Loprakso
-
Items
122 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door Loprakso
-
Na een heropstart, daagt het beruchte venster terug op. Wat dacht je van de hieronder opgenomen koppeling die ik in mijn bladwijzers heb opgeslagen, na al wat er betreffende Adobe verscheen. Check of jouw Adobe-account is gehackt | ZDNet.be
-
In totaal werden 22 threats verwijderd ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=21563c9d16f9284b9eba0ecd650c7a48 # engine=15916 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-11-17 07:00:45 # local_time=2013-11-17 08:00:45 (+0100, Romance (standaardtijd)) # country="Belgium" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5892 16777213 88 94 2835384 35499205 0 0 # scanned=164252 # found=22 # cleaned=22 # scan_time=20771 sh=2D457F649E24DE6EA38B550B8EBD84BA8F1F36A2 ft=1 fh=0f4fb736e986e61e vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\downloads\FMZ_2.0.0.5_setup.exe" sh=D957B0EC634B5C52AA2B8934223A6248D5152807 ft=1 fh=4c2491a4bea30714 vn="a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\PDFCreator\message.exe" sh=2B0941642810C59666FA3094E0D4CD80E7E679A4 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B application (deleted - quarantined)" ac=C fn="C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info.xpi" sh=2B0941642810C59666FA3094E0D4CD80E7E679A4 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B application (deleted - quarantined)" ac=C fn="C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default\extensions\firefox@lemurleap.info.xpi" sh=1D4DD4523492EDC59753D2F328BF3564A9390EA4 ft=1 fh=ec458d8c372fafe5 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\admin\Downloads\ashampoo_burning_studio_6_free_6.80_4312.exe" sh=D347D042CD7F9903FC54C5E8BBFF98327FAB1819 ft=1 fh=7730de08127db422 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\admin\Downloads\FileViewPro_2013.exe" sh=9B65A06B630598916A1574E7A16201AAF04B430D ft=1 fh=afff72e543a80d66 vn="Win32/InstallCore.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\admin\FoxTabFLVPlayer\FLVPlayer.exe" sh=812566374949FA8ACCED82A530C33631E40C34A1 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="E:\ADMIN-PC\Backup Set 2013-01-27 200001\Backup Files 2013-01-27 200001\Backup files 16.zip" sh=7104EE12B6DCD6B47853271A62193D02399ADEAB ft=0 fh=0000000000000000 vn="a variant of Win32/MediaGet.AB application (deleted - quarantined)" ac=C fn="E:\ADMIN-PC\Backup Set 2013-01-27 200001\Backup Files 2013-02-17 200000\Backup files 1.zip" sh=D9A8A6B6CBBDF3EF628EB03A0A575A8092FACF2B ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="E:\ADMIN-PC\Backup Set 2013-01-27 200001\Backup Files 2013-04-21 214711\Backup files 3.zip" sh=84E6EF3A08F8F4E13811CDFE75313DB411E61BEC ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="E:\ADMIN-PC\Backup Set 2013-06-19 200000\Backup Files 2013-06-19 200000\Backup files 19.zip" sh=473E94E115A62E42A04FB5F34B379C123833B7C4 ft=0 fh=0000000000000000 vn="Win32/DealPly.J application (deleted - quarantined)" ac=C fn="E:\ADMIN-PC\Backup Set 2013-06-19 200000\Backup Files 2013-07-17 200001\Backup files 1.zip" sh=DED00C90E6CAF1499C20CEF00F2096352B56B212 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="E:\ADMIN-PC\Backup Set 2013-08-01 000212\Backup Files 2013-08-01 000212\Backup files 19.zip"
-
Heb Dr Web opgeslagen, maar kreeg onmiddellijk een venster dat voorstelt van een snelle scan uit te voeren. Al de fases die je hierboven aangeeft kon ik zelfs niet doorlopen. Na een eerste scan, detecteerde hij 2 threats (Trojaanse paarden) die ik enkel kon verwijderen, zonder meer. Geen log of niets. Wel heeft nadien Windows mij een probleem gemeld en heb ik "Windows zelf" moeten heropstarten na de herstelling. Een tweede poging, met steeds dezelfde situatie, leverde een scanresultaat zonder threats. Maar die melding waarom het gaat, is evenwel nog steeds aanwezig bij het opstarten. Wat heb ik fout gedaan?
-
Toch wel, aangezien dit aanwezig was voor ik aanpassingen aan mijn pc uitvoerde - zie discussie "Virus?"
-
Ik meen dat u mij vergeten bent!
-
Ik kon geen afbeelding invoegen, gewoon omdat ik de functie "No Script" van Firefox inschakelde, waardoor desbetreffende knoppen niet voorkwamen. Heb deze functie eraf gehaald en klaar is kees.
-
De melding van Intel betreffende GfxUI.exe opende zich bij het opstarten, maar belette een volledig opladen van mijn taakbalk waardoor ik geen printscreen kon maken. Heb dan in C:\Windows\Syst32\GfxUI.exe. die 2 maal voorkwam weggehaald. Sinds dan gebeurt het opladen van mijn pc volledig, maar verschijnt het venster waarvan ik een printscreen gemaakt heb? Maar !!! Ik weet niet meer hoe een bijlage aan een bericht toe te voegen ! Hoe dan ook in het venstertje staat "Kan het bestand GfxUI.exe Niet vinden. Controleer of u de naam juist hebt ingevoerd en probeer het Daarna opnieuw". Dus gewoon verwijderen en ik kan verder.
-
Beste Clarkie, Wat ik eigenlijk bedoel is dat bij het opstarten van WLM, deze het postvak IN opent en wanneer alle berichten opgehaald werden, krijg ik automatisch de map "ongewenste e-mail". Dit is zeer handig voor het geval dat "wel gewenste" mails erin verzeild zijn geraakt.
-
Beste Kape, Het verwondert mij dat je nog niet reageerde op mijn bericht van 31/10. Mag ik beiden verwijderen?
-
Wanneer ik Windows Live Mail opstart opent zich na het postvak IN automatisch de rubriek "Ongewenste e-mail" wat zeer handig is om een totaal overzicht te hebben. Maar recent heb ik mijn desktop grondig moeten opkuisen. Sedert dan opent de map "Ongewenste e-mail" zich niet meer automatisch. Hierdoor vergeet ik regelmatig die map manueel te openen ter controle. Hoe kan ik het automatisch openen terug instellen? Dank bij voorbaat.
-
- Microsoft.NET Framework 4 Client Profile en - Microsoft.NET Framework 4 Extended
-
Ik denk dat mijn problemen van de baan zijn. Enkel dat wanneer ik mijn pc opstart nog steeds het venster Gfx.UI zich opent met de vraag wijzigingen aan de pc aan te brengen. Zoals u mij aanraadde, heb ik nochtans Java verwijderd. Maar het deed zich reeds vroeger voor. Hoe kan ik hiervan af geraken? Dank bij voorbaat
-
# AdwCleaner v3.010 - Report created 25/10/2013 at 19:20:52 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits) # Username : admin - ADMIN-PC # Running from : C:\Users\admin\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [x] Not Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner [x] Not Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\user.js [x] Not Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{476F4491-A9AA-43E4-9B91-C387E416ADA0} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{476F4491-A9AA-43E4-9B91-C387E416ADA0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73EF1DE9-31E9-4E73-8567-6A5BDCF8E657} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73EF1DE9-31E9-4E73-8567-6A5BDCF8E657} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3130B61C-31E6-47FD-A87F-B9AB60F294C2} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3130B61C-31E6-47FD-A87F-B9AB60F294C2} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [sDP] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1 Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Key Deleted : HKCU\Software\5257d6dde069e547 Key Deleted : HKLM\SOFTWARE\5257d6dde069e547 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_minilyrics_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_minilyrics_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_nero-kwik-burn_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_nero-kwik-burn_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_dictionnaire-le-littre_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_dictionnaire-le-littre_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_free-audio-editor_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_free-audio-editor_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_audio-recorder_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_audio-recorder_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-cleaner_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-cleaner_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_ferrari-virtual-race_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_ferrari-virtual-race_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-pdf-to-word-doc-converter_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-pdf-to-word-doc-converter_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-sound-recorder_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-sound-recorder_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_gimp_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_gimp_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_glary-utilities_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_glary-utilities_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nero-free_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nero-free_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_pdfgrabber_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_pdfgrabber_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_songr_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_songr_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_unlocker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_unlocker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_vlc-media-player_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_vlc-media-player_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_youtube-song-downloader_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_youtube-song-downloader_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0} Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\DealPlyLive Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\InstalledThirdPartyPrograms Key Deleted : HKCU\Software\lollipop Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Somoto Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\LyricsSay-1 Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\Software\InstalledThirdPartyPrograms Key Deleted : HKLM\Software\SimplyGen Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\Toolbar Cleaner Key Deleted : HKLM\Software\Uniblue\DriverScanner Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LyricsSay-1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (nl) [ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\prefs.js ] Line Deleted : user_pref("extensions.kango.storage.m2_k1", "0"); Line Deleted : user_pref("extensions.kango.storage.m2_k2", "0"); Line Deleted : user_pref("extensions.kango.storage.m2_k3", "0"); Line Deleted : user_pref("extensions.kango.storage.m2_k4", "1381233064558"); Line Deleted : user_pref("extensions.kango.storage.m2_k5", "1381091250947"); Line Deleted : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"AppsHat\",\"description\":\"AppsHat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%affi[...] Line Deleted : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...] Line Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...] [ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default\prefs.js ] ************************* AdwCleaner[R0].txt - [11876 octets] - [25/10/2013 19:18:45] AdwCleaner[s0].txt - [12279 octets] - [25/10/2013 19:20:52] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12340 octets] ########## - - - Updated - - - Beste, Ondertussen ben ik de banners kwijt. Heb een add-on van Firefox geïnstalleerd, nml. Adblock Plus. Oeps, geen banners meer of althans uitzonderlijk.
-
Blijkbaar loopt nu alles lekker, moet het nog enkele dagen testen. Hou je op de hoogte. Alvast een dikke merci en proficiat met je kunnen! Wat zich nog steeds voordoet is dat na het starten van de pc, het venster opent met "Intel Corporation voor het uitvoeren van "GfxUI". Heeft te maken met Java. Maar is gebleken dat ik over de laatste versie beschik. Ben argwanend na al wat ik betreffende Java updates gelezen heb. Graag je mening. Eveneens tijdens het surfen openen zich constant 2 grote banners, steeds met dezelfde verwijzingen, onderaan het scherm, in het midden en rechts. Die zijn uiteraard uiterst storend. Hoe kan ik die elimineren? Moet dit gebeuren via FireFox?
-
Zoek.exe Version 4.0.0.5 Updated 17-October-2013 Tool run by admin on zo 20/10/2013 at 17:40:53,03. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\admin\Documents\zoek\zoek.com [script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2013-10-09-164707.log 49411 bytes C:\zoek-results2013-10-11-201738.log 64011 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-1000-1000-100000000000} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util LemurLeap deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util LemurLeap deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util LemurLeap deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util LemurLeap deleted successfully ==== FireFox Fix ====================== Deleted from C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\prefs.js: user_pref("browser.startup.homepage", "http://www.symbaloo.com/"); user_pref("browser.search.defaultengine", "Ask Search"); user_pref("browser.search.order.1", "Ask Search"); user_pref("extensions.APN_TB.first-previous-keyword-url", ""); user_pref("extensions.CME-V7.my-keyword-url", "\"\""); user_pref("extensions.CME-V7.previous-keyword-url", "\"\""); user_pref("browser.search.useDBForOrder", "false"); Added to C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("extensions.APN_TB.first-previous-keyword-url", ""); user_pref("extensions.CME-V7.my-keyword-url", "\"\""); user_pref("extensions.CME-V7.previous-keyword-url", "\"\""); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default\prefs.js: Added to C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\MyPC Backup deleted C:\Users\admin\AppData\Roaming\Systweak deleted C:\Program Files\Toolbar Cleaner deleted C:\Users\admin\Downloads\DownloadManagerSetup.exe deleted C:\Windows\system32\tasks\BitGuard deleted C:\Windows\system32\roboot.exe deleted C:\Users\Public\Desktop\Free YouTube Downloader.lnk deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\chrome.manifest" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\install.rdf" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\chrome.manifest" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\icon.png" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\install.rdf" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCall.dll" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla.dll" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla17.dll" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla18.exe" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla19.dll" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla2.dll" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla20.dll" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla21.dll" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla21.exe" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseData.ini" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\chrome\isreaditlater.jar" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILAPIRequest.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILAPIRequest.xpt" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILassetManager.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILassetManager.xpt" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILdelegate.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILlist.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILofflineQueue.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILprefs.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILsync.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILtextDownloader.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILtextDownloader.xpt" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILwebDownloader.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components\RILwebDownloader.xpt" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\defaults\preferences\prefs.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\META-INF\manifest.mf" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\META-INF\zigbert.rsa" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\META-INF\zigbert.sf" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\chrome\content\overlay.js" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\chrome\content\overlay.xul" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\chrome" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\components" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\defaults" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\isreaditlater@ideashower.com\defaults\preferences" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\chrome" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\META-INF" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info\chrome\content" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [17/09/2013 21:17] ==== Firefox Extensions ====================== ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default - Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be - LemurLeap - %ProfilePath%\extensions\firefox@lemurleap.info.xpi - Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi - Picture Zoom Plus - %ProfilePath%\extensions\xxcessl0gycs@gmail.com.xpi - ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default - LemurLeap - %ProfilePath%\extensions\firefox@lemurleap.info.xpi - Pocket - %ProfilePath%\extensions\isreaditlater@ideashower.com.xpi - ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default 6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U45 F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18 CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In 04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin BC601425BC360C12DF2277992C6D83D5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.4 7B64C498A4E0958967EBD9439EE93DB4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 309817C5A02434365B0091021FD70610 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 A0D9A846578582064F3D066B23CD2E55 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 2871984886154973C810DAF2A9294510 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 61EA5261198FD2431A4DD088569ED8D4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default 04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin BC601425BC360C12DF2277992C6D83D5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.4 7B64C498A4E0958967EBD9439EE93DB4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 309817C5A02434365B0091021FD70610 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 A0D9A846578582064F3D066B23CD2E55 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 2871984886154973C810DAF2A9294510 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 61EA5261198FD2431A4DD088569ED8D4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector D0DA6B2FB50A0667CF4BACC2AEFEA009 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java Platform SE 7 U5 C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Backup.Old.Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Backup.Old.Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {03051086-C7A4-0250-3C2A-1C3F4CACF451} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE" {F6909F06-51FF-4A24-92CD-9C55E832950B} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7AURU_nlBE498" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{616385A7-700D-6782-9795-9C85285802D4} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{77412A48-A069-8D8A-6F58-6F7EF7A01B82} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{815C1ABA-8375-8F64-6491-9433EF432C51} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [PixelPlanet PdfPrinter-Monitor] "C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [obkagent] "C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Dictionary .NET] "C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe" -c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WiFi Guard] "C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe" /hide O4 - HKCU\..\Run: [sDP] C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Dropbox.lnk = admin\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.belfius.be O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{25832E89-2212-4801-9B56-C58DB9542B63}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{EEEDD743-E308-45AF-BC29-2D4D26515907}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Safepay Service Agent (OBKSvc) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe O23 - Service: Bitdefender Safepay Update Service (UPDATESRV_SAFEPAY) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe ==== Empty IE Cache ====================== C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\hkky9amf.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\admin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 20/10/2013 at 17:56:53,71 ======================
-
Logfile of random's system information tool 1.09 (written by random/random) Run by admin at 2013-10-18 13:24:07 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 900 GB (94%) free of 954 GB Total RAM: 3549 MB (52% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:24:11, on 18/10/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16720) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\CyberLink\Shared files\brs.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\admin\Downloads\RSIT(2).exe C:\Program Files\trend micro\admin.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [PixelPlanet PdfPrinter-Monitor] "C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [obkagent] "C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Dictionary .NET] "C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe" -c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WiFi Guard] "C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe" /hide O4 - HKCU\..\Run: [sDP] C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Dropbox.lnk = admin\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.belfius.be O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{25832E89-2212-4801-9B56-C58DB9542B63}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{EEEDD743-E308-45AF-BC29-2D4D26515907}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Safepay Service Agent (OBKSvc) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe O23 - Service: Bitdefender Safepay Update Service (UPDATESRV_SAFEPAY) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe O23 - Service: Util LemurLeap - Unknown owner - C:\Program Files\LemurLeap\bin\utilLemurLeap.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe -- End of file - 11871 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GlaryInitialize.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default prefs.js - "browser.search.useDBForOrder" - "false" prefs.js - "browser.startup.homepage" - "http://www.symbaloo.com/" "belgiumeid@eid.belgium.be"=C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.9.900.117 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ belgiumeid@eid.belgium.be C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\ firefox@lemurleap.info isreaditlater@ideashower.com C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\searchplugins\ Yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-17 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-12 194640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-17 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-12 194640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720] "UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] "RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-04-27 87336] "PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472] "BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-05-07 75048] "UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-12-03 218408] "UpdatePSTShortCut"=C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [2009-07-22 210216] "VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2011-03-25 64112] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 137752] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 171032] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 172568] "CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-01-24 1316248] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-08-12 995176] "PixelPlanet PdfPrinter-Monitor"=C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe [2011-11-04 2233912] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-05-31 152392] "obkagent"=C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe [2013-09-25 485488] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Dictionary .NET"=C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe -c [] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background [] "Spotify Web Helper"=C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-10-16 1140736] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-08-24 39408] "WiFi Guard"=C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe /hide [] "SDP"=C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto [] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-10-03 5706480] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Dropbox.lnk - C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-02-11 228864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "VIDC.VMnc"=vmnc.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-10-17 19:40:55 ----D---- C:\ProgramData\Oracle 2013-10-17 19:36:42 ----D---- C:\Program Files\Common Files\Java 2013-10-17 19:36:27 ----A---- C:\Windows\system32\javaws.exe 2013-10-17 19:36:16 ----A---- C:\Windows\system32\WindowsAccessBridge.dll 2013-10-17 19:36:16 ----A---- C:\Windows\system32\javaw.exe 2013-10-17 19:36:16 ----A---- C:\Windows\system32\java.exe 2013-10-13 00:27:58 ----D---- C:\Program Files\MyPC Backup 2013-10-13 00:27:51 ----D---- C:\Users\admin\AppData\Roaming\Systweak 2013-10-13 00:27:50 ----A---- C:\Windows\system32\roboot.exe 2013-10-11 22:17:48 ----SHD---- C:\$RECYCLE.BIN 2013-10-11 21:16:06 ----D---- C:\Windows\Temp 2013-10-09 23:42:58 ----A---- C:\Windows\system32\jscript.dll 2013-10-09 23:42:57 ----A---- C:\Windows\system32\jsproxy.dll 2013-10-09 23:42:57 ----A---- C:\Windows\system32\jscript9.dll 2013-10-09 23:42:56 ----A---- C:\Windows\system32\ieui.dll 2013-10-09 23:42:56 ----A---- C:\Windows\system32\iesetup.dll 2013-10-09 23:42:55 ----A---- C:\Windows\system32\urlmon.dll 2013-10-09 23:42:55 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-09 23:42:55 ----A---- C:\Windows\system32\msfeeds.dll 2013-10-09 23:42:55 ----A---- C:\Windows\system32\iesysprep.dll 2013-10-09 23:42:55 ----A---- C:\Windows\system32\iernonce.dll 2013-10-09 23:42:55 ----A---- C:\Windows\system32\ie4uinit.exe 2013-10-09 23:42:54 ----A---- C:\Windows\system32\iertutil.dll 2013-10-09 23:42:53 ----A---- C:\Windows\system32\wininet.dll 2013-10-09 23:42:52 ----A---- C:\Windows\system32\ieframe.dll 2013-10-09 23:42:50 ----A---- C:\Windows\system32\mshtml.dll 2013-10-09 18:39:39 ----A---- C:\Windows\system32\comctl32.dll 2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbuhci.sys 2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbscan.sys 2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbport.sys 2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbohci.sys 2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbhub.sys 2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbehci.sys 2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbd.sys 2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\usbccgp.sys 2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\hidparse.sys 2013-10-09 18:39:15 ----A---- C:\Windows\system32\drivers\hidclass.sys 2013-10-09 18:39:14 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2013-10-09 18:39:13 ----A---- C:\Windows\system32\mswsock.dll 2013-10-09 18:39:13 ----A---- C:\Windows\system32\drivers\tcpip.sys 2013-10-09 18:39:13 ----A---- C:\Windows\system32\drivers\afd.sys 2013-10-09 18:39:02 ----A---- C:\Windows\system32\ntoskrnl.exe 2013-10-09 18:39:02 ----A---- C:\Windows\system32\ntkrnlpa.exe 2013-10-09 18:39:01 ----A---- C:\Windows\system32\tdh.dll 2013-10-09 18:39:01 ----A---- C:\Windows\system32\ntdll.dll 2013-10-09 18:39:01 ----A---- C:\Windows\system32\advapi32.dll 2013-10-09 18:39:00 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 18:38:59 ----A---- C:\Windows\system32\lpk.dll 2013-10-09 18:38:59 ----A---- C:\Windows\system32\fontsub.dll 2013-10-09 18:38:59 ----A---- C:\Windows\system32\dciman32.dll 2013-10-09 18:38:59 ----A---- C:\Windows\system32\atmlib.dll 2013-10-09 18:38:59 ----A---- C:\Windows\system32\atmfd.dll 2013-10-09 18:38:57 ----A---- C:\Windows\system32\scavengeui.dll 2013-10-09 18:38:55 ----A---- C:\Windows\system32\win32k.sys 2013-10-09 18:38:53 ----A---- C:\Windows\system32\WebClnt.dll 2013-10-09 18:38:53 ----A---- C:\Windows\system32\drivers\mrxdav.sys 2013-10-09 18:38:53 ----A---- C:\Windows\system32\davclnt.dll 2013-10-09 18:38:51 ----A---- C:\Windows\system32\drivers\usbcir.sys 2013-10-09 18:38:50 ----A---- C:\Windows\system32\drivers\Wdf01000.sys 2013-10-08 19:37:19 ----D---- C:\rsit 2013-10-06 21:50:50 ----D---- C:\Program Files\Free YouTube Downloader 2013-10-06 19:22:04 ----D---- C:\Windows\ERUNT 2013-10-06 19:09:15 ----A---- C:\AdwCleaner[s3].txt 2013-10-06 19:08:50 ----A---- C:\AdwCleaner[R5].txt 2013-10-06 19:08:24 ----A---- C:\AdwCleaner[R4].txt 2013-10-06 14:39:06 ----D---- C:\Program Files\Enigma Software Group 2013-10-06 14:37:29 ----D---- C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP 2013-10-06 14:37:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2013-10-05 19:35:12 ----D---- C:\Program Files\EuroSoft Software Development 2013-09-30 19:57:01 ----D---- C:\Users\admin\AppData\Roaming\QuotePad 2013-09-30 19:56:49 ----D---- C:\Program Files\QuotePad 2013-09-28 22:39:13 ----D---- C:\Users\admin\AppData\Roaming\vlc ======List of files/folders modified in the last 1 month====== 2013-10-18 13:24:11 ----D---- C:\Program Files\Trend Micro 2013-10-18 13:19:44 ----D---- C:\Windows\Prefetch 2013-10-18 13:17:01 ----D---- C:\Windows\system32\drivers\etc 2013-10-18 12:21:08 ----D---- C:\Windows\System32 2013-10-18 12:21:08 ----D---- C:\Windows\inf 2013-10-18 12:21:08 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-10-18 12:17:30 ----D---- C:\Users\admin\AppData\Roaming\Dropbox 2013-10-18 12:17:00 ----D---- C:\ProgramData\VMware 2013-10-18 00:09:06 ----D---- C:\Windows\system32\config 2013-10-17 19:40:55 ----HD---- C:\ProgramData 2013-10-17 19:36:44 ----SHD---- C:\Windows\Installer 2013-10-17 19:36:43 ----SHD---- C:\Config.Msi 2013-10-17 19:36:42 ----D---- C:\Program Files\Common Files 2013-10-17 19:34:58 ----SHD---- C:\System Volume Information 2013-10-16 23:09:08 ----D---- C:\Users\admin\AppData\Roaming\Spotify 2013-10-16 01:24:28 ----D---- C:\Windows 2013-10-16 01:24:26 ----D---- C:\Windows\system32\drivers 2013-10-16 01:24:26 ----D---- C:\Windows\system32\catroot 2013-10-16 01:24:21 ----D---- C:\Program Files\Microsoft Security Client 2013-10-15 19:35:14 ----D---- C:\Windows\system32\FxsTmp 2013-10-14 18:47:57 ----D---- C:\Program Files\OpenOffice 4 2013-10-14 18:47:55 ----RSD---- C:\Windows\assembly 2013-10-14 18:47:21 ----RSD---- C:\Windows\Fonts 2013-10-14 18:44:38 ----D---- C:\Windows\system32\catroot2 2013-10-13 17:59:23 ----D---- C:\Windows\system32\Tasks 2013-10-13 17:59:20 ----RD---- C:\Program Files 2013-10-13 17:59:20 ----D---- C:\Windows\Tasks 2013-10-13 00:23:13 ----D---- C:\Windows\Downloaded Installations 2013-10-10 22:30:13 ----D---- C:\Windows\rescache 2013-10-10 22:13:17 ----D---- C:\Windows\Microsoft.NET 2013-10-10 19:27:21 ----D---- C:\Windows\winsxs 2013-10-10 19:20:26 ----D---- C:\Windows\system32\nl-NL 2013-10-10 19:20:25 ----D---- C:\Program Files\Internet Explorer 2013-10-10 19:20:21 ----D---- C:\Windows\system32\DriverStore 2013-10-10 19:18:22 ----D---- C:\Program Files\Microsoft Silverlight 2013-10-09 23:46:26 ----D---- C:\Windows\system32\MRT 2013-10-09 23:44:01 ----A---- C:\Windows\system32\MRT.exe 2013-10-09 20:11:59 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2013-10-08 18:11:24 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft 2013-10-06 21:54:46 ----AD---- C:\ProgramData\Temp 2013-10-06 21:49:49 ----D---- C:\Program Files\Mozilla Firefox 2013-10-06 18:53:13 ----D---- C:\Windows\system32\wbem 2013-10-06 18:52:28 ----D---- C:\Program Files\SUPERAntiSpyware 2013-10-06 18:52:28 ----D---- C:\Program Files\Glary Utilities 2013-10-06 18:52:27 ----D---- C:\Windows\registration 2013-10-06 18:52:27 ----D---- C:\Windows\AppCompat 2013-10-06 18:52:27 ----D---- C:\Users\admin\AppData\Roaming\MusicBee 2013-10-06 18:52:27 ----D---- C:\Users\admin\AppData\Roaming\ATViewer 2013-10-06 16:59:30 ----D---- C:\Données EuroSoft Software Development 2013-10-02 19:26:26 ----D---- C:\Windows\security ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 211560] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [2011-07-12 67664] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/01/31 21:51:22]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [2009-05-07 87536] R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-03-25 32368] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392] R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2011-03-25 70768] R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2011-03-25 36400] R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2011-03-25 26352] R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2011-03-25 23792] R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2011-03-25 854256] R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 22448] R3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2011-06-29 37632] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840] R3 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2012-09-05 162848] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600] R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver; C:\Windows\system32\DRIVERS\wg111v3.sys [2009-11-18 376832] R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352] R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2011-03-25 24688] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2011-03-25 16560] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 30312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272] S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-04-07 36608] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368] S3 RT2500USB;ASUS USB Wireless LAN Driver; C:\Windows\system32\DRIVERS\rt2500usb.sys [2004-08-13 140544] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 22208] R2 OBKSvc;Safepay Service Agent; C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe [2013-09-25 343848] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760] R2 UPDATESRV_SAFEPAY;Bitdefender Safepay Update Service; C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe [2013-09-25 66784] R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2011-03-25 113264] R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2011-03-25 334448] R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248] R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2011-03-25 404080] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 553288] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-08-12 295376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-07 136176] S2 Util LemurLeap;Util LemurLeap; C:\Program Files\LemurLeap\bin\utilLemurLeap.exe [] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-01-10 72704] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-07 136176] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-17 118680] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-27 1343400] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] -----------------EOF-----------------
-
Zoek.exe is opgeslagen in C:\Users\admin\Documents\ zoek 1 & 2 &4 (dus 3 maal).
-
Alvast bedankt voor je hulp tot hiertoe want tal van problemen zijn reeds van de baan. Hoed af voor wat je reeds bekomen hebt. Maar het lukt mij niet je bericht van gisteren uit te voeren. Waarschijnlijk doe ik iets fout. In de zoekfunctie van de Startknop geef ik "zoek.exe" in en dubbelklik nadien op als "administrator uitvoeren" maar dan schakelt de pc zich "volledig" uit en bij een nieuwe opstart gebeurt er niets. Ik kan dus uw code (ganse tekst?) niet plakken. Wat er zich nu wel voordoet is dat ik na het starten van de pc een melding krijg van Intel Corporation voor het uitvoeren van "GfxUI". Indien ik op ja klik gebeurt er gewoon niks Verder openen zich nog steeds alle mogelijke berichten bij het surfen. Echt vervelend. Dit nog. In het begin, bij het vaststellen van de problemen, wou ik een systeemherstel uitvoeren en daar slaagde ik niet in? Bedankt voor je geduld.
-
Zoek.exe Version 4.0.0.5 Updated 09-October-2013 Tool run by admin on vr 11/10/2013 at 20:48:17,55. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\admin\Documents\zoek-4\zoek.exe [Quick Scan] [Auto Clean] ==== Older Logs ====================== C:\zoek-results2013-10-09-164707.log 49411 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update LemurLeap deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update LemurLeap deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update LemurLeap deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update LemurLeap deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BitGuard deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BitGuard deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default ---- Lines delta removed from prefs.js ---- user_pref("browser.newtab.url", "http://www.delta-search.com/?babsrc=NT_ss&mntrId=9A84E091F523EA46&affID=125155&tsp=5027"); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "9a84de96000000000000e091f523ea46"); user_pref("extensions.delta.instlDay", "15984"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.621:49:43"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=125155&tsp=5027"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines delta modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"belgiumeid@eid.belgium.be\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\belgiumeid@eid.belgium.be\",\"mtime\":1379445472007,\"rdfTime\":1362744524000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1379445493468,\"rdfTime\":1379445493203}}},{\"name\":\"app-profile\",\"addons\":{\"71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\",\"mtime\":1381078347589,\"rdfTime\":1381072695988},\"ffxtlbr@delta.com\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\ffxtlbr@delta.com\",\"mtime\":1381088984110,\"rdfTime\":1352283188000},\"fhdp3@freehdsp.tv\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\fhdp3@freehdsp.tv.xpi\",\"mtime\":1372581844000},\"firefox@lemurleap.info\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\firefox@lemurleap.info.xpi\",\"mtime\":1380832578000},\"thumbnailZoom@dadler.github.com\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\thumbnailZoom@dadler.github.com.xpi\",\"mtime\":1380736035872},\"translator@zoli.bod\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\translator@zoli.bod.xpi\",\"mtime\":1373654786755},\"xxcessl0gycs@gmail.com\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\xxcessl0gycs@gmail.com.xpi\",\"mtime\":1375287466268},\"{9AA46F4F-4DC7-4c06-97AF-5035170634FE}\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi\",\"mtime\":1380993470247}}}]"); ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "9a84de96000000000000e091f523ea46"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15984"); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.621:49:43"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta_i.babTrack", "affID=125155&tsp=5027"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines Lyric removed from prefs.js ---- user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.description", "LyricsSay will allow you to display lyrics for your favorite songs alongside any Youtube music video"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.name", "LyricsSay-1"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.publisher", "Lyrics"); ---- Lines Lyric modified from prefs.js ---- ---- Lines Lyric removed from user.js ---- ---- Lines search.com removed from prefs.js ---- ---- Lines search.com modified from prefs.js ---- ---- Lines search.com removed from user.js ---- ---- Lines freehdsp removed from prefs.js ---- user_pref("extensions.bootstrappedAddons", "{\"fhdp3@freehdsp.tv\":{\"version\":\"3.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\fhdp3@freehdsp.tv.xpi\"}}"); ---- Lines freehdsp modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"belgiumeid@eid.belgium.be\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\belgiumeid@eid.belgium.be\",\"mtime\":1379445472007,\"rdfTime\":1362744524000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1379445493468,\"rdfTime\":1379445493203}}},{\"name\":\"app-profile\",\"addons\":{\"71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\",\"mtime\":1381078347589,\"rdfTime\":1381072695988},\"ffxtlbr@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\ffxtlbr@disabled.com\",\"mtime\":1381088984110,\"rdfTime\":1352283188000},\"fhdp3@freehdsp.tv\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\fhdp3@freehdsp.tv.xpi\",\"mtime\":1372581844000},\"firefox@lemurleap.info\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\firefox@lemurleap.info.xpi\",\"mtime\":1380832578000},\"thumbnailZoom@dadler.github.com\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\thumbnailZoom@dadler.github.com.xpi\",\"mtime\":1380736035872},\"translator@zoli.bod\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\translator@zoli.bod.xpi\",\"mtime\":1373654786755},\"xxcessl0gycs@gmail.com\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\xxcessl0gycs@gmail.com.xpi\",\"mtime\":1375287466268},\"{9AA46F4F-4DC7-4c06-97AF-5035170634FE}\":{\"descriptor\":\"C:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hkky9amf.default\\\\extensions\\\\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi\",\"mtime\":1380993470247}}}]"); ---- Lines freehdsp removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_20131110_2105_.backup prefs_20131110_2105_.backup ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default ---- Lines delta removed from prefs.js ---- ---- Lines delta modified from prefs.js ---- ---- Lines delta removed from user.js ---- ---- Lines Lyric removed from prefs.js ---- ---- Lines Lyric modified from prefs.js ---- ---- Lines Lyric removed from user.js ---- ---- Lines search.com removed from prefs.js ---- ---- Lines search.com modified from prefs.js ---- ---- Lines search.com removed from user.js ---- ---- Lines freehdsp removed from prefs.js ---- ---- Lines freehdsp modified from prefs.js ---- ---- Lines freehdsp removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_20131110_2105_.backup prefs_20131110_2105_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\\Program Files\\Mozilla Firefox\\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Deleting Files \ Folders ====================== "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\fhdp3@freehdsp.tv.xpi" deleted "C:\Users\admin\Downloads\SoftonicDownloader_voor_free-youtube-downloader.exe" deleted "C:\Users\admin\Downloads\SoftonicDownloader_voor_youtube-song-downloader.exe" deleted "C:\Windows\system32\Tasks\EPUpdater" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\searchplugins\ask-search.xml" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\searchplugins\ask-search.xml" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\bProtector_extensions.sqlite" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\bProtector_prefs.js" deleted "C:\Users\Public\Desktop\Free YouTube Downloader.lnk" deleted "C:\Users\Public\Desktop\YouTube Song Downloader.lnk" deleted "C:\Program Files\LemurLeap\updateLemurLeap.exe" deleted "C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe" deleted "C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe" deleted "C:\Program Files\LemurLeap\bin\utilLemurLeap.exe" deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted "C:\Users\admin\AppData\Roaming\FMZilla" deleted "C:\Users\admin\AppData\Roaming\GrabPro" deleted "C:\Users\admin\AppData\Roaming\Samsung" deleted "C:\Program Files\FirstRowSportApp.com" deleted "C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com" deleted "C:\Program Files\Delta" deleted "C:\Program Files\DealPlyLive" deleted "C:\Program Files\LemurLeap" not deleted "C:\Program Files\MyPC Backup" deleted "C:\Users\admin\AppData\Roaming\Uniblue" deleted "C:\Users\admin\AppData\Roaming\Uniblue\SpeedUpMyPC" deleted "C:\Users\admin\AppData\Roaming\BabSolution" deleted "C:\Users\admin\AppData\Roaming\Babylon" deleted "C:\Users\admin\PP_MOTION.TMP" deleted "C:\Users\admin\PP_ROTATE_SLIDE.TMP" deleted "C:\ProgramData\AskPartnerNetwork" deleted "C:\ProgramData\BitGuard" not deleted "C:\ProgramData\DealPlyLive" deleted "C:\ProgramData\DSearchLink" deleted "C:\ProgramData\InstallMate" deleted "C:\ProgramData\Babylon" deleted "C:\Users\admin\AppData\Local\FilesFrog Update Checker" deleted "C:\Users\admin\AppData\Local\Lollipop" deleted "C:\Users\admin\AppData\Local\FilesFrog Update Checker" deleted "C:\Users\admin\AppData\Local\DealPlyLive" deleted "C:\Users\admin\AppData\Local\PackageAware" deleted "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard" deleted "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com" deleted "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker" deleted "C:\Users\admin\AppData\LocalLow\Delta" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\jetpack" deleted "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\ffxtlbr@delta.com" deleted "C:\Program Files\LemurLeap\bin" not deleted "C:\ProgramData\BitGuard\2.6.1694.246" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" not deleted "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\admin\AppData\Local\Temp ==== 2013-10-06 19:57:53 C78539208554BDF5B49D6A17C7965853 175208 ----a-w- C:\Users\admin\AppData\Local\Temp\LemurLeap_sm.exe 2013-10-06 19:49:23 B212865E7E478A28A97268F960079A8D 132096 ----a-w- C:\Users\admin\AppData\Local\Temp\9F7289A5-BAB0-7891-B724-D00621E4D400\Latest\BExternal.dll 2013-10-06 19:49:23 A21DE5067618D4F2DF261416315ED120 6144 ----a-w- C:\Users\admin\AppData\Local\Temp\9F7289A5-BAB0-7891-B724-D00621E4D400\Latest\IEHelper.dll 2013-10-06 19:49:23 0F66E8E2340569FB17E774DAC2010E31 520234 ----a-w- C:\Users\admin\AppData\Local\Temp\9F7289A5-BAB0-7891-B724-D00621E4D400\Latest\sqlite3.dll 2013-10-06 19:49:03 8B64BCD9EAF292636E68CA78C6DE79D4 5668624 ----a-w- C:\Users\admin\AppData\Local\Temp\{2CDC3929-2938-4A98-BB25-93C91963FEBB}\setup.exe 2013-10-06 19:48:30 2F5252E50745E47DB355B005725DAE05 327880 ----a-w- C:\Users\admin\AppData\Local\Temp\appshat-distribution.exe 2013-10-06 19:48:28 D3197FAE11B8307F0F52343142709D77 836708 ----a-w- C:\Users\admin\AppData\Local\Temp\DeltaTB.exe 2013-10-06 19:47:56 FBE369DF3B3D51CB874535FAA3B3EBEA 5807696 ----a-w- C:\Users\admin\AppData\Local\Temp\OptimizerPro.exe 2013-10-06 19:47:49 83087F025194693DFF3A0F22E6A4AE96 196376 ----a-w- C:\Users\admin\AppData\Local\Temp\UpdateCheckerSetup.exe 2013-10-06 17:21:46 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2013-10-06 17:07:32 2B8FB03BF38CB33A98D804CFDC2BB2C0 258560 ----atw- C:\Users\admin\AppData\Local\Temp\ins70\ins70.exe 2013-10-06 17:02:47 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Users\admin\AppData\Local\Temp\vcredist_x86.exe 2013-10-06 17:02:39 858D895AD40DE9779E78C39A116F9553 10355400 ----a-w- C:\Users\admin\AppData\Local\Temp\BackupSetup.exe 2013-10-06 15:18:29 8B64BCD9EAF292636E68CA78C6DE79D4 5668624 ----a-w- C:\Users\admin\AppData\Local\Temp\{1C351DDC-B7FD-4598-8CE0-BB7A2ED701AD}\setup.exe 2013-10-06 15:17:47 8F8138B6D2B9428C388E763347C515A8 5514432 ----a-w- C:\Users\admin\AppData\Local\Temp\ins1197\LyricsSay_1060-8002_v122.exe 2013-10-06 12:36:31 84126D8FA81D231E1DEFD8D0906F8D70 45827664 ----a-w- C:\Users\admin\AppData\Local\Temp\SHSetup.exe 2013-10-05 18:19:44 663C0061B5141CBFA401E578C36F129C 12612850 ----a-w- C:\Users\admin\AppData\Local\Temp\is1244477948\4806171_Setup.EXE ====== Java Cache ===== ====== C:\Windows\system32 ===== 2013-10-09 21:42:58 E02C01EB0ED522327AFF3BE5CBCF6017 690688 ----a-w- C:\Windows\System32\jscript.dll 2013-10-09 21:42:58 351B1A5B8A02A59DD29D122B0D231FA6 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-10-09 21:42:57 DC7DB5BC0E2D135103730E08FE1C540D 39424 ----a-w- C:\Windows\System32\jsproxy.dll 2013-10-09 21:42:57 5A847E98EAF032928E67EE52DE08952D 2876928 ----a-w- C:\Windows\System32\jscript9.dll 2013-10-09 21:42:56 BE8F3297A0BC3D3E3B66D9A45F64F0B9 61440 ----a-w- C:\Windows\System32\iesetup.dll 2013-10-09 21:42:56 5E775F0C365F01A8A7382BBEFC4A53A5 391168 ----a-w- C:\Windows\System32\ieui.dll 2013-10-09 21:42:55 E8433E4E65BDFB35DE5C2BFF745F1386 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-10-09 21:42:55 883C0D3A22CE87A3203CD5518EBB5758 493056 ----a-w- C:\Windows\System32\msfeeds.dll 2013-10-09 21:42:55 6E9013E3D112E26A42EC057CAE990649 109056 ----a-w- C:\Windows\System32\iesysprep.dll 2013-10-09 21:42:55 61DC3F2BE3093FE22CD717260946D7AD 1141248 ----a-w- C:\Windows\System32\urlmon.dll 2013-10-09 21:42:55 58A43D9DFFF91C1457EC47BDCF969B59 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-10-09 21:42:55 556F70EDECE99CCD64C7D8897F3264F4 33280 ----a-w- C:\Windows\System32\iernonce.dll 2013-10-09 21:42:54 122B216B091D06F672CC8D331128FB06 2048512 ----a-w- C:\Windows\System32\iertutil.dll 2013-10-09 21:42:53 E4FEB264B47360B7296AEA4E052F88D8 1767936 ----a-w- C:\Windows\System32\wininet.dll 2013-10-09 21:42:52 8F5EAAF76A6811332A8C67DB0D4C395F 13761024 ----a-w- C:\Windows\System32\ieframe.dll 2013-10-09 21:42:50 A7221924181C8EB92B64C5A2D888BEA5 14335488 ----a-w- C:\Windows\System32\mshtml.dll 2013-10-09 16:39:39 75F5E1FE8D55CF8E577E0EC5F2290D3F 530432 ----a-w- C:\Windows\System32\comctl32.dll 2013-10-09 16:39:13 E94C583CDE2348950155F2AF2876F34D 231424 ----a-w- C:\Windows\System32\mswsock.dll 2013-10-09 16:39:02 813A7F5A2D6D366EB3FFB643B851BCE5 3914176 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-10-09 16:39:02 482C8CD985C727C7C78A5E9B320947F0 3969472 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2013-10-09 16:39:01 E0B8C6B1EA1EF94747E966E9093FB968 1289096 ----a-w- C:\Windows\System32\ntdll.dll 2013-10-09 16:39:01 D67472125471784DE7147946EDA25FEB 640512 ----a-w- C:\Windows\System32\advapi32.dll 2013-10-09 16:39:01 401D25136E26B237D77DA1BF1198B3BD 619520 ----a-w- C:\Windows\System32\tdh.dll 2013-10-09 16:39:00 2A01B40C8334A8124001CFAC256FCA83 102608 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 16:38:59 F632602316001D517F4EF3B53B9A6C33 26112 ----a-w- C:\Windows\System32\lpk.dll 2013-10-09 16:38:59 8CC4638FA7B5B921B9080CF962582C0B 70656 ----a-w- C:\Windows\System32\fontsub.dll 2013-10-09 16:38:59 7D27E63B54DB093BB0D9E95F81094D75 34304 ----a-w- C:\Windows\System32\atmlib.dll 2013-10-09 16:38:59 5C6B44F9CAAC475B7B9EBBC29CB7F065 295424 ----a-w- C:\Windows\System32\atmfd.dll 2013-10-09 16:38:59 2342EC9254F4C60CA98441BD65C89E12 10240 ----a-w- C:\Windows\System32\dciman32.dll 2013-10-09 16:38:57 E2ED66FAF894F545EB083AC5F5763854 434688 ----a-w- C:\Windows\System32\scavengeui.dll 2013-10-09 16:38:55 445C354D772DFEBF46F73078C8C2C797 2348544 ----a-w- C:\Windows\System32\win32k.sys 2013-10-09 16:38:53 EAF4712B706936C0B10D3B5319B37E81 81920 ----a-w- C:\Windows\System32\davclnt.dll 2013-10-09 16:38:53 75E8EBD7040CE238684333F97014762A 205824 ----a-w- C:\Windows\System32\WebClnt.dll ====== C:\Windows\system32\drivers ===== 2013-10-09 16:39:15 FDA6F2BB7FA034D95863ED8788B4E416 284672 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-10-09 16:39:15 FC6B21DB4B5B398AB93DBE59CBF11036 36352 ----a-w- C:\Windows\System32\drivers\usbscan.sys 2013-10-09 16:39:15 F1B27299F547D452EDAEF01FC187CB91 25728 ----a-w- C:\Windows\System32\drivers\hidparse.sys 2013-10-09 16:39:15 DCDF9855145A14DFCA0AB32308871961 20480 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-10-09 16:39:15 C4FB8E7ADEA9B5CEEA885A1B504B7E40 43008 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-10-09 16:39:15 8E51D04175BAA14C4F79AA5F6D248770 24064 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-10-09 16:39:15 86AA95ACB611001E26CD2C0145F2225A 258560 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-10-09 16:39:15 71D97F1A3CC47A56728F7A400A3F8295 76288 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-10-09 16:39:15 6FB17D7A2E76B838886E5E8C60239DAE 6016 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-10-09 16:39:15 50ABE682EBE752EAF62B18790D6D491C 55808 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2013-10-09 16:39:14 71BC35067CABC02C9453AEAA42B2E43E 729024 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-10-09 16:39:13 F81BB7E487EDCEAB630A7EE66CF23913 338944 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-10-09 16:39:13 CA59F7C570AF70BC174F477CFE2D9EE3 1294272 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-10-09 16:38:53 21F4B24ACFC79A483515BD986DD9043F 115712 ----a-w- C:\Windows\System32\drivers\mrxdav.sys 2013-10-09 16:38:51 2352AB5F9F8F097BF9D41D5A4718A041 86016 ----a-w- C:\Windows\System32\drivers\usbcir.sys 2013-10-09 16:38:50 25944D2CC49E0A6C581D02A74B7D6645 527064 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys ====== C:\Windows\Tasks ====== 2013-10-11 19:06:18 8889EDA9304F46BAC999043DE518B656 3420 ----a-w- C:\Windows\system32\Tasks\BitGuard ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-10-06 19:58:04 -------- d-----w- C:\Program Files\LemurLeap 2013-10-06 19:50:50 -------- d-----w- C:\Program Files\Free YouTube Downloader 2013-10-06 12:39:06 -------- d-----w- C:\Program Files\Enigma Software Group 2013-10-06 12:37:28 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard 2013-10-05 17:35:12 -------- d-----w- C:\Program Files\EuroSoft Software Development 2013-09-30 17:56:49 -------- d-----w- C:\Program Files\QuotePad ======= C: ===== 2013-10-06 17:09:15 75F2BAE6F0A523209B2EA8CCABF33BB9 2010 ----a-w- C:\AdwCleaner[s3].txt 2013-10-06 17:08:50 7841A80AC041A9B5E432EE78F8840163 1828 ----a-w- C:\AdwCleaner[R5].txt 2013-10-06 17:08:24 715E41690F71B2CA7B87740105BCD904 1768 ----a-w- C:\AdwCleaner[R4].txt ====== C:\Users\admin\AppData\Roaming ====== 2013-10-09 21:27:08 D0615D4F3B1CEA3C49EFC9A0B3C4B796 843 ----a-w- C:\Users\admin\AppData\Local\recently-used.xbel 2013-10-06 17:11:13 0A9CA826D4673751A22C4AB1D2CBD644 70248 ----a-w- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-30 17:57:01 -------- d-----w- C:\Users\admin\AppData\Roaming\QuotePad 2013-09-28 20:39:13 -------- d-----w- C:\Users\admin\AppData\Roaming\vlc ====== C:\Users\admin ====== 2013-10-08 17:36:48 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\admin\Downloads\RSIT.exe 2013-10-08 16:07:43 1AFAB6EE6F3EA3456E8F5560CD28DCA2 1855072 ----a-w- C:\Users\admin\Downloads\iview436_setup.exe 2013-10-06 19:50:53 FAEDFE66CF96784098C9B7B1F405EF12 1582 ----a-w- C:\ProgramData\Booking.ico 2013-10-06 19:49:38 -------- d-----w- C:\ProgramData\BitGuard 2013-10-06 17:21:38 748835EA85085D2B89A5891FA588577D 559035 ----a-w- C:\Users\admin\Downloads\JRT.exe 2013-10-06 17:21:07 9CAEC4452CB20FD0BCF56868B94B96C9 592856 ----a-w- C:\Users\admin\Downloads\cbsidlm-tr1_15-Junkware_Removal_Tool-ORG-75910255.exe 2013-10-06 17:07:11 86229B2082FC763D7803CC2D9ABFB551 168760 ----a-w- C:\Users\admin\Downloads\AdwCleaner.exe 2013-10-06 15:18:02 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Users\admin\Desktop\AdwCleaner_1.606_En.exe 2013-10-06 12:36:06 848278CBD6DDA4EF4E832FB92428EEC0 728960 ----a-w- C:\Users\admin\Downloads\SpyHunter-Installer.exe 2013-10-05 17:33:29 15F56193D25FBCEBED9E431629976C78 7854369 ----a-w- C:\Users\admin\Downloads\adresses.exe 2013-09-30 17:56:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuotePad 2013-09-28 20:38:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2013-09-28 20:36:17 8BEB1A5BC7EF0E2A2D7EB44B74A2ADE7 24278649 ----a-w- C:\Users\admin\Downloads\vlc-2.1.0-win32.exe ====== C: exe-files == 2013-10-11 19:07:47 F422BB58E93A0451A5ADE8BC34E1FAEA 65312 ----a-w- C:\Program Files\LemurLeap\updateLemurLeap.exe 2013-10-09 21:42:55 E8433E4E65BDFB35DE5C2BFF745F1386 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-10-09 21:42:55 58A43D9DFFF91C1457EC47BDCF969B59 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-10-09 21:42:53 D6B7DDB68436F13C3CAE2B92524F1FEC 770648 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-10-09 16:39:02 813A7F5A2D6D366EB3FFB643B851BCE5 3914176 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-10-09 16:39:02 482C8CD985C727C7C78A5E9B320947F0 3969472 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2013-10-08 17:37:19 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\admin.exe 2013-10-08 17:36:48 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\admin\Downloads\RSIT.exe 2013-10-08 16:07:43 1AFAB6EE6F3EA3456E8F5560CD28DCA2 1855072 ----a-w- C:\Users\admin\Downloads\iview436_setup.exe 2013-10-06 19:58:39 C5A2D6DAFEA3E584BA34AE0BA86A4625 1300709 ----a-w- C:\Program Files\Free YouTube Downloader\unins000.exe 2013-10-06 19:58:00 ED8B665B985FE5A8ED1DB3BF73BBDE32 835176 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUMP2BVV\Setup[1].exe 2013-10-06 19:57:53 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMASSJ0P\LemurLeap_sm[1].exe 2013-10-06 19:57:53 C78539208554BDF5B49D6A17C7965853 175208 ----a-w- C:\Users\admin\AppData\Local\Temp\LemurLeap_sm.exe 2013-10-06 19:50:52 FDCEB7AADDF48AB011561FC4974337D5 191488 ----a-w- C:\Program Files\Free YouTube Downloader\YouTubeDownloader.exe 2013-10-06 19:50:52 BE758B90DF515250BA0E01C1395B5DE7 11608 ----a-w- C:\Program Files\Free YouTube Downloader\YouTubeDownloader.vshost.exe 2013-10-06 19:50:50 2A6F93C43DAFD471317DA13CAC71668A 12265472 ----a-w- C:\Program Files\Free YouTube Downloader\ffmpeg.exe 2013-10-06 19:50:06 96463F3FABD45032F02DA0437686B8BA 785048 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPWEQ1P2\minibar-core[1].exe 2013-10-06 19:49:49 425622F8DB2694C34D1908A77612ACFC 2845664 ----a-w- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe 2013-10-06 19:49:47 425622F8DB2694C34D1908A77612ACFC 2845664 ----a-w- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe 2013-10-06 19:49:03 8B64BCD9EAF292636E68CA78C6DE79D4 5668624 ----a-w- C:\Users\admin\AppData\Local\Temp\{2CDC3929-2938-4A98-BB25-93C91963FEBB}\setup.exe 2013-10-06 19:48:34 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPWEQ1P2\FreeYouTubeDownloaderSetupToolbarFree[1].exe 2013-10-06 19:48:30 2F5252E50745E47DB355B005725DAE05 327880 ----a-w- C:\Users\admin\AppData\Local\Temp\appshat-distribution.exe 2013-10-06 19:48:29 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FS5VYW5Q\appshat-distribution[1].exe 2013-10-06 19:48:28 D3197FAE11B8307F0F52343142709D77 836708 ----a-w- C:\Users\admin\AppData\Local\Temp\DeltaTB.exe 2013-10-06 19:48:27 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMASSJ0P\DeltaTB[1].exe 2013-10-06 19:47:56 FBE369DF3B3D51CB874535FAA3B3EBEA 5807696 ----a-w- C:\Users\admin\AppData\Local\Temp\OptimizerPro.exe 2013-10-06 19:47:54 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M770M6R\OptimizerPro[1].exe 2013-10-06 19:47:53 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GINKTKT\LollipopInstaller_14693[1].exe 2013-10-06 19:47:49 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A39I58X3\UpdateCheckerSetup[1].exe 2013-10-06 19:47:49 83087F025194693DFF3A0F22E6A4AE96 196376 ----a-w- C:\Users\admin\AppData\Local\Temp\UpdateCheckerSetup.exe 2013-10-06 17:21:46 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2013-10-06 17:21:38 748835EA85085D2B89A5891FA588577D 559035 ----a-w- C:\Users\admin\Downloads\JRT.exe 2013-10-06 17:21:07 9CAEC4452CB20FD0BCF56868B94B96C9 592856 ----a-w- C:\Users\admin\Downloads\cbsidlm-tr1_15-Junkware_Removal_Tool-ORG-75910255.exe 2013-10-06 17:07:32 2B8FB03BF38CB33A98D804CFDC2BB2C0 258560 ----atw- C:\Users\admin\AppData\Local\Temp\ins70\ins70.exe 2013-10-06 17:07:11 86229B2082FC763D7803CC2D9ABFB551 168760 ----a-w- C:\Users\admin\Downloads\AdwCleaner.exe 2013-10-06 17:02:47 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Users\admin\AppData\Local\Temp\vcredist_x86.exe 2013-10-06 17:02:39 858D895AD40DE9779E78C39A116F9553 10355400 ----a-w- C:\Users\admin\AppData\Local\Temp\BackupSetup.exe 2013-10-06 15:18:29 8B64BCD9EAF292636E68CA78C6DE79D4 5668624 ----a-w- C:\Users\admin\AppData\Local\Temp\{1C351DDC-B7FD-4598-8CE0-BB7A2ED701AD}\setup.exe 2013-10-06 15:18:02 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Users\admin\Desktop\AdwCleaner_1.606_En.exe 2013-10-06 15:17:47 8F8138B6D2B9428C388E763347C515A8 5514432 ----a-w- C:\Users\admin\AppData\Local\Temp\ins1197\LyricsSay_1060-8002_v122.exe 2013-10-06 15:17:40 2CEB3D1FEA2D286AAFF83C879235DCCF 890704 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A39I58X3\Setup[1].exe 2013-10-06 13:07:54 6B110E925294547A7D288F26DA19D199 179687 ----a-w- C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla18.exe 2013-10-06 12:37:38 2349274E327CAC32501C93AE37E16B48 180934 ----a-w- C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla21.exe 2013-10-06 12:36:31 84126D8FA81D231E1DEFD8D0906F8D70 45827664 ----a-w- C:\Users\admin\AppData\Local\Temp\SHSetup.exe 2013-10-06 12:36:06 848278CBD6DDA4EF4E832FB92428EEC0 728960 ----a-w- C:\Users\admin\Downloads\SpyHunter-Installer.exe 2013-10-05 18:19:44 663C0061B5141CBFA401E578C36F129C 12612850 ----a-w- C:\Users\admin\AppData\Local\Temp\is1244477948\4806171_Setup.EXE 2013-10-05 17:33:29 15F56193D25FBCEBED9E431629976C78 7854369 ----a-w- C:\Users\admin\Downloads\adresses.exe 2013-10-04 20:05:20 4CFCD3F168F5333FFDD44BC64491A267 521216 ----a-w- C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe === C: other files == 2013-10-09 16:39:15 FDA6F2BB7FA034D95863ED8788B4E416 284672 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbport.sys 2013-10-09 16:39:15 FDA6F2BB7FA034D95863ED8788B4E416 284672 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-10-09 16:39:15 FC6B21DB4B5B398AB93DBE59CBF11036 36352 ----a-w- C:\Windows\System32\DriverStore\FileRepository\sti.inf_x86_neutral_24eb5587941b03fb\usbscan.sys 2013-10-09 16:39:15 FC6B21DB4B5B398AB93DBE59CBF11036 36352 ----a-w- C:\Windows\System32\drivers\usbscan.sys 2013-10-09 16:39:15 F1B27299F547D452EDAEF01FC187CB91 25728 ----a-w- C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_1436b88c77b8881d\hidparse.sys 2013-10-09 16:39:15 F1B27299F547D452EDAEF01FC187CB91 25728 ----a-w- C:\Windows\System32\drivers\hidparse.sys 2013-10-09 16:39:15 DCDF9855145A14DFCA0AB32308871961 20480 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbohci.sys 2013-10-09 16:39:15 DCDF9855145A14DFCA0AB32308871961 20480 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-10-09 16:39:15 C4FB8E7ADEA9B5CEEA885A1B504B7E40 43008 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbehci.sys 2013-10-09 16:39:15 C4FB8E7ADEA9B5CEEA885A1B504B7E40 43008 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-10-09 16:39:15 8E51D04175BAA14C4F79AA5F6D248770 24064 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbuhci.sys 2013-10-09 16:39:15 8E51D04175BAA14C4F79AA5F6D248770 24064 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-10-09 16:39:15 86AA95ACB611001E26CD2C0145F2225A 258560 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbhub.sys 2013-10-09 16:39:15 86AA95ACB611001E26CD2C0145F2225A 258560 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_ef2e2e69da5c57df\usbhub.sys 2013-10-09 16:39:15 86AA95ACB611001E26CD2C0145F2225A 258560 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-10-09 16:39:15 71D97F1A3CC47A56728F7A400A3F8295 76288 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_ef2e2e69da5c57df\usbccgp.sys 2013-10-09 16:39:15 71D97F1A3CC47A56728F7A400A3F8295 76288 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-10-09 16:39:15 6FB17D7A2E76B838886E5E8C60239DAE 6016 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbd.sys 2013-10-09 16:39:15 6FB17D7A2E76B838886E5E8C60239DAE 6016 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-10-09 16:39:15 50ABE682EBE752EAF62B18790D6D491C 55808 ----a-w- C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_1436b88c77b8881d\hidclass.sys 2013-10-09 16:39:15 50ABE682EBE752EAF62B18790D6D491C 55808 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2013-10-09 16:39:14 71BC35067CABC02C9453AEAA42B2E43E 729024 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-10-09 16:39:13 F81BB7E487EDCEAB630A7EE66CF23913 338944 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-10-09 16:39:13 CA59F7C570AF70BC174F477CFE2D9EE3 1294272 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-10-09 16:39:08 007C0C8D5B01D82ACEB70431D15083F6 28160 ----a-w- C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_x86_neutral_1965855805a8e768\usbser.sys 2013-10-09 16:38:55 445C354D772DFEBF46F73078C8C2C797 2348544 ----a-w- C:\Windows\System32\win32k.sys 2013-10-09 16:38:53 21F4B24ACFC79A483515BD986DD9043F 115712 ----a-w- C:\Windows\System32\drivers\mrxdav.sys 2013-10-09 16:38:51 DE014425522610BEDCA3821BB8C0F1D5 146816 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_x86_neutral_b63436395ec126b7\usbvideo.sys 2013-10-09 16:38:51 A1977C315BF5691DA99235AA4A6907AF 80896 ----a-w- C:\Windows\System32\DriverStore\FileRepository\wdma_usb.inf_x86_neutral_8583111d879ac65d\USBAUDIO.sys 2013-10-09 16:38:51 2352AB5F9F8F097BF9D41D5A4718A041 86016 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_x86_neutral_1a7503cad201feda\usbcir.sys 2013-10-09 16:38:51 2352AB5F9F8F097BF9D41D5A4718A041 86016 ----a-w- C:\Windows\System32\drivers\usbcir.sys 2013-10-09 16:38:50 25944D2CC49E0A6C581D02A74B7D6645 527064 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-10-06 17:21:44 FDB9CF820305FE44231763042642F7A6 12733 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\searchlnk.bat 2013-10-06 17:21:44 F871C2EECFB5DF889C240D846473CD80 89287 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\misc.bat 2013-10-06 17:21:44 F6CA4866511929B8356C67C40DF7D9B3 28960 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\prelim.bat 2013-10-06 17:21:44 EC2D0525D784635AC629EA4B3B60A0F1 11656 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\JRT.bat 2013-10-06 17:21:44 D69A075ABACDEB803121FD49E176906A 13748 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\get.bat 2013-10-06 17:21:44 BE9A93AB5FE6CAE1D6A78857B04F04FC 15330 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\chrome.bat 2013-10-06 17:21:44 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\FWPolicy.bat 2013-10-06 17:21:44 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\ev_clear.bat 2013-10-06 17:21:44 6FA00F3154329484AE7CA523863F010F 38960 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\ask.bat 2013-10-06 17:21:44 6C966C77884990CE8F02799FF6227BB1 9486 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\modules.bat 2013-10-06 17:21:44 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\delorphans.bat 2013-10-06 17:21:44 5738500CE82B28738D24E2B61B2842C3 219670 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\firefox.bat 2013-10-06 17:21:44 4C51096033E1B16985334794FAAA2FA6 1018 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\TDL4.bat 2013-10-06 17:21:44 1ACDFEB8A7A728A429476F11E7A24617 29141 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\iexplore.bat 2013-10-06 17:21:44 150B311890A68BB34170FBB4FAA733F5 6699 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\runvalues.bat 2013-10-06 17:21:44 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\medfos.bat 2013-10-06 17:21:44 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\delfolders.bat 2013-10-06 17:08:08 97D169AC1A8108BF4D1C62221D720790 631 ----a-w- C:\Users\admin\AppData\Local\Temp\Uninst.bat 2013-10-05 18:20:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUMP2BVV\1.1.6.6[1].crx 2013-10-05 18:20:48 2D0E258C08354FA84E5CB5D312B8E83F 416279 ----a-w- C:\Users\admin\AppData\Local\Temp\eIntaller\D9BEF0DB04314e89A9974FCB72E7AD80\newtab.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Dictionary .NET"="C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe -c" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "Spotify Web Helper"="C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "WiFi Guard"="C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe /hide" "SDP"="C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto " "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "UpdateP2GoShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0" "RemoteControl9"="C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" "PDVD9LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" "UpdatePPShortCut"="C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\PowerProducer UpdateWithCreateOnce Software\CyberLink\PowerProducer\5.0" "UpdatePSTShortCut"="C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\Blu-ray Disc Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter" "VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "PixelPlanet PdfPrinter-Monitor"="C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "obkagent"="C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Dictionary .NET"="C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe -c" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "Spotify Web Helper"="C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "WiFi Guard"="C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe /hide" "SDP"="C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto " "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\bitguard\\261694~1.246\\{c16c1~1\\bitguard.dll " ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedUpMyPC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpeedUpMyPC" "hkey"="HKCU" "command"="\"C:\\Program Files\\Uniblue\\SpeedUpMyPC\\launcher.exe\" -d 20000 " ==== Startup Folders ====================== 2013-01-09 22:29:44 1339 ----a-w- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk 2013-02-02 18:05:37 1049 ----a-w- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2011-07-05 17:02:42 2031 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/10/2013 20:11] C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files\Glary Utilities\initialize.exe [22/03/2010 13:03] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07/11/2011 20:20] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07/11/2011 20:20] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\BitGuard" [C:\Windows\system32\sc.exe start BitGuard] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GlaryInitialize" [C:\Program Files\Glary Utilities\initialize.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMKMJJLMKMGMLMGMMJCNPMOJJJPMCNLMMMMMNJCNOJGMLJLMCNOMPMHMNMKMJJOMJMPMNMLJOJJNJICMIMCNLMCNOMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMPMJNHICMMJBJKJLIMJJNBJCMOJLJCJGJBJJNKJCMJNNICMJNDJCMBJDJ"] "C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-779995794-2056842348-1647886699-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-779995794-2056842348-1647886699-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\Run RoboForm TaskBar Icon" [C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{FA3CA16D-C6C1-4DBE-9567-DE3E8455D956}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [17/09/2013 21:17] ==== Firefox Extensions ====================== ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default - Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be - LyricsSay-1 - %ProfilePath%\extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com - LemurLeap - %ProfilePath%\extensions\firefox@lemurleap.info - LemurLeap - %ProfilePath%\extensions\firefox@lemurleap.info.xpi - Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi - Picture Zoom Plus - %ProfilePath%\extensions\xxcessl0gycs@gmail.com.xpi - ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default - LemurLeap - %ProfilePath%\extensions\firefox@lemurleap.info.xpi - Pocket - %ProfilePath%\extensions\isreaditlater@ideashower.com.xpi - ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In 04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update 7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 179B446B36562BA025F38A5B0760DBEA - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25 2EE9DCAE1D70ABF4D058688DE35F8221 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.16 BC601425BC360C12DF2277992C6D83D5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.4 7B64C498A4E0958967EBD9439EE93DB4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 309817C5A02434365B0091021FD70610 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 A0D9A846578582064F3D066B23CD2E55 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 2871984886154973C810DAF2A9294510 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 61EA5261198FD2431A4DD088569ED8D4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default 04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin BC601425BC360C12DF2277992C6D83D5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.4 7B64C498A4E0958967EBD9439EE93DB4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 309817C5A02434365B0091021FD70610 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 A0D9A846578582064F3D066B23CD2E55 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 2871984886154973C810DAF2A9294510 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 61EA5261198FD2431A4DD088569ED8D4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector D0DA6B2FB50A0667CF4BACC2AEFEA009 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java Platform SE 7 U5 C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin ==== Deleting Files \ Folders ====================== "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\admin\AppData\Roaming\BabSolution\CR\Delta.crx[] Delta Toolbar - admin - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Add Lyrics - admin - Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld DealPly Shopping - admin - Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf LyricsSay-1 - admin - Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef ==== Chrome Fix ====================== C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld deleted successfully C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef deleted successfully C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.delta-search.com/?babsrc=HP_ss&mntrId=9A84E091F523EA46&affID=125155&tsp=5027" "Backup.Old.Start Page"="http://start.be/" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" "Backup.Old.Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {03051086-C7A4-0250-3C2A-1C3F4CACF451} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Delta Search Url="http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9A84E091F523EA46&affID=125155&tsp=5027" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE" {F6909F06-51FF-4A24-92CD-9C55E832950B} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7AURU_nlBE498" ==== Reset Google Chrome ====================== C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{415419C3-DAD0-4DF1-AC37-22C72AD81878} deleted successfully HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48F6F60F-F426-421B-806E-BACDE69252C6} deleted successfully HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48F6F60F-F426-421B-806E-BACDE69252C6} deleted successfully HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_CLASSES_ROOT\CLSID\{415419C3-DAD0-4DF1-AC37-22C72AD81878} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{415419C3-DAD0-4DF1-AC37-22C72AD81878} deleted successfully HKEY_CLASSES_ROOT\CLSID\{48F6F60F-F426-421B-806E-BACDE69252C6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Mozilla\Firefox\Extensions\addlyrics@addlyrics.net deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC deleted successfully ==== Empty IE Cache ====================== C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\hkky9amf.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\admin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found "C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found "C:\Program Files\LemurLeap" not found "C:\ProgramData\BitGuard" not found "C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BMRB4XHY\syndication.vmma.be" not found ==== EOF on vr 11/10/2013 at 22:17:38,34 ======================
-
Z-Analyse V1.0.0.1 Updated 07-October-2013 Tool run by admin on wo 09/10/2013 at 18:41:18,01. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\admin\AppData\Local\Temp\Temp1_zoek-2.zip\Z-Analyse.scr [Deep Scan] ==== System Restore Info ====================== 9/10/2013 18:41:58 Zoek.exe System Restore Point Created Succesfully. ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\taskeng.exe C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\CyberLink\Shared files\brs.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\system32\vmnat.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\VMware\VMware Player\vmware-authd.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\vmnetdhcp.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\DllHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\taskhost.exe C:\Users\admin\AppData\Local\Temp\Temp1_zoek-2.zip\Z-Analyse.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\conhost.exe C:\Users\admin\AppData\Local\Temp\NirCmd.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k swprv ==== System Specs ====================== Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601) Memory (RAM): 3550 MB CPU Info: Pentium® Dual-Core CPU E5700 @ 3.00GHz CPU Speed: 3009,9 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: Intel® G41 Express Chipset | Intel® G41 Express Chipset | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | NETGEAR WG111v3 Wireless-G USB Adapter | Realtek PCIe GBE Family Controller | VMware Virtual Ethernet Adapter for VMnet1 | VMware Virtual Ethernet Adapter for VMnet8 CD / DVD Drives: 1x (D: | ) D: Optiarc DVD RW AD-5260S Ports: COM1 LPT1 Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 931,4GB | E: 465,8GB Hard Disks - Free: C: 875,0GB | E: 352,0GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 12/21/09 | A_M_I_ - 12000921 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK Computer INC. V-P5G41E Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Default Browser: Firefox 24.0 Internet Explorer Version: 10.0.9200.16686 Mozilla Firefox version: 24.0 (x86 nl) Adobe Reader version: 10.1.8.24 Sun Java version: 1.7.0_25 (32-bit) Flash Player version: 11.8.800.168 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\admin\AppData\Local\Temp ==== 2013-10-06 19:57:53 C78539208554BDF5B49D6A17C7965853 175208 ----a-w- C:\Users\admin\AppData\Local\Temp\LemurLeap_sm.exe 2013-10-06 19:49:23 B212865E7E478A28A97268F960079A8D 132096 ----a-w- C:\Users\admin\AppData\Local\Temp\9F7289A5-BAB0-7891-B724-D00621E4D400\Latest\BExternal.dll 2013-10-06 19:49:23 A21DE5067618D4F2DF261416315ED120 6144 ----a-w- C:\Users\admin\AppData\Local\Temp\9F7289A5-BAB0-7891-B724-D00621E4D400\Latest\IEHelper.dll 2013-10-06 19:49:23 0F66E8E2340569FB17E774DAC2010E31 520234 ----a-w- C:\Users\admin\AppData\Local\Temp\9F7289A5-BAB0-7891-B724-D00621E4D400\Latest\sqlite3.dll 2013-10-06 19:49:03 8B64BCD9EAF292636E68CA78C6DE79D4 5668624 ----a-w- C:\Users\admin\AppData\Local\Temp\{2CDC3929-2938-4A98-BB25-93C91963FEBB}\setup.exe 2013-10-06 19:48:30 2F5252E50745E47DB355B005725DAE05 327880 ----a-w- C:\Users\admin\AppData\Local\Temp\appshat-distribution.exe 2013-10-06 19:48:28 D3197FAE11B8307F0F52343142709D77 836708 ----a-w- C:\Users\admin\AppData\Local\Temp\DeltaTB.exe 2013-10-06 19:47:56 FBE369DF3B3D51CB874535FAA3B3EBEA 5807696 ----a-w- C:\Users\admin\AppData\Local\Temp\OptimizerPro.exe 2013-10-06 19:47:49 83087F025194693DFF3A0F22E6A4AE96 196376 ----a-w- C:\Users\admin\AppData\Local\Temp\UpdateCheckerSetup.exe 2013-10-06 17:21:46 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2013-10-06 17:07:32 2B8FB03BF38CB33A98D804CFDC2BB2C0 258560 ----atw- C:\Users\admin\AppData\Local\Temp\ins70\ins70.exe 2013-10-06 17:02:47 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Users\admin\AppData\Local\Temp\vcredist_x86.exe 2013-10-06 17:02:39 858D895AD40DE9779E78C39A116F9553 10355400 ----a-w- C:\Users\admin\AppData\Local\Temp\BackupSetup.exe 2013-10-06 15:18:29 8B64BCD9EAF292636E68CA78C6DE79D4 5668624 ----a-w- C:\Users\admin\AppData\Local\Temp\{1C351DDC-B7FD-4598-8CE0-BB7A2ED701AD}\setup.exe 2013-10-06 15:17:47 8F8138B6D2B9428C388E763347C515A8 5514432 ----a-w- C:\Users\admin\AppData\Local\Temp\ins1197\LyricsSay_1060-8002_v122.exe 2013-10-06 12:36:31 84126D8FA81D231E1DEFD8D0906F8D70 45827664 ----a-w- C:\Users\admin\AppData\Local\Temp\SHSetup.exe 2013-10-05 18:19:44 663C0061B5141CBFA401E578C36F129C 12612850 ----a-w- C:\Users\admin\AppData\Local\Temp\is1244477948\4806171_Setup.EXE ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2013-09-11 14:13:11 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-09-09 19:05:34 B54B98816EC8F861CA5D9EC74BA06F22 162848 ----a-w- C:\Windows\System32\drivers\gzflt.sys ====== C:\Windows\Tasks ====== 2013-10-08 21:59:34 37B5D8F0C3AB7C9E2046DEA5075B6656 3420 ----a-w- C:\Windows\system32\Tasks\BitGuard 2013-10-06 19:49:35 D940C44CDC7A48317FCBE04DF3B005C8 3388 ----a-w- C:\Windows\system32\Tasks\EPUpdater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-10-06 19:58:04 -------- d-----w- C:\Program Files\LemurLeap 2013-10-06 19:50:50 -------- d-----w- C:\Program Files\Free YouTube Downloader 2013-10-06 19:49:42 -------- d-----w- C:\Program Files\Delta 2013-10-06 17:03:37 -------- d-----w- C:\Program Files\MyPC Backup 2013-10-06 17:02:44 -------- d-----w- C:\Program Files\DealPlyLive 2013-10-06 12:39:06 -------- d-----w- C:\Program Files\Enigma Software Group 2013-10-06 12:37:28 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard 2013-10-05 17:35:12 -------- d-----w- C:\Program Files\EuroSoft Software Development 2013-09-30 17:56:49 -------- d-----w- C:\Program Files\QuotePad 2013-09-22 14:16:01 -------- d-----w- C:\Program Files\FirstRowSportApp.com 2013-09-09 19:05:34 -------- d-----w- C:\Program Files\Bitdefender 2013-09-09 18:59:27 -------- d-----w- C:\Program Files\Common Files\Bitdefender ======= C: ===== 2013-10-06 17:09:15 75F2BAE6F0A523209B2EA8CCABF33BB9 2010 ----a-w- C:\AdwCleaner[s3].txt 2013-10-06 17:08:50 7841A80AC041A9B5E432EE78F8840163 1828 ----a-w- C:\AdwCleaner[R5].txt 2013-10-06 17:08:24 715E41690F71B2CA7B87740105BCD904 1768 ----a-w- C:\AdwCleaner[R4].txt ====== C:\Users\admin\AppData\Roaming ====== 2013-10-07 22:53:03 -------- d-----w- C:\Users\admin\AppData\Locallow\Delta 2013-10-06 19:49:49 -------- d-----w- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-10-06 19:49:35 -------- d-----w- C:\Users\admin\AppData\Roaming\BabSolution 2013-10-06 19:49:18 -------- d-----w- C:\Users\admin\AppData\Roaming\Babylon 2013-10-06 19:49:02 -------- d-----w- C:\Users\admin\AppData\Local\Lollipop 2013-10-06 19:48:52 -------- d-----w- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 2013-10-06 19:48:49 -------- d-----w- C:\Users\admin\AppData\Local\FilesFrog Update Checker 2013-10-06 17:22:42 -------- d-----w- C:\Users\admin\AppData\Local\DealPlyLive 2013-10-06 17:11:13 0A9CA826D4673751A22C4AB1D2CBD644 70248 ----a-w- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-30 17:57:01 -------- d-----w- C:\Users\admin\AppData\Roaming\QuotePad 2013-09-28 20:39:13 -------- d-----w- C:\Users\admin\AppData\Roaming\vlc 2013-09-22 14:16:01 -------- d-----w- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com 2013-09-09 19:11:52 -------- d-----w- C:\Users\admin\AppData\Roaming\QuickScan ====== C:\Users\admin ====== 2013-10-08 17:36:48 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\admin\Downloads\RSIT.exe 2013-10-08 16:07:43 1AFAB6EE6F3EA3456E8F5560CD28DCA2 1855072 ----a-w- C:\Users\admin\Downloads\iview436_setup.exe 2013-10-06 19:50:53 FAEDFE66CF96784098C9B7B1F405EF12 1582 ----a-w- C:\ProgramData\Booking.ico 2013-10-06 19:49:38 -------- d-----w- C:\ProgramData\BitGuard 2013-10-06 19:49:34 -------- d-----w- C:\ProgramData\DSearchLink 2013-10-06 19:49:18 -------- d-----w- C:\ProgramData\Babylon 2013-10-06 19:46:19 B25686E4D480BEEF1245CBA52D9017C8 400752 ----a-w- C:\Users\admin\Downloads\SoftonicDownloader_voor_free-youtube-downloader.exe 2013-10-06 17:21:38 748835EA85085D2B89A5891FA588577D 559035 ----a-w- C:\Users\admin\Downloads\JRT.exe 2013-10-06 17:21:07 9CAEC4452CB20FD0BCF56868B94B96C9 592856 ----a-w- C:\Users\admin\Downloads\cbsidlm-tr1_15-Junkware_Removal_Tool-ORG-75910255.exe 2013-10-06 17:07:11 86229B2082FC763D7803CC2D9ABFB551 168760 ----a-w- C:\Users\admin\Downloads\AdwCleaner.exe 2013-10-06 17:02:44 -------- d-----w- C:\ProgramData\DealPlyLive 2013-10-06 15:18:02 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Users\admin\Desktop\AdwCleaner_1.606_En.exe 2013-10-06 12:36:06 848278CBD6DDA4EF4E832FB92428EEC0 728960 ----a-w- C:\Users\admin\Downloads\SpyHunter-Installer.exe 2013-10-05 17:33:29 15F56193D25FBCEBED9E431629976C78 7854369 ----a-w- C:\Users\admin\Downloads\adresses.exe 2013-09-30 17:56:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuotePad 2013-09-28 20:38:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2013-09-28 20:36:17 8BEB1A5BC7EF0E2A2D7EB44B74A2ADE7 24278649 ----a-w- C:\Users\admin\Downloads\vlc-2.1.0-win32.exe 2013-09-22 14:17:11 -------- d-----w- C:\ProgramData\AskPartnerNetwork 2013-09-11 16:10:05 29FF344A3607C7AA7DADA1C02E563020 150040 ----a-w- C:\ProgramData\1378915768.bdinstall.bin 2013-09-11 16:08:50 883F0C10DD2B0FE060AD64B4760FF3A7 46685 ----a-w- C:\ProgramData\1378915723.bdinstall.bin 2013-09-09 19:06:40 DDD0725069A8A674EE57946C5D7E31F1 172682 ----a-w- C:\ProgramData\1378753175.bdinstall.bin 2013-09-09 19:06:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Safepay 2013-09-09 19:06:27 -------- d-----w- C:\ProgramData\Bitdefender ====== C: exe-files == 2013-10-08 17:37:19 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\admin.exe 2013-10-08 17:36:48 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\admin\Downloads\RSIT.exe 2013-10-08 16:07:43 1AFAB6EE6F3EA3456E8F5560CD28DCA2 1855072 ----a-w- C:\Users\admin\Downloads\iview436_setup.exe 2013-10-07 21:28:37 F422BB58E93A0451A5ADE8BC34E1FAEA 65312 ----a-w- C:\Program Files\LemurLeap\bin\utilLemurLeap.exe 2013-10-06 19:58:39 C5A2D6DAFEA3E584BA34AE0BA86A4625 1300709 ----a-w- C:\Program Files\Free YouTube Downloader\unins000.exe 2013-10-06 19:58:06 93A03C1E6001EE3E211E3E0524B04E7D 213152 ----a-w- C:\Program Files\LemurLeap\LemurLeapUninstall.exe 2013-10-06 19:58:00 ED8B665B985FE5A8ED1DB3BF73BBDE32 835176 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUMP2BVV\Setup[1].exe 2013-10-06 19:57:53 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMASSJ0P\LemurLeap_sm[1].exe 2013-10-06 19:57:53 C78539208554BDF5B49D6A17C7965853 175208 ----a-w- C:\Users\admin\AppData\Local\Temp\LemurLeap_sm.exe 2013-10-06 19:50:52 FDCEB7AADDF48AB011561FC4974337D5 191488 ----a-w- C:\Program Files\Free YouTube Downloader\YouTubeDownloader.exe 2013-10-06 19:50:52 BE758B90DF515250BA0E01C1395B5DE7 11608 ----a-w- C:\Program Files\Free YouTube Downloader\YouTubeDownloader.vshost.exe 2013-10-06 19:50:50 2A6F93C43DAFD471317DA13CAC71668A 12265472 ----a-w- C:\Program Files\Free YouTube Downloader\ffmpeg.exe 2013-10-06 19:50:06 96463F3FABD45032F02DA0437686B8BA 785048 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPWEQ1P2\minibar-core[1].exe 2013-10-06 19:49:49 425622F8DB2694C34D1908A77612ACFC 2845664 ----a-w- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe 2013-10-06 19:49:48 3C74C26999F2060BC6302448F173A342 340464 ----a-w- C:\Program Files\Delta\delta\1.8.24.6\GUninstaller.exe 2013-10-06 19:49:47 425622F8DB2694C34D1908A77612ACFC 2845664 ----a-w- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe 2013-10-06 19:49:44 7D0CACAF87E8A3C7DE34DCEE498A4F1C 215273 ----a-w- C:\Program Files\Delta\delta\1.8.24.6\uninstall.exe 2013-10-06 19:49:43 E809044FB799E233674AB7DD65FFBDD9 103380 ----a-w- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\ffxtlbr@delta.com\uninstall.exe 2013-10-06 19:49:35 F64487396AB10165DC80BC15CF854D31 10320 ----a-w- C:\Users\admin\AppData\Roaming\BabSolution\Shared\BabMaint.exe 2013-10-06 19:49:35 3C74C26999F2060BC6302448F173A342 340464 ----a-w- C:\Users\admin\AppData\Roaming\BabSolution\Shared\GUninstaller.exe 2013-10-06 19:49:03 8B64BCD9EAF292636E68CA78C6DE79D4 5668624 ----a-w- C:\Users\admin\AppData\Local\Temp\{2CDC3929-2938-4A98-BB25-93C91963FEBB}\setup.exe 2013-10-06 19:48:51 8952FB6D4D1A49A0D2652190E2F4ED43 61990 ----a-w- C:\Users\admin\AppData\Local\FilesFrog Update Checker\uninstall.exe 2013-10-06 19:48:34 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPWEQ1P2\FreeYouTubeDownloaderSetupToolbarFree[1].exe 2013-10-06 19:48:30 2F5252E50745E47DB355B005725DAE05 327880 ----a-w- C:\Users\admin\AppData\Local\Temp\appshat-distribution.exe 2013-10-06 19:48:29 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FS5VYW5Q\appshat-distribution[1].exe 2013-10-06 19:48:28 D3197FAE11B8307F0F52343142709D77 836708 ----a-w- C:\Users\admin\AppData\Local\Temp\DeltaTB.exe 2013-10-06 19:48:27 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMASSJ0P\DeltaTB[1].exe 2013-10-06 19:47:56 FBE369DF3B3D51CB874535FAA3B3EBEA 5807696 ----a-w- C:\Users\admin\AppData\Local\Temp\OptimizerPro.exe 2013-10-06 19:47:54 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M770M6R\OptimizerPro[1].exe 2013-10-06 19:47:53 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GINKTKT\LollipopInstaller_14693[1].exe 2013-10-06 19:47:49 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A39I58X3\UpdateCheckerSetup[1].exe 2013-10-06 19:47:49 83087F025194693DFF3A0F22E6A4AE96 196376 ----a-w- C:\Users\admin\AppData\Local\Temp\UpdateCheckerSetup.exe 2013-10-06 19:46:19 B25686E4D480BEEF1245CBA52D9017C8 400752 ----a-w- C:\Users\admin\Downloads\SoftonicDownloader_voor_free-youtube-downloader.exe 2013-10-06 17:21:46 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2013-10-06 17:21:38 748835EA85085D2B89A5891FA588577D 559035 ----a-w- C:\Users\admin\Downloads\JRT.exe 2013-10-06 17:21:07 9CAEC4452CB20FD0BCF56868B94B96C9 592856 ----a-w- C:\Users\admin\Downloads\cbsidlm-tr1_15-Junkware_Removal_Tool-ORG-75910255.exe 2013-10-06 17:07:32 2B8FB03BF38CB33A98D804CFDC2BB2C0 258560 ----atw- C:\Users\admin\AppData\Local\Temp\ins70\ins70.exe 2013-10-06 17:07:11 86229B2082FC763D7803CC2D9ABFB551 168760 ----a-w- C:\Users\admin\Downloads\AdwCleaner.exe 2013-10-06 17:02:47 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Users\admin\AppData\Local\Temp\vcredist_x86.exe 2013-10-06 17:02:39 858D895AD40DE9779E78C39A116F9553 10355400 ----a-w- C:\Users\admin\AppData\Local\Temp\BackupSetup.exe 2013-10-06 15:18:29 8B64BCD9EAF292636E68CA78C6DE79D4 5668624 ----a-w- C:\Users\admin\AppData\Local\Temp\{1C351DDC-B7FD-4598-8CE0-BB7A2ED701AD}\setup.exe 2013-10-06 15:18:02 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Users\admin\Desktop\AdwCleaner_1.606_En.exe 2013-10-06 15:17:47 8F8138B6D2B9428C388E763347C515A8 5514432 ----a-w- C:\Users\admin\AppData\Local\Temp\ins1197\LyricsSay_1060-8002_v122.exe 2013-10-06 15:17:40 2CEB3D1FEA2D286AAFF83C879235DCCF 890704 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A39I58X3\Setup[1].exe 2013-10-06 13:07:54 6B110E925294547A7D288F26DA19D199 179687 ----a-w- C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla18.exe 2013-10-06 12:37:38 2349274E327CAC32501C93AE37E16B48 180934 ----a-w- C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla21.exe 2013-10-06 12:36:31 84126D8FA81D231E1DEFD8D0906F8D70 45827664 ----a-w- C:\Users\admin\AppData\Local\Temp\SHSetup.exe 2013-10-06 12:36:06 848278CBD6DDA4EF4E832FB92428EEC0 728960 ----a-w- C:\Users\admin\Downloads\SpyHunter-Installer.exe 2013-10-05 18:19:44 663C0061B5141CBFA401E578C36F129C 12612850 ----a-w- C:\Users\admin\AppData\Local\Temp\is1244477948\4806171_Setup.EXE 2013-10-05 17:33:29 15F56193D25FBCEBED9E431629976C78 7854369 ----a-w- C:\Users\admin\Downloads\adresses.exe 2013-10-04 20:05:20 4CFCD3F168F5333FFDD44BC64491A267 521216 ----a-w- C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2013-10-03 20:36:18 F422BB58E93A0451A5ADE8BC34E1FAEA 65312 ----a-w- C:\Program Files\LemurLeap\updateLemurLeap.exe === C: other files == 2013-10-06 19:49:35 7A638D872FA954A773CF4D54F3FCAB1C 17476 ----a-w- C:\Users\admin\AppData\Roaming\BabSolution\CR\Delta.crx 2013-10-06 17:21:44 FDB9CF820305FE44231763042642F7A6 12733 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\searchlnk.bat 2013-10-06 17:21:44 F871C2EECFB5DF889C240D846473CD80 89287 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\misc.bat 2013-10-06 17:21:44 F6CA4866511929B8356C67C40DF7D9B3 28960 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\prelim.bat 2013-10-06 17:21:44 EC2D0525D784635AC629EA4B3B60A0F1 11656 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\JRT.bat 2013-10-06 17:21:44 D69A075ABACDEB803121FD49E176906A 13748 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\get.bat 2013-10-06 17:21:44 BE9A93AB5FE6CAE1D6A78857B04F04FC 15330 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\chrome.bat 2013-10-06 17:21:44 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\FWPolicy.bat 2013-10-06 17:21:44 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\ev_clear.bat 2013-10-06 17:21:44 6FA00F3154329484AE7CA523863F010F 38960 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\ask.bat 2013-10-06 17:21:44 6C966C77884990CE8F02799FF6227BB1 9486 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\modules.bat 2013-10-06 17:21:44 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\delorphans.bat 2013-10-06 17:21:44 5738500CE82B28738D24E2B61B2842C3 219670 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\firefox.bat 2013-10-06 17:21:44 4C51096033E1B16985334794FAAA2FA6 1018 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\TDL4.bat 2013-10-06 17:21:44 1ACDFEB8A7A728A429476F11E7A24617 29141 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\iexplore.bat 2013-10-06 17:21:44 150B311890A68BB34170FBB4FAA733F5 6699 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\runvalues.bat 2013-10-06 17:21:44 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\medfos.bat 2013-10-06 17:21:44 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\admin\AppData\Local\Temp\jrt\delfolders.bat 2013-10-06 17:08:08 97D169AC1A8108BF4D1C62221D720790 631 ----a-w- C:\Users\admin\AppData\Local\Temp\Uninst.bat 2013-10-05 18:20:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUMP2BVV\1.1.6.6[1].crx 2013-10-05 18:20:48 2D0E258C08354FA84E5CB5D312B8E83F 416279 ----a-w- C:\Users\admin\AppData\Local\Temp\eIntaller\D9BEF0DB04314e89A9974FCB72E7AD80\newtab.crx 2013-10-03 20:36:18 DB2F015354D322BF4EE005D4DD82DBA9 10249 ----a-w- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default\extensions\firefox@lemurleap.info.xpi 2013-10-03 20:36:18 DB2F015354D322BF4EE005D4DD82DBA9 10249 ----a-w- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\firefox@lemurleap.info.xpi 2013-10-03 09:31:24 7A638D872FA954A773CF4D54F3FCAB1C 17476 ----a-w- C:\Users\admin\AppData\Local\Temp\9F7289A5-BAB0-7891-B724-D00621E4D400\Latest\Delta.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-779995794-2056842348-1647886699-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Dictionary .NET"="C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe -c" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "Spotify Web Helper"="C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "WiFi Guard"="C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe /hide" "SDP"="C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto " "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "UpdateP2GoShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0" "RemoteControl9"="C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" "PDVD9LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" "UpdatePPShortCut"="C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\PowerProducer UpdateWithCreateOnce Software\CyberLink\PowerProducer\5.0" "UpdatePSTShortCut"="C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\Blu-ray Disc Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter" "VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "PixelPlanet PdfPrinter-Monitor"="C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "obkagent"="C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Dictionary .NET"="C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe -c" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "Spotify Web Helper"="C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "WiFi Guard"="C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe /hide" "SDP"="C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto " "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\bitguard\\261694~1.246\\{c16c1~1\\bitguard.dll " ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedUpMyPC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpeedUpMyPC" "hkey"="HKCU" "command"="\"C:\\Program Files\\Uniblue\\SpeedUpMyPC\\launcher.exe\" -d 20000 " ==== Startup Folders ====================== 2013-01-09 22:29:44 1339 ----a-w- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk 2013-02-02 18:05:37 1049 ----a-w- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2011-07-05 17:02:42 2031 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23/09/2013 18:11] C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files\Glary Utilities\initialize.exe [22/03/2010 13:03] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07/11/2011 20:20] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07/11/2011 20:20] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\BitGuard" [C:\Windows\system32\sc.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\EPUpdater" [C:\Users\admin\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe] "C:\Windows\system32\tasks\GlaryInitialize" [C:\Program Files\Glary Utilities\initialize.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMKMJJLMKMGMLMGMMJCNPMOJJJPMCNLMMMMMNJCNOJGMLJLMCNOMPMHMNMKMJJOMJMPMNMLJOJJNJICMIMCNLMCNOMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMPMJNHICMMJBJKJLIMJJNBJCMOJLJCJGJBJJNKJCMJNNICMJNDJCMBJDJ"] "C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-779995794-2056842348-1647886699-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-779995794-2056842348-1647886699-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\Run RoboForm TaskBar Icon" [C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{FA3CA16D-C6C1-4DBE-9567-DE3E8455D956}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-779995794-2056842348-1647886699-1000" [%windir%\system32\rundll32.exe portabledeviceapi.dll,#1] ==== Firefox Extensions ====================== ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default - Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be - LyricsSay-1 - %ProfilePath%\extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com - Delta Toolbar - %ProfilePath%\extensions\ffxtlbr@delta.com - LemurLeap - %ProfilePath%\extensions\firefox@lemurleap.info - FreeHDSport TV 3 - %ProfilePath%\extensions\fhdp3@freehdsp.tv.xpi - LemurLeap - %ProfilePath%\extensions\firefox@lemurleap.info.xpi - Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi - Picture Zoom Plus - %ProfilePath%\extensions\xxcessl0gycs@gmail.com.xpi - ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default - LemurLeap - %ProfilePath%\extensions\firefox@lemurleap.info.xpi - Pocket - %ProfilePath%\extensions\isreaditlater@ideashower.com.xpi - ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Undetermined - %AppDir%\extensions\ffxtlbr@babylon.com ==== Firefox Plugins ====================== Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash 04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update 7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 179B446B36562BA025F38A5B0760DBEA - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25 2EE9DCAE1D70ABF4D058688DE35F8221 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.16 BC601425BC360C12DF2277992C6D83D5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.4 7B64C498A4E0958967EBD9439EE93DB4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 309817C5A02434365B0091021FD70610 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 A0D9A846578582064F3D066B23CD2E55 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 2871984886154973C810DAF2A9294510 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 61EA5261198FD2431A4DD088569ED8D4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In 270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\r10fm3x1.default 04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin BC601425BC360C12DF2277992C6D83D5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.4 7B64C498A4E0958967EBD9439EE93DB4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 309817C5A02434365B0091021FD70610 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 A0D9A846578582064F3D066B23CD2E55 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 2871984886154973C810DAF2A9294510 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 61EA5261198FD2431A4DD088569ED8D4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector D0DA6B2FB50A0667CF4BACC2AEFEA009 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java Platform SE 7 U5 C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\admin\AppData\Roaming\BabSolution\CR\Delta.crx[03/10/2013 11:31] Delta Toolbar - admin - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Add Lyrics - admin - Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld DealPly Shopping - admin - Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf LyricsSay-1 - admin - Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.delta-search.com/?babsrc=HP_ss&mntrId=9A84E091F523EA46&affID=125155&tsp=5027" "Backup.Old.Start Page"="http://start.be/" "bProtector Start Page"="http://www.delta-search.com/?babsrc=HP_ss&mntrId=9A84E091F523EA46&affID=125155&tsp=5027" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {03051086-C7A4-0250-3C2A-1C3F4CACF451} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Delta Search Url="http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9A84E091F523EA46&affID=125155&tsp=5027" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" {80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE" {F6909F06-51FF-4A24-92CD-9C55E832950B} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7AURU_nlBE498" ==== HijackThis Entries ====================== O2 - BHO: LemurLeap - {415419c3-dad0-4df1-ac37-22c72ad81878} - C:\Program Files\LemurLeap\LemurLeapbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: (no name) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - (no file) O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [PixelPlanet PdfPrinter-Monitor] "C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [obkagent] "C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe" O4 - HKCU\..\Run: [Dictionary .NET] "C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe" -c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WiFi Guard] "C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe" /hide O4 - HKCU\..\Run: [sDP] C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Dropbox.lnk = admin\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.belfius.be O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{25832E89-2212-4801-9B56-C58DB9542B63}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{EEEDD743-E308-45AF-BC29-2D4D26515907}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Safepay Service Agent (OBKSvc) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe O23 - Service: Update LemurLeap - LemurLeap - C:\Program Files\LemurLeap\updateLemurLeap.exe O23 - Service: Bitdefender Safepay Update Service (UPDATESRV_SAFEPAY) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe O23 - Service: Util LemurLeap - LemurLeap - C:\Program Files\LemurLeap\bin\utilLemurLeap.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe ==== EOF on wo 09/10/2013 at 18:47:07,65 ======================
-
Logfile of random's system information tool 1.09 (written by random/random) Run by admin at 2013-10-08 19:37:19 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 895 GB (94%) free of 954 GB Total RAM: 3549 MB (50% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:37:22, on 8/10/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16686) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\CyberLink\Shared files\brs.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\admin\Downloads\RSIT.exe C:\Program Files\trend micro\admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: LemurLeap - {415419c3-dad0-4df1-ac37-22c72ad81878} - C:\Program Files\LemurLeap\LemurLeapbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: (no name) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - (no file) O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [PixelPlanet PdfPrinter-Monitor] "C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [obkagent] "C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe" O4 - HKCU\..\Run: [Dictionary .NET] "C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe" -c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WiFi Guard] "C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe" /hide O4 - HKCU\..\Run: [sDP] C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Dropbox.lnk = admin\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.belfius.be O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{25832E89-2212-4801-9B56-C58DB9542B63}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{EEEDD743-E308-45AF-BC29-2D4D26515907}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Safepay Service Agent (OBKSvc) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe O23 - Service: Update LemurLeap - LemurLeap - C:\Program Files\LemurLeap\updateLemurLeap.exe O23 - Service: Bitdefender Safepay Update Service (UPDATESRV_SAFEPAY) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe O23 - Service: Util LemurLeap - LemurLeap - C:\Program Files\LemurLeap\bin\utilLemurLeap.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe -- End of file - 12480 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GlaryInitialize.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default prefs.js - "browser.search.useDBForOrder" - "false" prefs.js - "browser.startup.homepage" - "http://www.symbaloo.com/" "belgiumeid@eid.belgium.be"=C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.8.800.168 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Windows\system32\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3] "Description"=DealPlyLive Update "Path"=C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9] "Description"=DealPlyLive Update "Path"=C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ belgiumeid@eid.belgium.be ffxtlbr@babylon.com C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\extensions\ 71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com ffxtlbr@delta.com firefox@lemurleap.info C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hkky9amf.default\searchplugins\ ask-search.xml Yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{415419c3-dad0-4df1-ac37-22c72ad81878}] LemurLeap - C:\Program Files\LemurLeap\LemurLeapbho.dll [2013-10-03 249632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-12 463272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-23 192592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] delta Helper Object - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll [2013-08-15 314264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-12 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-23 192592] {82E1477C-B154-48D3-9891-33D83C26BCD3} - Delta Toolbar - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll [2013-08-15 300952] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720] "UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] "RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-04-27 87336] "PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472] "BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-05-07 75048] "UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-12-03 218408] "UpdatePSTShortCut"=C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [2009-07-22 210216] "VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2011-03-25 64112] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 137752] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 171032] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 172568] "CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-01-24 1316248] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176] "PixelPlanet PdfPrinter-Monitor"=C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe [2011-11-04 2233912] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-05-31 152392] "obkagent"=C:\Program Files\Bitdefender\Bitdefender Safepay\obkagent.exe [2013-09-25 485488] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Dictionary .NET"=C:\Users\admin\AppData\Local\Temp\Temp1_DictionaryNet.zip\Dictionary.exe -c [] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background [] "Spotify Web Helper"=C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-10-04 1140736] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-08-24 39408] "WiFi Guard"=C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe /hide [] "SDP"=C:\Users\admin\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-01-31 201808] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-10-03 5706480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe -d 20000 [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Dropbox.lnk - C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-02-11 228864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "VIDC.VMnc"=vmnc.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-10-08 19:37:19 ----D---- C:\rsit 2013-10-06 21:58:04 ----D---- C:\Program Files\LemurLeap 2013-10-06 21:50:50 ----D---- C:\Program Files\Free YouTube Downloader 2013-10-06 21:49:42 ----D---- C:\Program Files\Delta 2013-10-06 21:49:38 ----D---- C:\ProgramData\BitGuard 2013-10-06 21:49:35 ----D---- C:\Users\admin\AppData\Roaming\BabSolution 2013-10-06 21:49:34 ----D---- C:\ProgramData\DSearchLink 2013-10-06 21:49:18 ----D---- C:\Users\admin\AppData\Roaming\Babylon 2013-10-06 21:49:18 ----D---- C:\ProgramData\Babylon 2013-10-06 19:22:04 ----D---- C:\Windows\ERUNT 2013-10-06 19:09:15 ----A---- C:\AdwCleaner[s3].txt 2013-10-06 19:08:50 ----A---- C:\AdwCleaner[R5].txt 2013-10-06 19:08:24 ----A---- C:\AdwCleaner[R4].txt 2013-10-06 19:03:37 ----D---- C:\Program Files\MyPC Backup 2013-10-06 19:02:44 ----D---- C:\ProgramData\DealPlyLive 2013-10-06 19:02:44 ----D---- C:\Program Files\DealPlyLive 2013-10-06 14:39:06 ----D---- C:\Program Files\Enigma Software Group 2013-10-06 14:37:29 ----D---- C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP 2013-10-06 14:37:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2013-10-05 19:35:12 ----D---- C:\Program Files\EuroSoft Software Development 2013-09-30 19:57:01 ----D---- C:\Users\admin\AppData\Roaming\QuotePad 2013-09-30 19:56:49 ----D---- C:\Program Files\QuotePad 2013-09-28 22:39:13 ----D---- C:\Users\admin\AppData\Roaming\vlc 2013-09-22 16:17:11 ----D---- C:\ProgramData\AskPartnerNetwork 2013-09-22 16:16:01 ----D---- C:\Program Files\FirstRowSportApp.com 2013-09-17 21:17:51 ----D---- C:\Program Files\Mozilla Firefox 2013-09-11 17:19:23 ----A---- C:\Windows\system32\jscript9.dll 2013-09-11 17:19:23 ----A---- C:\Windows\system32\jscript.dll 2013-09-11 17:19:22 ----A---- C:\Windows\system32\jsproxy.dll 2013-09-11 17:19:22 ----A---- C:\Windows\system32\iesetup.dll 2013-09-11 17:19:21 ----A---- C:\Windows\system32\msfeeds.dll 2013-09-11 17:19:21 ----A---- C:\Windows\system32\ieui.dll 2013-09-11 17:19:21 ----A---- C:\Windows\system32\ie4uinit.exe 2013-09-11 17:19:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-11 17:19:20 ----A---- C:\Windows\system32\iernonce.dll 2013-09-11 17:19:19 ----A---- C:\Windows\system32\urlmon.dll 2013-09-11 17:19:19 ----A---- C:\Windows\system32\iesysprep.dll 2013-09-11 17:19:18 ----A---- C:\Windows\system32\iertutil.dll 2013-09-11 17:19:17 ----A---- C:\Windows\system32\wininet.dll 2013-09-11 17:19:16 ----A---- C:\Windows\system32\ieframe.dll 2013-09-11 17:19:14 ----A---- C:\Windows\system32\mshtml.dll 2013-09-11 16:13:15 ----A---- C:\Windows\system32\shell32.dll 2013-09-11 16:13:13 ----A---- C:\Windows\system32\shdocvw.dll 2013-09-11 16:13:11 ----A---- C:\Windows\system32\drivers\ataport.sys 2013-09-11 16:13:10 ----A---- C:\Windows\system32\win32k.sys 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 16:13:09 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 16:13:09 ----A---- C:\Windows\system32\winsrv.dll 2013-09-11 16:13:09 ----A---- C:\Windows\system32\KernelBase.dll 2013-09-11 16:13:09 ----A---- C:\Windows\system32\kernel32.dll 2013-09-11 16:13:09 ----A---- C:\Windows\system32\conhost.exe 2013-09-11 16:13:08 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 16:13:08 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 16:13:08 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-09 22:06:27 ----D---- C:\ProgramData\BDLogging 2013-09-09 21:11:52 ----D---- C:\Users\admin\AppData\Roaming\QuickScan 2013-09-09 21:06:27 ----D---- C:\ProgramData\Bitdefender 2013-09-09 21:05:34 ----D---- C:\Program Files\Bitdefender 2013-09-09 21:05:34 ----A---- C:\Windows\system32\drivers\gzflt.sys 2013-09-09 20:59:27 ----D---- C:\Program Files\Common Files\Bitdefender ======List of files/folders modified in the last 1 month====== 2013-10-08 19:37:22 ----D---- C:\Program Files\Trend Micro 2013-10-08 19:36:49 ----D---- C:\Windows\Temp 2013-10-08 19:22:39 ----D---- C:\Users\admin\AppData\Roaming\Dropbox 2013-10-08 18:39:05 ----D---- C:\Windows\system32\drivers\etc 2013-10-08 18:12:07 ----D---- C:\Windows\system32\FxsTmp 2013-10-08 18:11:25 ----SHD---- C:\Windows\Installer 2013-10-08 18:11:25 ----SHD---- C:\Config.Msi 2013-10-08 18:11:24 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft 2013-10-08 18:00:19 ----D---- C:\Windows\system32\config 2013-10-08 17:39:06 ----D---- C:\ProgramData\VMware 2013-10-08 17:39:02 ----D---- C:\Windows\system32\Tasks 2013-10-07 14:59:41 ----RD---- C:\Program Files 2013-10-06 22:11:06 ----D---- C:\Windows\Prefetch 2013-10-06 21:54:46 ----AD---- C:\ProgramData\Temp 2013-10-06 21:50:53 ----HD---- C:\ProgramData 2013-10-06 19:22:42 ----D---- C:\Windows\Tasks 2013-10-06 19:22:04 ----D---- C:\Windows 2013-10-06 19:03:29 ----D---- C:\Windows\winsxs 2013-10-06 18:53:13 ----D---- C:\Windows\system32\wbem 2013-10-06 18:52:28 ----D---- C:\Program Files\SUPERAntiSpyware 2013-10-06 18:52:28 ----D---- C:\Program Files\Glary Utilities 2013-10-06 18:52:27 ----D---- C:\Windows\system32\DriverStore 2013-10-06 18:52:27 ----D---- C:\Windows\system32\catroot2 2013-10-06 18:52:27 ----D---- C:\Windows\System32 2013-10-06 18:52:27 ----D---- C:\Windows\registration 2013-10-06 18:52:27 ----D---- C:\Windows\inf 2013-10-06 18:52:27 ----D---- C:\Windows\AppCompat 2013-10-06 18:52:27 ----D---- C:\Users\admin\AppData\Roaming\Spotify 2013-10-06 18:52:27 ----D---- C:\Users\admin\AppData\Roaming\MusicBee 2013-10-06 18:52:27 ----D---- C:\Users\admin\AppData\Roaming\ATViewer 2013-10-06 18:26:09 ----SHD---- C:\System Volume Information 2013-10-06 18:13:26 ----D---- C:\Windows\system32\drivers 2013-10-06 16:59:30 ----D---- C:\Données EuroSoft Software Development 2013-10-06 14:37:28 ----D---- C:\Program Files\Common Files 2013-10-02 19:26:26 ----D---- C:\Windows\security 2013-09-23 18:11:10 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2013-09-18 17:01:24 ----D---- C:\Program Files\Mozilla Maintenance Service 2013-09-11 19:12:36 ----D---- C:\Windows\rescache 2013-09-11 18:00:46 ----D---- C:\Windows\Microsoft.NET 2013-09-11 18:00:17 ----RSD---- C:\Windows\assembly 2013-09-11 17:21:10 ----D---- C:\Program Files\Internet Explorer 2013-09-11 17:21:09 ----D---- C:\Windows\system32\nl-NL 2013-09-11 17:19:35 ----D---- C:\Windows\system32\catroot 2013-09-11 17:18:31 ----D---- C:\Windows\system32\MRT 2013-09-11 17:16:09 ----A---- C:\Windows\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2012-09-05 162848] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 211560] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [2011-07-12 67664] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/01/31 21:51:22]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [2009-05-07 87536] R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-03-25 32368] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392] R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2011-03-25 70768] R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2011-03-25 36400] R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2011-03-25 26352] R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2011-03-25 23792] R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2011-03-25 854256] R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 22448] R3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2011-06-29 37632] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600] R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver; C:\Windows\system32\DRIVERS\wg111v3.sys [2009-11-18 376832] R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840] R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2011-03-25 24688] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2011-03-25 16560] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 30312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272] S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-04-07 36608] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368] S3 RT2500USB;ASUS USB Wireless LAN Driver; C:\Windows\system32\DRIVERS\rt2500usb.sys [2004-08-13 140544] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008] R2 BitGuard;BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-09-23 2845664] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208] R2 OBKSvc;Safepay Service Agent; C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe [2013-09-25 343848] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760] R2 Update LemurLeap;Update LemurLeap; C:\Program Files\LemurLeap\updateLemurLeap.exe [2013-10-03 65312] R2 UPDATESRV_SAFEPAY;Bitdefender Safepay Update Service; C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe [2013-09-25 66784] R2 Util LemurLeap;Util LemurLeap; C:\Program Files\LemurLeap\bin\utilLemurLeap.exe [2013-10-07 65312] R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2011-03-25 113264] R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2011-03-25 334448] R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248] R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2011-03-25 404080] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 553288] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-07 136176] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-01-10 72704] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-23 257416] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-07 136176] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-17 118680] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-27 1343400] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] -----------------EOF-----------------
-
Beste, Sedert enkele dagen wanneer ik Firefox opstartte kreeg ik als startpagina QVO6. Met te klikken op de knop Startpagina kreeg ik wel de gewenste, te weten: Symbaloo. Ik heb veel moeite gehad om QVO6 te verwijderen, door het gebruik van ADW Cleaner en vooral Junkware Removal. Maar sedert dan slaat mijn pc op hol. Het gebeurt geregeld wanneer ik op een link klik (meestal rood gekleurd en dubbel onderstreept) krijg ik eerst een totaal aan andere site, die weghalen en ik beland op de gewenste. Mijn cursor op dergelijke link opent meestal een ongewenst tabblad van ****ografische aard of gerichte onderhoudstools Ik ontvang ook continu pop ups van allerlei soort. Het is storend!!!!! Kortom er is iets loos, maar wat? Ligt het bij mijn instellingen van Firefox? Zelfs op uw site heb ik met die problemen af te rekenen. U zal er wel een uitleg voor vinden, ik geef het op. dank bij voorbaat.
-
Beste, Sedert enkele dagen wanneer ik Firefox opstartte kreeg ik als startpagina QVO6. Met te klikken op de knop Startpagina kreeg ik wel de gewenste, te weten: Symbaloo. Ik heb veel moeite gehad om QVO6 te verwijderen, door het gebruik van ADW Cleaner en vooral Junkware Removal. Maar sedert dan slaat mijn pc op hol. Het gebeurt geregeld wanneer ik op een link klik (meestal rood gekleurd) krijg ik eerst een totaal aan andere site, die weghalen en ik beland op de gewenste. Mijn cursor op dergelijke link opent meestal een ongewenst tabblad van ****ografische aard of gerichte onderhoudstools Ik ontvang ook continu pop ups van allerlei soort. Het is storend!!!!! Kortom er is iets loos, maar wat? Ligt het bij mijn instellingen van Firefox? U zal er wel een uitleg voor vinden, ik geef het op. dank bij voorbaat.
-
Beste Bartjeuhh, Hierna de link die aangeeft welke de gevaren zijn bij de updates van Oracle. Dat is wat ik bedoelde! Oracle dicht vrachtlading veiligheidslekken Java | ZDNet.be Graag je mening en met vriendelijke groet. Loprakso
-
Hey Bartjeuhh, Mijn zin betreffende Firfox en Java is slecht geformuleerd. Ik bedoelde dat er lekken zijn in de update van Java en niet nodig is wanneer men Firefox gebruikt. Ik meen dit gelezen te hebben op ZDNet (al een tijdje terug). Fout dus of verkeerde interpretatie van mij. Wat Mediaget betreft: ik heb het vervelende venstertje kunnen wegwerken. Puur toeval. Ik moest in het configuratiescherm zijn en heb dit, zoals ik af en toe doen, volledig doorgenomen. Zo vond ik Mediaget en kon het programma met succes verwijderen. Weg was het venstertje. Hoe dan ook, een dikke merci voor al de uitleg die je gaf betreffende het werken met printscreen. Ik leerde veel bij. Met herhaalde dank. Loprakso.
