17. philspain
    OTL logfile created on: 08/11/2013 13:18:11 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.87% Memory free 6.19 Gb Paging File | 5.46 Gb Available in Paging File | 88.21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111.19 Gb Total Space | 51.51 Gb Free Space | 46.33% Space Free | Partition Type: NTFS Drive D: | 107.69 Gb Total Space | 43.37 Gb Free Space | 40.27% Space Free | Partition Type: NTFS Computer Name: ACER | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/08 13:12:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.com PRC - [2013/10/18 13:22:56 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013/10/07 18:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe PRC - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe PRC - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe PRC - [2013/09/15 22:08:30 | 000,895,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe PRC - [2013/09/03 21:22:16 | 000,588,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe PRC - [2013/08/20 22:03:42 | 000,728,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe PRC - [2013/03/01 11:11:32 | 000,161,384 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe PRC - [2012/02/26 23:02:02 | 000,249,440 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIIVE.EXE PRC - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\Windows\System32\escsvc.exe PRC - [2011/06/28 19:12:32 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2009/04/11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2008/05/08 22:14:24 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\SGNITIQPEOFL.exe -- (SGNITIQPEOFL) SRV - File not found [On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\HDYEHKZ.exe -- (HDYEHKZ) SRV - File not found [On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\CSPEH.exe -- (CSPEH) SRV - [2013/10/31 13:15:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2013/04/18 11:14:29 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/03/01 11:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\System32\escsvc.exe -- (EpsonScanSvc) SRV - [2011/06/28 19:12:32 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewdcsc.sys -- (Huawei) DRV - [2013/09/25 19:57:14 | 000,120,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx) DRV - [2013/09/10 21:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013/09/08 21:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2013/09/02 09:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013/09/02 09:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013/09/02 09:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013/09/02 09:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2013/08/20 21:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2013/08/01 08:54:20 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2010/09/01 13:33:12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010/09/01 13:33:12 | 000,050,304 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_K3805-z_cdc_ecm.sys -- (vodafone_K3805-z_cdc_ecm) DRV - [2010/09/01 13:33:12 | 000,009,728 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_K3805-z_cpo.sys -- (vodafone_K3805-z_cpo) DRV - [2010/09/01 13:33:10 | 000,085,888 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_K3805-z_cdc_acm.sys -- (vodafone_K3805-z_cdc_acm) DRV - [2008/07/25 19:18:52 | 000,033,792 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2a.sys -- (TASCAM_US122L_WDM) DRV - [2008/07/25 19:18:08 | 000,018,944 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2m.sys -- (TASCAM_US122L_MIDI) DRV - [2008/07/25 19:17:36 | 000,367,616 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tascusb2.sys -- (TASCAM_US122144) DRV - [2008/05/09 01:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007/08/13 13:54:22 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/08/07 14:24:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007/03/28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2006/11/23 18:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {5B7706E6-3034-21B5-1074-6208B644849D} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 E2 ED 65 C6 74 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21 FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/21 13:58:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/18 11:14:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/28 18:40:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/18 11:14:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/28 18:40:50 | 000,000,000 | ---D | M] [2013/10/24 20:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions [2010/09/09 12:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com [2013/11/02 13:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions [2012/01/17 11:37:20 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013/08/27 15:33:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/10/08 14:11:38 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\zigboom@hotmail.com [2013/08/27 14:19:34 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\adblockpopups@jessehakanen.net.xpi [2012/01/16 17:33:00 | 002,581,018 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\flaminglow-ff3-30@glowplug.bitasylum.net.xpi [2012/01/16 17:32:54 | 002,281,245 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\glowygold-ff3-30@glowplug.bitasylum.net.xpi [2013/10/24 17:32:41 | 002,737,915 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\nasanightlaunch@example.com.xpi [2013/10/11 12:17:25 | 000,850,224 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2013/08/02 09:27:28 | 000,224,035 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013/10/11 13:20:17 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/10/24 17:32:04 | 001,195,896 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2013/08/10 09:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/04/18 11:14:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/11/08 11:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions [2013/11/08 11:36:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/11/08 11:36:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/11/08 11:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions [2013/11/08 11:36:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/02/21 13:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2013/04/18 11:14:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/11/05 19:12:28 | 000,172,032 | ---- | M] (iVIDI.org) -- C:\Program Files\mozilla firefox\plugins\npffividiplg.dll [2013/04/18 11:14:27 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2013/04/18 11:14:27 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/04/18 11:14:27 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2013/04/18 11:14:27 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2013/04/18 11:14:27 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2013/04/18 11:14:27 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\ CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\ CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_1\ CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\ O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.15.2) O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{344B84F1-73BE-4B04-9E5E-313DD545CA7D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CAE3D71-3C89-49E0-921B-60654D002DCB}: DhcpNameServer = 80.58.61.250 80.58.61.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{38a8cc80-92a5-11e0-9d16-8e343c86b69c}\Shell\AutoRun\command - "" = autorun.exe O33 - MountPoints2\{38a8cc80-92a5-11e0-9d16-8e343c86b69c}\Shell\open\command - "" = autorun.exe O33 - MountPoints2\{67845589-db58-11de-8955-001e683f07d3}\Shell\AutoRun\command - "" = WD_Windows_Tools\setup.exe O33 - MountPoints2\{91926928-421d-11df-9f77-001e683f07d3}\Shell - "" = AutoRun O33 - MountPoints2\{91926928-421d-11df-9f77-001e683f07d3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a66c3b94-d905-11de-9b54-001e683f07d3}\Shell - "" = AutoRun O33 - MountPoints2\{a66c3b94-d905-11de-9b54-001e683f07d3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e564f2fa-37ab-11e0-bca8-001e683f07d3}\Shell - "" = AutoRun O33 - MountPoints2\{e564f2fa-37ab-11e0-bca8-001e683f07d3}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{e564f2fe-37ab-11e0-bca8-001e683f07d3}\Shell - "" = AutoRun O33 - MountPoints2\{e564f2fe-37ab-11e0-bca8-001e683f07d3}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{ebe24485-a02d-11e1-86f4-bb401d358903}\Shell - "" = AutoRun O33 - MountPoints2\{ebe24485-a02d-11e1-86f4-bb401d358903}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{ebe244af-a02d-11e1-86f4-b3b4735106cc}\Shell - "" = AutoRun O33 - MountPoints2\{ebe244af-a02d-11e1-86f4-b3b4735106cc}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/11/08 13:13:49 | 000,000,000 | ---D | C] -- C:\_OTL [2013/11/08 13:12:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.com [2013/11/05 11:13:34 | 000,000,000 | ---D | C] -- C:\Users\User\Music [2013/11/02 12:59:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/11/02 12:56:10 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2013/11/02 12:56:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Temp [2013/11/02 12:49:41 | 000,000,000 | ---D | C] -- C:\zoek [2013/11/02 12:42:08 | 000,000,000 | ---D | C] -- C:\zoek_backup [2013/10/31 13:15:40 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/10/31 13:15:40 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/10/31 12:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013/10/31 12:38:29 | 000,000,000 | ---D | C] -- C:\rsit [2013/10/30 14:22:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2013/10/30 14:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2013/10/30 14:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2013/10/24 19:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\snp2uvc [2013/10/24 18:06:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Unitech LLC [2013/10/24 18:00:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG2014 [2013/10/24 17:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014 [2013/10/24 17:38:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Avg2014 [2013/10/15 12:57:57 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\New Folder [2013/10/13 15:38:06 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ZIP FILES [2013/10/13 13:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/10/13 13:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/10/13 13:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/10/13 13:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/10/13 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2013/10/13 12:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\jZip [2013/10/13 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\User\all zip files for ipad 2 ========== Files - Modified Within 30 Days ========== [2013/11/08 13:20:13 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D6A5BA18-8CD6-4C00-B34F-1C1CF83A5543}.job [2013/11/08 13:16:28 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/11/08 13:16:23 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/11/08 13:16:23 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/08 13:16:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/11/08 13:16:15 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2013/11/08 13:12:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.com [2013/11/08 13:01:43 | 000,002,593 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Office Outlook 2007.lnk [2013/11/08 12:46:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/11/08 12:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/11/08 09:39:36 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/11/08 09:39:36 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/11/05 12:56:08 | 000,002,587 | ---- | M] () -- C:\Users\User\Desktop\ NBVC (5).lnk [2013/11/05 10:59:17 | 000,193,024 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/11/02 12:42:07 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013/10/31 13:15:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/10/31 13:15:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/10/30 14:32:37 | 000,005,839 | ---- | M] () -- C:\Users\User\Documents\hijackthis007 [2013/10/28 18:00:33 | 000,150,722 | ---- | M] () -- C:\Users\User\karafuncatalog_uk.pdf [2013/10/28 17:59:53 | 001,002,598 | ---- | M] () -- C:\Users\User\karafuncatalog_uk_all.pdf [2013/10/28 17:56:04 | 000,324,991 | ---- | M] () -- C:\Users\User\KCLOUD_DTE.pdf [2013/10/24 20:10:49 | 000,260,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/10/24 17:57:29 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013/10/15 14:50:54 | 000,100,721 | ---- | M] () -- C:\Users\User\529165_10201477125797256_75829981_n.jpg [2013/10/15 14:48:29 | 000,057,162 | ---- | M] () -- C:\Users\User\480526_10151002459950800_11452403_n.jpg [2013/10/15 14:47:38 | 000,144,532 | ---- | M] () -- C:\Users\User\1064978_561848020544987_373758459_o.jpg [2013/10/15 14:40:57 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/10/13 13:42:27 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/10/13 12:51:40 | 000,000,740 | ---- | M] () -- C:\Users\User\Desktop\jZip.lnk ========== Files Created - No Company Name ========== [2013/11/02 12:56:10 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013/10/31 13:15:41 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/10/30 14:32:37 | 000,005,839 | ---- | C] () -- C:\Users\User\Documents\hijackthis007 [2013/10/28 18:00:33 | 000,150,722 | ---- | C] () -- C:\Users\User\karafuncatalog_uk.pdf [2013/10/28 17:59:45 | 001,002,598 | ---- | C] () -- C:\Users\User\karafuncatalog_uk_all.pdf [2013/10/28 17:56:03 | 000,324,991 | ---- | C] () -- C:\Users\User\KCLOUD_DTE.pdf [2013/10/24 17:57:29 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013/10/15 14:50:52 | 000,100,721 | ---- | C] () -- C:\Users\User\529165_10201477125797256_75829981_n.jpg [2013/10/15 14:48:24 | 000,057,162 | ---- | C] () -- C:\Users\User\480526_10151002459950800_11452403_n.jpg [2013/10/15 14:47:34 | 000,144,532 | ---- | C] () -- C:\Users\User\1064978_561848020544987_373758459_o.jpg [2013/10/13 13:42:27 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/10/13 13:38:29 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013/10/13 12:51:40 | 000,000,770 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk [2013/10/13 12:51:40 | 000,000,740 | ---- | C] () -- C:\Users\User\Desktop\jZip.lnk [2013/07/02 12:15:01 | 000,053,734 | ---- | C] () -- C:\Users\User\282741_420147591400807_286203601_n.jpg [2013/05/28 17:26:28 | 000,021,377 | ---- | C] () -- C:\Users\User\T116672232.pdf [2012/12/24 12:14:38 | 000,279,121 | ---- | C] () -- C:\Users\User\photo.JPG [2012/12/24 12:11:24 | 000,495,258 | ---- | C] () -- C:\Users\User\meandmydeb.jpg [2012/12/24 12:07:37 | 000,495,258 | ---- | C] () -- C:\Users\User\meand mydeb.jpg [2012/10/24 11:52:22 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2012/10/24 11:52:22 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2012/10/24 11:52:22 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2012/10/24 11:52:22 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2012/10/24 11:52:21 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2012/10/24 11:52:21 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2012/10/24 11:52:21 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2012/10/24 11:52:21 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini [2012/09/14 12:08:44 | 000,913,149 | ---- | C] () -- C:\Users\User\DSC00800.jpg [2012/09/14 12:08:26 | 000,903,380 | ---- | C] () -- C:\Users\User\My man and me.jpg [2012/06/24 10:15:23 | 000,000,375 | ---- | C] () -- C:\Users\User\Pictures.lnk [2012/05/30 12:09:05 | 000,000,558 | ---- | C] () -- C:\Users\User\DALIDA Ti amo - Shortcut.lnk [2012/02/09 15:11:50 | 000,010,286 | ---- | C] () -- C:\Users\User\397575_308295802544150_179578625415869_906098_1180149251_n.jpg [2011/09/25 14:51:40 | 000,202,262 | ---- | C] () -- C:\Users\User\champagne_glasses.jpg [2011/06/27 18:26:36 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2011/05/30 11:51:48 | 004,510,704 | ---- | C] () -- C:\Users\User\bpmpro4-manual-en.pdf [2011/05/30 11:51:44 | 004,389,473 | ---- | C] () -- C:\Users\User\bpmpro4-manual-de.pdf [2011/04/16 14:12:43 | 000,372,179 | ---- | C] () -- C:\Users\User\VDJ5-UserGuide_for_Updates.pdf [2011/03/27 07:42:58 | 000,153,250 | ---- | C] () -- C:\Users\User\172249_105912529484017_100001958112883_47147_2462797_o.jpg [2011/02/22 05:47:19 | 028,212,348 | ---- | C] () -- C:\Users\User\Phils mix rev0.wav [2011/01/21 16:04:21 | 000,004,219 | ---- | C] () -- C:\Users\User\images.jpg [2011/01/19 18:21:55 | 029,818,344 | ---- | C] () -- C:\Users\User\something stupid.wav [2011/01/10 12:47:53 | 000,145,095 | ---- | C] () -- C:\Users\User\lets_party_clear.gif [2010/05/07 17:23:06 | 002,760,619 | ---- | C] () -- C:\Users\User\SPC014 - 23 - Williams, Andy - Moon River.mp3 [2010/05/07 17:23:06 | 001,241,664 | ---- | C] () -- C:\Users\User\SPC014 - 23 - Williams, Andy - Moon River.cdg [2010/03/23 10:29:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/11/24 15:47:21 | 000,193,024 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/24 12:59:10 | 000,007,620 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2008/09/15 12:55:03 | 003,056,117 | ---- | C] () -- C:\Users\User\Singin' in the rain.mp3 [2008/09/15 12:55:03 | 001,375,200 | ---- | C] () -- C:\Users\User\Singin' in the rain.cdg ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report >
  18. philspain
    Heb juist weer een mp3 geprobeerd maar hapert nog steeds !?
  19. philspain
    # AdwCleaner v3.011 - Report created 08/11/2013 at 10:52:39 # Updated 03/11/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : User - SAMSUNG-3D2B3F4 # Running from : C:\Documents and Settings\User\My Documents\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [x] Not Deleted : C:\hotspot shield [x] Not Deleted : C:\Program Files\jZip [x] Not Deleted : C:\Documents and Settings\User\Local Settings\Application Data\jZip [x] Not Deleted : C:\Documents and Settings\User\Start Menu\Programs\jZip.lnk [x] Not Deleted : C:\Documents and Settings\User\Desktop\jZip.lnk File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\searchplugins\BitGuard.xml File Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\driverscanner Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKCU\Software\5ae8a8bb735b945 Key Deleted : HKLM\SOFTWARE\5ae8a8bb735b945 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73} Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\BI Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\jZip Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\jZip Key Deleted : HKLM\Software\Uniblue\DriverScanner Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\docume~1\alluse~1\applic~1\bitguard\271769~1.27\{c16c1~1\bitguard.dll ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\prefs.js ] ************************* AdwCleaner[R0].txt - [4722 octets] - [08/11/2013 10:21:28] AdwCleaner[s0].txt - [4760 octets] - [08/11/2013 10:52:39] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4820 octets] ##########
  20. philspain
    OTL logfile created on: 08/11/2013 09:46:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 67.07% Memory free 6.19 Gb Paging File | 5.35 Gb Available in Paging File | 86.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111.19 Gb Total Space | 51.59 Gb Free Space | 46.40% Space Free | Partition Type: NTFS Drive D: | 107.69 Gb Total Space | 43.37 Gb Free Space | 40.27% Space Free | Partition Type: NTFS Computer Name: ACER | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/08 09:45:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.com PRC - [2013/10/18 13:22:56 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013/10/07 18:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe PRC - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe PRC - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe PRC - [2013/09/15 22:08:30 | 000,895,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe PRC - [2013/09/03 21:22:16 | 000,588,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe PRC - [2013/08/20 22:03:42 | 000,728,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe PRC - [2012/02/26 23:02:02 | 000,249,440 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIIVE.EXE PRC - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\Windows\System32\escsvc.exe PRC - [2011/06/28 19:12:32 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2009/04/11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010/03/22 14:07:16 | 000,175,104 | ---- | M] () -- C:\Program Files\4shared Desktop\CMenu.dll MOD - [2008/05/08 22:14:24 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\SGNITIQPEOFL.exe -- (SGNITIQPEOFL) SRV - File not found [On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\HDYEHKZ.exe -- (HDYEHKZ) SRV - File not found [On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\CSPEH.exe -- (CSPEH) SRV - [2013/10/31 13:15:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2013/04/18 11:14:29 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/03/01 11:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\System32\escsvc.exe -- (EpsonScanSvc) SRV - [2011/06/28 19:12:32 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewdcsc.sys -- (Huawei) DRV - [2013/09/25 19:57:14 | 000,120,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx) DRV - [2013/09/10 21:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013/09/08 21:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2013/09/02 09:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013/09/02 09:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013/09/02 09:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013/09/02 09:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2013/08/20 21:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2013/08/01 08:54:20 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2010/09/01 13:33:12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010/09/01 13:33:12 | 000,050,304 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_K3805-z_cdc_ecm.sys -- (vodafone_K3805-z_cdc_ecm) DRV - [2010/09/01 13:33:12 | 000,009,728 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_K3805-z_cpo.sys -- (vodafone_K3805-z_cpo) DRV - [2010/09/01 13:33:10 | 000,085,888 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_K3805-z_cdc_acm.sys -- (vodafone_K3805-z_cdc_acm) DRV - [2008/07/25 19:18:52 | 000,033,792 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2a.sys -- (TASCAM_US122L_WDM) DRV - [2008/07/25 19:18:08 | 000,018,944 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2m.sys -- (TASCAM_US122L_MIDI) DRV - [2008/07/25 19:17:36 | 000,367,616 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tascusb2.sys -- (TASCAM_US122144) DRV - [2008/05/09 01:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007/08/13 13:54:22 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/08/07 14:24:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007/03/28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2006/11/23 18:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {5B7706E6-3034-21B5-1074-6208B644849D} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2286521827-2552126233-756588910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2286521827-2552126233-756588910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News IE - HKU\S-1-5-21-2286521827-2552126233-756588910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKU\S-1-5-21-2286521827-2552126233-756588910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 E2 ED 65 C6 74 CA 01 [binary data] IE - HKU\S-1-5-21-2286521827-2552126233-756588910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2286521827-2552126233-756588910-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2286521827-2552126233-756588910-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2286521827-2552126233-756588910-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21 FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/21 13:58:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/18 11:14:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/28 18:40:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/18 11:14:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/28 18:40:50 | 000,000,000 | ---D | M] [2013/10/24 20:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions [2010/09/09 12:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com [2013/11/02 13:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions [2012/01/17 11:37:20 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013/08/27 15:33:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/10/08 14:11:38 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\zigboom@hotmail.com [2013/08/27 14:19:34 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\adblockpopups@jessehakanen.net.xpi [2012/01/16 17:33:00 | 002,581,018 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\flaminglow-ff3-30@glowplug.bitasylum.net.xpi [2012/01/16 17:32:54 | 002,281,245 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\glowygold-ff3-30@glowplug.bitasylum.net.xpi [2013/10/24 17:32:41 | 002,737,915 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\nasanightlaunch@example.com.xpi [2013/10/11 12:17:25 | 000,850,224 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2013/08/02 09:27:28 | 000,224,035 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013/10/11 13:20:17 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/10/24 17:32:04 | 001,195,896 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2013/08/10 09:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/04/18 11:14:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/02/21 13:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2013/04/18 11:14:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/11/05 19:12:28 | 000,172,032 | ---- | M] (iVIDI.org) -- C:\Program Files\mozilla firefox\plugins\npffividiplg.dll [2013/04/18 11:14:27 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2013/04/18 11:14:27 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/04/18 11:14:27 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2013/04/18 11:14:27 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2013/04/18 11:14:27 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2013/04/18 11:14:27 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\ CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\ CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_1\ CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\ O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2286521827-2552126233-756588910-1000..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2286521827-2552126233-756588910-1000..\Run: [fsm] File not found O4 - HKU\S-1-5-21-2286521827-2552126233-756588910-1000..\Run: [spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.15.2) O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{344B84F1-73BE-4B04-9E5E-313DD545CA7D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CAE3D71-3C89-49E0-921B-60654D002DCB}: DhcpNameServer = 80.58.61.250 80.58.61.254 O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{38a8cc80-92a5-11e0-9d16-8e343c86b69c}\Shell\AutoRun\command - "" = autorun.exe O33 - MountPoints2\{38a8cc80-92a5-11e0-9d16-8e343c86b69c}\Shell\open\command - "" = autorun.exe O33 - MountPoints2\{67845589-db58-11de-8955-001e683f07d3}\Shell\AutoRun\command - "" = WD_Windows_Tools\setup.exe O33 - MountPoints2\{91926928-421d-11df-9f77-001e683f07d3}\Shell - "" = AutoRun O33 - MountPoints2\{91926928-421d-11df-9f77-001e683f07d3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a66c3b94-d905-11de-9b54-001e683f07d3}\Shell - "" = AutoRun O33 - MountPoints2\{a66c3b94-d905-11de-9b54-001e683f07d3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e564f2fa-37ab-11e0-bca8-001e683f07d3}\Shell - "" = AutoRun O33 - MountPoints2\{e564f2fa-37ab-11e0-bca8-001e683f07d3}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{e564f2fe-37ab-11e0-bca8-001e683f07d3}\Shell - "" = AutoRun O33 - MountPoints2\{e564f2fe-37ab-11e0-bca8-001e683f07d3}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{ebe24485-a02d-11e1-86f4-bb401d358903}\Shell - "" = AutoRun O33 - MountPoints2\{ebe24485-a02d-11e1-86f4-bb401d358903}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{ebe244af-a02d-11e1-86f4-b3b4735106cc}\Shell - "" = AutoRun O33 - MountPoints2\{ebe244af-a02d-11e1-86f4-b3b4735106cc}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/11/08 09:45:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.com [2013/11/05 11:13:34 | 000,000,000 | ---D | C] -- C:\Users\User\Music [2013/11/02 12:59:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/11/02 12:56:10 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2013/11/02 12:56:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Temp [2013/11/02 12:49:41 | 000,000,000 | ---D | C] -- C:\zoek [2013/11/02 12:42:08 | 000,000,000 | ---D | C] -- C:\zoek_backup [2013/10/31 12:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013/10/31 12:38:29 | 000,000,000 | ---D | C] -- C:\rsit [2013/10/30 14:22:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2013/10/30 14:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2013/10/30 14:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2013/10/24 19:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\snp2uvc [2013/10/24 18:06:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Unitech LLC [2013/10/24 18:00:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG2014 [2013/10/24 17:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014 [2013/10/24 17:38:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Avg2014 [2013/10/15 12:57:57 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\New Folder [2013/10/13 15:38:06 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ZIP FILES [2013/10/13 13:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/10/13 13:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/10/13 13:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/10/13 13:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/10/13 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2013/10/13 12:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\jZip [2013/10/13 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\User\all zip files for ipad 2 ========== Files - Modified Within 30 Days ========== [2013/11/08 09:50:14 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D6A5BA18-8CD6-4C00-B34F-1C1CF83A5543}.job [2013/11/08 09:46:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/11/08 09:45:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.com [2013/11/08 09:39:36 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/11/08 09:39:36 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/11/08 09:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/11/08 09:34:57 | 000,002,593 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Office Outlook 2007.lnk [2013/11/08 09:34:03 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/11/08 09:33:59 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/08 09:33:50 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/11/08 09:33:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/11/08 09:33:34 | 3217,494,016 | -HS- | M] () -- C:\hiberfil.sys [2013/11/05 12:56:08 | 000,002,587 | ---- | M] () -- C:\Users\User\Desktop\ NBVC (5).lnk [2013/11/05 10:59:17 | 000,193,024 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/11/02 12:42:07 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013/10/30 14:32:37 | 000,005,839 | ---- | M] () -- C:\Users\User\Documents\hijackthis007 [2013/10/28 18:00:33 | 000,150,722 | ---- | M] () -- C:\Users\User\karafuncatalog_uk.pdf [2013/10/28 17:59:53 | 001,002,598 | ---- | M] () -- C:\Users\User\karafuncatalog_uk_all.pdf [2013/10/28 17:56:04 | 000,324,991 | ---- | M] () -- C:\Users\User\KCLOUD_DTE.pdf [2013/10/24 20:10:49 | 000,260,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/10/24 17:57:29 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013/10/15 14:50:54 | 000,100,721 | ---- | M] () -- C:\Users\User\529165_10201477125797256_75829981_n.jpg [2013/10/15 14:48:29 | 000,057,162 | ---- | M] () -- C:\Users\User\480526_10151002459950800_11452403_n.jpg [2013/10/15 14:47:38 | 000,144,532 | ---- | M] () -- C:\Users\User\1064978_561848020544987_373758459_o.jpg [2013/10/15 14:40:57 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/10/13 13:42:27 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/10/13 12:51:40 | 000,000,740 | ---- | M] () -- C:\Users\User\Desktop\jZip.lnk ========== Files Created - No Company Name ========== [2013/11/02 12:56:10 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013/10/31 13:15:41 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/10/30 14:32:37 | 000,005,839 | ---- | C] () -- C:\Users\User\Documents\hijackthis007 [2013/10/28 18:00:33 | 000,150,722 | ---- | C] () -- C:\Users\User\karafuncatalog_uk.pdf [2013/10/28 17:59:45 | 001,002,598 | ---- | C] () -- C:\Users\User\karafuncatalog_uk_all.pdf [2013/10/28 17:56:03 | 000,324,991 | ---- | C] () -- C:\Users\User\KCLOUD_DTE.pdf [2013/10/24 17:57:29 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013/10/15 14:50:52 | 000,100,721 | ---- | C] () -- C:\Users\User\529165_10201477125797256_75829981_n.jpg [2013/10/15 14:48:24 | 000,057,162 | ---- | C] () -- C:\Users\User\480526_10151002459950800_11452403_n.jpg [2013/10/15 14:47:34 | 000,144,532 | ---- | C] () -- C:\Users\User\1064978_561848020544987_373758459_o.jpg [2013/10/13 13:42:27 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/10/13 13:38:29 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013/10/13 12:51:40 | 000,000,770 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk [2013/10/13 12:51:40 | 000,000,740 | ---- | C] () -- C:\Users\User\Desktop\jZip.lnk [2013/07/02 12:15:01 | 000,053,734 | ---- | C] () -- C:\Users\User\282741_420147591400807_286203601_n.jpg [2013/05/28 17:26:28 | 000,021,377 | ---- | C] () -- C:\Users\User\T116672232.pdf [2012/12/24 12:14:38 | 000,279,121 | ---- | C] () -- C:\Users\User\photo.JPG [2012/12/24 12:11:24 | 000,495,258 | ---- | C] () -- C:\Users\User\meandmydeb.jpg [2012/12/24 12:07:37 | 000,495,258 | ---- | C] () -- C:\Users\User\meand mydeb.jpg [2012/10/24 11:52:22 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2012/10/24 11:52:22 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2012/10/24 11:52:22 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2012/10/24 11:52:22 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2012/10/24 11:52:21 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2012/10/24 11:52:21 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2012/10/24 11:52:21 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2012/10/24 11:52:21 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini [2012/09/14 12:08:44 | 000,913,149 | ---- | C] () -- C:\Users\User\DSC00800.jpg [2012/09/14 12:08:26 | 000,903,380 | ---- | C] () -- C:\Users\User\My man and me.jpg [2012/06/24 10:15:23 | 000,000,375 | ---- | C] () -- C:\Users\User\Pictures.lnk [2012/05/30 12:09:05 | 000,000,558 | ---- | C] () -- C:\Users\User\DALIDA Ti amo - Shortcut.lnk [2012/02/09 15:11:50 | 000,010,286 | ---- | C] () -- C:\Users\User\397575_308295802544150_179578625415869_906098_1180149251_n.jpg [2011/09/25 14:51:40 | 000,202,262 | ---- | C] () -- C:\Users\User\champagne_glasses.jpg [2011/06/27 18:26:36 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2011/05/30 11:51:48 | 004,510,704 | ---- | C] () -- C:\Users\User\bpmpro4-manual-en.pdf [2011/05/30 11:51:44 | 004,389,473 | ---- | C] () -- C:\Users\User\bpmpro4-manual-de.pdf [2011/04/16 14:12:43 | 000,372,179 | ---- | C] () -- C:\Users\User\VDJ5-UserGuide_for_Updates.pdf [2011/03/27 07:42:58 | 000,153,250 | ---- | C] () -- C:\Users\User\172249_105912529484017_100001958112883_47147_2462797_o.jpg [2011/02/22 05:47:19 | 028,212,348 | ---- | C] () -- C:\Users\User\Phils mix rev0.wav [2011/01/21 16:04:21 | 000,004,219 | ---- | C] () -- C:\Users\User\images.jpg [2011/01/19 18:21:55 | 029,818,344 | ---- | C] () -- C:\Users\User\something stupid.wav [2011/01/10 12:47:53 | 000,145,095 | ---- | C] () -- C:\Users\User\lets_party_clear.gif [2010/05/07 17:23:06 | 002,760,619 | ---- | C] () -- C:\Users\User\SPC014 - 23 - Williams, Andy - Moon River.mp3 [2010/05/07 17:23:06 | 001,241,664 | ---- | C] () -- C:\Users\User\SPC014 - 23 - Williams, Andy - Moon River.cdg [2010/03/23 10:29:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/11/24 15:47:21 | 000,193,024 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/24 12:59:10 | 000,007,620 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2008/09/15 12:55:03 | 003,056,117 | ---- | C] () -- C:\Users\User\Singin' in the rain.mp3 [2008/09/15 12:55:03 | 001,375,200 | ---- | C] () -- C:\Users\User\Singin' in the rain.cdg ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/12/24 12:03:09 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012/12/24 12:03:09 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2011/01/20 11:47:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\4shared Desktop [2009/12/08 13:12:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Anvil Studio [2013/10/24 18:00:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG2014 [2011/09/15 15:11:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Camfrog [2012/01/17 11:37:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2011/08/21 11:21:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EasyBurner [2013/09/09 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Epson [2011/10/18 18:27:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeBurner [2011/09/16 18:36:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InfraRecorder [2010/04/29 10:39:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nikon [2011/01/16 09:17:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickScan [2009/12/07 10:21:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roni Music [2013/08/10 09:27:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Shareaza [2010/10/12 08:18:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Software Informer [2013/11/05 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify [2009/11/26 15:25:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Steinberg [2009/11/24 15:35:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Telefónica Móviles [2013/07/15 11:59:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2013/10/24 18:06:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unitech LLC [2011/04/15 11:00:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdateStar Drivers [2010/05/30 08:49:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VistaCodecs [2012/05/17 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodafone [2010/06/10 20:32:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Voipwise ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > OTL Extras logfile created on: 08/11/2013 09:46:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 67.07% Memory free 6.19 Gb Paging File | 5.35 Gb Available in Paging File | 86.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111.19 Gb Total Space | 51.59 Gb Free Space | 46.40% Space Free | Partition Type: NTFS Drive D: | 107.69 Gb Total Space | 43.37 Gb Free Space | 40.27% Space Free | Partition Type: NTFS Computer Name: ACER | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2286521827-2552126233-756588910-1000] "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03096B1A-BC9E-48DC-BF66-C86D6DC8086C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | "{0BD181BD-0DBD-43FB-A8DD-C55741C19AA1}" = lport=2869 | protocol=6 | dir=in | app=system | "{1B61B84C-B1CA-42C5-A55B-9FC11DEFB5DB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{2207CEF1-D0A0-4940-AFC2-6FCBA8B0D6B5}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | "{2DCF1B56-2B7C-454E-9074-AA467739D5F1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | "{3D9E54E4-F2FD-4BB8-BE33-DC3774437889}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{59601BE6-84D2-415B-AE4A-2F2011A3A59A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | "{A38F8514-F3EF-41C6-9881-58F998DAF7F9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{E93E1D1F-5D1B-45BF-B0A1-DDCAA5803A94}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00153DAC-82DF-4468-A2BC-51DF79646553}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{2035E9C4-DD19-4DD3-9290-881713CA4B17}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{216DA411-B59F-4D63-BF68-4C3D54146D9D}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{33EA6315-82BA-4B6D-8671-34222D94A568}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | "{3BD4614A-4D59-472C-94EF-EAB8EBD3E612}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | "{3F0D111D-10D4-4862-AAFD-316447025676}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | "{416705C0-BE5A-478B-ADD6-A28C5B518D66}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{497DF067-388F-4F12-ACE4-0F7B37D51707}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | "{55C7ABFB-AC38-4882-8708-FFA30D9AE2D9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{733931E4-1D89-484D-AA18-CDDCC16D6B97}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{871DFDB4-3A6F-4D15-8868-6B3AAC046C21}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | "{928F06A1-9316-468F-8135-85E72EA740EC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | "{965F8881-BA51-459A-8892-C3EF9197EDCB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{A16C64A4-7119-47FC-B302-8E908B95D952}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | "{B247F53F-C36A-4E80-A6E1-FEA9789011B6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{B73F6857-4B3E-4E9E-8E93-BECA361F64B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BEBC6A53-8FE8-4236-9A6A-6AB4285D1739}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{C05FED83-710C-4385-B7D6-13A4EE7FC132}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{C0ADC15B-C873-488A-9F27-C0BCD9F43D67}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | "{C0D0D195-7043-432A-85FE-98004BD17D1B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{DA709131-6BFC-4937-A111-7452E3070A62}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{F4143777-2206-455F-8BFA-0DFDD3C8799C}" = dir=in | app=c:\program files\itunes\itunes.exe | "{F6317A15-F82F-4810-A846-6163E3C123D5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{162FB524-0FE0-4617-99C1-C25B7E218403}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{1AAF3588-CA6A-45FB-9D78-D9865A0A446E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{3AA0D60B-E1D1-4177-96BA-494B7FDC6C15}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | "TCP Query User{51E269CF-8BC8-41A7-A8B5-04688B20DBCD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{855AE488-1E5B-4A49-9A8B-37CA412B35B7}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "TCP Query User{B9EDBF41-F624-4C12-B378-F141F8B2C645}C:\program files\voipwise.com\voipwise\voipwise.exe" = protocol=6 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe | "TCP Query User{BF4F3E52-1F2B-4EEB-9EFA-52D54F4320CA}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe | "TCP Query User{C2FBE204-78CC-4EF1-9471-C31B8CFB87F0}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | "TCP Query User{CC05E651-3D05-4259-B504-F6CAD1C37F17}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{E0A41D9F-F746-4DD9-B61F-2C0D42A897CC}C:\users\user\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\utorrent.exe | "UDP Query User{1395958A-D4D7-46E2-BCC2-B06B0B497856}C:\program files\voipwise.com\voipwise\voipwise.exe" = protocol=17 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe | "UDP Query User{14B7154A-7D76-4354-B71B-8CA620DD121F}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | "UDP Query User{1AF7ADDD-746E-47F7-9D2D-5D0FB432F5B2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{3C66DABB-B79B-49D3-A81E-02631175059A}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe | "UDP Query User{927857EA-0022-4781-BBAC-1A9EC7395A41}C:\users\user\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\utorrent.exe | "UDP Query User{A57F78BD-32B5-4387-A8D5-B0C0FACA9D8D}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | "UDP Query User{AC34401B-A4DC-4475-AD9A-1CEF94DF3DC9}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{B9A0ABAA-5304-4581-9C7D-BACB6A2E7B58}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{F5DED763-9AE9-4A0D-A330-3697BB7E491E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{FD8D05ED-01C6-42B4-94BC-FC1856E627A3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding "{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{19B4BDE9-0F2B-44FF-FDC4-987E1B33D03C}" = CCC Help English "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{26E2E4FB-F26A-549E-5496-14BAE4E2BA67}" = Catalyst Control Center Graphics Full Existing "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{653F6FEA-643C-457F-774A-64D4DAAE1028}" = Catalyst Control Center Graphics Previews Vista "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in "{7DA4FC0C-4FB3-45A2-8095-B2F7A9CF8135}" = AVG 2014 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A737E18A-5171-40D0-8034-7DD243420081}" = Software Updater "{A79CB508-2DD7-F717-8787-C6382C274082}" = Catalyst Control Center Graphics Light "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AACF5D06-EF3A-1941-3492-1E60589CA444}" = ccc-utility "{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4 "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{BCB0CE1E-7510-3948-4834-99BBA689CF62}" = Catalyst Control Center Core Implementation "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C76DAFAE-5E59-44AB-2764-70BC79E0D4B2}" = Skins "{C843A209-D367-453E-86E0-1D105F4A17EE}" = MUkoTE "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D013644E-F890-49A4-0DE9-8E4BBD18A406}" = ATI Catalyst Install Manager "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7C49EC6-4DEA-7A7A-860D-78D613C68B8C}" = ccc-core-static "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E05D82D8-FE70-4228-B073-B0C07FE27595}" = iTunes "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EEAFDDCF-0B0E-44DB-995B-886FB139CF1F}" = AVG 2014 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5A630D4-3D7D-6EEC-5DAE-41835DC0A1DA}" = Catalyst Control Center Graphics Full New "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1489-3350-5074-6281" = JDownloader 0.9 "4shared Desktop" = 4shared Desktop "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1 "Applian Director2.1" = Applian Director "AVG" = AVG 2014 "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0 "BugPack1" = Beta Bugs BugPack1 VST "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "CodeStuff Starter" = CodeStuff Starter "DivX Setup" = DivX Setup "Epson Connect Guide" = Epson Connect Guide "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall "EPSON WF-2530 Series" = EPSON WF-2530 Series Printer Uninstall "ERUNT_is1" = ERUNT 1.1j "FLV Player" = FLV Player 2.0 (build 25) "Free Easy Burner_is1" = Free Easy Burner V 5.0 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228 "Google Chrome" = Google Chrome "InfraRecorder" = InfraRecorder "KaraFun_is1" = KaraFun 1.18 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 20.0.1 (x86 en-GB)" = Mozilla Firefox 20.0.1 (x86 en-GB) "MozillaMaintenanceService" = Mozilla Maintenance Service "Software Informer_is1" = Software Informer 1.0 BETA "STANDARD" = Microsoft Office Standard 2007 "Syncrosoft License Control" = Syncrosoft License Control "USB_AUDIO_DEusb-audio.deTascam" = US-122L / US-144 driver "Van Dale pocketwoordenboeken" = Van Dale pocketwoordenboeken "VMidi" = vanBasco's Karaoke Player "Voipwise_is1" = Voipwise "WF-2530 Series Netg" = Epson Network Guide WF-2530 Series "WF-2530 Series Useg" = Epson User's Guide WF-2530 Series "WinLiveSuite" = Windows Live Essentials "Xvid_is1" = Xvid 1.2.1 final uninstall "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "jZip" = jZip "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23/09/2012 13:52:31 | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Error - 23/09/2012 13:52:46 | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Error - 23/09/2012 13:52:46 | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Error - 23/09/2012 13:52:46 | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Error - 23/09/2012 13:53:02 | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Error - 23/09/2012 13:53:02 | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Error - 23/09/2012 13:53:02 | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Error - 23/09/2012 14:35:23 | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Error - 23/09/2012 14:35:23 | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = Error - 23/09/2012 14:35:23 | Computer Name = Acer | Source = Bonjour Service | ID = 100 Description = [ OSession Events ] Error - 04/12/2009 15:09:38 | Computer Name = Acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 119 seconds with 0 seconds of active time. This session ended with a crash. Error - 02/07/2013 08:19:02 | Computer Name = Acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1195 seconds with 960 seconds of active time. This session ended with a crash. Error - 15/10/2013 10:54:38 | Computer Name = Acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 121 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 02/11/2013 07:50:42 | Computer Name = Acer | Source = Service Control Manager | ID = 7030 Description = Error - 02/11/2013 07:50:43 | Computer Name = Acer | Source = Service Control Manager | ID = 7030 Description = Error - 02/11/2013 07:50:44 | Computer Name = Acer | Source = Service Control Manager | ID = 7030 Description = Error - 02/11/2013 08:01:16 | Computer Name = Acer | Source = Service Control Manager | ID = 7000 Description = Error - 02/11/2013 09:57:08 | Computer Name = Acer | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort2. Error - 02/11/2013 09:57:08 | Computer Name = Acer | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort2. Error - 02/11/2013 09:57:08 | Computer Name = Acer | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort2. Error - 02/11/2013 10:01:53 | Computer Name = Acer | Source = volsnap | ID = 393230 Description = The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error - 05/11/2013 05:15:54 | Computer Name = Acer | Source = Service Control Manager | ID = 7000 Description = Error - 08/11/2013 04:34:54 | Computer Name = Acer | Source = Service Control Manager | ID = 7000 Description = < End of report >
  21. philspain
    Nee sorry, heb net een audio file afgespeeld maar nog steeds hetzelfde ?!
  22. philspain
    Zoek.exe Version 4.0.0.5 Updated 26-October-2013 Tool run by User on 02/11/2013 at 13:15:04.43. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\DOCUME~1\User\LOCALS~1\Temp\jZip\jZip2234B\jZip1196\zoek.exe [script inserted] ==== System Restore Info ====================== 02/11/2013 13:17:59 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Graboid deleted successfully C:\Program Files\Optimizer Pro deleted successfully C:\Program Files\Software Informer deleted successfully C:\Program Files\W3i deleted successfully C:\Program Files\WinRAR deleted successfully C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully C:\Documents and Settings\All Users\Application Data\W3i deleted successfully C:\Documents and Settings\All Users\Application Data\WinZipEC deleted successfully C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully C:\Documents and Settings\User\Application Data\Media Player Classic deleted successfully C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google deleted successfully C:\Documents and Settings\User\Local Settings\Application Data\MediaGet2 deleted successfully C:\Documents and Settings\User\Local Settings\Application Data\WMTools Downloaded Files deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1409082233-706699826-527237240-1004\Software\Microsoft\Internet Explorer\SearchScopes\{026BBE9D-F1D8-42D0-A3B6-1C4F2AEF4F05} deleted successfully HKEY_USERS\S-1-5-21-1409082233-706699826-527237240-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1409082233-706699826-527237240-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1409082233-706699826-527237240-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1409082233-706699826-527237240-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} deleted successfully HKEY_USERS\S-1-5-21-1409082233-706699826-527237240-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BitGuard deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BitGuard deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.0.12 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vToolbarUpdater17.0.12 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default ---- Lines delta removed from prefs.js ---- user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "18db39e400000000000000242cd9cf88"); user_pref("extensions.delta.instlDay", "15958"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.615:30:55"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=119752&tsp=5001"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "18db39e400000000000000242cd9cf88"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15958"); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.615:30:55"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta_i.babTrack", "affID=119752&tsp=5001"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines searchgol removed from prefs.js ---- user_pref("extensions.searchgol.admin", false); user_pref("extensions.searchgol.aflt", "babsst"); user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}"); user_pref("extensions.searchgol.autoRvrt", "false"); user_pref("extensions.searchgol.dfltLng", "en"); user_pref("extensions.searchgol.excTlbr", false); user_pref("extensions.searchgol.ffxUnstlRst", false); user_pref("extensions.searchgol.id", "18db39e400000000000000242cd9cf88"); user_pref("extensions.searchgol.instlDay", "15992"); user_pref("extensions.searchgol.instlRef", "sst"); user_pref("extensions.searchgol.newTab", false); user_pref("extensions.searchgol.prdct", "searchgol"); user_pref("extensions.searchgol.prtnrId", "searchgol"); user_pref("extensions.searchgol.rvrt", "false"); user_pref("extensions.searchgol.smplGrp", "none"); user_pref("extensions.searchgol.tlbrId", "base"); user_pref("extensions.searchgol.tlbrSrchUrl", ""); user_pref("extensions.searchgol.vrsn", "1.8.16.19"); user_pref("extensions.searchgol.vrsni", "1.8.16.19"); user_pref("extensions.searchgol.vrsnTs", "1.8.16.1917:23:20"); ---- Lines searchgol removed from user.js ---- user_pref("extensions.searchgol.tlbrSrchUrl", ""); user_pref("extensions.searchgol.id", "18db39e400000000000000242cd9cf88"); user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}"); user_pref("extensions.searchgol.instlDay", "15992"); user_pref("extensions.searchgol.vrsn", "1.8.16.19"); user_pref("extensions.searchgol.vrsni", "1.8.16.19"); user_pref("extensions.searchgol.vrsnTs", "1.8.16.1917:23:20"); user_pref("extensions.searchgol.prtnrId", "searchgol"); user_pref("extensions.searchgol.prdct", "searchgol"); user_pref("extensions.searchgol.aflt", "babsst"); user_pref("extensions.searchgol.smplGrp", "none"); user_pref("extensions.searchgol.tlbrId", "base"); user_pref("extensions.searchgol.instlRef", "sst"); user_pref("extensions.searchgol.dfltLng", "en"); user_pref("extensions.searchgol.excTlbr", false); user_pref("extensions.searchgol.ffxUnstlRst", false); user_pref("extensions.searchgol.admin", false); user_pref("extensions.searchgol.autoRvrt", "false"); user_pref("extensions.searchgol.rvrt", "false"); user_pref("extensions.searchgol.newTab", false); ---- FireFox user.js and prefs.js backups ---- user_112013_1419_.backup prefs_112013_1419_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "bProtectTabs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk deleted C:\Documents and Settings\User\Application Data\AVG Secure Search deleted C:\Documents and Settings\User\Application Data\OpenCandy deleted C:\Documents and Settings\All Users\Application Data\AVG Secure Search deleted C:\Documents and Settings\User\Local Settings\Application Data\AVG Secure Search deleted C:\Documents and Settings\User\Local Settings\Application Data\avgchrome deleted C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue\DriverScanner deleted C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue deleted C:\Documents and Settings\User\Start Menu\Programs\BitGuard deleted C:\WINDOWS\DUMP00d6.tmp deleted C:\WINDOWS\DUMP06fb.tmp deleted C:\WINDOWS\DUMP1330.tmp deleted C:\WINDOWS\DUMP2c11.tmp deleted C:\WINDOWS\DUMP3fc3.tmp deleted C:\WINDOWS\DUMP5e5c.tmp deleted C:\WINDOWS\DUMP6486.tmp deleted C:\WINDOWS\DUMP6e3a.tmp deleted C:\WINDOWS\DUMP7407.tmp deleted C:\WINDOWS\DUMP758d.tmp deleted C:\WINDOWS\DUMP76e5.tmp deleted C:\WINDOWS\DUMP7743.tmp deleted C:\WINDOWS\DUMP7762.tmp deleted C:\WINDOWS\DUMP7781.tmp deleted C:\WINDOWS\DUMP77c0.tmp deleted C:\WINDOWS\DUMP785c.tmp deleted C:\WINDOWS\DUMP78c9.tmp deleted C:\WINDOWS\DUMP7918.tmp deleted C:\WINDOWS\DUMP7956.tmp deleted C:\WINDOWS\DUMP7995.tmp deleted C:\WINDOWS\DUMP79b4.tmp deleted C:\WINDOWS\DUMP79c3.tmp deleted C:\WINDOWS\DUMP79e3.tmp deleted C:\WINDOWS\DUMP79f2.tmp deleted C:\WINDOWS\DUMP7a31.tmp deleted C:\WINDOWS\DUMP7a6f.tmp deleted C:\WINDOWS\DUMP7a9e.tmp deleted C:\WINDOWS\DUMP7a9f.tmp deleted C:\WINDOWS\DUMP7abd.tmp deleted C:\WINDOWS\DUMP7aec.tmp deleted C:\WINDOWS\DUMP7b1b.tmp deleted C:\WINDOWS\DUMP7b2b.tmp deleted C:\WINDOWS\DUMP7b3a.tmp deleted C:\WINDOWS\DUMP7b5a.tmp deleted C:\WINDOWS\DUMP7bb7.tmp deleted C:\WINDOWS\DUMP7bb8.tmp deleted C:\WINDOWS\DUMP7c25.tmp deleted C:\WINDOWS\DUMP7cb1.tmp deleted C:\WINDOWS\DUMP7d00.tmp deleted C:\WINDOWS\DUMP7d0f.tmp deleted C:\WINDOWS\DUMP7dab.tmp deleted C:\WINDOWS\DUMP7dbb.tmp deleted C:\WINDOWS\DUMP7ee4.tmp deleted C:\WINDOWS\DUMP7f22.tmp deleted C:\WINDOWS\DUMP7ffd.tmp deleted C:\WINDOWS\DUMP83e5.tmp deleted C:\WINDOWS\DUMP85ca.tmp deleted C:\WINDOWS\DUMP8712.tmp deleted C:\WINDOWS\DUMP88f6.tmp deleted C:\WINDOWS\DUMP89b2.tmp deleted C:\WINDOWS\DUMP8b67.tmp deleted C:\WINDOWS\DUMP8c03.tmp deleted C:\WINDOWS\DUMP9356.tmp deleted C:\WINDOWS\DUMPa6af.tmp deleted C:\WINDOWS\DUMPb14e.tmp deleted C:\WINDOWS\DUMPba76.tmp deleted C:\WINDOWS\DUMPbfb6.tmp deleted C:\WINDOWS\DUMPee09.tmp deleted C:\WINDOWS\SET3.tmp deleted C:\WINDOWS\SET4.tmp deleted C:\WINDOWS\SET8.tmp deleted C:\WINDOWS\tasks\EPUpdater.job deleted C:\WINDOWS\tasks\dsmonitor.job deleted C:\WINDOWS\System32\AI_RecycleBin deleted C:\Documents and Settings\User\AppData\LocalLow\DataMngr deleted C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\searchplugins\BrowserDefender.xml deleted C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\searchplugins\babylon.xml deleted C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\searchplugins\searchgol.xml deleted C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\Invalidprefs.js deleted C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\bProtector_extensions.rdf deleted C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\bProtector_extensions.sqlite deleted C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\bprotector_prefs.js deleted C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\extensions\staged deleted C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\CT2604146 deleted "C:\Documents and Settings\User\Application Data\Tether\usage.db" deleted "C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll" deleted "C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\monitor.log" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted "C:\Documents and Settings\User\Application Data\Tether" deleted "C:\Program Files\Uniblue\DriverScanner" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search" not deleted "C:\Documents and Settings\User\Application Data\Uniblue" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard" not deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" not deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" not deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12" not deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12" not deleted "C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" not deleted "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\User\LOCALS~1\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2013-11-02 12:04:51 -------- d-----w- C:\Program Files\jZip 2013-10-14 13:44:05 -------- d-----w- C:\Program Files\Speccy ======= C: ===== ====== C:\Documents and Settings\User\Application Data ====== 2013-11-02 12:06:09 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\jZip 2013-10-31 12:51:20 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2013 2013-10-15 14:31:32 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft Help 2013-10-14 15:42:16 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\TuneUp Software ====== C:\Documents and Settings\User ====== 2013-10-15 12:54:08 -------- d-sh--w- C:\Documents and Settings\Default User\Cookies 2013-10-15 12:14:55 -------- d--h--r- C:\Documents and Settings\User\Recent ====== C: exe-files == 2013-11-02 12:13:57 1DB5B92E54BA5E4976995B6BE4B0BB81 34615136 ----a-w- C:\Program Files\Google\Update\Install\{F5009763-96C1-41EB-AFAD-F16F0820FCDF}\30.0.1599.101_chrome_installer.exe 2013-11-02 12:13:30 1DB5B92E54BA5E4976995B6BE4B0BB81 34615136 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.101\30.0.1599.101_chrome_installer.exe 2013-11-02 12:06:12 7C088777FF1BB7C17E8D83273231C1AF 176808 ----a-w- C:\Program Files\jZip\Uninstall.exe 2013-11-02 12:06:02 436DF1480BA6474E701A18B2A02388C7 816120 ----a-w- C:\Program Files\jZip\change.exe 2013-11-02 12:06:02 1C29E9D49B203D2F73EB1E2BE810789E 3597816 ----a-w- C:\Program Files\jZip\jZip.exe 2013-11-02 12:04:23 ED07701741D2C6FA1A747705C51B5F0E 1253744 ----a-w- C:\Documents and Settings\User\My Documents\Downloads\jZipSetup-r100-w-bf.exe 2013-10-31 12:10:29 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\User.exe 2013-10-31 12:03:12 8F101DD2F46E59469FE0F599DA0530F2 2066272 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.101\30.0.1599.101_30.0.1599.69_chrome_updater.exe 2013-10-31 12:03:04 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\User\My Documents\Downloads\RSIT.exe 2013-10-31 11:54:34 CEFEBDB9E274BD90C12D131ED25CC819 59784 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe 2013-10-31 11:54:33 EB8EEB98D01B5D31898D8E53C3789832 59784 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateBroker.exe 2013-10-31 11:54:30 4AFFF5FE4E69C8E7C5F1E4F3511301CF 818968 ----a-w- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateSetup.exe 2013-10-31 11:53:28 0DC0DE2966A6DBA4CFBF6639DF44F5BA 319880 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler64.exe 2013-10-31 11:53:26 CF7B0E597C1F34E528285495721DEEE9 237960 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe 2013-10-31 11:53:23 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdate.exe 2013-10-31 11:49:22 A5027445F15DBA980764D6F7909C0E94 5914640 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe 2013-10-31 11:48:50 E66E725E10B9CB8A6F5C74D7CA9E98A9 2864096 ----a-w- C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe 2013-10-31 11:48:37 4AFFF5FE4E69C8E7C5F1E4F3511301CF 818968 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.165\GoogleUpdateSetup.exe 2013-10-31 11:47:43 E66E725E10B9CB8A6F5C74D7CA9E98A9 2864096 ----a-w- C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe === C: other files == 2013-11-02 12:10:32 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Documents and Settings\User\Local Settings\temp\scripttest.vbs 2013-11-02 11:49:29 1FA3C14F708D3502269357C41F4EE549 15421 ----a-w- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\extensions\firefox-hotfix@mozilla.org.xpi 2013-10-31 11:59:10 28C64BF250964A1F09E33326F54FF0D6 183955 ----a-w- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\extensions\jid0-Rp5hqR3GGdGwDtdjWGZHQAKOFSA@jetpack.xpi 2013-10-31 11:59:03 0BE77585E697CD06A1DA68A4EEADF62A 217340 ----a-w- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "avg@toolbar"="C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.0.1.12" [] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default - Firefox Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org - Hide Facebook Ticker - %ProfilePath%\extensions\jid0-Rp5hqR3GGdGwDtdjWGZHQAKOFSA@jetpack - X-notifier - %ProfilePath%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) - Firefox Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi - Facebook Ticker Removal - %ProfilePath%\extensions\info@technologymob.com.xpi - Hide Facebook Ticker - %ProfilePath%\extensions\jid0-Rp5hqR3GGdGwDtdjWGZHQAKOFSA@jetpack.xpi - ScrapBook Plus - %ProfilePath%\extensions\scrapbookplus@addons.mozilla.org.xpi - X-notifier - %ProfilePath%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U40 AF661355EBAB898EB92D5454AEF93CE0 - C:\WINDOWS\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.400.43 EEEB86077BB4682B3FCFEDA5AED3E396 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 BADFB0DCCD9B7E9F2F6EB7954D24EED1 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 1153F58FACBC9731AF6CDF313F76DF29 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 9E4F520270BF7301CC24E8FA67791C22 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 E50A1DB5DE70D656287511297B42F9F2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In 3A523765D795DB006C010B915C3A840A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 42A9B216A7A288512CE2F9A6BCCE96BC - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 62059985AF996F4FFE5451CB0D5924BF - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll - Shockwave Flash AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library 8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight 68A131335A20B343923A2957EB1E413D - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== Card number - User - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.searchgol.com/?babsrc=HP_ss&mntrId=18DB00242CD9CF88&affID=125036&tsp=5035" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchGol Url="http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=18DB00242CD9CF88&affID=125036&tsp=5035" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\User\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\User\Application Data\Uniblue\DriverScanner\monitor.log" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found "C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Program Files\Uniblue\DriverScanner" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\Common Files\AVG Secure Search" deleted "C:\Documents and Settings\User\Application Data\Uniblue" not found "C:\Documents and Settings\All Users\Application Data\BitGuard" not found ==== EOF on 05/11/2013 at 11:58:55.50 ======================
  23. philspain
    Ik heb de indruk dat m´n laptop wat beter draait nu ja ! Zijn er nog testen die ik kan uitvoeren of zou het probleem nu verholpen zijn ?
  24. philspain
    Zoek.exe Version 4.0.0.5 Updated 26-October-2013 Tool run by User on 02/11/2013 at 12:42:15.90. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\AppData\Local\Temp\jZip\jZip273DC\jZip538A\zoek.exe [script inserted] ==== System Restore Info ====================== 02/11/2013 12:43:19 Zoek.exe System Restore Point Created Succesfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} ntshrui.dll ==== Empty Folders Check ====================== C:\Program Files\ahead deleted successfully C:\Program Files\Camfrog deleted successfully C:\Program Files\CDCopy deleted successfully C:\Program Files\Easy Cover Design Pro deleted successfully C:\Program Files\Panda Security deleted successfully C:\Program Files\Quark deleted successfully C:\Program Files\Replay Music 3 deleted successfully C:\Program Files\Roni Music deleted successfully C:\Program Files\SUPERAntiSpyware deleted successfully C:\Program Files\Common Files\SWF Studio deleted successfully C:\Users\User\AppData\Roaming\.# deleted successfully C:\Users\User\AppData\Roaming\Erwa deleted successfully C:\Users\User\AppData\Roaming\Gygan deleted successfully C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com deleted successfully C:\Users\User\AppData\Local\OpenCandy deleted successfully ==== Creating Sample_112013_1249.zip ====================== Copied file C:\Users\User\Setup_Full_Registered.exe to sample\Setup_Full_Registered.exe sample\Setup_Full_Registered.exe renamed to 4AC3B3F95F0DE0D26D1C7C4B718E7828 C:\Users\Public\Desktop\sample_112013_1249.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{30C6447E-65A8-4C8B-A10D-00E9FDCC66A6} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5AC55A0D-858C-4E4D-9D2E-D1BCFE7BCC29} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5B7706E6-3034-21B5-1074-6208B644849D} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{642D042B-AA94-4B43-AC81-642DF559A2C4} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-2286521827-2552126233-756588910-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater15.4.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater15.4.0 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default ---- Lines ividi removed from prefs.js ---- user_pref("extensions.ividi.admin", false); user_pref("extensions.ividi.aflt", "3"); user_pref("extensions.ividi.appId", "{685F23D9-FCFD-475C-B56A-362645945C5A}"); user_pref("extensions.ividi.autoRvrt", "false"); user_pref("extensions.ividi.cntry", "ES"); user_pref("extensions.ividi.dfltLng", ""); user_pref("extensions.ividi.dfltSrch", true); user_pref("extensions.ividi.dnsErr", true); user_pref("extensions.ividi.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,75262 user_pref("extensions.ividi.dspFFXOld", ""); user_pref("extensions.ividi.excTlbr", true); user_pref("extensions.ividi.ffxUnstlRst", false); user_pref("extensions.ividi.hdrMd5", "A3D973F91E96918D80AAD23B524A4866"); user_pref("extensions.ividi.hmpg", true); user_pref("extensions.ividi.hmpgUrl", "http://search.ividi.org/?src=tbhp&id=b4998904000000000000001f3c2a7970&affilt=3"); user_pref("extensions.ividi.hpOld0", "www.hln.be"); user_pref("extensions.ividi.id", "b4998904000000000000001f3c2a7970"); user_pref("extensions.ividi.instlDay", "16006"); user_pref("extensions.ividi.instlRef", ""); user_pref("extensions.ividi.kw_url", "http://search.ividi.org/?src=tbsp&id=b4998904000000000000001f3c2a7970&affilt=3&q="); user_pref("extensions.ividi.lastB", "http://search.ividi.org/?src=tbhp&id=b4998904000000000000001f3c2a7970&affilt=3"); user_pref("extensions.ividi.lastVrsnTs", "1.8.23.018:49:21"); user_pref("extensions.ividi.newTab", true); user_pref("extensions.ividi.newTabUrl", "http://search.ividi.org/?q={searchTerms}&src=tbnt&id=b4998904000000000000001f3c2a7970&affilt=3"); user_pref("extensions.ividi.prdct", "ividi"); user_pref("extensions.ividi.prtnrId", "ividi"); user_pref("extensions.ividi.rvrt", "false"); user_pref("extensions.ividi.sg", "none"); user_pref("extensions.ividi.smplGrp", "none"); user_pref("extensions.ividi.srchPrvdr", "Search "); user_pref("extensions.ividi.tlbrId", "base"); user_pref("extensions.ividi.tlbrSrchUrl", "http://search.ividi.org/?src=tbsp&id=b4998904000000000000001f3c2a7970&affilt=3&q="); user_pref("extensions.ividi.vrsn", "1.8.23.0"); user_pref("extensions.ividi.vrsnTs", "1.8.23.018:49:21"); user_pref("extensions.ividi.vrsni", "1.8.23.0"); user_pref("keyword.URL", "http://search.ividi.org/?src=tbsp&id=b4998904000000000000001f3c2a7970&affilt=3&q="); ---- Lines ividi removed from user.js ---- user_pref("extensions.ividi.hpOld0", "www.hln.be"); user_pref("extensions.ividi.tlbrSrchUrl", "http://search.ividi.org/?src=tbsp&id=b4998904000000000000001f3c2a7970&affilt=3&q="); user_pref("extensions.ividi.id", "b4998904000000000000001f3c2a7970"); user_pref("extensions.ividi.appId", "{685F23D9-FCFD-475C-B56A-362645945C5A}"); user_pref("extensions.ividi.instlDay", "16006"); user_pref("extensions.ividi.vrsn", "1.8.23.0"); user_pref("extensions.ividi.vrsni", "1.8.23.0"); user_pref("extensions.ividi.vrsnTs", "1.8.23.018:49:21"); user_pref("extensions.ividi.prtnrId", "ividi"); user_pref("extensions.ividi.prdct", "ividi"); user_pref("extensions.ividi.aflt", "3"); user_pref("extensions.ividi.smplGrp", "none"); user_pref("extensions.ividi.tlbrId", "base"); user_pref("extensions.ividi.instlRef", ""); user_pref("extensions.ividi.dfltLng", ""); user_pref("extensions.ividi.excTlbr", true); user_pref("extensions.ividi.ffxUnstlRst", false); user_pref("extensions.ividi.admin", false); user_pref("extensions.ividi.autoRvrt", "false"); user_pref("extensions.ividi.rvrt", "false"); user_pref("extensions.ividi.hmpg", true); user_pref("extensions.ividi.hmpgUrl", "http://search.ividi.org/?src=tbhp&id=b4998904000000000000001f3c2a7970&affilt=3"); user_pref("extensions.ividi.dfltSrch", true); user_pref("extensions.ividi.srchPrvdr", "Search "); user_pref("extensions.ividi.kw_url", "http://search.ividi.org/?src=tbsp&id=b4998904000000000000001f3c2a7970&affilt=3&q="); user_pref("extensions.ividi.dnsErr", true); user_pref("extensions.ividi.newTab", true); user_pref("extensions.ividi.newTabUrl", "http://search.ividi.org/?q={searchTerms}&src=tbnt&id=b4998904000000000000001f3c2a7970&affilt=3"); ---- Lines mysearchdial removed from user.js ---- user_pref("extensions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0CtB0AyBzyyBtDzzzytDyEtN0D0Tzu0CyDzztDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1289320101&ir="); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); user_pref("extensions.mysearchdial.dnsErr", true); user_pref("extensions.mysearchdial_i.newTab", false); user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0CtB0AyBzyyBtDzzzytDyEtN0D0Tzu0CyDzztDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1289320101&ir="); user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0CtB0AyBzyyBtDzzzytDyEtN0D0Tzu0CyDzztDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1289320101&ir=&q="); user_pref("extensions.mysearchdial.id", "001F3C2A79708904"); user_pref("extensions.mysearchdial.instlDay", "15919"); user_pref("extensions.mysearchdial.vrsn", ""); user_pref("extensions.mysearchdial.vrsni", ""); user_pref("extensions.mysearchdial_i.vrsnTs", "13:6:40"); user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); user_pref("extensions.mysearchdial.prdct", "mysearchdial"); user_pref("extensions.mysearchdial.aflt", "dnldmsd"); user_pref("extensions.mysearchdial_i.smplGrp", "none"); user_pref("extensions.mysearchdial.tlbrId", "base"); user_pref("extensions.mysearchdial.instlRef", ""); user_pref("extensions.mysearchdial.dfltLng", ""); user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); user_pref("extensions.mysearchdial.excTlbr", false); user_pref("extensions.mysearchdial_i.hmpg", true); user_pref("extensions.mysearchdial.cr", "1289320101"); user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0FtA0CtB0AyBzyyBtDzzzytDyEtN0D0Tzu0CyDzztDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q"); ---- FireFox user.js and prefs.js backups ---- user_112013_1250_.backup prefs_112013_1250_.backup ==== Deleting Files \ Folders ====================== C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\Program Files\Unitech LLC deleted C:\Program Files\iVIDI.org plugin deleted C:\Program Files\bestLyrics-34 deleted C:\Program Files\MyPC Backup deleted C:\Program Files\Common Files\AVG Secure Search deleted C:\found.000 deleted C:\Users\User\AppData\Roaming\Uniblue deleted C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers deleted C:\Users\User\AppData\Roaming\Research In Motion deleted C:\Users\User\AppData\Local\AVG Secure Search deleted C:\Users\User\AppData\Local\Conduit deleted C:\Users\Public\QuarkXPress Dependency Setup.exe deleted C:\Users\Public\setup.exe deleted C:\Users\Public\sdelevURL.tmp deleted C:\Users\User\AppData\LocalLow\AVG Security Toolbar deleted C:\Users\User\AppData\LocalLow\AVG Secure Search deleted C:\Users\User\AppData\LocalLow\searchquband deleted C:\Users\User\AppData\LocalLow\searchqutoolbar deleted C:\Users\User\AppData\LocalLow\facemoods.com deleted C:\Users\User\AppData\LocalLow\DataMngr deleted C:\Users\User\AppData\LocalLow\Conduit deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\tasks\bestLyrics-34-chromeinstaller deleted C:\Windows\system32\tasks\bestLyrics-34-codedownloader deleted C:\Windows\system32\tasks\bestLyrics-34-enabler deleted C:\Windows\system32\tasks\bestLyrics-34-firefoxinstaller deleted C:\Windows\system32\tasks\bestLyrics-34-updater deleted C:\Windows\tasks\bestLyrics-34-chromeinstaller.job deleted C:\Windows\tasks\bestLyrics-34-codedownloader.job deleted C:\Windows\tasks\bestLyrics-34-enabler.job deleted C:\Windows\tasks\bestLyrics-34-firefoxinstaller.job deleted C:\Windows\tasks\bestLyrics-34-updater.job deleted C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\askcom.xml deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\Mysearchdial.xml deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\MyStart Search.xml deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\SearchResults.xml deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\Search_Results.xml deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchqutoolbar deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\CT2438727 deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\CT2786678 deleted C:\Users\User\Setup_Full_Registered.exe deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\conduit deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\conduitCommon deleted "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\searchplugins\ividi.xml" deleted "C:\Users\User\AppData\Roaming\Ofzyx\ocen.dov" deleted "C:\Users\User\AppData\Roaming\Ofzyx\ocen.tmp" deleted "C:\Users\User\AppData\Roaming\Ofzyx" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\User\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2013-10-31 12:15:40 671BF94AEBB06EBA93354853D577EFFB 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe 2013-10-31 12:15:40 46978DB392281618885EDD80EDB34137 71048 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== 2013-10-31 12:15:41 F5F117DBC69EC8199F82004E3FF54077 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-31 12:15:41 24FD7051BADB2E630929A9E94F8D7718 3682 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-10-31 11:38:29 -------- d-----w- C:\Program Files\trend micro 2013-10-30 13:22:13 -------- d-----w- C:\Program Files\ERUNT 2013-10-24 18:00:14 -------- d-----w- C:\Program Files\Common Files\snp2uvc 2013-10-13 12:41:48 -------- d-----w- C:\Program Files\iPod 2013-10-13 12:41:46 -------- d-----w- C:\Program Files\iTunes 2013-10-13 12:38:28 -------- d-----w- C:\Program Files\Apple Software Update 2013-10-13 11:50:20 -------- d-----w- C:\Program Files\jZip ======= C: ===== ====== C:\Users\User\AppData\Roaming ====== 2013-10-24 17:06:01 -------- d-----w- C:\Users\User\AppData\Roaming\Unitech LLC 2013-10-24 17:00:44 -------- d-----w- C:\Users\User\AppData\Roaming\AVG2014 2013-10-24 16:59:10 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2014 2013-10-24 16:54:58 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014 2013-10-24 16:38:27 -------- d-----w- C:\Users\User\AppData\Local\Avg2014 2013-10-08 13:14:00 -------- d-----w- C:\Users\User\AppData\Local\Spotify 2013-10-08 13:08:52 -------- d-----w- C:\Users\User\AppData\Roaming\Spotify ====== C:\Users\User ====== 2013-10-31 11:37:42 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\User\Desktop\RSIT.exe 2013-10-30 13:22:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2013-10-30 13:21:03 933169EEE58B90EB0900CD3B0AF02FD8 791393 ----a-w- C:\Users\User\Desktop\erunt-setup.exe 2013-10-28 17:37:54 7CF723BAD645B426E9EA9CED7E4E49D0 2865080 ----a-w- C:\Users\User\Desktop\453_karaoke_songs_thm06_mp3.cdg.exe 2013-10-28 16:56:03 C6D230626FC374972A057C096B56048E 324991 ----a-w- C:\Users\User\KCLOUD_DTE.pdf 2013-10-24 16:55:08 -------- d-----w- C:\ProgramData\AVG2014 2013-10-15 13:50:52 823DF4B36AA10F3BBFCB2BF4E6192A30 100721 ----a-w- C:\Users\User\529165_10201477125797256_75829981_n.jpg 2013-10-15 13:48:24 EEC6195E7CC7A127E7F227DB356AB978 57162 ----a-w- C:\Users\User\480526_10151002459950800_11452403_n.jpg 2013-10-15 13:47:34 F94E4D52E874260959FD84F8381F599C 144532 ----a-w- C:\Users\User\1064978_561848020544987_373758459_o.jpg 2013-10-15 11:57:57 -------- d-----w- C:\Users\User\New Folder 2013-10-13 12:42:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2013-10-13 12:41:46 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-10-13 11:47:01 -------- d-----w- C:\Users\User\all zip files for ipad 2 ====== C: exe-files == 2013-10-31 12:15:40 671BF94AEBB06EBA93354853D577EFFB 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe 2013-10-31 11:38:30 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\User.exe 2013-10-31 11:37:42 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\User\Desktop\RSIT.exe 2013-10-30 13:21:03 933169EEE58B90EB0900CD3B0AF02FD8 791393 ----a-w- C:\Users\User\Desktop\erunt-setup.exe 2013-10-28 17:37:54 7CF723BAD645B426E9EA9CED7E4E49D0 2865080 ----a-w- C:\Users\User\Desktop\453_karaoke_songs_thm06_mp3.cdg.exe === C: other files == 2013-11-02 11:49:48 F95CE252E2292D65D0C446EEE6B22AA8 15570989 ----a-w- C:\Users\Public\Desktop\sample_112013_1249.zip ==== Folders in C:\ProgramData 0-6 Months Old ====================== 2013-10-13 12:41:46 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-10-24 16:55:08 -------- d-----w- C:\ProgramData\AVG2014 2013-10-31 12:15:46 -------- d-----w- C:\ProgramData\McAfee Security Scan ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [21/02/2013 13:58] ==== Firefox Extensions ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default - DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 - Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - bestLyrics-34 - %ProfilePath%\extensions\3fe3e99e-6ac7-4996-bc83-e4a963a1ce42@a89bad3e-4379-43b5-a94f-0dfcf2f8a23f.com - BlackFox V2 - %ProfilePath%\extensions\zigboom@hotmail.com - Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi - flaminglow - %ProfilePath%\extensions\flaminglow-ff3-30@glowplug.bitasylum.net.xpi - glowygold - %ProfilePath%\extensions\glowygold-ff3-30@glowplug.bitasylum.net.xpi - NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi - ScrapBook - %ProfilePath%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi - Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Red Cats blue flavor - %ProfilePath%\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update D71FD9D50DEE32075F0D4F93CE2051ED - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat AFD9010DC500096809C2784551909304 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U15 1B197A0ED28DB310AB67591567C3787A - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.150.3 7F776D29CE1EC62F9D30BD877A40D419 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player 63B0AF5D8FED833D39981C54C988C749 - C:\Program Files\Mozilla Firefox\plugins\npffividiplg.dll - iVIDI.org plug-in C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in C3E42CBF8215171A524D123A54AE3233 - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll - Silverlight Plug-In 60365D4C8743A4065B1C1B493BC29171 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll - RIM Handheld Application Loader 65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) 01F0264937036BD962563F1ADF35CE72 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin 683E6C0D2DE6B09E173B193D6B8D1CB1 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.5 683E6C0D2DE6B09E173B193D6B8D1CB1 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.5 E08E67CD1D53C83C696B7E731F3794C0 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.5 E08E67CD1D53C83C696B7E731F3794C0 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.5 CE34BB9EC3ADB3E88BE810D0C5FDDE4B - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.5 CE34BB9EC3ADB3E88BE810D0C5FDDE4B - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.5 A60B3186F98F589E4F8001A4C720702A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.5 A60B3186F98F589E4F8001A4C720702A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.5 EE450CC159F2650E70ACFB99D45494DE - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.5 EE450CC159F2650E70ACFB99D45494DE - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.5 840C5A58162FB6F02AAC2ED76E0B6641 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.5 840C5A58162FB6F02AAC2ED76E0B6641 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.5 DA548872C3126B09D7832B4ABEB54116 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.5 DA548872C3126B09D7832B4ABEB54116 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.6.5 AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System AEA2784CF359F361D454B9B39E07C56B - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrlui.dll - Microsoft ® Silverlight ==== Deleted Firefox Extensions ====================== C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gca71xw1.default\extensions\3fe3e99e-6ac7-4996-bc83-e4a963a1ce42@a89bad3e-4379-43b5-a94f-0dfcf2f8a23f.com deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bejbohlohkkgompgecdcbbglkpjfjgdj - C:\Users\User\AppData\Local\Temp\ccex.crx[] giacfgjdclhnmkacnfbaljbmpnelflol - C:\Program Files\iVIDI.org plugin\ividiplg.crx[] kpdhgpkkloealnjnmepfhanpcleldbef - C:\Program Files\Unitech LLC\ividi\1.8.23.0\ividi.crx[] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[07/02/2013 06:47] Google Drive - User - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - User - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - User - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf bestLyrics-34 - User - Default\Extensions\ehlgkojapenoffkkjcdgmbainnhbkjnl iVIDI.org plugin - User - Default\Extensions\giacfgjdclhnmkacnfbaljbmpnelflol iVidi Chrome Toolbar - User - Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef Chrome In-App Payments service - User - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo\u003E - User - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - User - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\giacfgjdclhnmkacnfbaljbmpnelflol deleted successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef deleted successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlgkojapenoffkkjcdgmbainnhbkjnl deleted successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehlgkojapenoffkkjcdgmbainnhbkjnl_0.localstorage deleted successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehlgkojapenoffkkjcdgmbainnhbkjnl_0.localstorage-journal deleted successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ehlgkojapenoffkkjcdgmbainnhbkjnl_0 deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.ividi.org/?src=tbhp&id=b4998904000000000000001f3c2a7970&affilt=3" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.ividi.org/?q={searchTerms}&src=tbnt&id=b4998904000000000000001f3c2a7970&affilt=3" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{5AC55A0D-858C-4E4D-9D2E-D1BCFE7BCC29}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5AC55A0D-858C-4E4D-9D2E-D1BCFE7BCC29}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_CLASSES_ROOT\CLSID\{8B8B2E80-1444-451D-AC8E-EB9A847F3887} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B8B2E80-1444-451D-AC8E-EB9A847F3887} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\giacfgjdclhnmkacnfbaljbmpnelflol deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClickPotatoLiteSA deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar Drivers deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\gca71xw1.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on 02/11/2013 at 12:59:51.35 ======================
  25. philspain
    Logfile of random's system information tool 1.09 (written by random/random) Run by User at 2013-10-31 13:09:14 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 435 GB (91%) free of 477 GB Total RAM: 2038 MB (33% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:12:36, on 31/10/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2014\avgrsx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2014\avgidsagent.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\mmrtkrnl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe C:\WINDOWS\system32\EscSvc.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\AVG Secure Search\vprot.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\AVG\AVG2014\avgnsx.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\AVG\AVG2014\avgmfapx.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG2014\avgmfapx.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\AVG\AVG2014\avgcsrvx.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Update\Install\{29809D76-C02B-4B29-8FA9-FB4CE7DE3C83}\30.0.1599.101_30.0.1599.69_chrome_updater.exe C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\CR_AD3C1.tmp\setup.exe C:\Documents and Settings\User\My Documents\Downloads\RSIT.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\trend micro\User.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search-Gol R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2530 Series" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\271769~1.27\{c16c1~1\bitguard.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: BitGuard - Unknown owner - C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\WINDOWS\system32\EscSvc.exe O23 - Service: Servicio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- End of file - 9895 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\dsmonitor.job C:\WINDOWS\tasks\EPUpdater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default prefs.js - "browser.search.suggest.enabled" - false prefs.js - "browser.startup.homepage" - "http://www.searchgol.com/?babsrc=HP_ss&mntrId=18DB00242CD9CF88&affID=125036&tsp=5035" prefs.js - "extensions.enabledItems" - "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, jqs@sun.com:1.0, scrapbookplus@addons.mozilla.org:1.8.20.34, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {75623d5d-4683-402a-b610-ac4bab767c86}:3.3.5, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24" "{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "avg@toolbar"=C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.0.1.12 [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.9.900.117 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] "Description"= "Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.40.2] "Description"=Java™ Deployment Toolkit "Path"=C:\WINDOWS\system32\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\plugins\ nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll QuickTimePlugin.class C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\extensions\ jid0-Rp5hqR3GGdGwDtdjWGZHQAKOFSA@jetpack staged {37fa1426-b82d-11db-8314-0800200c9a66} {b9db16a4-6edc-47ec-a1f4-b86292ed211d} {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yxa2rv9h.default\searchplugins\ babylon.xml BrowserDefender.xml searchgol.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-19 462248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-19 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {95B7759C-8C7F-4BF1-B163-73684A933233} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456] "Realtime Audio Engine"=mmrtkrnl.exe /i [] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-02-18 137752] "MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-14 151552] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-02-18 141848] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-02-18 166424] "EDS"=C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [2007-12-20 659456] "DMHotKey"=C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11 958576] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "EEventManager"=C:\Program Files\Epson Software\Event Manager\EEventManager.exe [2012-04-02 1058912] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2013-08-26 4851248] "vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2013-10-05 2404376] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "EPLTarget\P0000000000000001"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE [2012-02-26 249440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\docume~1\alluse~1\applic~1\bitguard\271769~1.27\{c16c1~1\bitguard.dll " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe"="C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe:*:Enabled:Voipwise" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer" "C:\Program Files\FrostWire 5\FrostWire.exe"="C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire" "C:\Program Files\SR Toolbar\Datamngr\SRTOOL~1\dtUser.exe"="C:\Program Files\SR Toolbar\Datamngr\SRTOOL~1\dtUser.exe:*:Enabled:Search-Results Toolbar DTX Broker" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\AVG\AVG2013\avgnsx.exe"="C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield" "C:\Program Files\AVG\AVG2013\avgdiagex.exe"="C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013" "C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer" "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application" "C:\Documents and Settings\User\Application Data\Spotify\spotify.exe"="C:\Documents and Settings\User\Application Data\Spotify\spotify.exe:*:Enabled:Spotify" "C:\Program Files\AVG\AVG2014\avgnsx.exe"="C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield" "C:\Program Files\AVG\AVG2014\avgdiagex.exe"="C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014" "C:\Program Files\AVG\AVG2014\avgmfapx.exe"="C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "VIDC.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "VIDC.YVYU"=msyuv.dll "wavemapper"=msacm32.drv "MSVideo8"=VfWWDM32.dll "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "msacm.siren"=sirenacm.dll "msacm.l3fhg"=mp3fhg.acm "VIDC.XVID"=xvidvfw.dll "msacm.ac3acm"=ac3acm.acm "VIDC.FFDS"=ff_vfw.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2013-10-31 13:09:14 ----D---- C:\rsit 2013-10-15 15:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ 2013-10-15 15:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$ 2013-10-15 15:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$ 2013-10-15 15:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$ 2013-10-15 14:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$ 2013-10-15 14:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2863058$ 2013-10-15 14:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2849470$ 2013-10-14 16:29:47 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2013-10-14 16:27:33 ----SHD---- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2013-10-14 16:19:05 ----D---- C:\Documents and Settings\User\Application Data\OpenCandy 2013-10-14 15:33:14 ----D---- C:\Program Files\Mozilla Firefox 2013-10-14 14:44:05 ----D---- C:\Program Files\Speccy ======List of files/folders modified in the last 1 month====== 2013-10-31 13:12:46 ----SHD---- C:\WINDOWS\Installer 2013-10-31 13:12:36 ----D---- C:\Program Files\Trend Micro 2013-10-31 13:10:55 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData 2013-10-31 13:03:10 ----D---- C:\WINDOWS\Temp 2013-10-31 12:58:02 ----D---- C:\Config.Msi 2013-10-31 12:57:09 ----RD---- C:\Program Files 2013-10-31 12:52:22 ----D---- C:\WINDOWS\system32 2013-10-31 12:52:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-31 12:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\BitGuard 2013-10-31 12:45:42 ----D---- C:\WINDOWS 2013-10-31 12:43:56 ----D---- C:\WINDOWS\system32\CatRoot2 2013-10-15 16:31:18 ----A---- C:\WINDOWS\SchedLgU.Txt 2013-10-15 16:28:21 ----RSD---- C:\WINDOWS\assembly 2013-10-15 16:27:48 ----D---- C:\WINDOWS\WinSxS 2013-10-15 16:25:49 ----D---- C:\WINDOWS\Microsoft.NET 2013-10-15 15:34:01 ----HD---- C:\WINDOWS\inf 2013-10-15 15:33:54 ----RSHDC---- C:\WINDOWS\system32\dllcache 2013-10-15 15:33:39 ----D---- C:\WINDOWS\system32\CatRoot 2013-10-15 15:32:24 ----A---- C:\WINDOWS\imsins.BAK 2013-10-15 15:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-10-15 14:17:59 ----D---- C:\WINDOWS\system32\XPSViewer 2013-10-14 17:40:14 ----RD---- C:\My Music 2013-10-14 16:41:07 ----D---- C:\WINDOWS\system32\config 2013-10-14 16:37:46 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2013-10-14 16:22:17 ----D---- C:\Program Files\DVDVideoSoft 2013-10-14 16:21:34 ----SD---- C:\WINDOWS\Tasks 2013-10-14 16:21:27 ----D---- C:\Program Files\Mozilla Firefox.bak 2013-10-14 16:21:23 ----D---- C:\Documents and Settings\User\Application Data\DVDVideoSoft 2013-10-14 16:20:08 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2013-10-14 16:19:26 ----D---- C:\WINDOWS\Prefetch 2013-10-14 14:37:27 ----D---- C:\Documents and Settings\All Users\Application Data\Skype 2013-10-14 14:37:10 ----RD---- C:\Program Files\Skype 2013-10-05 14:35:31 ----D---- C:\WINDOWS\system32\cache 2013-10-05 14:28:31 ----D---- C:\Program Files\AVG Secure Search ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2013-08-22 146232] R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2013-08-22 223032] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2013-08-20 102200] R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2013-08-01 26936] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] R1 Avgdiskx;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiskx.sys [2013-08-01 120120] R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-08-22 209208] R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-08-01 22840] R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-08-22 176952] R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-08-01 193848] R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-16 12032] R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS [] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2010-06-04 1606368] R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2009-02-18 534312] R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160] R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-03-19 991136] R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-10-31 47272] R3 DNSeFilter;DNSeFilter; C:\WINDOWS\system32\drivers\SamsungEDS.sys [2008-01-14 30208] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-26 4753920] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 VMC326;Vimicro Camera Service VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [2010-12-20 238464] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2009-04-21 297344] S3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 cleanhlp;cleanhlp; \??\C:\EEK\Run\cleanhlp32.sys [] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [] S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys [] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 qrkis;Tether Miniport; C:\WINDOWS\system32\DRIVERS\qrkis.sys [2010-11-17 45608] S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-16 5888] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2010-09-22 32768] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-12-13 45056] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008] R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2013-08-27 3534896] R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2013-08-20 300640] R2 BitGuard;BitGuard; C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-10-22 2864096] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2009-03-23 349528] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 EpsonScanSvc;Epson Scanner Service; C:\WINDOWS\system32\EscSvc.exe [2011-12-11 122000] R2 gupdate;Servicio Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-03 136176] R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136] R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-05 1734680] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 yksvc;Marvell Yukon Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-09-19 182696] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-03-01 161384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-14 257416] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-03 136176] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 553288] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF-----------------
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.