Ga naar inhoud

xAmberCeline

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    13

  • Registratiedatum

  • Laatst bezocht

xAmberCeline's prestaties

Groentje

Groentje (2/14)

  • Eerste post
  • Actief
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. xAmberCeline
    # AdwCleaner v3.020 - Report created 02/03/2014 at 19:10:01 # Updated 27/02/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Amber - AMBER-PC # Running from : C:\Users\Amber\Desktop\adwcleaner (1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v19.0.2 (nl) [ File : C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\prefs.js ] -\\ Google Chrome v33.0.1750.117 [ File : C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [19513 octets] - [21/02/2014 19:10:57] AdwCleaner[R1].txt - [8891 octets] - [21/02/2014 19:34:25] AdwCleaner[R2].txt - [1222 octets] - [02/03/2014 19:09:12] AdwCleaner[s0].txt - [19521 octets] - [21/02/2014 19:13:06] AdwCleaner[s1].txt - [6359 octets] - [21/02/2014 19:35:03] AdwCleaner[s2].txt - [1146 octets] - [02/03/2014 19:10:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1206 octets] ##########
  2. xAmberCeline
    Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware Databaseversie: v2014.02.27.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Amber :: AMBER-PC [administrator] 27-2-2014 21:28:00 mbam-log-2014-02-27 (21-28-00).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 225610 Verstreken tijd: 8 minuut/minuten, 20 seconde(n) Geheugenprocessen gedetecteerd: 2 C:\Program Files (x86)\wisen wizard\bin\utilwisenwizard.exe (PUP.Optional.Wisenwizard.A) -> 7076 -> Zal worden verwijderd tijdens het herstarten. C:\Program Files (x86)\wisen wizard\updatewisenwizard.exe (PUP.Optional.Wisenwizard.A) -> 6704 -> Zal worden verwijderd tijdens het herstarten. Geheugenmodulen gedetecteerd: 2 C:\Program Files (x86)\wisen wizard\bin\sqlite3.dll (PUP.Optional.Wisenwizard.A) -> Zal worden verwijderd tijdens het herstarten. C:\Program Files (x86)\wisen wizard\bin\wisenwizard.BrowserFilter.Helper.dll (PUP.Optional.Wisenwizard.A) -> Zal worden verwijderd tijdens het herstarten. Registersleutels gedetecteerd: 16 HKLM\SYSTEM\CurrentControlSet\Services\Util wisen wizard (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SYSTEM\CurrentControlSet\Services\Update wisen wizard (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{c875cdb6-93cc-4473-a54f-a75bf8162a2a} (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{655fb899-3345-4c6d-84da-e2925d4934bb} (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{6AB40169-4594-48AE-9767-95B6957590C7} (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C875CDB6-93CC-4473-A54F-A75BF8162A2A} (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{d7bbe586-f42a-454b-9794-776b57483a40} (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{fbcc351c-579a-4031-8c1d-4c69bce3806d} (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{3E2F502B-5548-4066-88E1-9A93214AD7D5} (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7BBE586-F42A-454B-9794-776B57483A40} (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\awesomehp uninstaller (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\Software\wisen wizard (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\MediaPlayerV1alpha3599 (PUP.Optional.MediaPlayerAlpha.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\Software\awesomehpSoftware (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\Software\wisen wizard (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 1 HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 6 C:\Users\Amber\AppData\Roaming\awesomehp (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\images (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard (PUP.Optional.Wisenwizard.A) -> Zal worden verwijderd tijdens het herstarten. C:\Program Files (x86)\wisen wizard\bin (PUP.Optional.Wisenwizard.A) -> Zal worden verwijderd tijdens het herstarten. C:\Program Files (x86)\wisen wizard\bin\plugins (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml (PUP.Optional.Lightning.A) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 36 C:\Program Files (x86)\wisen wizard\bin\utilwisenwizard.exe (PUP.Optional.Wisenwizard.A) -> Zal worden verwijderd tijdens het herstarten. C:\Program Files (x86)\wisen wizard\updatewisenwizard.exe (PUP.Optional.Wisenwizard.A) -> Zal worden verwijderd tijdens het herstarten. C:\Program Files (x86)\wisen wizard\wisenwizardBHO.dll (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Local\Temp\epom1_nationzoom_20131128171859.exe (PUP.Optional.SkyTech.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Local\Temp\UNT362E.exe (PUP.Optional.NextLive.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Local\Temp\fullpackage_temp1393007330\package1.zip (PUP.Optional.SkyTech.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Local\Temp\fullpackage_temp1393007330\QQBrowserFrame.dll (PUP.Optional.SkyTech.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Local\Temp\fullpackage_temp1393007330\tmp\desk365.exe (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Local\Temp\fullpackage_temp1393007330\tmp\SupTab.exe (PUP.Optional.SupTab.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\Local Settings\Temporary Internet Files\Content.IE5\76AOP285\Setup[1].exe (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\Local Settings\Temporary Internet Files\Content.IE5\YQX5Y68J\component_libcef_1.1364.1123[1].exe (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\28.json (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\uninstallDlg.xml (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\UninstallManager.exe (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\images\bg1.png (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\images\button1.png (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\images\checked.png (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\images\close.png (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\images\min.png (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\images\Thumbs.db (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Roaming\awesomehp\images\unchecked.png (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx (PUP.Optional.NewTab.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\searchplugins\awesomehp.xml (PUP.Optional.Awesomehp.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\wisenwizard.ico (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\0 (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\7za.exe (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\updatewisenwizard.InstallState (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\wisenwizardUninstall.exe (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\bin\sqlite3.dll (PUP.Optional.Wisenwizard.A) -> Zal worden verwijderd tijdens het herstarten. C:\Program Files (x86)\wisen wizard\bin\utilwisenwizard.InstallState (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\bin\wisenwizard.BrowserFilter.Helper.dll (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\bin\wisenwizard.BrowserFilter.Helper.dll.old.9af7328c-43f5-4b5a-b0d9-27e20c98b93c (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\bin\wisenwizardBrowserFilter.exe (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\bin\plugins\wisenwizard.BrowserFilterG.dll (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\bin\plugins\wisenwizard.FFUpdate.dll (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\wisen wizard\bin\plugins\wisenwizard.IEUpdate.dll (PUP.Optional.Wisenwizard.A) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)
  3. xAmberCeline
    jup..
  4. xAmberCeline
    # AdwCleaner v3.019 - Report created 21/02/2014 at 19:13:06 # Updated 17/02/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Amber - AMBER-PC # Running from : C:\Users\Amber\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\hotspot shield File Deleted : C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
  5. xAmberCeline
    Ze zijn er nog steeds..
  6. xAmberCeline
    Zoek.exe v5.0.0.0 Updated 19-February-2014 Tool run by Amber on wo 19-02-2014 at 17:20:45,41. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Amber\Desktop\zoek (2).exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2013-08-21-101935.log 3115 bytes C:\zoek-results2014-02-18-213122.log 448 bytes C:\zoek-results2014-02-18-220814.log 32303 bytes C:\zoek-results2014-02-18-223635.log 25750 bytes C:\zoek-results21-08-2013-0047.log 79770 bytes ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-3743767131-4259627012-2328854852-1000\Software\Microsoft\Windows\CurrentVersion\Run] "NextLive"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mobilegeni daemon"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NextLive"=- ==== Deleting Files \ Folders ====================== C:\Users\Amber\AppData\Roaming\newnext.me not found C:\Program Files (x86)\pdfforge Toolbar not found C:\Program Files (x86)\MediaPlayerV1 not found C:\Windows\SysNative\tasks\{B6A8BEDA-C9BB-471D-B937-A08C41B831F3} deleted "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\extensions\50464da83d617@50464da83d650.info.xpi" deleted "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi" deleted ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1873 folders=768 174435602 bytes) ==== EOF on wo 19-02-2014 at 17:29:08,31 ======================
  7. xAmberCeline
    duurde even maar hier is het Zoek.exe v5.0.0.0 Updated 17-February-2014 Tool run by Amber on di 18-02-2014 at 23:09:24,91. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Amber\Desktop\zoek (2).exe [scan all users] [script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2013-08-21-101935.log 3115 bytes C:\zoek-results2014-02-18-213122.log 448 bytes C:\zoek-results2014-02-18-220814.log 32303 bytes C:\zoek-results21-08-2013-0047.log 79770 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\MediaPlayerV1 not found C:\Program Files (x86)\Mobogenie not found C:\Users\Amber\AppData\Roaming\newnext.me not found ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Amber\AppData\Local\Temp ==== 2014-02-15 13:28:40 7B65302478FF97466D1DB1414002C8ED 966024 ----a-w- C:\Users\Amber\AppData\Local\Temp\Setup2.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-02-15 23:04:01 3D485254E43EF4E4F707346B5731EA9A 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-02-15 23:03:14 B8F28AAC003060E3B125D2447CFC19E2 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-02-15 23:03:14 B5B3334F177CED627C2D7FE38235B6B1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-02-15 23:03:14 85AC8EB265EDCAD86D651D45C5E3AB83 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-02-15 23:03:12 C9D1131E2163CE932DF3EAAF0EEA3673 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-02-15 23:03:12 7D6B20C69CC8EECB8F31D4FAF913BBE8 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-02-15 23:03:12 6A06EB11F1E5BDAA795DAE7838F9FE20 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-02-15 23:03:11 5DD49C02D059C1E6E47A8FB4A076C9B1 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-02-15 23:03:11 408805B8083896DC95E6340F4016BEBD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-02-15 23:03:11 260D6B421E5551E8BA75D16B5CA90D9A 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-15 23:03:11 0F739443669F3A48F1B2325995117BFE 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-02-15 23:03:11 0E7B7C9F483300F9FF97C6A1E4BC4F57 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-02-15 23:03:10 9C89246184979A070B0C6CCF61C68136 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-02-15 23:03:10 34CBED7698D557DDB43F8732FBC2ACB9 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-02-15 23:03:09 5D9DC6332A4FC66388B09BBE7CF53750 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-02-15 23:03:09 40E68599FE3A10F816217D3789FCE74E 1964032 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-02-15 23:03:08 79FA7D8B488F90EDE325963379A6F738 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-02-15 23:03:07 C863E5A2417DF0F2A31ED32C3B2CB23F 17103872 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-02-15 23:03:07 99280392987A1A96C756A9F38C4CE396 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-02-15 13:46:07 EA093130471090037BB70A4AF86FAD1B 420008 ----a-w- C:\Windows\SysWOW64\locale.nls 2014-02-15 13:46:05 E4561704CBFA193761743E5AF746C669 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-02-15 13:46:05 17B06F23237FCD731FA2E10ECD6EDFE1 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-02-15 13:45:55 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 ----a-w- C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-15 13:45:55 6142C5540C8D2764D59CBC11AF4A5900 572416 ----a-w- C:\Windows\SysWOW64\RMActivate.exe 2014-02-15 13:45:55 0F5FEF37588AF457E02125674F171A4F 508928 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-15 13:45:54 BBCE3E9E74C7CEA47FA4115B360AC2C6 423936 ----a-w- C:\Windows\SysWOW64\secproc_isv.dll 2014-02-15 13:45:54 9158DBE2F8483434FC72F320690C9DB8 87040 ----a-w- C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-15 13:45:54 7FA485555BF802FE3DB5598004DBDFAC 390144 ----a-w- C:\Windows\SysWOW64\msdrm.dll 2014-02-15 13:45:54 58712A48D31B40EBCB35B47205F87771 87040 ----a-w- C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-15 13:45:54 12A9F24DC9F465DA79AC2272D829A81E 428032 ----a-w- C:\Windows\SysWOW64\secproc.dll 2014-02-15 13:45:54 08D323750350A8A29611D1004C0CF319 510976 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-15 13:45:49 D96106CF60505734B14F6AE80AAA4B07 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll 2014-02-15 13:45:49 14800BD31701A5047AC3145BB1E698AE 3419136 ----a-w- C:\Windows\SysWOW64\d2d1.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-02-15 23:04:01 F67C7D80745379DC4C5332EFFE5AC696 548864 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-02-15 23:03:14 94C59DD02BC7EA0E421055B9946CA861 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-02-15 23:03:14 63B5E990896BA81D604032A48CC80A5C 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-02-15 23:03:14 1D1D7F52EC84294859642A4309FE648E 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-02-15 23:03:13 FD08F8BA2437A85F500EFFE3FD3158A6 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-02-15 23:03:13 E77092C38028EB0A5C461B3436E0A6D5 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-02-15 23:03:13 27516B54E116D5EF8B0129B5C829A87C 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-02-15 23:03:12 CDE728C8FB1D6E132CED44835FA44C87 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-02-15 23:03:12 99ED8FBAFD325550D07A32664D9E3CC8 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-02-15 23:03:11 FCFAEDF0AA1A78A1875FDB798598408B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-02-15 23:03:11 E129D34089E70215B65EA611F802FA9A 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-02-15 23:03:11 D016F5092E4FFC41147E8555A71D2DDE 23170048 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-02-15 23:03:11 C1E2C16D58D76323800C3EE5E2C5095A 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-02-15 23:03:11 3906C9640406FC0FC00A324947C74893 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-02-15 23:03:11 338415F2E9A188875B6E43B5269620B0 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-02-15 23:03:10 F348B2D0983C91392632B4291C517AA4 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-02-15 23:03:10 6300AD525D639CECBB3D144B6D7B30F9 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-02-15 23:03:09 83296DE8CFFEADA636DCC1AB2E3BF643 2041856 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-02-15 23:03:09 263B6E451526A90FF8B1CEC759F22956 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-02-15 23:03:09 22874047B810B5B174C68ACD7C0B6510 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-02-15 23:03:08 DB02F4D37E5F7F07A0D0F9FAA68249EE 13051392 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-02-15 23:03:07 5922EEA922D3AD686342F866CAEE851F 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-02-15 13:46:07 EA093130471090037BB70A4AF86FAD1B 420008 ----a-w- C:\Windows\Sysnative\locale.nls 2014-02-15 13:46:05 CD2C20CC3B385A32701F78C0ACBBE9F3 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-02-15 13:46:05 0D298133C359AB8CB9EB4FA178BF3947 1882112 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-02-15 13:45:55 297926B15AE5390409F1007EB28A8EFB 552960 ----a-w- C:\Windows\Sysnative\RMActivate_ssp_isv.exe 2014-02-15 13:45:55 1B3741488AA7E237961A29D1E7A44C0A 626176 ----a-w- C:\Windows\Sysnative\RMActivate.exe 2014-02-15 13:45:55 17CF3B3F68272BD40C878D4DBAB0EBC9 658432 ----a-w- C:\Windows\Sysnative\RMActivate_isv.exe 2014-02-15 13:45:55 03F8F411F118CFDA508E77C747BB05EA 553984 ----a-w- C:\Windows\Sysnative\RMActivate_ssp.exe 2014-02-15 13:45:54 DC6DD779F35BB42E2E76FDFEC565C251 123392 ----a-w- C:\Windows\Sysnative\secproc_ssp_isv.dll 2014-02-15 13:45:54 C6AC2C91541D24F9E236A670C0CA793D 528384 ----a-w- C:\Windows\Sysnative\msdrm.dll 2014-02-15 13:45:54 B41B1FEDEBBD955B4E25676B42087885 123392 ----a-w- C:\Windows\Sysnative\secproc_ssp.dll 2014-02-15 13:45:54 5693212AB2EBCACBBE05EC3A642113E2 485888 ----a-w- C:\Windows\Sysnative\secproc_isv.dll 2014-02-15 13:45:54 399FC1B75790EE606A6FD9F2FB4C891C 488448 ----a-w- C:\Windows\Sysnative\secproc.dll 2014-02-15 13:45:49 E8710B5DDA963E6BA198DF5FB209E72A 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll 2014-02-15 13:45:49 C676E5EA388AF7C4C031F56F9B42E362 3928064 ----a-w- C:\Windows\Sysnative\d2d1.dll ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2014-01-27 17:43:54 -------- d-----w- C:\PROGRA~2\CMA ======= C: ===== ====== C:\Users\Amber\AppData\Roaming ====== 2014-02-18 22:08:14 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-02-18 22:08:14 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-02-18 22:08:14 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-02-18 22:08:14 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-01-27 17:49:14 -------- d-----w- C:\Users\Amber\AppData\Roaming\CMA ====== C:\Users\Amber ====== 2014-02-16 23:09:48 A9616305B6905441B21E9AF7D1B86251 1749594592 ----a-w- C:\Users\Amber\Desktop\TS3_1.67.2.0240xx_update (1).exe 2014-02-16 16:54:06 A9616305B6905441B21E9AF7D1B86251 1749594592 ----a-w- C:\Users\Amber\Downloads\TS3_1.67.2.0240xx_update (1).exe 2014-02-15 13:29:08 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2014-01-27 17:44:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMA Coach 6 Home 2014-01-27 17:44:49 -------- d-----w- C:\ProgramData\CMA ====== C: exe-files == 2014-02-16 23:09:48 A9616305B6905441B21E9AF7D1B86251 1749594592 ----a-w- C:\Documents and Settings\Amber\Desktop\TS3_1.67.2.0240xx_update (1).exe 2014-02-16 16:54:06 A9616305B6905441B21E9AF7D1B86251 1749594592 ----a-w- C:\Documents and Settings\Amber\Downloads\TS3_1.67.2.0240xx_update (1).exe 2014-02-16 15:54:50 AFB658C610221691E13C752ABF53BD47 188488196 ------w- C:\Documents and Settings\All Users\EA Core\cache\Temp1954\{ CP_Guest_6484(4)_ver2 }\Sims3_1.67.2.024017_from_1.66.2.024017.exe 2014-02-16 15:54:23 04532B59DBE91F9A831733BAFB3C1023 14510400 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\TS3W.exe 2014-02-16 15:53:44 02410231B82BF13FA5619EFB5235FC5F 12272912 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3 Buitenleven Accessoires\Game\Bin\TS3SP03.exe 2014-02-16 15:51:41 14850C3600129CBD809D4A4F9D02102D 30016 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\TS3.exe 2014-02-16 15:44:12 AFB658C610221691E13C752ABF53BD47 188488196 ------w- C:\Documents and Settings\All Users\EA Core\cache\TempB20\{ CP_Guest_2848(2)_ver2 }\Sims3_1.67.2.024017_from_1.66.2.024017.exe 2014-02-15 23:03:12 AFAB9B381886ABE3490689B7633A858F 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-02-15 23:03:09 C6E1178294BDEAB1CACF50427688DF05 806104 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-02-15 13:28:40 7B65302478FF97466D1DB1414002C8ED 966024 ----a-w- C:\Documents and Settings\Amber\AppData\Local\Temp\Setup2.exe === C: other files == 2014-02-18 22:08:50 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Users\Amber\AppData\Local\Temp\scoped_dir_5108_10003\youtube.crx 2014-02-18 22:08:50 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Documents and Settings\Amber\AppData\Local\Temp\scoped_dir_5108_10003\youtube.crx 2014-02-18 22:08:50 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Users\Amber\AppData\Local\Temp\scoped_dir_5108_17501\search.crx 2014-02-18 22:08:50 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Documents and Settings\Amber\AppData\Local\Temp\scoped_dir_5108_17501\search.crx 2014-02-18 22:08:50 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Users\Amber\AppData\Local\Temp\scoped_dir_5108_23049\drive.crx 2014-02-18 22:08:50 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Documents and Settings\Amber\AppData\Local\Temp\scoped_dir_5108_23049\drive.crx 2014-02-18 22:08:50 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Users\Amber\AppData\Local\Temp\scoped_dir_5108_9688\gmail.crx 2014-02-18 22:08:50 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Documents and Settings\Amber\AppData\Local\Temp\scoped_dir_5108_9688\gmail.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3743767131-4259627012-2328854852-1000\Software\Microsoft\Windows\CurrentVersion\Run] "EA Core"="C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent" "AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" "HyvesDesktop.exe"="C:\Program Files (x86)\Hyves Desktop\bin\HyvesDesktop.exe" "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Spotify Web Helper"="C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Amber\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "NextLive"="C:\Windows\SysWOW64\rundll32.exe C:\Users\Amber\AppData\Roaming\newnext.me\nengine.dll,EntryPoint -m l" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k" "Hotkey Utility"="C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" "EgisTecLiveUpdate"="C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED" "ArcadeDeluxeAgent"="C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "PlayMovie"="C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" "AirPort Base Station Agent"="C:\Program Files (x86)\AirPort\APAgent.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "FrameManager"="C:\Program Files (x86)\Samsung\FrameManager\FrameManager.exe" "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "mobilegeni daemon"="C:\Program Files (x86)\Mobogenie\DaemonProcess.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EA Core"="C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent" "AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" "HyvesDesktop.exe"="C:\Program Files (x86)\Hyves Desktop\bin\HyvesDesktop.exe" "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Spotify Web Helper"="C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Amber\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "NextLive"="C:\Windows\SysWOW64\rundll32.exe C:\Users\Amber\AppData\Roaming\newnext.me\nengine.dll,EntryPoint -m l" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" "mwlDaemon"="C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" ==== Startup Folders ====================== 2011-12-29 12:09:12 1241 ----a-w- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk 2013-11-17 11:56:24 1935 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk 2011-03-26 11:15:38 1786 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04-02-2014 22:21] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2010 19:59] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2010 19:59] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Amber-PC-Amber" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\McQcModifier-5c47-a7b0" [C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\{B6A8BEDA-C9BB-471D-B937-A08C41B831F3}" [C:\Program Files (x86)\Ares\Ares.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default - Undetermined - C:\Program Files (x86)\pdfforge Toolbar\FF - Undetermined - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3599\ff - Undetermined - %ProfilePath%\extensions\50464da83d617@50464da83d650.info.xpi - DivX Web Player - %ProfilePath%\extensions\DivXWebPlayer@divx.com.xpi - DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.400.43 B6A800D881A0176C544988870861E798 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 7A75CCAA7E3CE0B14F7428F1731CF4C9 - C:\Windows\SysWOW64\Npindeo.dll - Intel Indeo® video 5.1 PD Plug-In 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== Google Docs - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Media Player - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdijclkgpcbdhlfmmhfnnpicdgfigao Gmail - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdijclkgpcbdhlfmmhfnnpicdgfigao deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlNL393NL393" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} Private Search Url="http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Amber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Amber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Amber\AppData\Local\Mozilla\Firefox\Profiles\gr5y5lwn.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1870 folders=768 174390749 bytes) ==== Empty Temp Folders ====================== C:\Users\Amber\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Amber\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 18-02-2014 at 23:36:35,83 ======================
  8. xAmberCeline
    Sinds een dag ofzo heb ik overal op internet reclame en ads. Ook als ik ergens op klik krijg ik allemaal pop ups. Hier mijn log van HiJackthis: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 21:27:11, on 18-2-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16518) FIREFOX: 19.0.2 (nl) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Amber\AppData\Roaming\Spotify\spotify.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Thomson\TG122n\WlanCU.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Samsung\FrameManager\FrameManager.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Amber\Desktop\HijackThis (1).exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll O2 - BHO: MediaPlayerV1alpha3599 - {1154e6df-b671-4ef5-857b-439a300552e7} - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3599\ie\MediaPlayerV1alpha3599.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [FrameManager] C:\Program Files (x86)\Samsung\FrameManager\FrameManager.exe O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [HyvesDesktop.exe] C:\Program Files (x86)\Hyves Desktop\bin\HyvesDesktop.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\Amber\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Amber\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\Thomson\TG122n\WlanCU.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.126.247.201/activex/AMC.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FrameManager Service - Samsung India Software Center - C:\Program Files (x86)\Samsung\FrameManager\sam_service.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing) O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\Thomson\TG122n\WlanWpsSvc.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 18633 bytes Alvast bedankt voor het kijken!
  9. xAmberCeline
    Zoek.exe Version 4.0.0.4 Updated 19-08-2013 Tool run by Amber on wo 21-08-2013 at 12:11:51,42. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Amber\Desktop\zoek.exe [script inserted] ==== Older Logs ====================== C:\zoek-results21-08-2013-0047.log 79770 bytes ==== Deleting Files \ Folders ====================== "C:\Users\Amber\AppData\Local\Temp\YontooLayers.crx" not found "C:\Program Files (x86)\pdfforge Toolbar\FF" not found "C:\Users\Amber\AppData\Roaming\BabylonToolbar" not found "C:\Users\Amber\AppData\Local\Wajam" not found "C:\Program Files (x86)\1ClickDownload" not found "C:\Users\Amber\Downloads\mbam-setup-1.75.0.1300.exe" deleted "C:\Users\Amber\Downloads\ccsetup404.exe" deleted "C:\Users\Amber\Downloads\avast_free_antivirus_setup.exe" deleted "C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk" deleted "C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk" deleted "C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk" deleted "C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk" deleted "C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk" deleted "C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk" deleted "C:\Windows\Installer\60676.msi" deleted "C:\Windows\Installer\71693.msi" deleted "C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx[15-08-2013 21:48] AVG Secure Search - Amber - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120771FF deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120623FF deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217017FF} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216032FF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120771FF deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120623FF deleted successfully ==== EOF on wo 21-08-2013 at 12:19:35,64 ======================
  10. xAmberCeline
    Zoek.exe Version 4.0.0.4 Updated 19-08-2013 Tool run by Amber on wo 21-08-2013 at 0:31:41,39. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Amber\Desktop\zoek.exe [script inserted] [Checkboxes used] ==== System Restore Info ====================== 21-8-2013 0:33:00 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3743767131-4259627012-2328854852-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3743767131-4259627012-2328854852-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-3743767131-4259627012-2328854852-1000\Software\Microsoft\Internet Explorer\SearchScopes\{51F284B9-F243-43E2-9F2E-1A9595CB08C2} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) Acer Arcade Deluxe Acer Backup Manager Acer eRecovery Management Acer GameZone Console Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Community Help Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe Media Player Adobe PDF Library Files Adobe Photoshop Adobe Photoshop CS3 Adobe Reader 9.5.5 MUI Adobe Setup Adobe Shockwave Player 11.6 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Advertising Center AirPort Albelli Fotoboeken Alice Greenfingers Amazonia Apple Application Support Apple Mobile Device Support Apple Software Update Ares 2.1.6 ArtRage 2 ASIO4ALL AVG 2013 AVG Security Toolbar AviSynth 2.5 AXIS Media Control Embedded Babylon toolbar on IE BabylonObjectInstaller Backup Manager Advance BitTorrent Bonjour-afdrukservices Bonjour BrowseToSave 1.74 Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG5200 series MP Drivers Canon MP Navigator EX 4.0 Canon My Printer Canon Solution Menu EX CD-LabelPrint Chicken Invaders 2 Compatibiliteitspakket voor het 2007 Microsoft Office system Corel PaintShop Pro X4 D3DX10 DAEMON Tools Lite Dairy Dash dcmsvc 1.0 Dream Day First Home DreamBoxEdit -- The one and only settings editor for your Dreambox eSobi v2 Farm Frenzy 2 First Class Flurry FrameManager Gebruikersregistratie voor Canon MG5200 series Google Chrome Google Toolbar for Internet Explorer Google Update Helper Granny In Paradise Heroes of Hellas HiJackThis Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Hotkey Utility ICA iCloud Identity Card ImagXpress inSSIDer Intel® Management Engine Components Intel© Matrix Storage Manager IPM_PSP_COM iTunes Jasc Paint Shop Pro 8 Java 7 Update 17 Java Auto Updater Java 6 Update 32 Junk Mail filter update K-Lite Codec Pack 6.3.0 (Full) Malwarebytes Anti-Malware versie 1.75.0.1300 Merriam Websters Spell Jam Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Language Pack 2007 - Dutch/Nederlands Microsoft Office O MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (Dutch) Microsoft Office Professional Plus 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) Microsoft Office SharePoint Designer MUI (Dutch) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (Dutch) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office X MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft WSE 3.0 Runtime Microsoft XML Parser Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Mozilla Firefox 19.0.2 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT Redists MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyFreeCodec MyWinLocker Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml NewBlue Art Effects for Windows NewBlue Film Effects for Windows NewBlue Motion Blends for Windows NewBlue Stabilizer for Windows Norton Online Backup NVIDIA Display Control Panel NVIDIA Drivers NVIDIA HD Audio-stuurprogramma 1.3.18.0 NVIDIA Install Application NVIDIA PhysX Origin PC Connectivity Solution PDF Settings pdfforge Toolbar v7.4 Pen Tablet PG Music DirectX Plugins 1.3.3.1 PhotoFiltre Studio X PowerISO PSPPContent PSPPHelp PSPPro64 PVSonyDll QuickTime Realtek High Definition Audio Driver Safari Samsung Kies Samsung Mobile phone USB driver Drive Software Samsung New PC Studio Samsung Story Album Viewer SAMSUNG USB Driver for Mobile Phones SamsungConnectivityCableDriver Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663) Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) SkypeT 6.6 SpiceMASTER 2.5 PRO for Vegas Spotify Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Teach2000 versie 8.52 TeamViewer 8 Text-To-Speech-Runtime Thomson TG122n USB Wireless Adapter TweetDeck Ubisoft Game Launcher Uninstall 1.0.0.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Vegas Pro 9.0 (64-bit) Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Warner Bros. Digital Copy Manager Welcome Center Windows-stuurprogrammapakket - Nokia pccsmcfd (10/12/2007 6.85.4.0) Windows Driver Package - Realtek Semiconductor Corp. (RTL8192su) Net (08/15/2009 1085.7.0815.2009) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver Yontoo 1.10.02 ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\application updater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\application updater deleted successfully ==== FireFox Fix ====================== Deleted from C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\prefs.js: user_pref("browser.startup.homepage", "http://www.qvo6.com/?utm_source=b&utm_medium=adks&from=adks&uid=WDCXWD10EADS-22M2B0_WD-WCAV5687592875928&ts=1376156700"); user_pref("browser.newtab.url", "http://search.babylon.com/?affID=109217&tt=010712_7&babsrc=NT_ss&mntrId=20af69720000000000000018e7878c4f"); user_pref("browser.search.defaultenginename", "qvo6"); user_pref("browser.search.selectedEngine", "qvo6"); user_pref("browser.search.order.1", "qvo6"); user_pref("keyword.URL", "http://isearch.avg.com/search?cid={F6DC172C-096A-4147-BE47-8AE67068C378}&mid=7d154baed47147d6833741b2e0ad3bf7-46af060cd51e1cb236098abaf4c65c539dfc0321〈=nl&ds=AVG&pr=fr&d=2012-10-03 19:50:24&pid=avg&sg=0&v=15.2.0.5&sap=ku&q="); user_pref("browser.search.suggest.enabled", false); user_pref("browser.search.useDBForOrder", true); Added to C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default ---- Lines epnxasadclvt@am-mdsd.net removed from prefs.js ---- ---- Lines epnxasadclvt@am-mdsd.net modified from prefs.js ---- ---- Lines epnxasadclvt@am-mdsd.net removed from user.js ---- ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109217&tt=010712_7"); user_pref("extensions.BabylonToolbar_i.hardId", "20af69720000000000000018e7878c4f"); user_pref("extensions.BabylonToolbar_i.id", "20af69720000000000000018e7878c4f"); user_pref("extensions.BabylonToolbar_i.instlDay", "15524"); user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); user_pref("extensions.BabylonToolbar_i.newTab", true); user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=109217&tt=010712_7&babsrc=NT_ss&mntrId=20af69720000000000000018e7878c4f"); user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:20:28"); ---- Lines BabylonToolbar modified from prefs.js ---- ---- Lines BabylonToolbar removed from user.js ---- user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109217&tt=010712_7"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.id", "20af69720000000000000018e7878c4f"); user_pref("extensions.BabylonToolbar_i.hardId", "20af69720000000000000018e7878c4f"); user_pref("extensions.BabylonToolbar_i.instlDay", "15524"); user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:20:28"); user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); ---- Lines qvo6 removed from prefs.js ---- ---- Lines qvo6 modified from prefs.js ---- ---- Lines qvo6 removed from user.js ---- ---- Lines qvo6.com removed from prefs.js ---- ---- Lines qvo6.com modified from prefs.js ---- ---- Lines qvo6.com removed from user.js ---- ---- Lines ClickPotato removed from prefs.js ---- ---- Lines ClickPotato modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"ClickPotatoLite@ClickPotatoLite.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\ClickPotatoLite\\\\bin\\\\10.0.622.0\\\\firefox\\\\extensions\",\"mtime\":1290454410008},\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\14.2.0.1\",\"mtime\":1361208551797}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1362772196703}}},{\"name\":\"app-profile\",\"addons\":{\"50464da83d617@50464da83d650.info\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\50464da83d617@50464da83d650.info.xpi\",\"mtime\":1346784736345},\"5113cf2259ed0@5113cf2259f0b.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\5113cf2259ed0@5113cf2259f0b.com.xpi\",\"mtime\":1360251140322},\"DivXWebPlayer@divx.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\DivXWebPlayer@divx.com.xpi\",\"mtime\":1346784179980},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\",\"mtime\":1359805593840},\"pdfforge@mybrowserbar.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\pdfforge Toolbar\\\\FF\",\"mtime\":1362672074692},\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\plugin@yontoo.com.xpi\",\"mtime\":1361568082646},\"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi\",\"mtime\":1355261771320}}}]"); ---- Lines ClickPotato removed from user.js ---- ---- Lines y2layers removed from prefs.js ---- user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube"); user_pref("extentions.y2layers.installId", "c6ad2d1a-6da2-459c-af66-a46aece82f40"); ---- Lines y2layers modified from prefs.js ---- ---- Lines y2layers removed from user.js ---- user_pref("extentions.y2layers.installId", "c6ad2d1a-6da2-459c-af66-a46aece82f40"); user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube"); ---- Lines yontoo removed from prefs.js ---- ---- Lines yontoo modified from prefs.js ---- user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9,plugin%40yontoo.com:1.20.02,pdfforge%40mybrowserbar.com:7.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"disabledLite@disabledLite.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\disabledLite\\\\bin\\\\10.0.622.0\\\\firefox\\\\extensions\",\"mtime\":1290454410008},\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\14.2.0.1\",\"mtime\":1361208551797}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1362772196703}}},{\"name\":\"app-profile\",\"addons\":{\"50464da83d617@50464da83d650.info\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\50464da83d617@50464da83d650.info.xpi\",\"mtime\":1346784736345},\"5113cf2259ed0@5113cf2259f0b.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\5113cf2259ed0@5113cf2259f0b.com.xpi\",\"mtime\":1360251140322},\"DivXWebPlayer@divx.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\DivXWebPlayer@divx.com.xpi\",\"mtime\":1346784179980},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\",\"mtime\":1359805593840},\"pdfforge@mybrowserbar.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\pdfforge Toolbar\\\\FF\",\"mtime\":1362672074692},\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\plugin@yontoo.com.xpi\",\"mtime\":1361568082646},\"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi\",\"mtime\":1355261771320}}}]"); ---- Lines yontoo removed from user.js ---- ---- Lines F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB removed from prefs.js ---- ---- Lines F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB modified from prefs.js ---- ---- Lines F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB removed from user.js ---- ---- Lines Downloader.com removed from prefs.js ---- ---- Lines Downloader.com modified from prefs.js ---- ---- Lines Downloader.com removed from user.js ---- ---- Lines ilivid removed from prefs.js ---- ---- Lines ilivid modified from prefs.js ---- ---- Lines ilivid removed from user.js ---- ---- Lines mybrowserbar removed from prefs.js ---- ---- Lines mybrowserbar modified from prefs.js ---- user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9,plugin%40disabled.com:1.20.02,pdfforge%40mybrowserbar.com:7.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"disabledLite@disabledLite.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\disabledLite\\\\bin\\\\10.0.622.0\\\\firefox\\\\extensions\",\"mtime\":1290454410008},\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\14.2.0.1\",\"mtime\":1361208551797}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1362772196703}}},{\"name\":\"app-profile\",\"addons\":{\"50464da83d617@50464da83d650.info\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\50464da83d617@50464da83d650.info.xpi\",\"mtime\":1346784736345},\"5113cf2259ed0@5113cf2259f0b.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\5113cf2259ed0@5113cf2259f0b.com.xpi\",\"mtime\":1360251140322},\"DivXWebPlayer@divx.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\DivXWebPlayer@divx.com.xpi\",\"mtime\":1346784179980},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\",\"mtime\":1359805593840},\"pdfforge@mybrowserbar.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\pdfforge Toolbar\\\\FF\",\"mtime\":1362672074692},\"plugin@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\plugin@disabled.com.xpi\",\"mtime\":1361568082646},\"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi\",\"mtime\":1355261771320}}}]"); ---- Lines mybrowserbar removed from user.js ---- ---- Lines OneClickDownload removed from prefs.js ---- user_pref("extensions.bootstrappedAddons", "{\"OneClickDownload@OneClickDownload.com\":{\"version\":\"1.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\"},\"5113cf2259ed0@5113cf2259f0b.com\":{\"version\":\"3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\5113cf2259ed0@5113cf2259f0b.com.xpi\"}}"); user_pref("extensions.OneClickDownload.filter", "1,2"); user_pref("extensions.OneClickDownload.lastUpdate", "{\"hours\":18,\"min\":7}"); ---- Lines OneClickDownload modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"disabledLite@disabledLite.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\disabledLite\\\\bin\\\\10.0.622.0\\\\firefox\\\\extensions\",\"mtime\":1290454410008},\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\14.2.0.1\",\"mtime\":1361208551797}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1362772196703}}},{\"name\":\"app-profile\",\"addons\":{\"50464da83d617@50464da83d650.info\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\50464da83d617@50464da83d650.info.xpi\",\"mtime\":1346784736345},\"5113cf2259ed0@5113cf2259f0b.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\5113cf2259ed0@5113cf2259f0b.com.xpi\",\"mtime\":1360251140322},\"DivXWebPlayer@divx.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\DivXWebPlayer@divx.com.xpi\",\"mtime\":1346784179980},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\",\"mtime\":1359805593840},\"pdfforge@disabled.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\pdfforge Toolbar\\\\FF\",\"mtime\":1362672074692},\"plugin@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\plugin@disabled.com.xpi\",\"mtime\":1361568082646},\"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\":{\"descriptor\":\"C:\\\\Users\\\\Amber\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\gr5y5lwn.default\\\\extensions\\\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi\",\"mtime\":1355261771320}}}]"); ---- Lines OneClickDownload removed from user.js ---- ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- Lines browser.startup.page modified from prefs.js ---- ---- Lines browser.startup.page removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_21-08-2013_0037_.backup prefs_21-08-2013_0037_.backup ==== Deleting Files \ Folders ====================== "C:\user.js" deleted "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\extensions\plugin@yontoo.com.xpi" deleted "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\extensions\pdfforge@mybrowserbar.com" deleted "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\extensions\OneClickDownload@OneClickDownload.com.xpi" deleted "C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml" deleted "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml" deleted "C:\Users\Public\dcmsvcsetup.exe" deleted "C:\Users\Public\invokesi.exe" deleted "C:\Windows\WININIT.INI" deleted "C:\windows\SysNative\tasks\Desk 365 RunAsStdUser" deleted "C:\user.js" deleted "C:\Windows\Syswow64\SETBEBE.tmp" deleted "C:\Windows\Syswow64\SETE928.tmp" deleted "C:\Windows\Syswow64\SETED7B.tmp" deleted "C:\Windows\Syswow64\_r_a_p_.tmp" deleted "C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml" deleted "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\extensions\plugin@yontoo.com.xpi" deleted "C:\ProgramData\Borowwsae2save" deleted "C:\Program Files (x86)\Application Updater" deleted "C:\Program Files (x86)\pdfforge Toolbar" deleted "C:\Program Files (x86)\BrowseToSave" deleted "C:\Program Files (x86)\BabylonToolbar" deleted "C:\Program Files (x86)\Common Files\337" deleted "C:\Program Files (x86)\1ClickDownload" deleted "C:\Program Files (x86)\Yontoo" deleted "C:\Program Files (x86)\Hotspot Shield" deleted "C:\Program Files (x86)\Common Files\Spigot" deleted "C:\Users\Amber\AppData\Roaming\eIntaller" deleted "C:\Users\Amber\AppData\Roaming\BabylonToolbar" deleted "C:\Users\Amber\AppData\Roaming\NCdownloader" deleted "C:\ProgramData\eSafe" deleted "C:\ProgramData\Partner" deleted "C:\ProgramData\SoftSafe" deleted "C:\ProgramData\InstallMate" deleted "C:\ProgramData\Babylon" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Borowwsae2save" deleted "C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam" deleted "C:\Users\Amber\AppData\Local\Wajam" deleted "C:\Users\Amber\AppData\Local\PackageAware" deleted "C:\Users\Amber\AppData\LocalLow\Borowwsae2save" deleted "C:\Users\Amber\AppData\LocalLow\BabylonToolbar" deleted "C:\Users\Amber\AppData\LocalLow\Search Settings" deleted "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\jetpack" deleted "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\extensions\staged" deleted "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB}" deleted "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\extensions\OneClickDownload@OneClickDownload.com" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Amber\AppData\Local\Temp ==== 2013-08-18 21:57:41 1D7454E6375441BBE3B1F97A8FC76737 6874752 ----a-w- C:\Users\Amber\AppData\Local\Temp\97B4499A-32BB-4821-BFD0-32BFE848368B.exe 2013-08-18 18:41:08 1F953D02B760DF4746C569B12E753DE8 73728 ----a-w- C:\Users\Amber\AppData\Local\Temp\The Sims 2_uninst.exe 2013-08-18 18:34:09 EF70BDCC7EC2262BECF0C834C9B9030B 879688 ----a-w- C:\Users\Amber\AppData\Local\Temp\EAInstall.dll 2013-08-18 18:34:09 0B57F8A086DCA012AA18BB94E75ADBC9 109640 ----a-w- C:\Users\Amber\AppData\Local\Temp\GameuxInstallHelper.dll 2013-08-18 17:58:21 2398BDE16036065100331B0761AAFBAB 352256 ----a-w- C:\Users\Amber\AppData\Local\Temp\eauninstall.exe 2013-08-15 19:48:17 A465ED11EF35D7CFF178CE0B97A889B4 9216 ----a-w- C:\Users\Amber\AppData\Local\Temp\12fxq42g.dll 2013-08-10 16:40:12 8897DA73D4C9038CD2AE37B86959CEE8 31945832 ----a-w- C:\Users\Amber\AppData\Local\Temp\SkypeSetup.exe ====== C:\Windows\SysWOW64 ===== 2013-08-18 18:06:35 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\SysWOW64\config.nt 2013-08-15 20:26:17 A484F9DB744849C0B32DD1CE73A94F62 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 20:26:16 C9BFFA62DFBF0317AECE707B39C4BF25 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-08-15 20:26:15 D0E0086BA353C379DCFE8624E8B8F17A 2048512 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-08-15 20:26:15 BC90EED56A5C77168A8D6F0C4221D7CB 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 20:26:15 AF6A6C16ACAD816B48714AE7A4082D89 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-08-15 20:26:15 8A5BD908D421BEE82941EF8ABD8B4F09 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-08-15 20:26:15 37730C04B543536D971B3F157415EFF5 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 20:26:14 45C118A1E03182365CB568F99B81A473 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 20:26:13 AC8C3591D536D1CCB62EDCBEA88140B3 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-08-15 20:26:13 1C83426A51AD83B5E788B6CF143B48D8 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-08-15 20:26:12 059FC59F97A6220C46A612A9470A00B3 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-08-15 20:26:11 DAA3903F06116AE9EE7AC1D1B93684A4 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-08-15 20:26:11 49EB7DE3A1CCCE9D0873DE9114810113 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 20:26:10 E9BCB6728DD04412BF87F03DB00DE1CF 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-08-15 20:26:06 E631B408882F8320739F6E0CAF444397 14329344 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-08-15 20:01:46 4DC999CED9429939D75682EBD7D48901 663552 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2013-08-15 20:01:44 AE8EB083B050E17A7D6EB5E28AECDDD6 1166848 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2013-08-15 20:01:44 68EAAEDF0365168B804E8728368FA946 175104 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2013-08-15 20:01:43 7CA1BECEA5DE2643ADDAD32670E7A4C9 140288 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2013-08-15 20:01:43 7B851A8018B1EA00A69707A390004884 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2013-08-15 20:01:36 D5E18BA95F9E7D787D25EF07AC68603E 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2013-08-15 20:01:20 0805487A6036A9F9C4E7AF7FEF835529 1620992 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-08-18 18:06:34 2B0C485EBE31E02C7B405F8DD072598D 287840 ----a-w- C:\Windows\Sysnative\aswBoot.exe 2013-08-15 20:26:17 3A2FD42F11CD325A4ACAFE7FB0EEA83A 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-08-15 20:26:16 69F5E016A98CE1908DB08382F2ACF882 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-08-15 20:26:15 D8CC9A20C517A54678363C4C77B930A4 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-08-15 20:26:15 963B29E0EFB20D66436214DB7C43D7F7 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-08-15 20:26:15 6C8BDC9F16943D626DFE8A987BCCFD20 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-08-15 20:26:15 622C7C8D39609FCEACE3508715D48C7F 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-08-15 20:26:15 28C2F8C7DBE11AA3DA041D35F4E59481 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-08-15 20:26:14 8C12653BEA781902AA60E4A855A55D5C 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-08-15 20:26:14 65546D87F7A78AB31841A536456CB94D 2647040 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-08-15 20:26:13 5A7FA01EEC393A3E0D0F3EBAA1FD959E 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-08-15 20:26:13 16FE878530FDFC9AB08B7FFC32335958 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-08-15 20:26:12 289C5E0A386E7B6CA9539D66D15E22CC 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-08-15 20:26:11 04DE09B1E287F6DC5C7FD655B6E84AB9 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-08-15 20:26:10 AC155DD9BD1E6D3B740826A4D1C68AAE 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-08-15 20:26:09 677A1C1B0F254EC918D84A7FE29274CA 15405056 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-08-15 20:26:08 396889142BD839DB8A055A0BE0AD2F79 19239424 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-08-15 20:01:46 26036E228D2467DE6975AD819C22C043 1217024 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2013-08-15 20:01:45 287998A9BA0140ABB59792CDEB2F8483 1472512 ----a-w- C:\Windows\Sysnative\crypt32.dll 2013-08-15 20:01:44 959041D7014C97133D859B45BCA0FC58 224256 ----a-w- C:\Windows\Sysnative\wintrust.dll 2013-08-15 20:01:43 A6B726DCA228F7878E38368A1BDC68BE 139776 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2013-08-15 20:01:43 6B400F211BEE880A37A1ED0368776BF4 184320 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2013-08-15 20:01:36 B3CA3253009D26666F5BCB16E77D2618 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2013-08-15 20:01:20 D29200AB0B37B7293C6942EAF755295E 1888768 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL ====== C:\Windows\Sysnative\drivers ===== 2013-08-20 16:22:18 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2013-08-18 18:06:52 E86C64478D9A90D62255FE9EB0150C6E 175 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys.sum 2013-08-18 18:06:52 A5F29AC2F0ADE8B995B49D7350CE3AC0 175 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys.sum 2013-08-18 18:06:52 2E83D2621E87C493AB45DC6655BA77D4 175 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys.sum 2013-08-15 20:01:20 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys 2013-08-15 20:01:13 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2013-08-15 19:55:19 EA8F41484CCC5BA6A1455C2AD3D1BE3C 203672 ----a-w- C:\Windows\Sysnative\drivers\ssudmdm.sys 2013-08-15 19:55:19 0B3F6C8F93C5C25977EA5A8B2E656357 103448 ----a-w- C:\Windows\Sysnative\drivers\ssudbus.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-08-18 20:20:13 -------- d-----w- C:\Program Files\iPod 2013-08-18 20:20:12 -------- d-----w- C:\Program Files\iTunes ======= C:\Program Files (x86) ===== 2013-08-18 20:20:12 -------- d-----w- C:\Program Files (x86)\iTunes 2013-08-18 18:17:03 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-08-15 19:57:23 -------- d-----w- C:\Program Files (x86)\MyFree Codec ======= C: ===== ====== C:\Users\Amber\AppData\Roaming ====== ====== C:\Users\Amber ====== 2013-08-20 16:21:48 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Amber\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-18 20:21:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2013-08-18 20:20:12 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-18 18:00:40 C748C104BA13A9456496D264C4161E7C 4429440 ----a-w- C:\Users\Amber\Downloads\ccsetup404.exe 2013-08-18 17:59:54 0EA95F1E762494B5D928ED4D5B5DA29B 117478104 ----a-w- C:\Users\Amber\Downloads\avast_free_antivirus_setup.exe 2013-08-15 19:57:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec 2013-08-10 17:17:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ====== C: exe-files == 2013-08-20 16:21:48 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Amber\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-18 21:57:41 1D7454E6375441BBE3B1F97A8FC76737 6874752 ----a-w- C:\Users\Amber\AppData\Local\Temp\97B4499A-32BB-4821-BFD0-32BFE848368B.exe 2013-08-18 20:16:58 277DF1C06782563C95661C30AA02CD49 77136 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 11.0.5.5\SetupAdmin.exe 2013-08-18 20:16:57 277DF1C06782563C95661C30AA02CD49 77136 ----a-w- C:\Users\Amber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT0UHQIZ\SetupAdmin[1].exe 2013-08-18 18:52:45 17EFB4C5F996F783E90BE1EB0077BA40 477560 ----a-w- C:\Users\Amber\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe 2013-08-18 18:41:08 1F953D02B760DF4746C569B12E753DE8 73728 ----a-w- C:\Users\Amber\AppData\Local\Temp\The Sims 2_uninst.exe 2013-08-18 18:06:34 2B0C485EBE31E02C7B405F8DD072598D 287840 ----a-w- C:\Windows\System32\aswBoot.exe 2013-08-18 18:00:40 C748C104BA13A9456496D264C4161E7C 4429440 ----a-w- C:\Users\Amber\Downloads\ccsetup404.exe 2013-08-18 17:59:54 0EA95F1E762494B5D928ED4D5B5DA29B 117478104 ----a-w- C:\Users\Amber\Downloads\avast_free_antivirus_setup.exe 2013-08-18 17:58:21 2398BDE16036065100331B0761AAFBAB 352256 ----a-w- C:\Users\Amber\AppData\Local\Temp\eauninstall.exe 2013-08-16 07:08:00 78486992AC657AE5065C4A2135838570 641352 ----a-w- C:\Program Files\iPod\bin\iPodService.exe 2013-08-16 07:07:58 CE42DFE915F78246364D464902E47360 152392 ----a-w- C:\Program Files (x86)\iTunes\iTunesHelper.exe 2013-08-16 07:07:58 5225CE3D627A300E40F5E008C4B3DA8D 9789256 ----a-w- C:\Program Files (x86)\iTunes\iTunes.exe 2013-08-15 20:26:15 BC90EED56A5C77168A8D6F0C4221D7CB 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 20:26:15 6C8BDC9F16943D626DFE8A987BCCFD20 51712 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-08-15 20:26:15 28C2F8C7DBE11AA3DA041D35F4E59481 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-15 20:26:14 7BA1862B8A5698DC5FCFDFF3BC359DE9 770648 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2013-08-15 20:26:14 133CEF30905806A35606652D409EEEBA 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-08-15 20:08:51 46D84F14520E69C7F46EBE864B7AAFD8 623984 ----a-w- C:\Users\Amber\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe 2013-08-15 20:08:51 46D84F14520E69C7F46EBE864B7AAFD8 623984 ----a-w- C:\Users\Amber\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe 2013-08-15 19:59:25 B7E1D601F87268A480F4F6F036688B99 987744 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{698BBAD8-B116-495D-B879-0F07A533E57F}\setup.exe 2013-08-15 19:57:25 951FD01F89EE6270089483A3DC02D97D 60494 ----a-w- C:\Program Files (x86)\MyFree Codec\1.0b beta\uninstall.exe 2013-08-15 19:53:30 5D2844770B902B21A627E4E2A98A2843 61440 ----a-w- C:\Program Files (x86)\MarkAny\ContentSAFER\MaAgent.exe 2013-08-15 19:53:30 52B8B60BF634BF9E01E527856E8E371F 65536 ----a-w- C:\Program Files (x86)\MarkAny\ContentSAFER\MAWebControl.exe 2013-08-15 19:53:30 25E98D8886D5BB198302FC30D67DC61E 32768 ----a-w- C:\Program Files (x86)\MarkAny\ContentSAFER\MaCSMgr.exe 2013-08-15 19:53:29 97E9DC457B407CC3E9FB68FD0A17D295 401056 ----a-w- C:\Program Files (x86)\MarkAny\ContentSAFER\MPXBox.exe 2013-08-15 19:52:45 2E4E95C3242E3B328879F028EF8C24CC 25591752 ----a-w- C:\Program Files (x86)\Samsung\Kies\StoryAlbumViewer\StoryAlbumViewer_setup.exe 2013-08-15 19:52:05 EF64B1FFC855EFFF6E2473E622D5343B 20480 ----a-w- C:\Program Files (x86)\MarkAny\ContentSAFER\UpdateClient\MAUpdate.exe 2013-08-15 19:52:05 7B027B4CA7EB847EC3F6C745DC0A46DA 126976 ----a-w- C:\Program Files (x86)\MarkAny\ContentSAFER\UpdateClient\MaUpdateClient.exe 2013-08-15 19:52:05 5BBB89A68FEBBCD4AC8C4730FD7EF765 57344 ----a-w- C:\Program Files (x86)\MarkAny\ContentSAFER\UpdateClient\MAUpdateBoot.exe 2013-08-15 19:49:27 E25D3E9D7822C42EF7518EFEB2F3E275 147120 ----a-w- C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\15.5.0\DriverInstaller.exe 2013-08-15 19:49:19 E962D9F3AF9C09DE15D3944D1B1278CC 2301616 ----a-w- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.5.0\ScriptHelper.exe 2013-08-15 19:48:53 EB94A2C1F99E9E1634683B916F4EB1A2 1643184 ----a-w- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe 2013-08-15 19:48:09 EB94A2C1F99E9E1634683B916F4EB1A2 1643184 ----a-w- C:\Windows\Temp\avg_a07320\CommonFiles\AVG Secure Search\ToolbarUpdater.exe 2013-08-15 19:48:09 E962D9F3AF9C09DE15D3944D1B1278CC 2301616 ----a-w- C:\Windows\Temp\avg_a07320\CommonFiles\AVG Secure Search\ScriptHelper.exe 2013-08-15 19:48:09 E25D3E9D7822C42EF7518EFEB2F3E275 147120 ----a-w- C:\Windows\Temp\avg_a07320\CommonFiles\AVG Secure Search\DriverInstaller_64.exe 2013-08-15 19:48:09 B6FFA8C9B553336D4CE86514A54C408A 926384 ----a-w- C:\Windows\Temp\avg_a07320\ProgFiles\AVG Secure Search\lip.exe 2013-08-15 19:48:09 752A2976E3096D2055F8A97C7B97DF80 1851568 ----a-w- C:\Windows\Temp\avg_a07320\ProgFiles\AVG Secure Search\Uninstall.exe 2013-08-15 19:48:09 491C1E48B638907B8FD8EF8B09AC084E 2314416 ----a-w- C:\Windows\Temp\avg_a07320\ProgFiles\AVG Secure Search\vprot.exe 2013-08-15 19:48:09 45A9FAC90CA8F263F6DB2EBDC4A9F002 641200 ----a-w- C:\Windows\Temp\avg_a07320\CommonFiles\AVG Secure Search\DriverInstaller.exe 2013-08-15 19:48:09 2C1B0965CB65797001053D8956F9CD54 2226864 ----a-w- C:\Windows\Temp\avg_a07320\avg-secure-search-installer.exe 2013-08-15 19:48:09 178C1607D35988153A0E7CBB90C669FC 642224 ----a-w- C:\Windows\Temp\avg_a07320\ProgFiles\AVG Secure Search\PostInstall.exe 2013-08-15 19:48:09 01A17E294876ECB573AD32530961F29B 573616 ----a-w- C:\Windows\Temp\avg_a07320\ConfigFiles\MachineIdCreator.exe 2013-08-15 19:46:37 A8893D3F119C8143B2FC53F5CF21EE01 4547608 ----a-w- C:\Windows\Temp\{B6DD270D-406F-4639-8225-AFECA58AAE0B}.exe === C: other files == 2013-08-20 16:22:18 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-15 20:01:20 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-15 20:01:13 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-08-15 19:55:19 EA8F41484CCC5BA6A1455C2AD3D1BE3C 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2013-08-15 19:55:19 EA8F41484CCC5BA6A1455C2AD3D1BE3C 203672 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudmdm.sys 2013-08-15 19:55:19 E97F09A7EC9C45B7060FE45BC620766C 181912 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudserd.sys 2013-08-15 19:55:19 E7D97748FCB3DE0AAA6432B0E640F233 59160 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnet.sys 2013-08-15 19:55:19 E2BF259A2CAB1A4AE505CECD7DF43931 33176 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudeadb.sys 2013-08-15 19:55:19 D2C02234E3E87EA5FE420F045068099B 181912 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudmdm.sys 2013-08-15 19:55:19 BA34258161A59730C51C78133DC4723A 181912 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssuddmgr.sys 2013-08-15 19:55:19 B480910A2BD79DFE4E6D0DC4243015F5 67864 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnet.sys 2013-08-15 19:55:19 A58068234916A4655457CA7DFA9B59CA 181912 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudobex.sys 2013-08-15 19:55:19 985E3CC3ADD82FF5CB994665153A8B7A 80664 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnetmp.sys 2013-08-15 19:55:19 9296989D7F443E3BCB6E41726FA9F698 39192 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudeadb.sys 2013-08-15 19:55:19 8214016F9241C220477916D21E63F7D0 50968 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudnd5.sys 2013-08-15 19:55:19 6EBBF6CED7BB9B8973C5FDE44EA32F35 92952 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnetmp.sys 2013-08-15 19:55:19 6E869465A4ECC7AE8DADC9807E0379CC 203672 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudserd.sys 2013-08-15 19:55:19 54D0B8343CE8C22412A5F29D32EFD211 84248 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudbus.sys 2013-08-15 19:55:19 4DBACA699D51CA4F1FB4125569247E6F 45336 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudnd5.sys 2013-08-15 19:55:19 1B961A927BB155AC8A9AC7709BA77D72 203672 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudobex.sys 2013-08-15 19:55:19 10CED2FC8A65AE507E1973F52CA4143C 203672 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssuddmgr.sys 2013-08-15 19:55:19 0B3F6C8F93C5C25977EA5A8B2E656357 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2013-08-15 19:55:19 0B3F6C8F93C5C25977EA5A8B2E656357 103448 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudbus.sys 2013-08-15 19:50:04 8A196063A0F0305A8A05CCEC1AF746C3 257167 ----a-w- C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx 2013-08-15 19:48:09 E647C4315F36756DF5FA38BDEB51F224 45856 ----a-w- C:\Windows\Temp\avg_a07320\CommonFiles\AVG Secure Search\avgtpx64.sys 2013-08-15 19:48:09 311C5A8D894563CD2712CD297A34FAFB 37664 ----a-w- C:\Windows\Temp\avg_a07320\CommonFiles\AVG Secure Search\avgtpx86.sys 2013-08-15 19:48:08 8A196063A0F0305A8A05CCEC1AF746C3 257167 ----a-w- C:\Windows\Temp\avg_a07320\ProgData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx 2013-08-15 19:48:08 567B5EC265B26994AFB11DB13F53B07A 147960 ----a-w- C:\Windows\Temp\avg_a07320\ProgFiles\AVG Secure Search\data.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3743767131-4259627012-2328854852-1000\Software\Microsoft\Windows\CurrentVersion\Run] "EA Core"="C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent" "AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" "HyvesDesktop.exe"="C:\Program Files (x86)\Hyves Desktop\bin\HyvesDesktop.exe" "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Spotify Web Helper"="C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Amber\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k" "Hotkey Utility"="C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" "EgisTecLiveUpdate"="C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED" "ArcadeDeluxeAgent"="C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "PlayMovie"="C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" "AirPort Base Station Agent"="C:\Program Files (x86)\AirPort\APAgent.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY" "FrameManager"="C:\Program Files (x86)\Samsung\FrameManager\FrameManager.exe" "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EA Core"="C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent" "AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" "HyvesDesktop.exe"="C:\Program Files (x86)\Hyves Desktop\bin\HyvesDesktop.exe" "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Spotify Web Helper"="C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Amber\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" "mwlDaemon"="C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" ==== Startup Folders ====================== 2011-12-29 12:09:12 1241 ----a-w- C:\users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk 2011-03-26 11:15:38 1786 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-06-2013 21:23] C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job --a------ C:\Windows\TEMP\C62EDBC2-9BCA-471D-A73A-ED166975D2F8.exe [] C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job --a------ C:\Windows\TEMP\466726AD-A14B-4BF8-94AE-783D47F2FB82.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2010 20:59] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2010 20:59] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default - Undetermined - C:\Program Files (x86)\pdfforge Toolbar\FF - Undetermined - %ProfilePath%\extensions\50464da83d617@50464da83d650.info.xpi - SaveSale - %ProfilePath%\extensions\5113cf2259ed0@5113cf2259f0b.com.xpi - DivX Web Player - %ProfilePath%\extensions\DivXWebPlayer@divx.com.xpi - DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.170.2 B6A800D881A0176C544988870861E798 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 7A75CCAA7E3CE0B14F7428F1731CF4C9 - C:\Windows\SysWOW64\Npindeo.dll - Intel Indeo® video 5.1 PD Plug-In 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Deleting Files \ Folders ====================== "C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\gr5y5lwn.default\extensions\5113cf2259ed0@5113cf2259f0b.com.xpi" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\Amber\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[] jpmbfleldcgkldadpdinhjjopdfpjfjp - C:\Users\Amber\AppData\Local\Wajam\Chrome\wajam.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx[15-08-2013 21:48] niapdbllcanepiiimjjndipklodoedlc - C:\Users\Amber\AppData\Local\Temp\YontooLayers.crx[] pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx[] Google Docs - Amber - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Amber - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Amber - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Amber - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf DolceGabbana - Amber - Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih AVG Secure Search - Amber - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Gmail - Amber - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_virtual-villagers-3.nl.softonic.com_0.localstorage deleted successfully C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_virtual-villagers-3.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_sb.scorecardresearch.com_0.localstorage deleted successfully C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_sb.scorecardresearch.com_0.localstorage-journal deleted successfully C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlNL393NL393" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={F6DC172C-096A-4147-BE47-8AE67068C378}&mid=7d154baed47147d6833741b2e0ad3bf7-46af060cd51e1cb236098abaf4c65c539dfc0321〈=nl&ds=AVG&pr=fr&d=2012-10-03" {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} Private Search Url="http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}" ==== Reset Google Chrome ====================== C:\users\Amber\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\Amber\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3743767131-4259627012-2328854852-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Amber\Desktop\HiJackThis.lnk - C:\Users\Amber\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Corel PaintShop Pro X4.lnk - C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6 C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6 C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albelli Fotoboeken\Albelli Fotoboeken.lnk - C:\Users\Amber\AppData\Local\Albelli Fotoboeken\apc.exe C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DreamBoxEdit\DreamBoxEdit.lnk - C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DreamBoxEdit\Install Language.lnk - C:\Program Files (x86)\DreamBoxEdit\Install Language.txt C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DreamBoxEdit\Uninstall.lnk - C:\Program Files (x86)\DreamBoxEdit\Uninstall.exe C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DreamBoxEdit\Version notes.lnk - C:\Program Files (x86)\DreamBoxEdit\Version notes.txt C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Amber\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe QVO6 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2013.lnk - C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe QVO6 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec\1.0b beta\Uninstall.lnk - C:\Program Files (x86)\MyFree Codec\1.0b beta\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Story Album Viewer\Samsung Story Album Viewer.lnk - C:\Program Files (x86)\Samsung\Story Album Viewer\HTML5Viewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Story Album Viewer\Uninstall Samsung Story Album Viewer.lnk - C:\Program Files (x86)\InstallShield Installation Information\{698BBAD8-B116-495D-B879-0F07A533E57F}\setup.exe /removeonly ==== shortcuts in Quick Launch ====================== C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Program Files (x86)\BitTorrent\BitTorrent.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe QVO6 C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe QVO6 C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE /recycle C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk - C:\Program Files (x86)\Samsung\Story Album Viewer\HTML5Viewer.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Albelli.lnk - C:\Users\Amber\AppData\Local\Albelli Fotoboeken\apc.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Jasc Paint Shop Pro 8.lnk - C:\Windows\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\PaintShopPro8_Premium.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Warner Bros. Digital Copy Manager.lnk - C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ares.lnk - C:\Program Files (x86)\Ares\Ares.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ArtRage.lnk - C:\Program Files (x86)\Ambient Design\ArtRage 2\ArtRage.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6 C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Vegas Pro 9.0 (64-bit).lnk - C:\Program Files (x86)\Sony\Vegas Pro 9.0\vegas90.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger (2).lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== shortcuts After Repair ====================== C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Amber\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Amber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Amber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Amber\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Amber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Amber\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\users\Amber\AppData\Local\Mozilla\Firefox\Profiles\gr5y5lwn.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\users\Amber\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Amber\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 21-08-2013 at 0:47:07,32 ======================
  11. xAmberCeline
    Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2013.08.20.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Amber :: AMBER-PC [administrator] 20-8-2013 18:23:29 mbam-log-2013-08-20 (18-23-29).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 228049 Verstreken tijd: 8 minuut/minuten, 8 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08794A94-730A-E9C4-6664-23C32C364749} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\ProgramData\InstallMate\{2BF505A0-BF95-406A-A281-F7B7F0162756}\Setup.exe (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\InstallMate\{2BF505A0-BF95-406A-A281-F7B7F0162756}\TsuDll.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) en Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:42:36, on 20-8-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Amber\AppData\Roaming\Spotify\spotify.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files\Thomson\TG122n\WlanCU.exe C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Samsung\FrameManager\FrameManager.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [FrameManager] C:\Program Files (x86)\Samsung\FrameManager\FrameManager.exe O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [HyvesDesktop.exe] C:\Program Files (x86)\Hyves Desktop\bin\HyvesDesktop.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\Amber\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\Thomson\TG122n\WlanCU.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.126.247.201/activex/AMC.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FrameManager Service - Samsung India Software Center - C:\Program Files (x86)\Samsung\FrameManager\sam_service.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing) O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\Thomson\TG122n\WlanWpsSvc.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 17575 bytes
  12. xAmberCeline
    Hier is mijn logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:19:30, on 18-8-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Thomson\TG122n\WlanCU.exe C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\dcmsvc\dcmsvc.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Samsung\FrameManager\FrameManager.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = QVO6 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = QVO6 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = QVO6 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = QVO6 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\7.4\pdfforgeToolbarIE.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\7.4\pdfforgeToolbarIE.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\7.4\pdfforgeToolbarIE.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [FrameManager] C:\Program Files (x86)\Samsung\FrameManager\FrameManager.exe O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [HyvesDesktop.exe] C:\Program Files (x86)\Hyves Desktop\bin\HyvesDesktop.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\Amber\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\Thomson\TG122n\WlanCU.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Amber\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Amber\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amber\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.126.247.201/activex/AMC.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FrameManager Service - Samsung India Software Center - C:\Program Files (x86)\Samsung\FrameManager\sam_service.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Kinoni Service (KinoniSvc) - Unknown owner - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Senstic Pocket Service (SensticPocketService) - Senstic - C:\Program Files (x86)\Senstic\PocketControl\\SensticPocketServiceWin.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing) O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\Thomson\TG122n\WlanWpsSvc.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 21872 bytes
  13. xAmberCeline
    mijn pc is zeer traag en er staat een hoop rotzooi op. Heb ook last van vele pop-ups. Hoe kan ik alle virussen eraf krijgen?
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.