trage computer a.u.b. controle logfiles

Rikje

22-07-2014 16:07

Hallo,
Mijn PC werd steeds trager daarom een opschoonactie uitgevoerd zoals aangegeven.
Graag een controle van mijn logjes en eventueel advies hoe verder te handelen.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Erika at 2014-07-22 16:00:34
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 770 GB (82%) free of 941 GB
Total RAM: 6071 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:00:44, on 22-7-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Sitecom\Common\RaUI.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Users\Erika\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Erika.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: TNS NIPO Clicks - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Erika\AppData\Local\Wakoopa Shared\WakoopaBHO.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)
O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe” –showwindow=false –onOSstartup=true
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe” -deviceID “CN19F411SS05QB:NW” -scfn “HP Photosmart 6510 series (NET)” -AutoStart 1
O4 - HKCU\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
O4 - HKCU\..\Run: C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
O4 - HKCU\..\Run: C:\Users\Erika\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8da9f4b0987847d392c69128c064797a-b1ab53bf69ee3d56e0b68fecf6a63d5566bf3245 /CMPID=1213b
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘Default user’)
O4 - Startup: Dropbox.lnk = Erika\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\Erika\AppData\Local\Torch\Update\TorchCrashHandler.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 14288 bytes
======Listing Processes======
MBAM log in volgend berichtje .
Rikje

22-07-2014 16:08

Vervolg.
MBAm file
\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=5e44ff76-7bcb-4d6f-8752-b21cc724ca3d /coreSdkOptions=4382 /logConfFile=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\92780571-bf53-4008-9016-112368c4b03d-1c4-oopp.tmp” /loggerName=AVG.RS.Core /binaryPath=“C:\Program Files (x86)\AVG\AVG2014\” /tempPath=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\” /logPath=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\”
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
“C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe”
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 24431392
\??\C:\Windows\system32\conhost.exe "-5573892111645965021-831605534-9374211545841874072042178313-1393005651841329432
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe”
“taskhost.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE”
taskeng.exe {B96A5C8F-77E6-493D-9ECA-FAC3BDD1B071}
“C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE”
“C:\Program Files\Software Informer\softinfo.exe” -service
“C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe” -servicelaunch=true
C:\Windows\SysWOW64\svchost.exe -k netsvcs
“C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe”
“C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe”
“C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgemca.exe”
“c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe”
“C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe”
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe”
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Erika\AppData\Local\Torch\Update\TorchCrashHandler.exe
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe”
C:\Windows\servicing\TrustedInstaller.exe
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-06d5b808-2c43-43d0-9df7-b00d1ee917ce -SystemEventPortName:HostProcess-e44ee93a-b14c-4ca5-b8f7-88dfa6f72314 -IoCancelEventPortName:HostProcess-9434a70d-1d56-4264-9edc-6436cebba728 -NonStateChangingEventPortName:HostProcess-804be77b-99fd-486b-b263-2e5f1efd1e48 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6156a174-6fe2-41da-a67c-a96fb0b7afbd -DeviceGroupId:WpdFsGroup
taskeng.exe {4E6FB0E8-150C-4095-B1B3-181058F091B1}
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
“c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files\Logitech\SetPointP\SetPoint.exe” /launchGaming
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe”
“C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe” -deviceID “CN19F411SS05QB:NW” -scfn “HP Photosmart 6510 series (NET)” -AutoStart 1
“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe”
“C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe”
“C:\Program Files (x86)\Sitecom\Common\RaUI.exe” -s
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe”
“C:\Users\Erika\AppData\Roaming\Dropbox\bin\Dropbox.exe” /systemstartup
KHALMNPR.EXE /API
“C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe” –showwindow=false –onOSstartup=true
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe” “-launchedbyvulcan”
“C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY
“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
ctfmon.exe
“C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe” –type=renderer –no-sandbox –lang=en-US –lang=en-US –log-severity=disable –channel=“3260.0.1997986149\146130368” /prefetch:3
“C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe”
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
“F:\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default
prefs.js - “browser.search.useDBForOrder” - “false”
prefs.js - “extensions.enabledItems” - “{a55c4ab0-ac89-4352-a750-98552a6a9337}:1.0, avg@igeared:6.103.018.001, DeviceDetection@logitech.com:1.21.0.11, {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17”
“Description”=Adobe® Flash® Player 14.0.0.145 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
“Description”=Adobe Shockwave Player
“Path”=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll
“Description”=Garmin GPS Control for Firefox
“Path”=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
“Description”=Google Earth in your browser
“Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
“Description”=Zylom Games Player 1.00
“Path”=C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
“Description”=VLC Multimedia Plugin
“Path”=C:\Users\Erika\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll
“Description”=Adobe® Flash® Player 14.0.0.145 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll
“Description”=Garmin GPS Control for Firefox
“Path”=C:\Program Files\Garmin GPS Plugin\npGarmin.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
“Description”=
“Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
ILnsp110.log
ILnsp120.log
NPCltInst11.dll
NPCltInst121.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\
DeviceDetection@logitech.com
kaiyu.25q@yewnlduyeygpb.org
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}-trash
{ab91efd4-6975-4081-8552-1b3922ed79e2}
======Registry dump======
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TNS NIPO Clicks - C:\Users\Erika\AppData\Local\Wakoopa Shared\WakoopaBHO.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
{ae07101b-46d4-4a98-af68-0333ea26e113}
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
“AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
“Logitech Download Assistant”=C:\Windows\System32\LogiLDA.dll
“EvtMgr6”=C:\Program Files\Logitech\SetPointP\SetPoint.exe
“NCPluginUpdater”=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
“HP Photosmart 6510 series (NET)”=C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
“GarminExpressTrayApp”=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
“TNS NIPO Clicks”=C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
“AVG-Secure-Search-Update_1213b”=C:\Users\Erika\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8da9f4b0987847d392c69128c064797a-b1ab53bf69ee3d56e0b68fecf6a63d5566bf3245 /CMPID=1213b
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
“hpsysdrv”=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
“IAStorIcon”=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
“StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
“SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
“AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
“QuickTime Task”=C:\Program Files (x86)\QuickTime\QTTask.exe
“Adobe Creative Cloud”=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
“AVG_UI”=C:\Program Files (x86)\AVG\AVG2014\avgui.exe
“SunJavaUpdateSched”=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Sitecom Wireless Utility.lnk - C:\Program Files (x86)\Sitecom\Common\RaUI.exe
Spyder3Utility.lnk - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Erika\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
“{E54729E8-BB3D-4270-9D49-7389EA579090}”=C:\Windows\SysWow64\EZUPBH~1.DLL
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“PromptOnSecureDesktop”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-07-22 16:00:34 —-D—- C:\rsit
2014-07-22 16:00:34 —-D—- C:\Program Files\trend micro
2014-07-22 15:38:54 —-A—- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-22 15:38:37 —-D—- C:\ProgramData\Malwarebytes
2014-07-22 15:38:37 —-D—- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-22 15:38:37 —-A—- C:\Windows\system32\drivers\mwac.sys
2014-07-22 15:38:37 —-A—- C:\Windows\system32\drivers\mbamchameleon.sys
2014-07-22 15:38:37 —-A—- C:\Windows\system32\drivers\mbam.sys
2014-07-22 15:33:21 —-D—- C:\Program Files\CCleaner
2014-07-22 08:58:36 —-A—- C:\Windows\SYSWOW64\javaws.exe
2014-07-22 08:58:21 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-07-22 08:58:21 —-A—- C:\Windows\SYSWOW64\javaw.exe
2014-07-22 08:58:21 —-A—- C:\Windows\SYSWOW64\java.exe
2014-07-15 17:48:19 —-D—- C:\ProgramData\TorchCrashHandler
2014-07-12 09:49:15 —-A—- C:\Windows\SYSWOW64\kerberos.dll
2014-07-12 09:49:15 —-A—- C:\Windows\system32\schannel.dll
2014-07-12 09:49:15 —-A—- C:\Windows\system32\kerberos.dll
2014-07-12 09:49:14 —-A—- C:\Windows\SYSWOW64\schannel.dll
2014-07-12 09:49:13 —-A—- C:\Windows\SYSWOW64\msv1_0.dll
2014-07-12 09:49:13 —-A—- C:\Windows\system32\wdigest.dll
2014-07-12 09:49:13 —-A—- C:\Windows\system32\msv1_0.dll
2014-07-12 09:49:12 —-A—- C:\Windows\SYSWOW64\ncrypt.dll
2014-07-12 09:49:12 —-A—- C:\Windows\system32\TSpkg.dll
2014-07-12 09:49:12 —-A—- C:\Windows\system32\ncrypt.dll
2014-07-12 09:49:11 —-A—- C:\Windows\SYSWOW64\wdigest.dll
2014-07-12 09:49:11 —-A—- C:\Windows\SYSWOW64\TSpkg.dll
2014-07-12 09:49:09 —-A—- C:\Windows\SYSWOW64\credssp.dll
2014-07-12 09:49:09 —-A—- C:\Windows\system32\credssp.dll
2014-07-12 09:48:23 —-A—- C:\Windows\SYSWOW64\mstscax.dll
2014-07-12 09:48:22 —-A—- C:\Windows\system32\mstscax.dll
2014-07-09 21:14:11 —-A—- C:\Windows\system32\win32k.sys
2014-07-09 21:14:09 —-A—- C:\Windows\SYSWOW64\osk.exe
2014-07-09 21:14:09 —-A—- C:\Windows\system32\osk.exe
2014-07-09 21:14:05 —-A—- C:\Windows\SYSWOW64\qedit.dll
2014-07-09 21:14:05 —-A—- C:\Windows\system32\qedit.dll
2014-07-09 21:14:04 —-A—- C:\Windows\system32\drivers\afd.sys
2014-07-09 21:13:47 —-A—- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-09 21:13:47 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-07-09 21:13:47 —-A—- C:\Windows\system32\iernonce.dll
2014-07-09 21:13:46 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2014-07-09 21:13:46 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll
2014-07-09 21:13:45 —-A—- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-07-09 21:13:45 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2014-07-09 21:13:44 —-A—- C:\Windows\system32\ieetwproxystub.dll
2014-07-09 21:13:44 —-A—- C:\Windows\system32\iedkcs32.dll
2014-07-09 21:13:43 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2014-07-09 21:13:43 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-09 21:13:43 —-A—- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-09 21:13:43 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 21:13:41 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2014-07-09 21:13:41 —-A—- C:\Windows\system32\urlmon.dll
2014-07-09 21:13:40 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2014-07-09 21:13:40 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 21:13:39 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-09 21:13:39 —-A—- C:\Windows\SYSWOW64\iedkcs32.dll
2014-07-09 21:13:38 —-A—- C:\Windows\system32\ieetwcollector.exe
2014-07-09 21:13:37 —-A—- C:\Windows\SYSWOW64\ieui.dll
2014-07-09 21:13:37 —-A—- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-09 21:13:37 —-A—- C:\Windows\system32\msfeeds.dll
2014-07-09 21:13:37 —-A—- C:\Windows\system32\dxtmsft.dll
2014-07-09 21:13:36 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2014-07-09 21:13:36 —-A—- C:\Windows\system32\iesetup.dll
2014-07-09 21:13:36 —-A—- C:\Windows\system32\ie4uinit.exe
2014-07-09 21:13:35 —-A—- C:\Windows\system32\iertutil.dll
2014-07-09 21:13:34 —-A—- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-07-09 21:13:34 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2014-07-09 21:13:34 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-09 21:13:33 —-A—- C:\Windows\SYSWOW64\wininet.dll
2014-07-09 21:13:33 —-A—- C:\Windows\SYSWOW64\vbscript.dll
2014-07-09 21:13:33 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll
2014-07-09 21:13:33 —-A—- C:\Windows\system32\jsproxy.dll
2014-07-09 21:13:32 —-A—- C:\Windows\SYSWOW64\msrating.dll
2014-07-09 21:13:32 —-A—- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-07-09 21:13:30 —-A—- C:\Windows\system32\ieui.dll
2014-07-09 21:13:30 —-A—- C:\Windows\system32\ieframe.dll
2014-07-09 21:13:30 —-A—- C:\Windows\system32\dxtrans.dll
2014-07-09 21:13:29 —-A—- C:\Windows\system32\mshtmlmedia.dll
2014-07-09 21:13:29 —-A—- C:\Windows\system32\mshtmled.dll
2014-07-09 21:13:28 —-A—- C:\Windows\system32\jscript9diag.dll
2014-07-09 21:13:28 —-A—- C:\Windows\system32\jscript9.dll
2014-07-09 21:13:28 —-A—- C:\Windows\system32\ieUnatt.exe
2014-07-09 21:13:27 —-A—- C:\Windows\system32\wininet.dll
2014-07-09 21:13:27 —-A—- C:\Windows\system32\vbscript.dll
2014-07-09 21:13:27 —-A—- C:\Windows\system32\ieapfltr.dll
2014-07-09 21:13:26 —-A—- C:\Windows\system32\MshtmlDac.dll
2014-07-09 21:13:25 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 21:13:25 —-A—- C:\Windows\system32\msrating.dll
2014-07-09 21:13:24 —-A—- C:\Windows\system32\mshtml.dll
2014-07-09 21:13:10 —-A—- C:\Windows\system32\lsasrv.dll
2014-07-09 21:13:08 —-A—- C:\Windows\SYSWOW64\sspicli.dll
2014-07-09 21:13:08 —-A—- C:\Windows\SYSWOW64\secur32.dll
======List of files/folders modified in the last 1 month======
2014-07-22 16:00:44 —-D—- C:\Windows\Prefetch
2014-07-22 16:00:38 —-D—- C:\Windows\Temp
2014-07-22 16:00:34 —-RD—- C:\Program Files
2014-07-22 15:54:02 —-D—- C:\Users\Erika\AppData\Roaming\Dropbox
2014-07-22 15:53:38 —-D—- C:\Users\Erika\AppData\Roaming\DropboxMaster
2014-07-22 15:52:24 —-D—- C:\Windows\inf
2014-07-22 15:52:22 —-D—- C:\Windows\system32\config
2014-07-22 15:51:49 —-D—- C:\Windows
2014-07-22 15:51:45 —-HD—- C:\ProgramData
2014-07-22 15:50:33 —-D—- C:\Users\Erika\AppData\Roaming\SupTab
2014-07-22 15:38:54 —-D—- C:\Windows\system32\drivers
2014-07-22 15:38:37 —-RD—- C:\Program Files (x86)
2014-07-22 15:35:47 —-D—- C:\Windows\debug
2014-07-22 15:33:24 —-D—- C:\Windows\system32\Tasks
2014-07-22 15:11:59 —-SHD—- C:\System Volume Information
2014-07-22 13:11:35 —-D—- C:\Windows\system32\wbem
2014-07-22 13:10:21 —-SHD—- C:\Windows\Installer
2014-07-22 13:10:21 —-D—- C:\Windows\Tasks
2014-07-22 13:10:21 —-D—- C:\Windows\SysWOW64
2014-07-22 13:10:21 —-D—- C:\Windows\system32\DriverStore
2014-07-22 13:10:21 —-D—- C:\Windows\system32\catroot2
2014-07-22 13:10:21 —-D—- C:\Windows\System32
2014-07-22 13:10:21 —-D—- C:\Windows\registration
2014-07-22 13:10:21 —-D—- C:\ProgramData\MFAData
2014-07-22 13:06:40 —-SHD—- C:\Config.Msi
2014-07-22 12:59:49 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-07-22 08:58:48 —-D—- C:\ProgramData\Oracle
2014-07-22 08:58:39 —-D—- C:\Program Files (x86)\Common Files
2014-07-22 08:58:20 —-D—- C:\Program Files (x86)\Java
2014-07-21 16:29:44 —-A—- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-15 13:14:17 —-D—- C:\ProgramData\Soulseek
2014-07-13 19:15:02 —-D—- C:\Windows\rescache
2014-07-13 10:47:15 —-D—- C:\Windows\winsxs
2014-07-12 22:57:07 —-D—- C:\Windows\SYSWOW64\Dism
2014-07-12 22:57:06 —-D—- C:\Windows\system32\Dism
2014-07-12 22:57:05 —-D—- C:\Windows\SYSWOW64\nl-NL
2014-07-12 22:57:05 —-D—- C:\Windows\system32\nl-NL
2014-07-12 10:15:48 —-D—- C:\Users\Erika\AppData\Roaming\sweet-page
2014-07-12 09:47:49 —-D—- C:\Windows\system32\catroot
2014-07-10 03:21:31 —-D—- C:\Program Files\Windows Journal
2014-07-10 03:21:29 —-D—- C:\Windows\ehome
2014-07-10 03:21:28 —-D—- C:\Program Files\Internet Explorer
2014-07-10 03:21:27 —-D—- C:\Windows\SYSWOW64\en-US
2014-07-10 03:21:24 —-D—- C:\Windows\system32\en-US
2014-07-10 03:21:23 —-D—- C:\Program Files (x86)\Internet Explorer
2014-07-10 03:05:32 —-D—- C:\Windows\system32\MRT
2014-07-10 03:03:13 —-A—- C:\Windows\system32\MRT.exe
2014-07-10 03:02:45 —-D—- C:\ProgramData\Microsoft Help
2014-07-09 16:43:10 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys
R1 RapportCerberus_69875;RapportCerberus_69875; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys
R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys
R2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\drivers\serscan.sys
S1 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\Windows\system32\DRIVERS\SNTUSB64.SYS
S3 Spyder3;Datacolor Spyder3; C:\Windows\system32\DRIVERS\Spyder3.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
R2 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
R2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe
R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
R2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
R2 TorchCrashHandler;Torch Crash Handler; C:\Users\Erika\AppData\Local\Torch\Update\TorchCrashHandler.exe
R3 RoxMediaDB10;RoxMediaDB10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 22-7-2014
Scan Time: 15:39:12
Logfile: Mbam scanlog01.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.22.03
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Erika
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 299369
Time Elapsed: 10 min, 1 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1716, Delete-on-Reboot,
Modules: 0
(No malicious items detected)
Registry Keys: 15
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, Quarantined, ,
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, ,
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, ,
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, ,
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, ,
PUP.Optional.Babylon.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, ,
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, ,
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, Quarantined, ,
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, ,
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, ,
PUP.Optional.Babylon.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Redir, Quarantined, ,
PUP.Optional.Babylon.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Quarantined, ,
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, ,
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, ,
PUP.Optional.Softonic.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, ,
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, Quarantined,
Registry Data: 12
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788),Replaced,
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.sweet-page.com/web/?type=ds&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}, Good: (www.google.com), Bad: (http://www.sweet-page.com/web/?type=ds&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}),Replaced,
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.sweet-page.com/web/?type=ds&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}, Good: (www.google.com), Bad: (http://www.sweet-page.com/web/?type=ds&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}),Replaced,
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788),Replaced,
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.sweet-page.com/web/?type=ds&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}, Good: (www.google.com), Bad: (http://www.sweet-page.com/web/?type=ds&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}),Replaced,
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.sweet-page.com/web/?type=ds&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}, Good: (www.google.com), Bad: (http://www.sweet-page.com/web/?type=ds&ts=1400231706&from=sof&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}),Replaced,
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013),Replaced,
PUP.Optional.Snapdo, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013),Replaced,
PUP.Optional.Snapdo, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013),Replaced,
PUP.Optional.Snapdo, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013),Replaced,
PUP.Optional.Snapdo, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013),Replaced,
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=a55c4ab0-ac89-4352-a750-98552a6a9337&searchtype=ds&q={searchTerms}&installDate=23/06/2013),Replaced,
Folders: 11
PUP.Optional.SearchNewTab, C:\ProgramData\SearchNewTab, Quarantined, ,
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Delete-on-Reboot, ,
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\content, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\defaults, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\defaults\preferences, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\locale, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\locale\en-US, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\META-INF, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\skin, Quarantined, ,
Files: 51
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Delete-on-Reboot, ,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\BabSolution\Shared\enhancedNT.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Users\Erika\AppData\Roaming\SupTab\SupTab.dll, Quarantined, ,
PUP.Optional.WebSearch.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\searchplugins\Web Search.xml, Quarantined, ,
PUP.Optional.SearchNewTab, C:\ProgramData\SearchNewTab\51c6b1fc3a193.tlb, Quarantined, ,
PUP.Optional.SearchNewTab, C:\ProgramData\SearchNewTab\settings.ini, Quarantined, ,
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\build.sh, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\chrome.manifest, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\config_build.sh, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\install.rdf, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\readme.txt, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\content\about.xul, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\content\firefoxOverlay.xul, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\content\options.xul, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\content\overlay.js, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\content\y2layers.jpg, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\defaults\preferences\y2layers.js, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\locale\en-US\about.dtd, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\locale\en-US\prefwindow.dtd, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\locale\en-US\y2layers.dtd, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\locale\en-US\y2layers.properties, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\META-INF\manifest.mf, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\META-INF\zigbert.rsa, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\META-INF\zigbert.sf, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\skin\overlay.css, Quarantined, ,
PUP.Optional.Yontoo.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\plugin@yontoo.com\skin\toolbar-button.png, Quarantined, ,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.admin”, false), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.aflt”, “babsst”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.autoRvrt”, “false”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.dfltLng”, “nl”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.excTlbr”, false), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.ffxUnstlRst”, true), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.id”, “9a6c7b0d000000000000701a044a5c9b”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.instlDay”, “15947”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.instlRef”, “sst”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.newTab”, false), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.prdct”, “delta”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.prtnrId”, “delta”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.rvrt”, “false”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.smplGrp”, “none”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.tlbrId”, “base”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.tlbrSrchUrl”, “”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.vrsn”, “1.8.24.6”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.vrsnTs”, “1.8.24.610:10:16”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta.vrsni”, “1.8.24.6”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta_i.babExt”, “”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta_i.babTrack”, “affID=119357&tt=280813_ts&tsp=4990”), Replaced,
PUP.Optional.Delta.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.delta_i.srcExt”, “ss”), Replaced,
PUP.Optional.Conduit.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“browser.search.defaulturl”, “http://search.conduit.com/ResultsExt.aspx?ctid=CT2866439&SearchSource=3&q={searchTerms}”), Replaced,
Physical Sectors: 0
(No malicious items detected)
(end)
fazantje

22-07-2014 22:41

Hoi Rikje,
Sorry voor de wat late reactie, maar het is vakantietijd en ik ben op dit moment alleen.
Download AdwCleaner by Xplode naar het bureaublad.
* Sluit alle openstaande vensters.
* Dubbelklik op AdwCleaner om hem te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,
* Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Klik vervolgens op Scannen.
* Klik vervolgens op Verwijderen als er items zijn gevonden.
* Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden: C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
Vertel er ook bij hoe het hierna gaat?
Succes,
Huib;)
Rikje

23-07-2014 09:51

De link werkte niet maar heb via google adwcleaner opgezocht en gedownload.
bijgaand de logfile.
Er begon wel gelijk van alles aan meldingen via mijn AVG Antivirus te komen.
Ik heb maar op accepteren geklikt omdat ik aannam dat het iets met de download van adwcleaner te maken had.
Rikje
# AdwCleaner v1.606 - Logfile created 07/23/2014 at 09:47:23
# Updated 10/05/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Erika - ERIKA-PC
# Running from : C:\Users\Erika\Desktop\adwcleaner-1.606-en.exe
# Option
***** *****
***** *****
Folder Found : C:\Users\Erika\AppData\Roaming\Babylon
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
***** *****
Key Found : HKCU\Software\Smartbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKCU\Software\Smartbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
***** *****
-\\ Internet Explorer v9.11.9600.17207
Registry is clean.
-\\ Mozilla Firefox v30.0 (nl)
Profile name : default
File : C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js
Found : user_pref(“browser.search.defaultthis.engineName”, “Productivity 1.12 Customized Web Search”);
Found : user_pref(“browser.search.defaulturl”, "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866439&Sea
Found : user_pref(“extensions.51c6b1fc3a0ac.scode”, "(function(){try{var url=(window.self.location.href + do
Found : user_pref(“extensions.engine@conduit.com.install-event-fired”, true);
-\\ Google Chrome v
File : C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Preferences
File is clean.
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
fazantje

23-07-2014 10:10

Hoi Rikje,
Ik heb de link getest, maar werkt hier wel:)
Jou scan:
Zou je deze nogmaals willen doen en dan dat wat ie vind laten verwijderen.
Dit heb je n.l. niet gedaan, terwijl ik schreef:
>>>* Klik vervolgens op Verwijderen als er items zijn gevonden. <<<
Groetjes Huib;)
Rikje

23-07-2014 10:25

Huib
Ik heb nu een veel groter probleem.
Ik heb blijkbaar iets laten installeren wat niet meer te verwijderen valt namelijk FLVplayer
Ik kan wel via het configuratiescherm op verwijderen klikken maar het enige wat er dan gebeurd is dat ik een lopend groen balkje krijg met Loading setup data.
Verder gebeurd er helemaal niets.
Ik zit nu op de PC van mijn man en ook daar werkt de link niet.
Ik krijg de volgende melding:
Beveiligde verbinding mislukt
Fout tijdens het verbinden met toolslib.net.
Kan niet beveiligd communiceren met peer: geen algeme(e)n(e) versleutelingsalgoritme(n).
(Foutcode: ssl_error_no_cypher_overlap)
Ik heb daarom gelijk de adwcleaner maar van de PC gehaald.
Blijkbaar heb ik niet de juiste te pakken gehad.
Geen idee hoe nu verder te handelen.
Rikje
fazantje

23-07-2014 10:34

Hoi Rikje,
Niet in paniek raken;)
Doe nu het volgende:
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop “Run script”.
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht en vertel even hoe het nu gaat.
Succes,
Huib;)
Rikje

23-07-2014 11:45

Hoi Huib
Zoek.exe uitgevoerd.
FLVMplayer staat er nog steeds op.
Mijn browser werkt in ieder geval al een stuk sneller.
onderstaand de log van zoek.exe
Zoek.exe v5.0.0.0 Updated 22-07-2014
Tool run by Erika on wo 23-07-2014 at 10:59:39,11.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Erika\Desktop\zoek.exe
==== System Restore Info ======================
23-7-2014 11:02:21 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Wondershare deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} deleted successfully
C:\PROGRA~3\{B12D13C3-76FD-479D-AD99-8C6F18156BC9} deleted successfully
C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted successfully
C:\Users\Erika\AppData\Roaming\SupTab deleted successfully
C:\Users\Erika\AppData\Local\CrashDumps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Users\Erika\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
C:\Program Files (x86)\Sitecom\Common\RaUI.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\Erika\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Users\Erika\AppData\Local\CodecIconProgram\CodecIconProgram.exe
C:\Windows\SysWOW64\ExportRootSamba\ExportRootSamba.exe
C:\Users\Erika\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RgFltX64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RgFltX64 deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default
user.js not found
—- Lines y2layers removed from prefs.js —-
user_pref(“extentions.y2layers.defaultEnableAppsList”, “DropDownDeals,buzzdock,YontooNewOffers”);
user_pref(“extentions.y2layers.installId”, “2fd73abc-e3c2-4fe7-a9c8-fb41905e88a6”);
—- Lines helperbar removed from prefs.js —-
user_pref(“extensions.helperbar.Country”, “Netherlands”);
user_pref(“extensions.helperbar.countryiso”, “nl”);
user_pref(“extensions.helperbar.DockingPositionDown”, false);
user_pref(“extensions.helperbar.DOWNLOADPROVIDER”, “QuickObrw”);
user_pref(“extensions.helperbar.downloadprovider”, “quickobrw”);
user_pref(“extensions.helperbar.installationid”, “a55c4ab0-ac89-4352-a750-98552a6a9337”);
user_pref(“extensions.helperbar.installationID”, “a55c4ab0-ac89-4352-a750-98552a6a9337”);
user_pref(“extensions.helperbar.installDate”, “23/06/2013”);
user_pref(“extensions.helperbar.installdate”, “23/06/2013”);
user_pref(“extensions.helperbar.publisher”, “quickobrw”);
user_pref(“extensions.helperbar.PUBLISHER”, “QuickObrw”);
user_pref(“extensions.helperbar.SmartbarDisabled”, false);
user_pref(“extensions.helperbar.SmartbarStateMinimaized”, false);
user_pref(“extensions.helperbar.Visibility”, false);
—- Lines extensions.51c6b1fc3a0ac removed from prefs.js —-
user_pref(“extensions.51c6b1fc3a0ac.epoch”, “1405063526”);
user_pref(“extensions.51c6b1fc3a0ac.url”, "http://getsrv1.info/sync2/?ext=wbn&pid=244&country=NL®d=130623082948&lsd=140710072527&ver=7&ind=25778085
—- FireFox user.js and prefs.js backups —-
prefs_23-07-2014_1119_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} not found
C:\PROGRA~3\{B12D13C3-76FD-479D-AD99-8C6F18156BC9} not found
C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} not found
C:\PROGRA~2\MyPC Backup deleted
C:\PROGRA~2\SupTab deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\Users\Erika\AppData\Roaming\BitLord deleted
C:\Users\Erika\AppData\Roaming\sweet-page deleted
C:\Users\Erika\AppData\Roaming\ExpressFiles deleted
C:\Users\Erika\AppData\Roaming\BabSolution deleted
C:\Users\Erika\AppData\Roaming\systweak deleted
C:\PROGRA~3\Systweak deleted
C:\PROGRA~3\Avg_Update_0414b deleted
C:\PROGRA~3\StarApp deleted
C:\PROGRA~3\WPM deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Erika\AppData\Local\avgchrome deleted
C:\Users\Erika\AppData\Local\Wondershare deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Erika\Downloads\avg_free_stb_all_2014_4577_cnet.exe deleted
C:\Users\Erika\Searches deleted
C:\Users\Erika\AppData\LocalLow\Delta deleted
C:\windows\SysNative\Tasks\Express FilesUpdate deleted
C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\Invalidprefs.js deleted
C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\kaiyu.25q@yewnlduyeygpb.org deleted
“C:\Windows\Installer\22902.msi” deleted
“C:\Users\Erika\AppData\Local\CodecIconProgram\CodecIconProgram.exe” deleted
“C:\Users\Erika\AppData\Local\CodecIconProgram\msvcp100.dll” deleted
“C:\Users\Erika\AppData\Local\CodecIconProgram\msvcr100.dll” not deleted
“C:\Users\Erika\AppData\Local\CodecIconProgram\QtCore4.dll” deleted
“C:\Users\Erika\AppData\Local\CodecIconProgram\QtNetwork4.dll” deleted
“C:\Windows\Syswow64\ExportRootSamba\ExportRootSamba.exe” deleted
“C:\Windows\Syswow64\ExportRootSamba\msvcp100.dll” deleted
“C:\Windows\Syswow64\ExportRootSamba\msvcr100.dll” not deleted
“C:\Windows\Syswow64\ExportRootSamba\QtCore4.dll” deleted
“C:\Windows\Syswow64\ExportRootSamba\QtNetwork4.dll” deleted
“C:\Users\Erika\AppData\Local\CodecIconProgram” not deleted
“C:\Windows\Syswow64\ExportRootSamba” not deleted
“C:\Users\Erika\AppData\Local\CodecIconProgram\desktop” not deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6072 MB
CPU Info: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
CPU Speed: 2973,9 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Realtek Digital Output (Realtek |
Display Adapters: ATI Radeon HD 5450 | ATI Radeon HD 5450 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless PCI Express Card LAN Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp CDDVDW TS-H653R
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 918,9GB | D: 12,6GB
Hard Disks - Free: C: 750,4GB | D: 1,7GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 06/25/10 | HPQOEM - 20100625
Time Zone: West-Europa (standaardtijd)
Motherboard *: MSI IONA
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
Default Browser: Firefox 30.0
Internet Explorer Version: 11.0.9600.17207
Mozilla Firefox version: 30.0 (x86 nl)
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_65 (32-bit)
Flash Player version: 14.0.0.145
Shockwave Player version: 12.1.1r151
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Erika\AppData\Local\Temp ====
2014-07-23 08:54:58 5634C601025C31032A0AF1590B4C0CA6 43008 —-a-w- C:\Users\Erika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplabix3.dll
2014-07-23 07:44:52 BA0FAAEDEDAB6E6365A92143B558BD8C 4242370 —-a-w- C:\Users\Erika\AppData\Local\Temp\n1347\systemsspeedup_0307-cd6becd7.exe
====== Java Cache =====
2014-07-22 06:59:07 C1BBA7F1278F193AB584FFF460DB5E2A 17878 —-a-w- C:\Users\Erika\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-22814be2
2014-07-22 06:59:02 415FC9732A3F4D89A0E01251CD66E136 646 —-a-w- C:\Users\Erika\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-49bed083
2014-07-22 06:59:02 010C6969E98D2DA685BE5FE42EF23D8A 425 —-a-w- C:\Users\Erika\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap
2014-07-22 06:59:02 415FC9732A3F4D89A0E01251CD66E136 646 —-a-w- C:\Users\Erika\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-36dcd16a
2014-07-22 06:59:03 34FA8033B50A3F99D3AB8209C72C0ABA 6860 —-a-w- C:\Users\Erika\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-4c9240a2
====== C:\Windows\SysWOW64 =====
2014-07-22 06:58:36 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 —-a-w- C:\Windows\SysWOW64\javaws.exe
2014-07-22 06:58:21 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 —-a-w- C:\Windows\SysWOW64\java.exe
2014-07-22 06:58:21 67BE34FBF29E783691C713517102E67E 175528 —-a-w- C:\Windows\SysWOW64\javaw.exe
2014-07-22 06:58:21 419094DF76A32252ECD70730382029ED 98216 —-a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-12 07:49:15 1A0BE0092646F564FAF204E678AF8E03 550912 —-a-w- C:\Windows\SysWOW64\kerberos.dll
2014-07-12 07:49:14 F95E1E9D97D25C11F29CA34C843A6F4D 247808 —-a-w- C:\Windows\SysWOW64\schannel.dll
2014-07-12 07:49:13 8BA721F76C97A219599E88722AA48875 259584 —-a-w- C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 07:49:12 C61DDFE40204F3BE3DF111981D91560E 220160 —-a-w- C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 07:49:11 C71CC796F0E2E9BD542C87532706FCFE 172032 —-a-w- C:\Windows\SysWOW64\wdigest.dll
2014-07-12 07:49:11 6CB2616152ADCDF39F05B08E4858F476 65536 —-a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 07:49:09 E3ECF5FFE3DEDF61DC6877B6A99ACBBF 17408 —-a-w- C:\Windows\SysWOW64\credssp.dll
2014-07-12 07:48:23 204882085A7D984D455AA4DE7B7074C6 5694464 —-a-w- C:\Windows\SysWOW64\mstscax.dll
2014-07-09 19:14:09 C6A991D7DF17EBD8DE4739CD1F283133 646144 —-a-w- C:\Windows\SysWOW64\osk.exe
2014-07-09 19:14:05 492FF9C530EC0352B3C904CE9898269D 509440 —-a-w- C:\Windows\SysWOW64\qedit.dll
2014-07-09 19:13:47 67EA1BB7F6428A10C64D5A732976F871 69632 —-a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 19:13:47 448854C4FE94C0FA329CC38FF103DC74 51200 —-a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 19:13:46 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 —-a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 19:13:46 7C44C697BA6D0B698B91AC6516A731C3 1139200 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2014-07-09 19:13:45 BE0EA764820239F7785410CBE3880086 32256 —-a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 19:13:45 91CF46BBB827E461C498A1D7D1A71AD6 32768 —-a-w- C:\Windows\SysWOW64\iernonce.dll
2014-07-09 19:13:43 E739AEDCA67F214F96C2520BA293B12B 526336 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 19:13:43 DFA59840BB1220AFD261FDAE83543959 17276416 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2014-07-09 19:13:43 9385D7C5DF2566D01B1FB150F381D50B 367616 —-a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 19:13:42 42BF66A4DC35DAD3564065173372CCE9 2724864 —-a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 19:13:41 CE94480E78CC3A1A17B53F2BB65639BD 61952 —-a-w- C:\Windows\SysWOW64\iesetup.dll
2014-07-09 19:13:41 4B774E842F268D51DB942EF9637828B9 1964544 —-a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 19:13:40 084FB28A790685F32A6D7D003777696D 2179072 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2014-07-09 19:13:39 A9F8343A3234FC7A42DDA4569827B411 43008 —-a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 19:13:39 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 —-a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 19:13:37 F2A99A4293CAF7956FF7801D36D5A3B2 442368 —-a-w- C:\Windows\SysWOW64\ieui.dll
2014-07-09 19:13:37 573E522A27210701EB8A6C476D36FFF6 239616 —-a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 19:13:36 FC733FD7721200D5136F6F8112E97B00 11742208 —-a-w- C:\Windows\SysWOW64\ieframe.dll
2014-07-09 19:13:34 FDA05E78813F543A6E9AC6B23EC696F2 1068032 —-a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 19:13:34 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2014-07-09 19:13:34 09CBE4B1AEF497FC05493B09EA2C1757 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 19:13:33 CCC198257901BEEA2FBF8EB1E7678356 1791488 —-a-w- C:\Windows\SysWOW64\wininet.dll
2014-07-09 19:13:33 175A663547805367C10746FC416D4605 704512 —-a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 19:13:33 045A91095A605BB20FF2B37546FE62B0 455168 —-a-w- C:\Windows\SysWOW64\vbscript.dll
2014-07-09 19:13:32 8046CF629D8AE766C22145F4A6AFFBE1 164864 —-a-w- C:\Windows\SysWOW64\msrating.dll
2014-07-09 19:13:32 557D60DF85D61C290A1D09E7115B294B 62464 —-a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 19:13:08 A0E053D8D97ED0F913D56E6AF21DD26F 22016 —-a-w- C:\Windows\SysWOW64\secur32.dll
2014-07-09 19:13:08 230AAF45031E87638CA4053C0399C1E6 96768 —-a-w- C:\Windows\SysWOW64\sspicli.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-12 07:49:15 E8E98B3B7A6E1250F4AA7AF8FA17D5BB 340992 —-a-w- C:\Windows\Sysnative\schannel.dll
2014-07-12 07:49:15 A805B5E68262302D1A60BE3DED5846C9 728064 —-a-w- C:\Windows\Sysnative\kerberos.dll
2014-07-12 07:49:13 BFC98590EAB40C785D6134B1FA818A62 210944 —-a-w- C:\Windows\Sysnative\wdigest.dll
2014-07-12 07:49:13 7D1017ED11B7C3B162628069742B5E58 314880 —-a-w- C:\Windows\Sysnative\msv1_0.dll
2014-07-12 07:49:12 E23BA7A7BD97FC6B8AB5EA32A46D05CD 307200 —-a-w- C:\Windows\Sysnative\ncrypt.dll
2014-07-12 07:49:12 79EE13A5A406E4603874686B8005DA72 86528 —-a-w- C:\Windows\Sysnative\TSpkg.dll
2014-07-12 07:49:09 C9DD5C0D5AF2D7A54BA32E8FBD3B67F1 22016 —-a-w- C:\Windows\Sysnative\credssp.dll
2014-07-12 07:48:22 879A3F94118D686E63041A386FE91EBE 6574592 —-a-w- C:\Windows\Sysnative\mstscax.dll
2014-07-09 19:14:11 F1726E14C8F7B40CD828345890AAF764 3157504 —-a-w- C:\Windows\Sysnative\win32k.sys
2014-07-09 19:14:09 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 —-a-w- C:\Windows\Sysnative\osk.exe
2014-07-09 19:14:05 D6AFBAA93169E6772565A1BC896D666B 624128 —-a-w- C:\Windows\Sysnative\qedit.dll
2014-07-09 19:13:47 FC50DF22550C565DD096ACFAF18A37ED 33792 —-a-w- C:\Windows\Sysnative\iernonce.dll
2014-07-09 19:13:46 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 —-a-w- C:\Windows\Sysnative\mshtml.tlb
2014-07-09 19:13:44 C2F62DF01E3552DB0571FEF4D514675B 48640 —-a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-07-09 19:13:44 C0F9F52C36E584C0339406ABF6DA1FBA 266424 —-a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-07-09 19:13:43 5E646AD50848A409291418B5759595B9 38400 —-a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-07-09 19:13:41 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 —-a-w- C:\Windows\Sysnative\urlmon.dll
2014-07-09 19:13:40 391D68668CFC061F26BE593A61F745E0 4096 —-a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-07-09 19:13:38 7176CB0FFAAC3E54ABB2014E821120F9 111616 —-a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-07-09 19:13:37 D8E6706AECD7AA50764E126CE3F36555 631808 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2014-07-09 19:13:37 2E40D5E11BCC597352EE0314AF629A0F 452608 —-a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-07-09 19:13:36 CA67F68CEC788C0C69AD47C5125DDD8E 608768 —-a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-07-09 19:13:36 7469D4E046BD7D155CAC2697BD28B58B 66048 —-a-w- C:\Windows\Sysnative\iesetup.dll
2014-07-09 19:13:35 A21C6231459F4CAC212676A9367A1A68 2768384 —-a-w- C:\Windows\Sysnative\iertutil.dll
2014-07-09 19:13:35 1685AA234852657C4A6D253CCBBE84E0 2040832 —-a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-07-09 19:13:33 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 —-a-w- C:\Windows\Sysnative\jsproxy.dll
2014-07-09 19:13:30 854C5F171F5CEE272232AC0286F3B3B9 598016 —-a-w- C:\Windows\Sysnative\ieui.dll
2014-07-09 19:13:30 415DF2B045167D6D85223CFFF00FCFC7 292864 —-a-w- C:\Windows\Sysnative\dxtrans.dll
2014-07-09 19:13:30 366FA6D38406DC8BED62825C196144D1 13527040 —-a-w- C:\Windows\Sysnative\ieframe.dll
2014-07-09 19:13:29 945FA19B388FCF0FEA6124B5FD71C72F 1249280 —-a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-07-09 19:13:29 1FD6C2F6AC489C271565730F6E9E1A05 85504 —-a-w- C:\Windows\Sysnative\mshtmled.dll
2014-07-09 19:13:28 CD76B3D60D28634A67B0AD7CB2E45929 139264 —-a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-07-09 19:13:28 50FF2DD806CC6CF3B3F98F9A1A711603 752640 —-a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-07-09 19:13:28 4EC7738394D2BC7BCB5F7A3657F57252 5721088 —-a-w- C:\Windows\Sysnative\jscript9.dll
2014-07-09 19:13:27 BDD4A74421B023C81DA63168BD10C01B 846336 —-a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-07-09 19:13:27 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 —-a-w- C:\Windows\Sysnative\wininet.dll
2014-07-09 19:13:27 00401347C3BC466E5F2516387EBBCA7D 548352 —-a-w- C:\Windows\Sysnative\vbscript.dll
2014-07-09 19:13:26 89A53CDE0DA5680AF48A181D82C752CA 83968 —-a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-07-09 19:13:25 F876957CA193B20A21D52F91418657D7 195584 —-a-w- C:\Windows\Sysnative\msrating.dll
2014-07-09 19:13:25 52012C83F7E9AF65D13F04415F0508F5 940032 —-a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-07-09 19:13:24 FEC19C351EF1B2C998A85D1BFD765675 23464448 —-a-w- C:\Windows\Sysnative\mshtml.dll
2014-07-09 19:13:10 D4CCE15190269486A5E6D4D4E597F798 1460736 —-a-w- C:\Windows\Sysnative\lsasrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-22 13:38:54 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-07-22 13:38:37 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-07-22 13:38:37 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-07-22 13:38:37 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-07-09 19:14:04 FA886682CFC5D36718D3E436AACF10B9 497152 —-a-w- C:\Windows\Sysnative\drivers\afd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-07-22 14:00:34 ——– d—–w- C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-07-23 07:44:11 ——– d—–w- C:\PROGRA~2\FLVM Player
2014-07-22 06:58:39 ——– d—–w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
2014-07-23 08:26:18 F9A3A8C7A9DF15860E45279C37ABDB90 2301 —-a-w- C:\AdwCleaner.txt
2014-07-23 08:26:02 E524B42267109DC69D6062F96742CD71 2420 —-a-w- C:\AdwCleaner.txt
2014-07-23 07:47:23 571F91DF83156407B42F96B711AE844D 2360 —-a-w- C:\AdwCleaner.txt
====== C:\Users\Erika\AppData\Roaming ======
2014-07-23 07:44:29 ——– d—–w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CrashDumps
2014-07-23 07:44:26 ——– d—–w- C:\Users\Erika\AppData\Local\CodecIconProgram
2014-07-23 07:44:12 ——– d—–w- C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
2014-07-23 06:56:01 ——– d-sh–w- C:\Users\Erika\AppData\Locallow\EmieUserList
2014-07-23 06:55:55 ——– d-sh–w- C:\Users\Erika\AppData\Local\EmieUserList
2014-07-23 06:55:55 ——– d-sh–w- C:\Users\Erika\AppData\Local\EmieSiteList
2014-07-23 06:54:23 ——– d-sh–w- C:\Users\Erika\AppData\Locallow\EmieSiteList
2014-07-15 15:48:18 ——– d—–w- C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
2014-07-15 15:45:01 ——– d—–w- C:\Users\Erika\AppData\Local\Torch
====== C:\Users\Erika ======
2014-07-23 07:47:10 96030AE285C32ECCD1C599F1C5DD2BEF 581957 —-a-w- C:\Users\Erika\Desktop\adwcleaner-1.606-en.exe
2014-07-22 06:58:21 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-15 15:48:19 ——– d—–w- C:\ProgramData\TorchCrashHandler
2014-07-15 13:29:09 A94E9564DEBBF768E4222A6FEED15D93 1661160 —-a-w- C:\Users\Erika\Downloads\TorchSetup.exe
====== C: exe-files ==
2014-07-23 07:47:10 96030AE285C32ECCD1C599F1C5DD2BEF 581957 —-a-w- C:\Users\Erika\Desktop\adwcleaner-1.606-en.exe
2014-07-23 07:44:52 BA0FAAEDEDAB6E6365A92143B558BD8C 4242370 —-a-w- C:\Users\Erika\AppData\Local\Temp\n1347\systemsspeedup_0307-cd6becd7.exe
2014-07-23 07:44:12 AEDF260AD28B751B8B748A2ADBD01300 44253 —-a-w- C:\Program Files (x86)\FLVM Player\Uninstaller.exe
2014-07-22 14:00:34 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Erika.exe
2014-07-22 06:58:36 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 —-a-w- C:\Windows\SysWOW64\javaws.exe
2014-07-22 06:58:21 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 —-a-w- C:\Windows\SysWOW64\java.exe
2014-07-22 06:58:21 67BE34FBF29E783691C713517102E67E 175528 —-a-w- C:\Windows\SysWOW64\javaw.exe
2014-07-22 06:56:52 3842C46F2FBC7522EF625F1833530804 145408 —-a-w- C:\Users\Erika\AppData\LocalLow\Sun\Java\jre1.7.0_65\lzma.exe
=== C: other files ==
2014-07-22 13:38:54 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-22 13:38:37 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-22 13:38:37 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-22 13:38:37 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-22 06:53:42 C8ED9901764C041E2CBCEC855BFAF900 358040 —-a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69875.sys
2014-07-22 06:53:42 19705A841D47621BD7EE2DDC89D5894A 631128 —-a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys
==== Startup Registry Enabled ======================
“GarminExpressTrayApp”=“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“HP Photosmart 6510 series (NET)”=“C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe -deviceID CN19F411SS05QB:NW -scfn HP Photosmart 6510 series (NET) -AutoStart 1”
“GarminExpressTrayApp”=“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“TNS NIPO Clicks”=“C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe”
“AVG-Secure-Search-Update_1213b”=“C:\Users\Erika\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8da9f4b0987847d392c69128c064797a-b1ab53bf69ee3d56e0b68fecf6a63d5566bf3245 /CMPID=1213b”
“GarminExpressTrayApp”=“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“SPReview”=“C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“SPReview”=“C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601”
“hpsysdrv”=“c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe”
“IAStorIcon”=“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun ”
“SwitchBoard”=“C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe”
“AdobeCS6ServiceManager”=“C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime”
“Adobe Creative Cloud”=“C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe –showwindow=false –onOSstartup=true”
“AVG_UI”=“C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“HP Photosmart 6510 series (NET)”=“C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe -deviceID CN19F411SS05QB:NW -scfn HP Photosmart 6510 series (NET) -AutoStart 1”
“GarminExpressTrayApp”=“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“TNS NIPO Clicks”=“C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe”
“AVG-Secure-Search-Update_1213b”=“C:\Users\Erika\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8da9f4b0987847d392c69128c064797a-b1ab53bf69ee3d56e0b68fecf6a63d5566bf3245 /CMPID=1213b”
==== Startup Registry Enabled x64 ======================
“AdobeAAMUpdater-1.0”=“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”
“Logitech Download Assistant”=“C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch”
“EvtMgr6”=“C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming”
“NCPluginUpdater”=“C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update”
==== Startup Registry Disabled ======================
“HP Software Update”=“C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe”
“Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“HP Remote Solution”=“C:\\Program Files (x86)\\Hewlett-Packard\\HP Remote Solution\\HP_Remote_Solution.exe”
“SunJavaUpdateSched”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Easybits Recovery”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Reader Application Helper”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Sony\\ReaderDesktop\\appHelper\\ReaderAppHelper.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“RoxWatchTray”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxWatchTray10.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SmartMenu”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background”
==== Startup Folders ======================
2013-10-21 16:38:03 1053 —-a-w- C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-04-16 07:15:59 2001 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk
2013-04-16 08:20:41 1349 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma”
“C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Erika-PC-Erika”
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\CLMLSvc”
“C:\Windows\SysNative\tasks\DVDAgent”
“C:\Windows\SysNative\tasks\ExtendedServicePlan”
“C:\Windows\SysNative\tasks\GarminUpdaterTask”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\SysNative\tasks\HP-Online updateprogramma”
“C:\Windows\SysNative\tasks\HPCustParticipation HP Photosmart 6510 series”
“C:\Windows\SysNative\tasks\Java Update Scheduler”
“C:\Windows\SysNative\tasks\RecoveryCDWin7”
“C:\Windows\SysNative\tasks\Registration”
“C:\Windows\SysNative\tasks\ServicePlan”
“C:\Windows\SysNative\tasks\SidebarExecute”
“C:\Windows\SysNative\tasks\SoftwareInformerService”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN19F411SS05QB”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
2014-02-09 10:31:47 ——– d—–w- C:\PROGRA~3\Apple
2014-02-09 10:42:37 ——– d—–w- C:\PROGRA~3\Apple Computer
2014-02-09 15:47:16 ——– d—–w- C:\PROGRA~3\Informer Technologies, Inc
2014-03-16 14:52:30 ——– d—–w- C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-20 17:56:52 ——– d—–w- C:\PROGRA~3\AVG2014
2014-07-15 15:48:19 ——– d—–w- C:\PROGRA~3\TorchCrashHandler
2014-07-22 13:38:37 ——– d—–w- C:\PROGRA~3\Malwarebytes
==== Firefox Extensions Registry ======================
“{F003DA68-8256-4b37-A6C4-350FA04494DF}”=“C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt”
==== Firefox Extensions ======================
ProfilePath: C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default
- TNS NIPO Clicks - C:\Users\Erika\AppData\Local\TNS NIPO Clicks\plugins\firefox
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- TNS NIPO Clicks - %ProfilePath%\extensions\addon@nipobase.wakoopa.com
- Logitech - %ProfilePath%\extensions\DeviceDetection@logitech.com
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Undetermined - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}-trash
- HP Detect - %ProfilePath%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
260488E2BC07C276D1EDD54CCA086809 - C:\Users\Erika\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll - VLC Web Plugin
DFD5A8C94118C4E85B33245C2DDB553A - C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll - Logitech Device Detection
FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
kiplfnciaokpcennlkldkdaeaaomamof - C:\Users\Erika\AppData\Local\Torch\Plugins\TorchPlugin.crx
SearchNewTab - Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blackokofcmnlechhnhhifjkpapbofcn
Ask Toolbar - Erika\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne
DropToS - Erika\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo
Torch New Tab - Erika\AppData\Local\Torch\User Data\Default\Extensions\dipchieogpecpggdacaaffcjemkggfbi
Torch Shopping - Erika\AppData\Local\Torch\User Data\Default\Extensions\dmgjnkhnkblpmfjpdakehnaikgdjllic
Torch Games - Erika\AppData\Local\Torch\User Data\Default\Extensions\elnodfjhjgpnmdhklbfeijeaehcgffnp
Torch Music - Erika\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad
FaceLift - Erika\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk
Torch Games - Erika\AppData\Local\Torch\User Data\Default\Extensions\khkmhmmjbfailffpaicjgedkpboookjk
Torch Helper - Erika\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg
Torch Torrent - Erika\AppData\Local\Torch\User Data\Default\Extensions\mpdmibcjecdaibcnlilhiopefjgegjjc
Google Wallet - Erika\AppData\Local\Torch\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Torch Music - Erika\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed
==== Chrome Fix ======================
C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blackokofcmnlechhnhhifjkpapbofcn deleted successfully
C:\Users\Erika\AppData\Local\Torch\User Data\Default\Extensions\dmgjnkhnkblpmfjpdakehnaikgdjllic deleted successfully
C:\Users\Erika\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully
==== Set IE to Default ======================
Old Values:
“Use Search Asst”=“yes”
“Default”=“www.google.com”
“Default”=“www.google.com”
“Default”=“www.google.com”
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
not found
New Values:
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Use Search Asst”=“no”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“DefaultScope”=“{012E1000-F331-11DB-8314-0800200C9A66}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1153977891-1869991665-2431096691-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1153977891-1869991665-2431096691-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1153977891-1869991665-2431096691-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-1153977891-1869991665-2431096691-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
==== Reset IE Proxy ======================
Value(s) before fix:
“ProxyServer”=“http=127.0.0.1:41428”
“ProxyOverride”=“;*origin.com;*ea.com;*akamaihd.net”
“ProxyEnable”=dword:00000001
Value(s) after fix:
“ProxyEnable”=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C0AB752-4140-BFDB-DA1A-571FE5DCA586} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Application Helper deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: TNS NIPO Clicks - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Erika\AppData\Local\Wakoopa Shared\WakoopaBHO.dll
O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe” –showwindow=false –onOSstartup=true
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe” -deviceID “CN19F411SS05QB:NW” -scfn “HP Photosmart 6510 series (NET)” -AutoStart 1
O4 - HKCU\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
O4 - HKCU\..\Run: C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
O4 - HKCU\..\Run: C:\Users\Erika\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8da9f4b0987847d392c69128c064797a-b1ab53bf69ee3d56e0b68fecf6a63d5566bf3245 /CMPID=1213b
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘Default user’)
O4 - Startup: Dropbox.lnk = Erika\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: CodecIconProgram.exe - Unknown owner - C:\Users\Erika\AppData\Local\CodecIconProgram\CodecIconProgram.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ExportRootSamba - Unknown owner - C:\Windows\SysWOW64\ExportRootSamba\ExportRootSamba.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\Erika\AppData\Local\Torch\Update\TorchCrashHandler.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Erika\AppData\Local\Mozilla\Firefox\Profiles\pp5a1fpf.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Erika\AppData\Local\Torch\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=316 folders=153 232037867 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Erika\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Erika\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\Erika\AppData\Local\CodecIconProgram\msvcr100.dll” not found
“C:\Windows\Syswow64\ExportRootSamba\msvcr100.dll” not found
“C:\Users\Erika\AppData\Local\CodecIconProgram” not found
“C:\Windows\Syswow64\ExportRootSamba” not found
==== EOF on wo 23-07-2014 at 11:37:26,33 ======================
Maxstar

23-07-2014 12:32

Start Zoek.exe
nogmaals.
Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Antivirus software uitschakelen
Antispy & malware software uitschakelen
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
C:\PROGRA~2\FLVM Player;fs
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player;fs
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch;fs
C:\Users\Erika\AppData\Local\Torch;fs
;r
blackokofcmnlechhnhhifjkpapbofcn;chr
aaaalejpmnocmhmlbmlkjemekckoagne;chr
cipmepknanmbbaneimacddfemfbfgpgo;chr
dipchieogpecpggdacaaffcjemkggfbi;chr
dmgjnkhnkblpmfjpdakehnaikgdjllic;chr
elnodfjhjgpnmdhklbfeijeaehcgffnp;chr
gcjbdjlojcomlphfchhihkigepfabcad;chr
khkmhmmjbfailffpaicjgedkpboookjk;chr
lecpjhggilhbceadobnggaagnpfpafhg;chr
mpdmibcjecdaibcnlilhiopefjgegjjc;chr
ohimbkoaphfnmekmfppijeblmkncneed;chr
installedprogs;
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht als bijlage.
Rikje

23-07-2014 13:05

Nogmaals Zoek.exe uitgevoerd met de nieuwe gegevens zoals deze in het bericht van Maxstar stonden.
De FLV player staat er nog steeds.
Moet ik proberen om deze te verwijderen via het configuratiescherm??
Onderstaand de log van zoek.exe
Rikje
Zoek.exe v5.0.0.0 Updated 22-07-2014
Tool run by Erika on wo 23-07-2014 at 12:49:15,41.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Erika\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2014-07-23-093726.log 57543 bytes
==== Installed Programs ======================
Aangifte loonheffingen 2014
Adobe Creative Cloud
Adobe Digital Editions 3.0
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.07) - Nederlands
Adobe Shockwave Player 12.1
ANT Drivers Installer x64
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
AVG 2014
Basissoftware voor HP Photosmart 6510 series
Bejeweled 2 Deluxe
Bing Bar
Blasterball 3
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibiliteitspakket voor het 2007 Microsoft Office system
CyberLink DVD Suite Deluxe
Diner Dash
DirectX for Managed Code Update (Summer 2004)
DirectXInstallService
Dora's Carnival Adventure
Dropbox
DVD Menu Pack for HP MediaSmart Video
Elevated Installer
EMCGadgets64
eReg
FATE
FLV Player (remove only)
Freizeitkarte_BEL (Ausgabe 13.11)
Freizeitkarte_ESP (Ausgabe 13.11)
Freizeitkarte_FRA (Ausgabe 13.11)
Freizeitkarte_GRC (Ausgabe 13.11)
Freizeitkarte_HRV (Ausgabe 13.11)
Freizeitkarte_LUX (Ausgabe 13.11)
Freizeitkarte_NLD (Ausgabe 13.11)
Freizeitkarte_SVN (Ausgabe 13.11)
Garmin BaseCamp
Garmin City Navigator Europe NT 2014.10 Update
Garmin City Navigator Europe NT 2014.20 Update
Garmin City Navigator Europe NT 2014.30 Update
Garmin City Navigator Europe NT 2014.40 Update
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Garmin Express
Garmin Express Tray
Garmin MapSource
Garmin TOPO France v2
Garmin Trip and Waypoint Manager v4
Garmin USB Drivers
GCTool
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.2.3
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Photosmart 6510 series Haelp
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HydraVision
iLinc 11 Client
iLinc 12 Client
Intel(R) Rapid Storage Technology
Java 7 Update 65
Jewel Quest Solitaire 2
LabelPrint
LightScribe System Software
Logitech SetPoint 6.65
Magic Desktop
Mah Jong Medley
Malwarebytes Anti-Malware versie 2.0.2.1012
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft .NET Framework 4.5.1
Microsoft Camera Codec Pack
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Outlook Reservekopie van persoonlijke mappen
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
More Games from HP Games
Movie Theme Pack for HP MediaSmart Video
MozBackup 1.4.10
Mozilla Firefox 30.0 (x86 nl)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OnRoute Fietskaart Nederland 1.63
OnRoute Motorkaart Benelux/Dach 1.04
OnRoute Motorkaart FIEP
Onroute Wandelkaart Nederland 1.13
PDF Settings CS6
Peggle
PlayReady PC Runtime amd64
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Productverbeteringonderzoek HP Photosmart 6510 series
ProtectDisc Driver, Version 11
QuickTime
Ralink RT2860 Wireless LAN Card
Rapport
Realtek High Definition Audio Driver
Recovery Manager
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio Easy Media Creator 10 Suite
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Sentinel System Driver Installer 7.5.1
Sitecom Wireless Network 300N Adapter
Slingo Deluxe
Software Informer 1.3.1031.0
SoulSeek 157 NS 13e
Spyder3Elite
StoneLoops of Jurassica
Stuurprogrammapakket voor Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
Stuurprogrammapakket voor Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
Super Collapse 3
swMSM
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
THE GAME OF LIFE
TNS NIPO Clicks
Topo Espa¤a V.3.0
Topomap Belux
Torch
Trusteer Eindpuntbeveiliging
UnderCoverXP 1.23
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
WinGDB3 3.70
Wings Platinum 4
WinRAR 4.20 (64-bit)
World of Goo
Yahtzee
Zuma Deluxe
Zylom Games Player Plugin
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
==== Deleting Files \ Folders ======================
C:\PROGRA~2\FLVM Player deleted
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player deleted
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch deleted
“C:\Users\Erika\AppData\Local\Torch\Update\TorchCrashHandler.exe” deleted
“C:\Users\Erika\AppData\Local\Torch” not deleted
“C:\Users\Erika\AppData\Local\Torch\Update” not deleted
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1553 folders=579 748983566 bytes)
==== After Reboot ======================
==== Deleting Files / Folders ======================
“C:\Users\Erika\AppData\Local\Torch” not found
==== EOF on wo 23-07-2014 at 13:02:14,83 ======================

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

trage computer a.u.b. controle logfiles

Rikje

Rikje

fazantje

Rikje

fazantje

Rikje

fazantje

Rikje

Maxstar

Rikje