rare startpagina

Rikje

24-08-2014 09:49

Goedemorgen
Sinds gisteren heb ik ineens een andere startpagina.
Ik had altijd Google en ineens is dit websearches.com geworden.
Ik heb al een paar keer getracht google weer in te stellen als startpagina maar dat lukt me niet.
Ik gebruik als browser Mozilla firefox.
Bijgaand mijn logjes.
Rikje
Logfile of random's system information tool 1.10 (written by random/random)
Run by Erika at 2014-08-24 09:12:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 763 GB (81%) free of 941 GB
Total RAM: 6071 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:12:25, on 24-8-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
C:\Program Files (x86)\Sitecom\Common\RaUI.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Program Files\trend micro\Erika.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: TNS NIPO Clicks - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Erika\AppData\Local\Wakoopa Shared\WakoopaBHO.dll
O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe” –showwindow=false –onOSstartup=true
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG Web TuneUp\vprot.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe” -deviceID “CN19F411SS05QB:NW” -scfn “HP Photosmart 6510 series (NET)” -AutoStart 1
O4 - HKCU\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
O4 - HKCU\..\Run: C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
O4 - HKCU\..\Run: C:\Users\Erika\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8da9f4b0987847d392c69128c064797a-b1ab53bf69ee3d56e0b68fecf6a63d5566bf3245 /CMPID=1213b
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘Default user’)
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.1.0\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: CodecIconProgram.exe - Unknown owner - C:\Users\Erika\AppData\Local\CodecIconProgram\CodecIconProgram.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ExportRootSamba - Unknown owner - C:\Windows\SysWOW64\ExportRootSamba\ExportRootSamba.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - Unknown owner - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - Unknown owner - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater3.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 15481 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=24beb63a-c9f6-4e4d-a2d7-0a7a848b9777 /coreSdkOptions=4382 /logConfFile=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\c3e8f479-4b5f-4004-9a13-fa3e8994ee6f-1c4-oopp.tmp” /loggerName=AVG.RS.Core /binaryPath=“C:\Program Files (x86)\AVG\AVG2014\” /tempPath=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\” /logPath=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\”
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
“C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe”
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 24015792
\??\C:\Windows\system32\conhost.exe "-474136387-132179017-3607686611300500933-1217948585315370371-1509336368-686969187
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“taskhost.exe”
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe”
“C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE”
“C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE”
C:\Windows\SysWOW64\svchost.exe -k netsvcs
“C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe” -servicelaunch=true
taskeng.exe {DB3721DD-98E8-4275-BDE8-AB2B653974AC}
“C:\Program Files\Software Informer\softinfo.exe” -service
“C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe”
“C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgemca.exe”
“c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe”
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe”
taskeng.exe {5EEFB749-297E-48DF-B6D8-137B8EC60A07}
“c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe”
“C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe”
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe”
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe” /starttray
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe”
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe”
“C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe” 72648 “C:\ProgramData\AVG Secure Search\Logger\logger.properties”
\??\C:\Windows\system32\conhost.exe "2076819684-191725694977871055710072731161969649814728350843511251188-1525783807
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe”
C:\Windows\servicing\TrustedInstaller.exe
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3425076e-1da6-419b-82fa-155982813e0e -SystemEventPortName:HostProcess-d0f9fa6d-26d8-41ca-b618-2261d91734df -IoCancelEventPortName:HostProcess-4f2def46-94ff-4de2-94eb-358b5a2ec3e4 -NonStateChangingEventPortName:HostProcess-d4f0883b-5eb4-4899-9a22-be827a7b9209 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:54e21c39-076a-469a-9ea3-a49e62a890eb -DeviceGroupId:WpdFsGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files\Logitech\SetPointP\SetPoint.exe” /launchGaming
“C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe” -deviceID “CN19F411SS05QB:NW” -scfn “HP Photosmart 6510 series (NET)” -AutoStart 1
“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe”
“C:\Program Files (x86)\Sitecom\Common\RaUI.exe” -s
“C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe”
“C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe”
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe” –showwindow=false –onOSstartup=true
“C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY
“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
KHALMNPR.EXE /API
“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe” “-launchedbyvulcan”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe”
“C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe” –type=renderer –no-sandbox –lang=en-US –lang=en-US –log-severity=disable –channel=“5696.0.941971595\2147114330” /prefetch:3
“C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe”
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe” http://istart.webssearches.com/?type=sc&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe” –channel=3972.19737240.224051275 “C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll” -greomni “C:\Program Files (x86)\Mozilla Firefox\omni.ja” -appomni “C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja” -appdir “C:\Program Files (x86)\Mozilla Firefox\browser” E7CF176E110C211B 3972 “\\.\pipe\gecko-crash-server-pipe.3972” plugin
“C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe” –proxy-stub-channel=Flash5312.594A0D80.12256 –host-broker-channel=Flash5312.594A0D80.3139 –host-pid=5312 –host-npapi-version=27 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll”
“C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe” –channel=1248.0038F8A0.1443440671 –proxy-stub-channel=Flash5312.594A0D80.12256 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll” –host-npapi-version=27 –type=renderer
“C:\Users\Erika\Desktop\RSITx64.exe”
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default
prefs.js - “browser.search.useDBForOrder” - “false”
prefs.js - “browser.startup.homepage” - “https://www.google.nl/?gws_rd=ssl”
prefs.js - “extensions.enabledItems” - “{a55c4ab0-ac89-4352-a750-98552a6a9337}:1.0, avg@igeared:6.103.018.001, DeviceDetection@logitech.com:1.21.0.11, {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17”
“Description”=Adobe® Flash® Player 14.0.0.179 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
“Description”=Adobe Shockwave Player
“Path”=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll
“Description”=
“Path”=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.1.0\\npsitesafety.dll
“Description”=Garmin GPS Control for Firefox
“Path”=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
“Description”=Google Earth in your browser
“Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
“Description”=Zylom Games Player 1.00
“Path”=C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
“Description”=Adobe® Flash® Player 14.0.0.179 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll
“Description”=Garmin GPS Control for Firefox
“Path”=C:\Program Files\Garmin GPS Plugin\npGarmin.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
“Description”=
“Path”=
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
ILnsp110.log
ILnsp120.log
NPCltInst11.dll
NPCltInst121.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\
DeviceDetection@logitech.com
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}-trash
{6d0f26ba-45b8-4871-9c07-43ab341d5b73}
{ab91efd4-6975-4081-8552-1b3922ed79e2}
C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\searchplugins\
avg-secure-search.xml
======Registry dump======
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TNS NIPO Clicks - C:\Users\Erika\AppData\Local\Wakoopa Shared\WakoopaBHO.dll
“AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
“Logitech Download Assistant”=C:\Windows\System32\LogiLDA.dll
“EvtMgr6”=C:\Program Files\Logitech\SetPointP\SetPoint.exe
“NCPluginUpdater”=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
“HP Photosmart 6510 series (NET)”=C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
“GarminExpressTrayApp”=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
“TNS NIPO Clicks”=C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
“AVG-Secure-Search-Update_1213b”=C:\Users\Erika\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8da9f4b0987847d392c69128c064797a-b1ab53bf69ee3d56e0b68fecf6a63d5566bf3245 /CMPID=1213b
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
“hpsysdrv”=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
“IAStorIcon”=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
“StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
“SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
“AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
“QuickTime Task”=C:\Program Files (x86)\QuickTime\QTTask.exe
“Adobe Creative Cloud”=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
“AVG_UI”=C:\Program Files (x86)\AVG\AVG2014\avgui.exe
“vProt”=C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
“SunJavaUpdateSched”=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Sitecom Wireless Utility.lnk - C:\Program Files (x86)\Sitecom\Common\RaUI.exe
Spyder3Utility.lnk - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
“{E54729E8-BB3D-4270-9D49-7389EA579090}”=C:\Windows\SysWow64\EZUPBH~1.DLL
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“PromptOnSecureDesktop”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-08-24 09:12:18 —-D—- C:\rsit
2014-08-24 08:34:18 —-A—- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-08-24 08:34:01 —-A—- C:\Windows\system32\drivers\mwac.sys
2014-08-24 08:34:01 —-A—- C:\Windows\system32\drivers\mbamchameleon.sys
2014-08-24 08:34:01 —-A—- C:\Windows\system32\drivers\mbam.sys
2014-08-23 16:31:53 —-D—- C:\Program Files (x86)\SiteLookup
2014-08-23 16:30:19 —-D—- C:\Program Files (x86)\globalUpdate
2014-08-23 15:48:56 —-D—- C:\Users\Erika\AppData\Roaming\uTorrent
2014-08-14 21:53:53 —-A—- C:\Windows\SYSWOW64\infocardapi.dll
2014-08-14 21:53:53 —-A—- C:\Windows\SYSWOW64\icardagt.exe
2014-08-14 21:53:53 —-A—- C:\Windows\system32\infocardapi.dll
2014-08-14 21:53:53 —-A—- C:\Windows\system32\icardagt.exe
2014-08-14 21:53:38 —-A—- C:\Windows\SYSWOW64\icardres.dll
2014-08-14 21:53:38 —-A—- C:\Windows\system32\icardres.dll
2014-08-14 21:52:00 —-A—- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-14 21:52:00 —-A—- C:\Windows\system32\TsWpfWrp.exe
2014-08-14 17:05:48 —-A—- C:\Windows\SYSWOW64\tzres.dll
2014-08-14 17:05:48 —-A—- C:\Windows\system32\tzres.dll
2014-08-14 17:05:34 —-A—- C:\Windows\system32\msi.dll
2014-08-14 17:05:33 —-A—- C:\Windows\SYSWOW64\msi.dll
2014-08-14 17:05:33 —-A—- C:\Windows\system32\authui.dll
2014-08-14 17:05:32 —-A—- C:\Windows\SYSWOW64\authui.dll
2014-08-14 17:05:32 —-A—- C:\Windows\system32\consent.exe
2014-08-14 17:05:31 —-A—- C:\Windows\SYSWOW64\msihnd.dll
2014-08-14 17:05:31 —-A—- C:\Windows\system32\msihnd.dll
2014-08-14 17:05:25 —-A—- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-14 17:05:24 —-A—- C:\Windows\system32\win32k.sys
2014-08-14 17:05:23 —-A—- C:\Windows\SYSWOW64\gdi32.dll
2014-08-14 17:05:23 —-A—- C:\Windows\system32\gdi32.dll
2014-08-14 17:05:02 —-A—- C:\Windows\SYSWOW64\mshtmled.dll
2014-08-14 17:05:02 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-08-14 17:05:01 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll
2014-08-14 17:05:01 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2014-08-14 17:05:00 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2014-08-14 17:05:00 —-A—- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-08-14 17:04:59 —-A—- C:\Windows\system32\ieetwproxystub.dll
2014-08-14 17:04:58 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2014-08-14 17:04:58 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2014-08-14 17:04:58 —-A—- C:\Windows\SYSWOW64\dxtmsft.dll
2014-08-14 17:04:58 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 17:04:56 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2014-08-14 17:04:56 —-A—- C:\Windows\SYSWOW64\iedkcs32.dll
2014-08-14 17:04:56 —-A—- C:\Windows\system32\iernonce.dll
2014-08-14 17:04:56 —-A—- C:\Windows\system32\ie4uinit.exe
2014-08-14 17:04:55 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2014-08-14 17:04:55 —-A—- C:\Windows\system32\urlmon.dll
2014-08-14 17:04:55 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 17:04:54 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2014-08-14 17:04:54 —-A—- C:\Windows\system32\ieetwcollector.exe
2014-08-14 17:04:53 —-A—- C:\Windows\SYSWOW64\dxtrans.dll
2014-08-14 17:04:53 —-A—- C:\Windows\system32\dxtmsft.dll
2014-08-14 17:04:52 —-A—- C:\Windows\SYSWOW64\ieui.dll
2014-08-14 17:04:52 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2014-08-14 17:04:52 —-A—- C:\Windows\system32\msfeeds.dll
2014-08-14 17:04:51 —-A—- C:\Windows\system32\iesetup.dll
2014-08-14 17:04:51 —-A—- C:\Windows\system32\iedkcs32.dll
2014-08-14 17:04:49 —-A—- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-08-14 17:04:49 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2014-08-14 17:04:49 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe
2014-08-14 17:04:49 —-A—- C:\Windows\system32\iertutil.dll
2014-08-14 17:04:48 —-A—- C:\Windows\SYSWOW64\wininet.dll
2014-08-14 17:04:48 —-A—- C:\Windows\SYSWOW64\vbscript.dll
2014-08-14 17:04:48 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll
2014-08-14 17:04:47 —-A—- C:\Windows\system32\jsproxy.dll
2014-08-14 17:04:46 —-A—- C:\Windows\SYSWOW64\msrating.dll
2014-08-14 17:04:46 —-A—- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-08-14 17:04:45 —-A—- C:\Windows\system32\dxtrans.dll
2014-08-14 17:04:44 —-A—- C:\Windows\system32\ieui.dll
2014-08-14 17:04:44 —-A—- C:\Windows\system32\ieframe.dll
2014-08-14 17:04:43 —-A—- C:\Windows\system32\mshtmlmedia.dll
2014-08-14 17:04:43 —-A—- C:\Windows\system32\mshtmled.dll
2014-08-14 17:04:43 —-A—- C:\Windows\system32\ieUnatt.exe
2014-08-14 17:04:42 —-A—- C:\Windows\system32\jscript9diag.dll
2014-08-14 17:04:42 —-A—- C:\Windows\system32\jscript9.dll
2014-08-14 17:04:41 —-A—- C:\Windows\system32\vbscript.dll
2014-08-14 17:04:41 —-A—- C:\Windows\system32\ieapfltr.dll
2014-08-14 17:04:40 —-A—- C:\Windows\system32\wininet.dll
2014-08-14 17:04:39 —-A—- C:\Windows\system32\msrating.dll
2014-08-14 17:04:39 —-A—- C:\Windows\system32\MshtmlDac.dll
2014-08-14 17:04:38 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 17:04:38 —-A—- C:\Windows\system32\mshtml.dll
2014-08-14 17:04:06 —-A—- C:\Windows\system32\rpcrt4.dll
2014-08-14 17:04:05 —-A—- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-06 14:54:42 —-D—- C:\Program Files (x86)\Mozilla Firefox
2014-08-06 10:13:34 —-D—- C:\ProgramData\Oracle
2014-08-06 10:13:27 —-A—- C:\Windows\SYSWOW64\javaws.exe
2014-08-06 10:13:11 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-08-06 10:13:10 —-A—- C:\Windows\SYSWOW64\javaw.exe
2014-08-06 10:13:10 —-A—- C:\Windows\SYSWOW64\java.exe
2014-08-04 14:11:22 —-A—- C:\Windows\system32\drivers\avgtpx64.sys
2014-08-04 14:10:48 —-D—- C:\ProgramData\AVG Secure Search
2014-08-04 13:31:33 —-D—- C:\ProgramData\AVG Security Toolbar
2014-08-04 13:30:51 —-D—- C:\ProgramData\AVG Web TuneUp
2014-08-04 13:30:50 —-D—- C:\Program Files (x86)\AVG Web TuneUp
2014-07-28 15:12:37 —-A—- C:\DelFix.txt
2014-07-28 08:59:09 —-A—- C:\Windows\SYSWOW64\sqlite3.dll
======List of files/folders modified in the last 1 month======
2014-08-24 09:12:23 —-D—- C:\Program Files\trend micro
2014-08-24 09:12:19 —-D—- C:\Windows\Temp
2014-08-24 09:01:57 —-D—- C:\Windows\system32\config
2014-08-24 08:58:06 —-HD—- C:\ProgramData
2014-08-24 08:58:04 —-D—- C:\Windows\Web
2014-08-24 08:58:04 —-D—- C:\Windows\system32\drivers
2014-08-24 08:56:57 —-RD—- C:\Program Files (x86)
2014-08-24 08:56:44 —-D—- C:\Windows\Tasks
2014-08-24 08:56:44 —-D—- C:\Windows\system32\Tasks
2014-08-24 08:34:04 —-D—- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 08:28:56 —-D—- C:\ProgramData\MFAData
2014-08-23 18:17:51 —-D—- C:\Windows\system32\wbem
2014-08-23 18:17:51 —-D—- C:\Windows
2014-08-23 18:15:26 —-D—- C:\Program Files\Common Files\Microsoft Shared
2014-08-23 18:15:03 —-D—- C:\Program Files\Internet Explorer
2014-08-23 18:15:03 —-D—- C:\Program Files (x86)\Internet Explorer
2014-08-23 18:14:29 —-D—- C:\Windows\AppCompat
2014-08-23 18:14:23 —-SHD—- C:\Windows\Installer
2014-08-23 18:14:23 —-D—- C:\Windows\system32\CodeIntegrity
2014-08-23 18:14:23 —-D—- C:\Windows\system32\catroot2
2014-08-23 18:14:23 —-D—- C:\Windows\System32
2014-08-23 18:14:23 —-D—- C:\Windows\servicing
2014-08-23 18:14:23 —-D—- C:\Windows\rescache
2014-08-23 18:14:23 —-D—- C:\Windows\PolicyDefinitions
2014-08-23 18:14:23 —-D—- C:\Windows\inf
2014-08-23 18:14:22 —-D—- C:\Windows\winsxs
2014-08-23 18:14:22 —-D—- C:\Windows\SYSWOW64\XPSViewer
2014-08-23 18:14:22 —-D—- C:\Windows\SYSWOW64\nl-NL
2014-08-23 18:14:22 —-D—- C:\Windows\SYSWOW64\MUI
2014-08-23 18:14:22 —-D—- C:\Windows\SYSWOW64\en-US
2014-08-23 18:14:22 —-D—- C:\Windows\SysWOW64
2014-08-23 18:14:22 —-D—- C:\Windows\system32\nl-NL
2014-08-23 18:14:22 —-D—- C:\Windows\system32\MUI
2014-08-23 18:14:22 —-D—- C:\Windows\system32\en-US
2014-08-23 18:14:22 —-D—- C:\Windows\system32\DriverStore
2014-08-23 18:13:34 —-D—- C:\Windows\registration
2014-08-23 18:05:19 —-SHD—- C:\System Volume Information
2014-08-23 16:46:13 —-D—- C:\ProgramData\Hewlett-Packard
2014-08-23 16:38:53 —-SHD—- C:\Config.Msi
2014-08-23 16:38:20 —-D—- C:\ProgramData\AVG2014
2014-08-23 16:30:09 —-D—- C:\Program Files (x86)\Garmin
2014-08-23 15:36:26 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-08-23 15:36:25 —-D—- C:\Windows\Prefetch
2014-08-23 09:01:25 —-D—- C:\Users\Erika\AppData\Roaming\Dropbox
2014-08-23 08:46:09 —-D—- C:\Users\Erika\AppData\Roaming\Belastingdienst
2014-08-21 09:49:11 —-A—- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-17 15:26:31 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-08-15 08:57:39 —-D—- C:\Windows\Microsoft.NET
2014-08-15 08:56:49 —-RSD—- C:\Windows\assembly
2014-08-15 08:33:47 —-D—- C:\Windows\ehome
2014-08-14 22:47:15 —-D—- C:\ProgramData\Microsoft Help
2014-08-14 22:44:07 —-D—- C:\Windows\system32\catroot
2014-08-14 22:11:00 —-D—- C:\Windows\system32\MRT
2014-08-14 22:07:14 —-D—- C:\Windows\debug
2014-08-14 22:07:12 —-A—- C:\Windows\system32\MRT.exe
2014-08-14 11:08:41 —-D—- C:\ProgramData\Soulseek
2014-08-12 08:37:29 —-D—- C:\ProgramData\Package Cache
2014-08-12 08:36:32 —-D—- C:\ProgramData\Garmin
2014-08-07 09:53:53 —-D—- C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-04 14:01:58 —-D—- C:\Windows\system32\wfp
2014-08-04 13:56:33 —-SHD—- C:\$RECYCLE.BIN
2014-08-04 13:56:33 —-D—- C:\Program Files (x86)\Common Files
2014-07-28 08:49:41 —-D—- C:\Program Files\Microsoft Silverlight
2014-07-28 08:49:40 —-D—- C:\Program Files (x86)\Microsoft Silverlight
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys
R1 RapportCerberus_69875;RapportCerberus_69875; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys
R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys
R2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\drivers\serscan.sys
S1 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\Windows\system32\DRIVERS\SNTUSB64.SYS
S3 Spyder3;Datacolor Spyder3; C:\Windows\system32\DRIVERS\Spyder3.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
R2 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
R2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe
R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
R2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
R2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
R3 RoxMediaDB10;RoxMediaDB10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 CodecIconProgram.exe;CodecIconProgram.exe; C:\Users\Erika\AppData\Local\CodecIconProgram\CodecIconProgram.exe
S2 ExportRootSamba;ExportRootSamba; C:\Windows\SysWOW64\ExportRootSamba\ExportRootSamba.exe
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
de rest in volgende bericht
Rikje

24-08-2014 09:49

hier de de log van Mbam
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 24-8-2014
Scan Time: 8:36:45
Logfile: Mbam scanlog.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.24.02
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Erika
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315881
Time Elapsed: 10 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.ELEX, C:\ProgramData\IePluginServices\PluginService.exe, 1736, Delete-on-Reboot,
Modules: 0
(No malicious items detected)
Registry Keys: 37
PUP.Optional.ELEX, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, ,
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, ,
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, ,
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, ,
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, ,
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, ,
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, Quarantined, ,
PUP.Optional.HQPro.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Total-1.8, Quarantined, ,
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, ,
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, ,
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, ,
PUP.Optional.Qone8, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, ,
PUP.Optional.Softonic.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, ,
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, ,
Registry Values: 5
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined,
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com, Quarantined,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, Quarantined,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, ild, Quarantined,
PUP.Optional.FastStart.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined,
Registry Data: 12
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” http://istart.webssearches.com/?type=sc&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788, Good: (firefox.exe), Bad: (“C:\Program Files (x86)\Mozilla Firefox\firefox.exe” http://istart.webssearches.com/?type=sc&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788),Replaced,
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}),Replaced,
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788),Replaced,
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788),Replaced,
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” http://istart.webssearches.com/?type=sc&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788, Good: (firefox.exe), Bad: (“C:\Program Files (x86)\Mozilla Firefox\firefox.exe” http://istart.webssearches.com/?type=sc&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788),Replaced,
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}),Replaced,
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788),Replaced,
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788),Replaced,
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788),Replaced,
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788),Replaced,
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1153977891-1869991665-2431096691-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}),Replaced,
Folders: 78
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\code, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\log, Quarantined, ,
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Delete-on-Reboot, ,
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\include, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\include\tools, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\lib, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\module, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\pack, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\en, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\en-US, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\es, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\es-419, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\fr, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\it, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\pl, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\ru, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\tr, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\vi, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\skin, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\defaults, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\defaults\preferences, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules, Quarantined, ,
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, ,
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, Quarantined, ,
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{9AF84C0A-8ECB-49C4-B83E-873C394E90B1}, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Quarantined, ,
PUP.Optional.SimilarAddon.A, C:\Users\Erika\AppData\Roaming\SimilarAddon, Quarantined, ,
Files: 222
PUP.Optional.ELEX, C:\ProgramData\IePluginServices\PluginService.exe, Delete-on-Reboot, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Quarantined, ,
PUP.Optional.Softonic.A, C:\$RECYCLE.BIN\S-1-5-21-1153977891-1869991665-2431096691-1000\$R0VFL0U.exe, Quarantined, ,
PUP.Optional.OneClickDownloader.A, C:\$RECYCLE.BIN\S-1-5-21-1153977891-1869991665-2431096691-1000\$RMJDM42\Garmin_TOPO_Espana_v5_PRO_Unlocked.exe, Quarantined, ,
PUP.Optional.OpenCandy, C:\Users\Erika\AppData\Local\Temp\utt3DCB.tmp, Quarantined, ,
PUP.Optional.SupTab.A, C:\Users\Erika\AppData\Local\Temp\35DBB4C1-0890-4a57-9703-0FF1C90448EA\1.zipDir\tmp\SupTab_ns_v5.8.8.640.exe, Quarantined, ,
PUP.Optional.WindowsProtectManger.A, C:\Users\Erika\AppData\Local\Temp\35DBB4C1-0890-4a57-9703-0FF1C90448EA\1.zipDir\tmp\wpm_v20.0.0.722.exe, Quarantined, ,
PUP.Optional.CrossRider.A, C:\Users\Erika\AppData\Local\Temp\~nsu.tmp\Au_.exe, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-1, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-11, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-2, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-3, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-4, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-5, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-5_user, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-1.job, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-11.job, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-2.job, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-3.job, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-4.job, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-5.job, Quarantined, ,
PUP.Optional.CrossRider.T, C:\Windows\Tasks\5ab205f0-83c6-44ea-ba16-72013c36ed67-5_user.job, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, ,
PUP.Optional.CrossRider.A, C:\Windows\Tasks\6dbbb634-9586-4a66-9279-c2a849594aef.job, Quarantined, ,
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\6dbbb634-9586-4a66-9279-c2a849594aef, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\239.json, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\MessageBox.xml, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\uninstallDlg2.xml, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\bg.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\bg1.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\bk_shadow.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\button.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\button1.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\checkbox.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\checkbox_select.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\checked.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\close.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\loading_bg.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\loading_light.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\min.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\scrollbar.bmp, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\Thumbs.db, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\unchecked.png, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\code\code1.jpg, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\code\code2.jpg, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\code\code3.jpg, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\code\code4.jpg, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\code\code5.jpg, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\code\code6.jpg, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\images\code\Thumbs.db, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\log\UninstallManager_2014-08-23.log, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\log\UninstallManager_2014-08-23.log, Quarantined, ,
PUP.Optional.WebsSearches.A, C:\Users\Erika\AppData\Roaming\webssearches\log\UninstallManager_2014-08-23.log, Quarantined, ,
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome.manifest, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\install.rdf, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\index.html, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\chrome\skin\style.css, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules\addonmanager.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules\aes.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules\config.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules\dialogs.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules\last_tab.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules\misc.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules\properties.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules\remoterequest.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, Quarantined, ,
PUP.Optional.FastStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\faststartff@gmail.com\modules\settings.js, Quarantined, ,
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-08-23.log, Quarantined, ,
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961\GoogleCrashHandler.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961\GoogleUpdate.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961\GoogleUpdateBroker.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961\GoogleUpdateHelper.msi, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961\GoogleUpdateOnDemand.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961\goopdate.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961\goopdateres_en.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961\npGoogleUpdate4.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961\psmachine.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.388961\psuser.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111\GoogleCrashHandler.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111\GoogleUpdate.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111\GoogleUpdateBroker.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111\GoogleUpdateHelper.msi, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111\GoogleUpdateOnDemand.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111\goopdate.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111\goopdateres_en.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111\npGoogleUpdate4.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111\psmachine.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.497111\psuser.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609\GoogleCrashHandler.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609\GoogleUpdate.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609\GoogleUpdateBroker.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609\GoogleUpdateHelper.msi, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609\GoogleUpdateOnDemand.exe, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609\goopdate.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609\goopdateres_en.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609\npGoogleUpdate4.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609\psmachine.dll, Quarantined, ,
PUP.Optional.GlobalUpdate.A, C:\Users\Erika\AppData\Local\Temp\comh.93609\psuser.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“browser.newtab.url”, “chrome://quick_start/content/index.html”), Replaced,
PUP.Optional.CrossRider.A, C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\prefs.js, Good: (), Bad: (user_pref(“extensions.crossrider.bic”, “148034c2756068a8599d9796351556ea”), Replaced,
Physical Sectors: 0
(No malicious items detected)
(end)
Ben

24-08-2014 10:05

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
Rikje

24-08-2014 11:17

Hallo Ben
Zoek.exe gedraaid.
Heb nu weer een normale startpagina.-D
Bijgaand de log van zoek.exe
Rikje
Zoek.exe v5.0.0.0 Updated 23-08-2014
Tool run by Erika on zo 24-08-2014 at 10:23:10,50.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Erika\Desktop\zoek.exe
==== System Restore Info ======================
24-8-2014 10:27:54 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\PROGRA~2\SiteLookup deleted successfully
C:\PROGRA~3\Oracle deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
C:\Program Files (x86)\Sitecom\Common\RaUI.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Users\Erika\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdate deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdatem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater3.1.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater3.1.0 deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default
user.js not found
—- Lines webssearch removed from prefs.js —-
user_pref(“browser.search.defaultenginename”, “webssearches”);
user_pref(“browser.search.selectedEngine”, “webssearches”);
—- Lines crossrider removed from prefs.js —-
user_pref(“extensions.crossrider.bic”, “148034c2756068a8599d9796351556ea”);
—- FireFox user.js and prefs.js backups —-
prefs_24-08-2014_1051_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted
C:\PROGRA~2\globalUpdate deleted
C:\PROGRA~2\COMMON~1\AVG Secure Search deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\AVG Secure Search deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Erika\AppData\Local\globalUpdate deleted
C:\Users\Erika\Searches deleted
C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\searchplugins\avg-secure-search.xml deleted
“C:\Windows\Installer\b8bb4.msi” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6072 MB
CPU Info: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
CPU Speed: 2972,7 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Realtek Digital Output (Realtek |
Display Adapters: ATI Radeon HD 5450 | ATI Radeon HD 5450 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless PCI Express Card LAN Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp CDDVDW TS-H653R
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 918,9GB | D: 12,6GB
Hard Disks - Free: C: 744,6GB | D: 1,7GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 06/25/10 | HPQOEM - 20100625
Time Zone: West-Europa (standaardtijd)
Motherboard *: MSI IONA
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
Default Browser: Firefox 31.0
Internet Explorer Version: 11.0.9600.17239
Mozilla Firefox version: 31.0 (x86 nl)
Adobe Reader version: 11.0.8.4
Sun Java version: 1.7.0_67 (32-bit)
Flash Player version: 14.0.0.179
Shockwave Player version: 12.1.1r151
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Erika\AppData\Local\Temp ====
2014-08-23 07:40:23 984CC93BB0EF86A0B4825269D8379D81 774424 —-a-w- C:\Users\Erika\AppData\Local\Temp\676_4929\GoogleUpdateSetup.exe
2014-08-23 07:40:23 4C8C0B0340C6234649C7F91FB5E89A54 571272 —-a-w- C:\Users\Erika\AppData\Local\Temp\676_4929\ChromeRecovery.exe
2014-08-23 07:00:43 D11FB7A5078631BE2E183DC56FCD5375 43008 —-a-w- C:\Users\Erika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsnq8qi.dll
2014-08-23 06:44:16 D11FB7A5078631BE2E183DC56FCD5375 43008 —-a-w- C:\Users\Erika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm1vuly.dll
2014-08-16 14:07:31 F3E46DC2248A148CDE8857B8C9D6B9F6 53312376 —-a-w- C:\Users\Erika\AppData\Local\Temp\Garmin Software Updates\BaseCamp.exe
====== Java Cache =====
2014-07-28 18:59:32 D41D8CD98F00B204E9800998ECF8427E 0 —-a-w- C:\Users\Erika\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6e0c5e6c
====== C:\Windows\SysWOW64 =====
2014-08-14 19:53:53 AF6655214DEBB2C8446DE843A02AAEBA 99480 —-a-w- C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 19:53:53 8D466B36076BCD7997838C0DDB69764C 619672 —-a-w- C:\Windows\SysWOW64\icardagt.exe
2014-08-14 19:53:38 370FC4421ADE62FC89AC93B345570388 8856 —-a-w- C:\Windows\SysWOW64\icardres.dll
2014-08-14 19:52:00 28A8B99DE70F376B18709E6B07D6A352 35480 —-a-w- C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:05:48 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 —-a-w- C:\Windows\SysWOW64\tzres.dll
2014-08-14 15:05:33 C212A43AA83A717AD38505F23ACDCB33 2363392 —-a-w- C:\Windows\SysWOW64\msi.dll
2014-08-14 15:05:32 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 —-a-w- C:\Windows\SysWOW64\authui.dll
2014-08-14 15:05:31 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 —-a-w- C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:05:23 0C2390376D95B0D27A6317F017CD58DC 311808 —-a-w- C:\Windows\SysWOW64\gdi32.dll
2014-08-14 15:05:02 444EB30B1610A35FC99D62A91B2BCAA7 69632 —-a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 15:05:02 41A3A54603686FD437FA4E8EB95025F9 51200 —-a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 15:05:01 478824EC0BCE9968C0DC787164B1753B 32768 —-a-w- C:\Windows\SysWOW64\iernonce.dll
2014-08-14 15:05:01 24FA5F74D3B4BA62539DF87285BA934E 597504 —-a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 15:05:00 FEE3E022B00A5165ED645E38C1E6C776 60416 —-a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:05:00 6D017C0E499443ACDE3D9B5DCD753F32 1169920 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2014-08-14 15:04:58 E9B28B60C0272E2E1E462E6FB38E6B55 367104 —-a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 15:04:58 8453DDF167CE2986AA4AB04BC6824925 17524224 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2014-08-14 15:04:58 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 15:04:56 E70C00791A18866BB23B3A652E3390A0 2001920 —-a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 15:04:56 7B051C4A70F23A84A09366999FE63CBD 307384 —-a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 15:04:56 4D0E91438CE181AF94C653B3BBE3C65A 61952 —-a-w- C:\Windows\SysWOW64\iesetup.dll
2014-08-14 15:04:55 FF4A917DD7C387BD2715A5F67307FED1 2184704 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2014-08-14 15:04:54 36B67392AFB8901CC442EA988AD4603D 43008 —-a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 15:04:53 239575F9EA0D227516843EEE8B7342CA 239616 —-a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 15:04:52 F48A1A114382AB4EF8000E1943E6CF1F 438784 —-a-w- C:\Windows\SysWOW64\ieui.dll
2014-08-14 15:04:52 90FF511B751A0327D07C4073760F1578 11772928 —-a-w- C:\Windows\SysWOW64\ieframe.dll
2014-08-14 15:04:51 E8D46F442AB53A52BDBB3EA0C51BDABD 2724864 —-a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 15:04:49 87C2B5010779DF6BE4732751C5DB5D64 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 15:04:49 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2014-08-14 15:04:49 49FFD37673BD20279A8BF27CC20040B3 1068032 —-a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 15:04:48 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 —-a-w- C:\Windows\SysWOW64\wininet.dll
2014-08-14 15:04:48 9D16B568E318F49535AD72539C9997C2 455168 —-a-w- C:\Windows\SysWOW64\vbscript.dll
2014-08-14 15:04:48 18A3154606E3F8945956948A4E708007 704512 —-a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 15:04:46 B91AA3BC8083E66925FAE29FDA485CEA 164864 —-a-w- C:\Windows\SysWOW64\msrating.dll
2014-08-14 15:04:46 272420427EB96EA052C719AA796C09F2 61952 —-a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 15:04:05 D8BED6BA298DBAAF6F3D746739FCD333 664064 —-a-w- C:\Windows\SysWOW64\rpcrt4.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-08-14 19:53:53 9C44FB5B3A8A192FCE1103AC9BA4E576 171160 —-a-w- C:\Windows\Sysnative\infocardapi.dll
2014-08-14 19:53:53 8A08BB0D12BE40DC09632CD5D04A48A0 1389208 —-a-w- C:\Windows\Sysnative\icardagt.exe
2014-08-14 19:53:38 EE415EC9288182BCFB6E6896A376EA53 8856 —-a-w- C:\Windows\Sysnative\icardres.dll
2014-08-14 19:52:00 E4312738B500577BABC232A49F67A67D 35480 —-a-w- C:\Windows\Sysnative\TsWpfWrp.exe
2014-08-14 15:05:48 EBFEF789E32279C2ED7C81260B186AD7 2048 —-a-w- C:\Windows\Sysnative\tzres.dll
2014-08-14 15:05:34 3B39F9D51E4D8BAABDA6518955B58C13 3241984 —-a-w- C:\Windows\Sysnative\msi.dll
2014-08-14 15:05:33 5DFFC12BF7DB53BDB401804A3C3A475E 1941504 —-a-w- C:\Windows\Sysnative\authui.dll
2014-08-14 15:05:32 B0F8CCA08DBC392442E27377B98DD0CD 112064 —-a-w- C:\Windows\Sysnative\consent.exe
2014-08-14 15:05:31 A6D0DC3B30F6BB1421DAA92537424822 504320 —-a-w- C:\Windows\Sysnative\msihnd.dll
2014-08-14 15:05:24 AF00649558BFB211A9091F4A6E7B4A0C 3163648 —-a-w- C:\Windows\Sysnative\win32k.sys
2014-08-14 15:05:23 9E19DEED6FEB140DA3764C32F2DC4849 404480 —-a-w- C:\Windows\Sysnative\gdi32.dll
2014-08-14 15:04:59 08C5E6033786C1E41B63FD38CA22917A 48640 —-a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-08-14 15:04:58 19FA60D3AE1804A559306DE931A5B415 72704 —-a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-08-14 15:04:57 6598F2A876E13B6FFA5AE418D41CE7D6 2724864 —-a-w- C:\Windows\Sysnative\mshtml.tlb
2014-08-14 15:04:56 5574B09C4676E8E2EBE125C18BDF9FBF 33792 —-a-w- C:\Windows\Sysnative\iernonce.dll
2014-08-14 15:04:56 52D2151908C2A6388B6561A373488F6F 692736 —-a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-08-14 15:04:55 FE7D99399F7761AA2695A7B1AD30DAAF 1431040 —-a-w- C:\Windows\Sysnative\urlmon.dll
2014-08-14 15:04:55 13A852B606F3644A7A35EDD99F74A685 4096 —-a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-08-14 15:04:54 FCF5C8BB9AFD8D15B324B702F9B186B7 111616 —-a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-08-14 15:04:53 F00D0AE7648CA45C6434E2885485BE0B 452096 —-a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-08-14 15:04:52 1FD1F16C35946BA28FDEB40F18B7729D 631808 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2014-08-14 15:04:51 DF485877CCE229776E6B8BB9116B67FE 66048 —-a-w- C:\Windows\Sysnative\iesetup.dll
2014-08-14 15:04:51 9C9FE69902CD45A7D9AB1F0C4EDE646C 348856 —-a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-08-14 15:04:50 39A85C005BCDEEF4092646EBBC2526AA 2087936 —-a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-08-14 15:04:49 DB382D89D8004F40BD2C55BAE6A15B30 2774528 —-a-w- C:\Windows\Sysnative\iertutil.dll
2014-08-14 15:04:47 FCC86367BB0FB6DEB6614885CBE74FD5 51200 —-a-w- C:\Windows\Sysnative\jsproxy.dll
2014-08-14 15:04:45 1DE8B71A1C7D8943034188556AF50B07 292864 —-a-w- C:\Windows\Sysnative\dxtrans.dll
2014-08-14 15:04:44 72B7D166D1B0D353330A34FDED3F5AA6 598016 —-a-w- C:\Windows\Sysnative\ieui.dll
2014-08-14 15:04:44 1B26610C1659EF54ED000233FB96F20C 13547008 —-a-w- C:\Windows\Sysnative\ieframe.dll
2014-08-14 15:04:43 2639E152D246F2A651F09764807CA153 85504 —-a-w- C:\Windows\Sysnative\mshtmled.dll
2014-08-14 15:04:43 1F02286D001AB5EA5719540C587224FE 1249280 —-a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-08-14 15:04:43 1EEF9FE30DBE458A89B5F7A16FC68397 139264 —-a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-08-14 15:04:42 920F690FC7424DE71888AA2E46E917EA 758272 —-a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-08-14 15:04:42 472C409F9B0FF67C1015F511C73E1889 5824512 —-a-w- C:\Windows\Sysnative\jscript9.dll
2014-08-14 15:04:41 BAC44396088ECC1C9021ED3E3345337C 846336 —-a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-08-14 15:04:41 6ED6DA2A04F8F0C9BDAD647284BAEFB6 548352 —-a-w- C:\Windows\Sysnative\vbscript.dll
2014-08-14 15:04:40 8E71A5CB5312B8392D4DA4CA37BB5868 2266624 —-a-w- C:\Windows\Sysnative\wininet.dll
2014-08-14 15:04:39 EDF22FBAE75ACB48BF51D099C6808B39 195584 —-a-w- C:\Windows\Sysnative\msrating.dll
2014-08-14 15:04:39 C02C78DE9BB4E68F6C78B1588ADD6ADC 83968 —-a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-08-14 15:04:38 ECA387DCD57F683C52171C766CF400F0 23645696 —-a-w- C:\Windows\Sysnative\mshtml.dll
2014-08-14 15:04:38 1C660588CFFB3A17BCF0F6B4779BF985 940032 —-a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-08-14 15:04:06 F947D57534E01E3CA597BCF2AD8AE65B 1216000 —-a-w- C:\Windows\Sysnative\rpcrt4.dll
====== C:\Windows\Sysnative\drivers =====
2014-08-24 06:34:18 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-08-24 06:34:01 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-08-24 06:34:01 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-08-24 06:34:01 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-08-14 15:05:25 87CE5C8965E101CCCED1F4675557E868 985536 —-a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2014-08-04 12:11:22 7688C67BDF55500C1FDC8291230C397D 50464 —-a-w- C:\Windows\Sysnative\drivers\avgtpx64.sys
====== C:\Windows\Tasks ======
2014-08-23 14:48:54 CB5658F08AF5B6BA1B5F20FBA7842C00 3150 —-a-w- C:\Windows\Sysnative\Tasks\{38FFC78A-DB2E-4343-80AC-4079C6AE42C7}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-08-04 11:30:50 ——– d—–w- C:\PROGRA~2\AVG Web TuneUp
======= C: =====
2014-07-28 13:12:37 CA3F8A233B966571DE45B6CCC15B045F 489 —-a-w- C:\DelFix.txt
====== C:\Users\Erika\AppData\Roaming ======
2014-08-23 13:48:56 ——– d—–w- C:\Users\Erika\AppData\Roaming\uTorrent
2014-08-23 06:59:20 ——– d—–w- C:\Users\Erika\AppData\Local\Torch
2014-08-04 12:11:45 ——– d—–w- C:\Users\Erika\AppData\Local\CrashDumps
2014-08-04 11:31:34 ——– d—–w- C:\Users\Erika\AppData\Locallow\AVG Web TuneUp
2014-08-04 11:30:51 ——– d—–w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\AVG Web TuneUp
====== C:\Users\Erika ======
2014-08-24 06:32:38 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 —-a-w- C:\Users\Erika\Desktop\RSITx64.exe
2014-08-24 06:32:08 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\Users\Erika\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-23 15:48:50 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\Users\Erika\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 08:13:11 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-04 11:30:51 ——– d—–w- C:\ProgramData\AVG Web TuneUp
====== C: exe-files ==
2014-08-24 06:32:38 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 —-a-w- C:\Users\Erika\Desktop\RSITx64.exe
2014-08-24 06:32:08 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\Users\Erika\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-23 15:48:50 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\Users\Erika\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-23 15:48:00 13E797955FCECB8065A0AE9EC2948838 544 —-a-w- C:\$RECYCLE.BIN\S-1-5-21-1153977891-1869991665-2431096691-1000\$I0VFL0U.exe
2014-08-23 15:47:52 EBD66A58B3167B2D0D568D04433AA210 544 —-a-w- C:\$RECYCLE.BIN\S-1-5-21-1153977891-1869991665-2431096691-1000\$IQ5LBKR.exe
2014-08-23 14:38:01 BB9620CE9D96505C6A8A792800E7CDBF 288656 —-a-w- C:\Users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41ER8651\TornTV4SPack.exe
2014-08-23 13:52:14 CD061DDA01887868A5F44EE7BEBCCFDF 1936208 —-a-w- C:\Users\Erika\AppData\Roaming\uTorrent\updates\3.4.2_33080.exe
2014-08-23 13:47:44 CD061DDA01887868A5F44EE7BEBCCFDF 1936208 —-a-w- C:\$RECYCLE.BIN\S-1-5-21-1153977891-1869991665-2431096691-1000\$RQ5LBKR.exe
2014-08-23 13:33:05 9F836F6EEE137D340ED70AF9863BA70C 544 —-a-w- C:\$RECYCLE.BIN\S-1-5-21-1153977891-1869991665-2431096691-1000\$I4G7F3R.exe
2014-08-23 07:40:23 984CC93BB0EF86A0B4825269D8379D81 774424 —-a-w- C:\Users\Erika\AppData\Local\Temp\676_4929\GoogleUpdateSetup.exe
2014-08-23 07:40:23 4C8C0B0340C6234649C7F91FB5E89A54 571272 —-a-w- C:\Users\Erika\AppData\Local\Temp\676_4929\ChromeRecovery.exe
2014-08-23 07:16:01 88E234A71EB5AEF9312DC1C8156821A9 4999192 —-a-w- C:\Users\Erika\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh\1.3.276_0\plugin\hola_plugin.exe
2014-08-23 07:16:01 6CE0775A99C5516E1FC610ACAF7FDCCB 5787160 —-a-w- C:\Users\Erika\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh\1.3.276_0\plugin\hola_plugin_x64.exe
2014-08-23 07:04:28 A94E9564DEBBF768E4222A6FEED15D93 1661160 —-a-w- C:\Windows\Temp\742b4eb8\TorchSetupstub.exe
2014-08-23 07:03:09 CA0CAE9EE51C3921E0E68461FCFE121C 8999360 —-a-w- C:\Users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRPK7ZHP\setup.exe
2014-08-23 07:02:01 CA0CAE9EE51C3921E0E68461FCFE121C 8999360 —-a-w- C:\Users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOVETK10\setup.exe
2014-08-23 07:01:27 CA0CAE9EE51C3921E0E68461FCFE121C 8999360 —-a-w- C:\Users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OEONF7K\setup.exe
2014-08-23 06:59:04 7BE54E0427DDD5EAFE1446ECB5919BA3 2300840 —-a-w- C:\$RECYCLE.BIN\S-1-5-21-1153977891-1869991665-2431096691-1000\$R4G7F3R.exe
=== C: other files ==
2014-08-24 06:34:18 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-24 06:34:01 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-24 06:34:01 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-24 06:34:01 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-23 14:38:52 B023BFE4A5162484D746EB585022AC6F 101 —-a-w- C:\Users\Erika\AppData\Local\Temp\uttEC72.tmp.bat
2014-08-23 14:31:51 FD7DA0A3B76457379F49691140863B7D 57923 —-a-w- C:\Users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41ER8651\site_advisor_7934_0.1.xpi
==== Startup Registry Enabled ======================
“GarminExpressTrayApp”=“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“HP Photosmart 6510 series (NET)”=“C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe -deviceID CN19F411SS05QB:NW -scfn HP Photosmart 6510 series (NET) -AutoStart 1”
“GarminExpressTrayApp”=“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“TNS NIPO Clicks”=“C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe”
“AVG-Secure-Search-Update_1213b”=“C:\Users\Erika\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8da9f4b0987847d392c69128c064797a-b1ab53bf69ee3d56e0b68fecf6a63d5566bf3245 /CMPID=1213b”
“GarminExpressTrayApp”=“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“SPReview”=“C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“SPReview”=“C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601”
“hpsysdrv”=“c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe”
“IAStorIcon”=“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun ”
“SwitchBoard”=“C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe”
“AdobeCS6ServiceManager”=“C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime”
“Adobe Creative Cloud”=“C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe –showwindow=false –onOSstartup=true”
“AVG_UI”=“C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY”
“vProt”=“C:\Program Files (x86)\AVG Web TuneUp\vprot.exe”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“HP Photosmart 6510 series (NET)”=“C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe -deviceID CN19F411SS05QB:NW -scfn HP Photosmart 6510 series (NET) -AutoStart 1”
“GarminExpressTrayApp”=“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“TNS NIPO Clicks”=“C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe”
“AVG-Secure-Search-Update_1213b”=“C:\Users\Erika\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8da9f4b0987847d392c69128c064797a-b1ab53bf69ee3d56e0b68fecf6a63d5566bf3245 /CMPID=1213b”
==== Startup Registry Enabled x64 ======================
“AdobeAAMUpdater-1.0”=“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”
“Logitech Download Assistant”=“C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch”
“EvtMgr6”=“C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming”
“NCPluginUpdater”=“C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update”
==== Startup Registry Disabled ======================
“HP Software Update”=“C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe”
“Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“HP Remote Solution”=“C:\\Program Files (x86)\\Hewlett-Packard\\HP Remote Solution\\HP_Remote_Solution.exe”
“SunJavaUpdateSched”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Easybits Recovery”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“RoxWatchTray”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxWatchTray10.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SmartMenu”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background”
==== Startup Folders ======================
2013-04-16 07:15:59 2001 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk
2013-04-16 08:20:41 1349 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma”
“C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Erika-PC-Erika”
“C:\Windows\SysNative\tasks\CLMLSvc”
“C:\Windows\SysNative\tasks\DVDAgent”
“C:\Windows\SysNative\tasks\ExtendedServicePlan”
“C:\Windows\SysNative\tasks\GarminUpdaterTask”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\SysNative\tasks\HP-Online updateprogramma”
“C:\Windows\SysNative\tasks\HPCustParticipation HP Photosmart 6510 series”
“C:\Windows\SysNative\tasks\Java Update Scheduler”
“C:\Windows\SysNative\tasks\RecoveryCDWin7”
“C:\Windows\SysNative\tasks\Registration”
“C:\Windows\SysNative\tasks\ServicePlan”
“C:\Windows\SysNative\tasks\SidebarExecute”
“C:\Windows\SysNative\tasks\SoftwareInformerService”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN19F411SS05QB”
“C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
2014-03-16 14:52:30 ——– d—–w- C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-20 17:56:52 ——– d—–w- C:\PROGRA~3\AVG2014
2014-07-22 13:38:37 ——– d—–w- C:\PROGRA~3\Malwarebytes
2014-08-04 11:30:51 ——– d—–w- C:\PROGRA~3\AVG Web TuneUp
==== Firefox Extensions Registry ======================
“avg@toolbar”=“C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.1.0.6”
==== Firefox Extensions ======================
ProfilePath: C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default
- TNS NIPO Clicks - C:\Users\Erika\AppData\Local\TNS NIPO Clicks\plugins\firefox
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- TNS NIPO Clicks - %ProfilePath%\extensions\addon@nipobase.wakoopa.com
- Logitech - %ProfilePath%\extensions\DeviceDetection@logitech.com
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Undetermined - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}-trash
- Site Advisor - %ProfilePath%\extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73}
- HP Detect - %ProfilePath%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default
9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
DFD5A8C94118C4E85B33245C2DDB553A - C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\pp5a1fpf.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll - Logitech Device Detection
FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin
==== Chrome Look ======================
Ask Toolbar - Erika\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne
DropToS - Erika\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo
Torch New Tab - Erika\AppData\Local\Torch\User Data\Default\Extensions\dipchieogpecpggdacaaffcjemkggfbi
Torch Shopping - Erika\AppData\Local\Torch\User Data\Default\Extensions\dmgjnkhnkblpmfjpdakehnaikgdjllic
Torch Games - Erika\AppData\Local\Torch\User Data\Default\Extensions\elnodfjhjgpnmdhklbfeijeaehcgffnp
Torch Music - Erika\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad
FaceLift - Erika\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk
Torch Games - Erika\AppData\Local\Torch\User Data\Default\Extensions\khkmhmmjbfailffpaicjgedkpboookjk
Torch Helper - Erika\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg
Torch Torrent - Erika\AppData\Local\Torch\User Data\Default\Extensions\mpdmibcjecdaibcnlilhiopefjgegjjc
Google Wallet - Erika\AppData\Local\Torch\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Torch Music - Erika\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed
Hola for Torch - Erika\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh
==== Chrome Fix ======================
C:\Users\Erika\AppData\Local\Torch\User Data\Default\Extensions\dmgjnkhnkblpmfjpdakehnaikgdjllic deleted successfully
C:\Users\Erika\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully
==== Set IE to Default ======================
Old Values:
“Search Page”=“http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}”
“Search Page”=“http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}”
“Search Page”=“http://istart.webssearches.com/web/?type=ds&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788&q={searchTerms}”
“DefaultScope”=“{33BB0A4E-99AF-4226-BDF6-49120163DE86}”
not found
New Values:
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“DefaultScope”=“{012E1000-F331-11DB-8314-0800200C9A66}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
==== shortcuts on Users Desktops ======================
C:\Users\Erika\Desktop\BaseCamp.lnk - C:\Program Files (x86)\Garmin\BaseCamp\BaseCamp.exe
C:\Users\Erika\Desktop\FreeCell (2).lnk -
C:\Users\Erika\Desktop\Soulseek.lnk - C:\Program Files (x86)\SoulseekNS\slsk.exe
C:\Users\Erika\Desktop\Spider Solitaire.lnk -
C:\Users\Erika\Desktop\UnderCoverXP.lnk - C:\Program Files (x86)\UnderCoverXP\UnderCoverXP.exe
C:\Users\Erika\Desktop\USB Safeguard (F).lnk - F:\usbsafeguard.exe
C:\Users\Erika\Desktop\USB Safeguard (G).lnk - G:\usbsafeguard.exe
C:\Users\Erika\Desktop\HP programma's\HP ePrintCenter - HP Photosmart 6510 series.lnk - C:\Program Files (x86)\HP\HP Photosmart 6510 series\ePrintCenterShortcut.url
C:\Users\Erika\Desktop\HP programma's\HP Photosmart 6510 series.lnk - C:\Program Files (x86)\HP\HP Photosmart 6510 series\Bin\HP Photosmart 6510 series.exe
C:\Users\Erika\Desktop\HP programma's\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Garmin Express.lnk - C:\Program Files (x86)\Garmin\Express\Express.exe
C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Software Informer.lnk - C:\Program Files\Software Informer\softinfo.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Erika\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Erika\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://istart.webssearches.com/?type=sc&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\BaseCamp.lnk - C:\Program Files (x86)\Garmin\BaseCamp\BaseCamp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\Garmin Express.lnk - C:\Program Files (x86)\Garmin\Express\Express.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\MapInstall.lnk - C:\Program Files (x86)\Garmin\MapInstall\MapInstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\WebUpdater.lnk - C:\Program Files (x86)\Garmin\WebUpdater\WebUpdater.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins001.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 3.0.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\DigitalEditions.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Aangifte loonheffingen 2014.lnk - C:\Users\Erika\Documents\Stamrecht bv\administratie\2014\Aangifte Loonheffingen\2014\la2014.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Bridge CS6 (64bit).lnk - C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://istart.webssearches.com/?type=sc&ts=1408804271&from=ild&uid=WDCXWD10EADS-65M2B0_WD-WCAV5634178841788
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
==== shortcuts After Repair ======================
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A2DCB4C3C3D836644994BAB7A3DF90F6 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C4BCD2A-8D3C-4663-9449-AB7B3AFD096F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A2DCB4C3C3D836644994BAB7A3DF90F6 deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: TNS NIPO Clicks - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Erika\AppData\Local\Wakoopa Shared\WakoopaBHO.dll
O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe” –showwindow=false –onOSstartup=true
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG Web TuneUp\vprot.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe” -deviceID “CN19F411SS05QB:NW” -scfn “HP Photosmart 6510 series (NET)” -AutoStart 1
O4 - HKCU\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
O4 - HKCU\..\Run: C:\Users\Erika\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
O4 - HKCU\..\Run: C:\Users\Erika\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8da9f4b0987847d392c69128c064797a-b1ab53bf69ee3d56e0b68fecf6a63d5566bf3245 /CMPID=1213b
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘Default user’)
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.1.0\ViProtocol.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: CodecIconProgram.exe - Unknown owner - C:\Users\Erika\AppData\Local\CodecIconProgram\CodecIconProgram.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ExportRootSamba - Unknown owner - C:\Windows\SysWOW64\ExportRootSamba\ExportRootSamba.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Erika\AppData\Local\Mozilla\Firefox\Profiles\pp5a1fpf.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Erika\AppData\Local\Torch\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=238 folders=116 59360046 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Erika\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Erika\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on zo 24-08-2014 at 11:11:46,97 ======================
Ben

24-08-2014 11:21

Hallo Rikje,
Dat is mooi:
Download AdwCleaner by Xplode naar het bureaublad.
* Sluit alle openstaande vensters.
* Dubbelklik op AdwCleaner om hem te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,
* Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Klik vervolgens op Scannen.
* Klik vervolgens op Verwijderen als er items zijn gevonden.
* Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
Rikje

24-08-2014 12:35

Hoi Ben,
bijgaand de log van Adwcleaner.
Groetjes Rikje
# AdwCleaner v3.308 - Rapport aangemaakt 24/08/2014 op 11:45:56
# Laatste Update 20/08/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : Erika - ERIKA-PC
# Gestart vanuit : C:\Users\Erika\Desktop\adwcleaner_3.308.exe
# Optie : Verwijderen
***** *****
***** *****
Map Verwijderd : C:\Users\Erika\AppData\Local\torch
***** *****
Taak Verwijderd : Express FilesUpdate
***** *****
***** *****
Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\Extensions
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijderd : HKCU\Software\GlobalUpdate
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\torch
Sleutel Verwijderd : HKLM\SOFTWARE\GlobalUpdate
Sleutel Verwijderd : HKLM\SOFTWARE\torch
Sleutel Verwijderd : HKLM\SOFTWARE\Upt
Sleutel Verwijderd : HKLM\SOFTWARE\Upt
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** *****
-\\ Internet Explorer v11.0.9600.17239
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\Main
-\\ Mozilla Firefox v31.0 (x86 nl)
Regel verwijderd : user_pref(“browser.newtab.url”, “chrome://quick_start/content/index.html”);
Regel verwijderd : user_pref(“extensions.quick_start.enable_search1”, false);
Regel verwijderd : user_pref(“extensions.quick_start.sd.closeWindowWithLastTab_prev_state”, false);
-\\ Google Chrome v
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Ben

24-08-2014 12:38

Hallo Rikje,
Dat is ook weer netjes gedaan, als er verder geen problemen zijn doe het volgende;
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Remove disinfection tools
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.
fazantje

03-09-2014 20:09

Omdat dit topic is opgelost word het gesloten.
Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).
Zij zullen dan het “slotje” er van af halen en het topic is weer geopend
Het AV team.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

rare startpagina

Rikje

Rikje

Ben

Rikje

Ben

Rikje

Ben

fazantje