SDTray.exe error: snlBase150.bpl is missing

Ward Vercouter · 6 februari 2013

Ok, na 3 keer proberen is het toch gelukt!

- - - Updated - - -

Zoek.exe Version 4.0.0.1 Updated 04-February-2013

Tool run by ruben on wo 06/02/2013 at 7:21:45,30.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe

C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Users\ruben.Ward-PC.000\Desktop\zoek.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\RUBENW~1.000\AppData\Local\Temp\RarSFX1\zoek.com

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\SysWOW64\mshta.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2267053070-3458102283-1766708676-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully

HKEY_USERS\S-1-5-21-2267053070-3458102283-1766708676-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully

HKEY_USERS\S-1-5-21-2267053070-3458102283-1766708676-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully

HKEY_USERS\S-1-5-21-2267053070-3458102283-1766708676-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2267053070-3458102283-1766708676-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully

HKEY_USERS\S-1-5-21-2267053070-3458102283-1766708676-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\ruben.Ward-PC.000\AppData\Roaming\Mozilla\Firefox\Profiles\udnua76f.default\prefs.js:

Added to C:\Users\ruben.Ward-PC.000\AppData\Roaming\Mozilla\Firefox\Profiles\udnua76f.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

"C:\Windows\system32\dmwu.exe" not found

"C:\Windows\system32\dmwu.exe" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Internet Explorer: 8.0.7601.17514

Memory (RAM): 4030 MB

CPU Info: Pentium® Dual-Core CPU E5500 @ 2.80GHz

CPU Speed: 2797,0 MHz

Sound Card: Luidsprekers (Realtek High Defi |

Display Adapters: Intel® G41 Express Chipset | Intel® G41 Express Chipset | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1024 X 768 - 32 bit

Network: Network Present

Network Adapters: Realtek PCIe GBE Family Controller

CD / DVD Drives: 1x (E: | ) E: ATAPI iHAS124 Y

Ports: COM1 LPT Port NOT Present.

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C: 97,7GB | D: 367,9GB | Q: 0,0MB

Hard Disks - Free: C: 9,4GB | D: 232,2GB | Q: 0,0MB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 08/06/09 | - 20090806

Time Zone: West-Europa (standaardtijd)

Motherboard *: FOXCONN G41MX 2.0/G41MX-K 2.0

Sun Java version: 1.6.0_26

Country: Belgi‰

Language: NLB

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\RUBENW~1.000\AppData\Local\Temp ====

2013-02-05 06:06:15 BCB0728F4B117855765CE8FE883B5E9B 1536 ----a-w- C:\Users\RUBENW~1.000\AppData\Local\Temp\NEventMessages.dll

2013-02-05 06:06:13 BCB0728F4B117855765CE8FE883B5E9B 1536 ----a-w- C:\Users\RUBENW~1.000\AppData\Local\Temp\NOSEventMessages.dll

2013-02-04 19:52:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\RUBENW~1.000\AppData\Local\Temp\TB_FBB.exe

2013-02-04 19:52:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\RUBENW~1.000\AppData\Local\Temp\TB_EC2.exe

2013-02-04 19:52:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\RUBENW~1.000\AppData\Local\Temp\TB_DF7.exe

2013-02-04 19:52:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\RUBENW~1.000\AppData\Local\Temp\TB_1048.exe

2013-02-04 19:52:55 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\RUBENW~1.000\AppData\Local\Temp\TB_2.exe

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2013-01-30 15:28:49 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

2013-01-14 06:36:43 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

2013-01-14 06:34:23 3FDE033DFB0D07F8B7D5C9A3044AA121 26112 ----a-w- C:\Windows\Sysnative\drivers\pccsmcfdx64.sys

====== C:\Windows\Tasks ======

2013-02-06 06:17:42 D67748704354029DE4A6CA025924D76D 408 ----a-w- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

2013-02-04 19:36:14 4540538EBC7F6CC95BDCE9C22B150795 400 ----a-w- C:\Windows\Tasks\PC Health Advisor Defrag.job

2013-02-04 19:36:13 5AC482D86885DC6272428D85DF21092E 382 ----a-w- C:\Windows\Tasks\PC Health Advisor.job

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-01-14 06:34:23 -------- d-----w- C:\Program Files\DIFX

======= C:\Program Files (x86) =====

2013-02-05 20:31:16 -------- d-----w- C:\Program Files (x86)\backups

2013-02-04 19:55:24 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-01-14 06:34:42 -------- d-----w- C:\Program Files (x86)\Common Files\Nokia

2013-01-14 06:34:16 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution

2013-01-14 06:30:36 -------- d-----w- C:\Program Files (x86)\Nokia

======= C: =====

====== C:\Users\ruben.Ward-PC.000\AppData\Roaming ======

2013-02-04 19:36:29 -------- d-----w- C:\users\ruben.Ward-PC.000\AppData\Roaming\DriverCure

2013-01-19 17:44:19 -------- d-----w- C:\users\ruben.Ward-PC.000\AppData\Local\join.me

2013-01-14 06:39:17 -------- d-----w- C:\users\ruben.Ward-PC.000\AppData\Local\NokiaAccount

2013-01-14 06:38:22 -------- d-----w- C:\users\ruben.Ward-PC.000\AppData\Roaming\Nokia Suite

2013-01-14 06:38:22 -------- d-----w- C:\users\ruben.Ward-PC.000\AppData\Roaming\Nokia

2013-01-14 06:35:11 -------- d-----w- C:\users\ruben.Ward-PC.000\AppData\Local\Nokia

2013-01-14 06:35:08 -------- d-----w- C:\users\ruben.Ward-PC.000\AppData\Roaming\PC Suite

2013-01-09 20:04:17 -------- d-----w- C:\users\ruben.Ward-PC.000\AppData\Roaming\.minecraft

====== C:\Users\ruben.Ward-PC.000 ======

2013-02-04 19:55:25 -------- d-----w- C:\ProgramData\Mozilla

2013-01-14 06:35:07 -------- d-----w- C:\ProgramData\PC Suite

2013-01-14 06:34:42 -------- d-----w- C:\ProgramData\Nokia

2013-01-14 06:30:36 -------- d-----w- C:\ProgramData\NokiaInstallerCache

====== C: exe-files ==

2013-02-05 19:39:19 BDFC48A2D947651B721745837E864D17 4318112 ----a-w- C:\Users\ruben.Ward-PC.000\Downloads\sysrc_trial_9407.exe

2013-02-04 19:55:27 810278E354F18045AFF615CB20E8674B 105758 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

2013-02-04 19:55:24 9C3758018DED02F4AE53CCA1C5F084A2 115608 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

2013-02-04 19:52:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\ruben.Ward-PC.000\AppData\Local\Temp\TB_FBB.exe

2013-02-04 19:52:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\ruben.Ward-PC.000\AppData\Local\Temp\TB_EC2.exe

2013-02-04 19:52:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\ruben.Ward-PC.000\AppData\Local\Temp\TB_DF7.exe

2013-02-04 19:52:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\ruben.Ward-PC.000\AppData\Local\Temp\TB_1048.exe

2013-02-04 19:52:55 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\ruben.Ward-PC.000\AppData\Local\Temp\TB_2.exe

2013-02-04 18:20:50 6185D49C3D222ECA47C96AB1AE2D75B2 1197392 ----a-w- C:\Program Files (x86)\Opera\updatechecker\opera_autoupdate.exe

2013-02-01 06:21:18 51CA9A27C82F68874BBA3E2A87F6B400 670048 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\24.0.1312.57\24.0.1312.57_24.0.1312.56_chrome_updater.exe

=== C: other files ==

2013-02-05 17:50:18 EC155C323A3B777441BF6A2BF4077FCC 12459888 ----a-w- C:\Users\ruben.Ward-PC.000\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll

2013-02-05 06:06:32 9179B5903E3329827F5D8A45CEFA1C08 186248 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\updater.dll

2013-02-05 06:06:32 32A7079FC3F8D3734DA778F2B3577DB7 5310936 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\vcore.dll

2013-02-05 06:06:28 C731FC78CB6546C7FE189C9A40D7EED0 337800 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\remediation.dll

2013-02-05 06:06:27 D1B01B7933F26211E80EAC667A909E1B 230752 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\patchw32.dll

2013-02-05 06:06:26 FB5C1ED6BBA79291FDA664CF142EEA4D 276360 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libRar.dll

2013-02-05 06:06:26 BF47C9A5372E4DF8F435AB2F03BE3C32 165768 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libMachoUniv.dll

2013-02-05 06:06:26 5D2638498DEA94F0D65136D49625A8DC 165768 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libtd.dll

2013-02-05 06:06:26 5798D98B64240F18A012AA76F632734A 198536 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libNSIS.dll

2013-02-05 06:06:26 56DD7D9679A86EFC4C31A03A92C3237D 169864 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libRTF.dll

2013-02-05 06:06:26 477E3D0DF9DC60957CB9E0C0D8B47019 378760 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libVvs.dll

2013-02-05 06:06:26 3225B53B1C53672E97295861947ED3DE 169864 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libMsi.dll

2013-02-05 06:06:26 28188263A5D451261ECBFA6303D4D702 448392 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libMsCab.dll

2013-02-05 06:06:26 1F8A4BE6C00F689A6FE3A678B5C2B603 341896 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libOleA.dll

2013-02-05 06:06:26 0E47902C881A09DC64D5DEBA611B370A 243592 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libZip.dll

2013-02-05 06:06:25 C8EA2E332EC6884D08CE2D5EEFCB8440 284552 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libEmail.dll

2013-02-05 06:06:25 7DC7D177B59D55B1A09F3A8E14FDFB58 186248 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\lib7zip.dll

2013-02-05 06:06:25 6B59E42D12D76455E1657DF2BFD47C90 83312 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\kbu.dll

2013-02-05 06:06:25 50BC994B5BD8A2F905A69F601FC3DC1D 190344 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libBase64.dll

2013-02-05 06:06:25 3E8FE7E72E4C269771BC25FDAF9184C6 964488 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\lgpl.dll

2013-02-05 06:06:25 0EFC248A61B604DC84C89F400CA1C1F0 190344 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\libCHM.dll

2013-02-05 06:06:24 B15B445AAC976F0E58C3B7A26E633CD0 136560 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\IncompatiblePrograms.dll

2013-02-05 06:06:23 E3D358B05BDACFC3464AE7541AADE0D0 68568 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\gfiarkup.dll

2013-02-05 06:06:22 E80C14B9C6E5B57BB7710B356857A964 38096 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\gfiark64.sys

2013-02-05 06:06:21 BA421BDAA4D14D525F55E14B2C8C6E19 25560 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\gfiark.dll

2013-02-05 06:06:21 01B2BE86C39752A0FFB30ED1FB4A141C 33616 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\staging\gfiark32.sys

2013-02-05 06:06:15 BCB0728F4B117855765CE8FE883B5E9B 1536 ----a-w- C:\Users\ruben.Ward-PC.000\AppData\Local\Temp\NEventMessages.dll

2013-02-05 06:06:13 BCB0728F4B117855765CE8FE883B5E9B 1536 ----a-w- C:\Users\ruben.Ward-PC.000\AppData\Local\Temp\NOSEventMessages.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2267053070-3458102283-1766708676-1008\Software\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"Free Download Manager"="C:\Free Download Manager\fdm.exe -autorun"

"GoogleChromeAutoLaunch_1BE9DA5B35D3E42B303209D788FA582D"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"

"NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"="C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot"

"PaperPort PTD"="C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"

"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot"

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"Free Download Manager"="C:\Free Download Manager\fdm.exe -autorun"

"GoogleChromeAutoLaunch_1BE9DA5B35D3E42B303209D788FA582D"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"

"NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Blubster]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Blubster"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Blubster\\Blubster.exe SILENT"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BroadCam]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BroadCam"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\NCH Software\\BroadCam\\broadcam.exe\" -logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndexSearch]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IndexSearch"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\IndexSearch.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PPort11reminder]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PPort11reminder"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\ScanSoft\\PaperPort\\11\\Config\\Ereg\\Ereg.ini\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Software Informer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Software Informer"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Software Informer\\softinfo.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Steam"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ICIDU Wireless Utility.lnk]

"item"="ICIDU Wireless Utility"

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ICIDU Wireless Utility.lnk"

"backup"="C:\\Windows\\pss\\ICIDU Wireless Utility.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\ICIDU\\ICIDUW~1\\ZDWlan.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Ad-Aware Update (Weekly).job --a------ C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [28/10/2011 17:12]

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/01/2013 21:17]

C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job --a------ C:\Program Files (x86)\Spybot - Search Destroy 2\SDUpdate.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe []

C:\Windows\tasks\ParetoLogic Registration3.job --a------ C:\Windows\system32\rundll32.exe [14/07/2009 02:14]

C:\Windows\tasks\ParetoLogic Update Version3.job --a------ C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [30/03/2011 00:51]

C:\Windows\tasks\PC Health Advisor Defrag.job --a------ C:\Users\ruben.Ward-PC.000\Desktop\PCHA\PCHA.exe [30/03/2011 00:17]

C:\Windows\tasks\PC Health Advisor.job --a------ C:\Users\ruben.Ward-PC.000\Desktop\PCHA\PCHA.exe [30/03/2011 00:17]

C:\Windows\tasks\PCConfidential.job --a------ C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe []

C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job --a------ C:\Program Files (x86)\Spybot - Search Destroy 2\SDImmunize.exe []

C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job --a------ C:\Program Files (x86)\Spybot - Search Destroy 2\SDScan.exe []

C:\Windows\tasks\Updater.job --a------ C:\ProgramData\WombatUpdater\WombatUpdater.exe [30/12/2010 10:26]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ruben.Ward-PC.000\AppData\Roaming\Mozilla\Firefox\Profiles\udnua76f.default

- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi

- Torntv - %ProfilePath%\extensions\torntv@torntv.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\ruben.Ward-PC.000\AppData\Roaming\Mozilla\Firefox\Profiles\udnua76f.default

9AC863FD5976316C29D4CB5E4C9EFD9C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll - Shockwave Flash

B70509F8ABCBE6B75AE0976A969CDE8F - C:\Users\ruben.Ward-PC.000\AppData\LocalLow\Square Enix\nprun3d.dll - Square Enix Secure Launcher

6A8A6B3C42CA4D1403C8FEA50BACEC63 - C:\Users\ruben.Ward-PC.000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

B6A800D881A0176C544988870861E798 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

A54F0FCF48469993EA095AA38F247007 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer HTML5VideoShim Plug-In (32-bit)

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

ccbgjfdieajmokelnlapbedknchgenne - C:\Users\Ward\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx[14/06/2012 10:43]

clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[]

defdhglnppeioeflggkmglipcecffkhk - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[]

dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\IB Updater\source.crx[]

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]

icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07/03/2012 00:12]

ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx[]

jbpkiefagocgkmemidfngdkamloieekf - C:\Program Files (x86)\TornTV.com\torn10.crx[]

jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[09/01/2011 15:35]

mjdepfkicdcciagbigfcmdhknnoaaegf - C:\Program Files (x86)\WhiteSmokeTranslator[]

niapdbllcanepiiimjjndipklodoedlc - C:\Users\Ward\AppData\Local\Temp\YontooLayers.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

ahilkiibpgjnonbhdfkkgjddddmapala - C:\Users\ruben.Ward-PC.000\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx[]

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[12/12/2012 18:51]

YouTube - Gast - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Browser Companion Helper - Gast - Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej

Google Search - Gast - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Complitly plugin for chrome - Gast - Default\Extensions\defdhglnppeioeflggkmglipcecffkhk

IB Updater - Gast - Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Timeline - Gast - Default\Extensions\efpffbikdalipombjoeeaclnmjcmbkgn

DealPly - Gast - Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

What type of content does this site provide? - Gast - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

Torntv - Gast - Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf

RealPlayer HTML5Video Downloader Extension - Gast - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk

Gmail - Gast - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

YouTube - ruben.Ward-PC.000 - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - ruben.Ward-PC.000 - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

What type of content does this site provide? - ruben.Ward-PC.000 - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

RealPlayer HTML5Video Downloader Extension - ruben.Ward-PC.000 - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk

Download All MP3 - ruben.Ward-PC.000 - Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

Battlefield Play4Free - ruben.Ward-PC.000 - Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh

Gmail - ruben.Ward-PC.000 - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Game Master 2.1 - Ward - Default\Extensions\ccbgjfdieajmokelnlapbedknchgenne

Browser Companion Helper - Ward - Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej

Complitly plugin for chrome - Ward - Default\Extensions\defdhglnppeioeflggkmglipcecffkhk

Babylon Toolbar - Ward - Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

IB Updater - Ward - Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

DealPly - Ward - Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

What type of content does this site provide? - Ward - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

Torntv - Ward - Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf

RealPlayer HTML5Video Downloader Extension - Ward - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT2612669"

"Default_Page_URL"="http://nl.netlog.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.bigseekpro.com/cheatengine/{739DF4EF-7832-44CE-8895-D44029CEF8B3}"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.bigseekpro.com/cheatengine/{739DF4EF-7832-44CE-8895-D44029CEF8B3}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{F7CB1337-FAA2-4427-B348-16E537501970} Netlog (NL) Url="http://nl.netlog.com/opensearch/view=search&q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: FastestTube BHO - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files (x86)\FastestTube\2.1.5\WombatBHO.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\ruben.Ward-PC.000\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: SmartShopper - Compare product prices - {3D773F1B-D2D2-4971-B3F4-73FCC894921C} - (no file)

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: SmartShopper - Compare travel rates - {99819CC8-3111-410c-A2B7-38BB530386EE} - (no file)

O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - (no file)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Unknown owner - C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ward\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ward\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Ward\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\ruben.Ward-PC.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\ruben.Ward-PC.000\AppData\Local\Mozilla\Firefox\Profiles\udnua76f.default\Cache will be emptied at reboot

C:\users\Ward\AppData\Local\Mozilla\Firefox\Profiles\cdfvyn6x.default\Cache emptied successfully

C:\users\Ward\AppData\Roaming\Mozilla\Firefox\Profiles\cdfvyn6x.default\extensions\bbrs_002@blabbers.com\chrome\content\cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\cache emptied successfully

C:\users\ruben.Ward-PC.000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\users\Ward\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\users\Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\RUBENW~1.000\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\ruben.Ward-PC.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Users\ruben.Ward-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" not found

juisterr · 6 februari 2013

Start HijackThis op druk op scan en Selecteer alleen de items die hieronder zijn genoemd:

O9 - Extra button: SmartShopper - Compare product prices - {3D773F1B-D2D2-4971-B3F4-73FCC894921C} - (no file)

O9 - Extra button: SmartShopper - Compare travel rates - {99819CC8-3111-410c-A2B7-38BB530386EE} - (no file)

O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - (no file)

O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - (no file)

Sluit alle vensters behalve HijackThis

Klik op 'Fix checked' om de items te verwijderen.

Start opnieuw op en maak en plaats ( gemaakt als administrator) een nieuw HIjackThis controle logje. Vertel ook gelijk even hoe het nu gaat aub.

Ward Vercouter · 7 februari 2013

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:29:02, on 7/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\ruben.Ward-PC.000\Desktop\HijackThis.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Netlog

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =