[Moosch32]

hallo,

I have several problems with my daughters computer:
- Mozilla firefox and internet explorer take a long time to startup.
- Internet is very slow
- Some websites cannot be reached. E.g. I can go to www.microsoft.com, but not to forums.malwarebytes.org

What have i done to correct this ?
- I have already run mbam.exe. It found more than 200 suspected files. These were quarantained or deleted.
- I ran Malwarebytes anti-rootkit. This found 31 threads.

Malwarebytes says that it has blocked access to a possible malicious website.

Unfortunately the problem wasn't solved. I hope somebody can help me!

OTL logfile created on: 22-5-2013 15:12:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\spyware
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000413 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,86 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 54,98% Memory free
7,71 Gb Paging File | 5,22 Gb Available in Paging File | 67,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 11,12 Gb Free Space | 9,55% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 24,60 Gb Free Space | 7,46% Space Free | Partition Type: NTFS
Drive F: | 3,72 Gb Total Space | 1,97 Gb Free Space | 52,98% Space Free | Partition Type: FAT32

Computer Name: NOEMIOSSELAER | User Name: Noemi Osselaer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-05-22 15:07:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\spyware\OTL.exe
PRC - [2012-12-12 10:42:18 | 001,038,192 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\ApVxdWin.exe
PRC - [2012-11-26 12:26:58 | 000,068,168 | ---- | M] (Simplygen) -- C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
PRC - [2012-11-19 17:11:38 | 000,177,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrlS.exe
PRC - [2012-11-16 12:52:52 | 000,173,344 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe
PRC - [2012-09-21 07:25:02 | 000,202,016 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe
PRC - [2012-08-06 08:45:03 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012-04-04 17:00:28 | 000,108,032 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\WebProxy.exe
PRC - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011-10-18 12:43:48 | 000,112,128 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavBckPT.exe
PRC - [2011-10-18 12:43:48 | 000,091,648 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\SrvLoad.exe
PRC - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011-07-29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011-07-13 13:35:03 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011-04-13 11:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe
PRC - [2011-03-07 14:27:06 | 000,225,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\AVENGINE.EXE
PRC - [2010-11-20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010-10-21 04:38:35 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010-08-16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\psksvc.exe
PRC - [2010-03-02 20:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010-01-20 17:49:04 | 000,308,640 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010-01-05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009-11-26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files (x86)\Panda Security\Panda Internet Security 2013\FIREWALL\PSHost.exe
PRC - [2009-11-24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009-11-10 04:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009-11-02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009-10-27 05:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009-10-01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009-10-01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009-08-20 05:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009-08-12 21:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009-06-19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009-05-19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008-06-19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe
PRC - [2008-02-04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007-06-15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe


========== Modules (No Company Name) ==========

MOD - [2013-05-19 11:02:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013-05-11 17:14:56 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013-05-11 17:13:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013-05-11 17:11:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013-05-11 17:11:28 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012-05-30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-05-30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-07-29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011-07-29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011-02-18 10:04:04 | 000,196,448 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
MOD - [2010-01-05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009-11-24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009-09-23 20:07:14 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007-02-14 12:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\MiniCrypto.dll
MOD - [2004-05-19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\LIBXML2.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2011-08-12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-12-08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009-11-11 10:29:13 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-11-19 17:11:38 | 000,177,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2012-11-16 12:52:52 | 000,173,344 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe -- (TPSrv)
SRV - [2012-11-09 22:04:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-09-21 07:25:02 | 000,202,016 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2012-08-24 17:05:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012-02-10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011-04-13 11:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe -- (PAVSRV)
SRV - [2010-08-16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\psksvc.exe -- (PskSvcRetail)
SRV - [2010-04-05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-11-26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\Program Files (x86)\Panda Security\Panda Internet Security 2013\FIREWALL\PSHost.exe -- (PSHost)
SRV - [2009-11-10 04:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009-10-01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-10-01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-06-19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe -- (PSIMSVC)
SRV - [2008-02-04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv)
SRV - [2007-06-15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-09-28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-03-26 17:57:36 | 000,071,432 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
DRV:64bit: - [2012-03-08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-11-03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011-10-01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011-10-01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011-10-01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011-10-01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011-07-22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011-07-12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011-07-11 19:31:19 | 000,015,928 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\COMFiltr.sys -- (ComFiltr)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-01-31 15:41:28 | 000,129,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\APPFLT64.SYS -- (APPFLT)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-09-09 15:23:00 | 000,078,920 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idsflt64.sys -- (IDSFLT)
DRV:64bit: - [2010-09-01 10:09:12 | 000,216,648 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\n64i1644.sys -- (NETIMFLT01060044)
DRV:64bit: - [2010-06-22 17:20:18 | 000,030,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009-11-13 11:47:35 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009-11-11 11:02:11 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-10-27 11:07:42 | 000,048,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ShldFlt.sys -- (ShldFlt)
DRV:64bit: - [2009-10-15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009-10-05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-09-30 03:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009-09-25 13:54:08 | 000,074,760 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wnmflt64.sys -- (WNMFLT)
DRV:64bit: - [2009-09-25 13:54:06 | 000,170,504 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NETTDI64.SYS -- (NETFLTDI)
DRV:64bit: - [2009-09-25 13:54:02 | 000,082,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\dsaflt64.sys -- (DSAFLT)
DRV:64bit: - [2009-09-25 13:54:02 | 000,031,752 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fnetm64.sys -- (FNETMON)
DRV:64bit: - [2009-09-17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009-08-21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009-08-12 05:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009-08-06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009-07-20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009-07-14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009-06-10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008-05-24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2006-08-25 15:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV:64bit: - [2005-09-23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.php....php?rvs=google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...e=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=19405
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...e=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...e=true&tid=2937
IE - HKLM\..\URLSearchHook: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2767D8A6-9BEA-B9CA-947B-4524CC04B624}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{566B2F24-33BE-4DA4-BEDA-5721A13D5555}: "URL" = http://downloads.php....php?rvs=google
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://visualbee.del...29220CF30762AE3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...e=true&tid=2937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/de....aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-BE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F 13 9D 88 FC 3E CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...e=true&tid=2937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...e=true&tid=2937
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://visualbee.del...29220CF30762AE3
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT1269415.browser.search.defaultthis.engineName: true
FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.0
FF - prefs.js..extensions.enabledAddons: {0F827075-B026-42F3-885D-98981EE7B1AE}:2.6.1125.80
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Noemi Osselaer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-03 09:16:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-08-24 17:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-07-03 09:16:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2011-07-22 19:42:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2011-07-01 13:01:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-08-24 17:05:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-07-03 09:16:20 | 000,000,000 | ---D | M]

[2012-08-08 16:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Extensions
[2011-07-01 17:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions
[2011-07-01 13:01:12 | 000,000,000 | ---D | M] (VisualBee Toolbar) -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions\[email protected]
[2012-01-03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\askcom.xml
[2011-07-22 19:42:56 | 000,002,432 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\babylon1.xml
[2012-08-14 19:17:23 | 000,000,919 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\conduit.xml
[2011-07-13 15:22:16 | 000,001,797 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\funmoods.xml
[2012-06-24 21:41:41 | 000,002,301 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\Search.xml
[2012-08-08 16:16:57 | 000,002,519 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\Search_Results.xml
[2011-07-01 13:02:57 | 000,001,292 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\visualbee.xml
[2011-07-10 15:00:33 | 000,003,269 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\Web Search.xml
[2012-08-08 16:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-08-07 19:13:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-07-03 09:16:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011-07-01 13:01:12 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2012-08-24 17:05:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-07-01 13:02:03 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012-04-02 21:22:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-04-02 21:22:05 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012-04-02 21:22:05 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012-08-08 16:16:57 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2011-07-10 15:00:33 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
[2012-04-02 21:22:05 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - homepage: {_signature:AvL6rk3DasMvXVaBanmk1e6J1aDlII4xvhJ6YROKqD4=,_version:4,extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,gladcbhcbkdeddbidiblppadjdjalidb,kfldpfnhfpiclgobehefdjjjhdnhlfnj,kiplfnciaokpcennlkldkdaeaaomamof,pgafcinpmmpklohkojmllohdhomoefph]},homepage:http://visualbee.delta-search.com/?affID=121376&babsrc=HP_ss&mntrId=429220CF30762AE3,session:{restore_on_startup:4,urls_to_restore_on_startup:[http://visualbee.del..._referral_list:[2,[http://ad.doubleclick.net/,[http://googleads.g.d...2086570657060]],[http://googleads.g.doubleclick.net/,[http://www.google.co...5295730496120]],[http://www.google.be/,[http://www.google.be...1882020410987]],[http://www.youtube.com/,[http://ad.doubleclic...],startup_list:[1,http://visualbee.delta-search.com/,http://www.google.be/]},download:{directory_upgrade:true},extensions:{alerts:{initialized:true},autoupdate:{last_check:13013206249210002,next_check:13013370836361061},chrome_url_overrides:{bookmarks:[chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html],newtab:[chrome-extension://kfldpfnhfpiclgobehefdjjjhdnhlfnj/redirect.html]},settings:{ahfgeienlihckogmohjhadlkjgocpleb:{active_permissions:{api:[appNotifications,management,webstorePrivate]},app_launcher_ordinal:n,page_ordinal:n},gladcbhcbkdeddbidiblppadjdjalidb:{ack_external:true},kfldpfnhfpiclgobehefdjjjhdnhlfnj:{active_permissions:{api:[tabs]},from_bookmark:false,from_webstore:false,install_time:13013205813697559,location:3,manifest:{chrome_url_overrides:{newtab:redirect.html},description:VisualBee Toolbar,icons:{128:VisualBee128.png,48:VisualBee48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBE6OxXioL2bmjfbu+gfZL7/D0tQxxDgLuvNKKhYLdM2/SbBaffecznrWoOZhVX9KhO7lWSoB3ZPObyGMdg2TLTw+6ix/lD679ReK/4sQU2h6zwzuAdG9iNYmKPwNM1/nQrId9lb0/B16AGacU6JB+EJCZx3Rk0Dao7wzLTh0sbQIDAQAB,manifest_version:2,name:VisualBee Toolbar,permissions:[tabs],update_url:http://img.visualbee.claro-delta.com/ext/chrome/update/update-delta.xml,version:1.0},path:kfldpfnhfpiclgobehefdjjjhdnhlfnj\\1.0_0,state:1,was_installed_by_default:false},kiplfnciaokpcennlkldkdaeaaomamof:{active_permissions:{api:[contentSettings,contextMenus,plugin,storage,tabs,webNavigation,webRequest,webRequestInternal],explicit_host:[<all_urls>],scriptable_host:[*://*/*,http://localhost/torchtorrent/web/*,http://www.dev.torchbrowser.com/client/share/*,http://www.int.torchbrowser.com/client/share/*,http://www.stage.torchbrowser.com/client/share/*,http://www.torchbrowser.com/client/share/*]},content_settings:[{primaryPattern:http://[*.]torchbrowser.com,resourceIdentifier:,secondaryPattern:*,setting:allow,type:popups}],from_bookmark:false,from_webstore:false,install_time:13013205814613559,lastpingday:13013161199800002,location:3,manifest:{background:{page:background.html},browser_action:{default_icon:images/icon_grey.png,default_title:Torch Add-on},content_scripts:[{js:[js/cont.js],matches:[http://localhost/tor.../share/*]},{js:[js/plugininjection.js,js/sitestype.js],matches:[*://*/*]}],current_locale:nl,default_locale:en,description:Torch Share.,icons:{128:images/torch128.png,16:images/torch16.png,48:images/torch48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFELxAA6fsTTXtGJGwd5E4gjpI9E0onnEqCmx7I1D8vEpN0oZrrpgBaZLWFrcwY+yPjhMze1DOOwzCKDwIyRRpUbrjRuAnzkpJsrglOTfxH4KoatpOXlDrFfoDucB+YFYvgNpTbXtxr+5WD3mZvbYA9rz81TudHe1WG86CofENnQIDAQAB,manifest_version:2,minimum_chrome_version:23,name:Torch Share,permissions:[tabs,webRequest,webNavigation,storage,contextMenus,<all_urls>,contentSettings],plugins:[{path:plugin/torchplugin.dll,public:true}],version:1.0.0.2023,web_accessible_resources:[images/torch16.png,images/torch32.png,images/torch48.png]},path:kiplfnciaokpcennlkldkdaeaaomamof\\1.0.0.2023_0,state:1,was_installed_by_default:false},pgafcinpmmpklohkojmllohdhomoefph:{active_permissions:{api:[plugin,tabs]},from_bookmark:false,from_webstore:false,install_time:13013205813837559,lastpingday:13013161199800002,location:3,manifest:{background:{scripts:[background.js]},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClk3H28PBai7ToXwtcINPVtb0vSyTKxQjT46u4kM1nDpO5++S/hMuepxWOMJxZFzhcr/X6njI8z1ycbfhLcE+gYj7ioLEaxTXWAGWsboThblQQGMh3mQIVoE430Sjd8ypVtrmJTANvQ7CFdG2iTv+KdQMJLFndfgVJsRASr3/vdwIDAQAB,manifest_version:2,name:BrowserProtect,page_action:{default_title:BrowserProtect},permissions:[tabs],plugins:[{path:spext.dll,public:true}],version:1.0},path:pgafcinpmmpklohkojmllohdhomoefph\\1.0_0,state:1,was_installed_by_default:false}},toolbar:[kiplfnciaokpcennlkldkdaeaaomamof],toolbarsize:-1},homepage:http://visualbee.delta-search.com/?affID=121376&babsrc=HP_ss&mntrId=429220CF30762AE3,homepage_is_newtabpage:true,net:{http_server_properties:{servers:{clients2.google.com:443:{supports_spdy:true},googleads.g.doubleclick.net:443:{supports_spdy:true},www.google.com:443:{supports_spdy:true}},version:1}},ntp:{promo_resource_cache_update:1368883852.45167},plugins:{enabled_internal_pdf3:true,enabled_nacl:true,last_internal_directory:C:\\Program Files (x86)\\Google\\Chrome\\Application\\23.0.1271.64,migrated_to_pepper_flash:true,plugins_list:[{enabled:true,name:Shockwave Flash,path:C:\\Program Files (x86)\\Google\\Chrome\\Application\\23.0.1271.64\\PepperFlash\\pepflashplayer.dll,version:11.5.31.2},{enabled:true,name:Chrome Remote Desktop Viewer,path:internal-remoting-viewer,version:},{enabled:true,name:Native Client,path:C:\\Program Files (x86)\\Google\\Chrome\\Application\\23.0.1271.64\\ppGoogleNaClPluginChrome.dll,version:},{enabled:true,name:Chrome PDF Viewer,path:C:\\Program Files (x86)\\Google\\Chrome\\Application\\23.0.1271.64\\pdf.dll,version:},{enabled:true,name:,path:C:\\Users\\Noemi Osselaer\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\clbfjfbnelcflpgpklppgplejolacbej\\1.0.5_0\\chromeNPAPI.dll,version:1, 0, 0, 0},{enabled:true,name:Babylon ToolBar,path:C:\\Users\\Noemi Osselaer\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dhkplhfnhceodhffomolpfigojocbpcb\\1.7_0\\BabylonChromeToolBar.dll,version:2.0.0.2},{enabled:true,name:Skype Toolbars,path:C:\\Users\\Noemi Osselaer\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\5.8.0.8855_0\\npSkypeChromePlugin.dll,version:5.8.0.8855},{enabled:true,name:Conduit Chrome Plugin,path:C:\\Users\\Noemi Osselaer\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\bdhffggcfjnkigeciffmipblemhphbjl\\10.11.21.5_0\\plugins/ConduitChromeApiPlugin.dll,version:1.0.6.9},{enabled:true,name:Conduit Radio Plugin,path:C:\\Users\\Noemi Osselaer\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\bdhffggcfjnkigeciffmipblemhphbjl\\10.11.21.5_0\\plugins/np-cwmp.dll,version:1.0.0.1},{enabled:true,name:Adobe Acrobat,path:C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll,version:9.1.0.2009022700},{enabled:true,name:Microsoft Office 2010,path:C:\\PROGRA~2\\MICROS~1\\Office14\\NPAUTHZ.DLL,version:14.0.4730.1010},{enabled:true,name:Microsoft Office 2010,path:C:\\PROGRA~2\\MICROS~1\\Office14\\NPSPWRAP.DLL,version:14.0.4761.1000},{enabled:true,name:CANON iMAGE GATEWAY Album Plugin Utility,path:C:\\Program Files (x86)\\Canon\\Easy-PhotoPrint EX\\NPEZFFPI.DLL,version:3.0.5.0},{enabled:true,name:DivX VOD Helper Plug-in,path:C:\\Program Files (x86)\\DivX\\DivX OVS Helper\\npovshelper.dll,version:1.1.0.6},{enabled:true,name:DivX Plus Web Player,path:C:\\Program Files (x86)\\DivX\\DivX Plus Web Player\\npdivx32.dll,version:2, 2, 0, 52},{enabled:true,name:Google Earth Plugin,path:C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll,version:6.1.0.5001},{enabled:true,name:Google Update,path:C:\\Program Files (x86)\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll,version:1.3.21.123},{enabled:true,name:Java™ Platform SE 6 U31,path:C:\\Program Files (x86)\\Java\\jre6\\bin\\plugin2\\npjp2.dll,version:6.0.310.5},{enabled:true,name:Silverlight Plug-In,path:C:\\Program Files (x86)\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll,version:4.1.10329.0},{enabled:true,name:Windows Live™ Photo Gallery,path:C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll,version:15.4.3555.0308_ship.wlx.w4m4 (ship)},{enabled:true,name:iTunes Application Detector,path:C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll,version:1.0.1.1},{enabled:true,name:Facebook Video Calling Plugin,path:C:\\Users\\Noemi Osselaer\\AppData\\Local\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll,version:1.2.0.287},{enabled:true,name:Shockwave Flash,path:C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_4_402_287.dll,version:11,4,402,287},{enabled:true,name:Adobe Flash Player},{enabled:false,name:Adobe Reader},{enabled:true,name:Babylon ToolBar},{enabled:true,name:CANON iMAGE GATEWAY Album Plugin Utility},{enabled:true,name:Chrome PDF Viewer},{enabled:true,name:Chrome Remote Desktop Viewer},{enabled:true,name:Conduit Chrome Plugin},{enabled:true,name:Conduit Radio Plugin},{enabled:true,name:DivX Plus Web Player},{enabled:true,name:DivX VOD Helper Plug-in},{enabled:true,name:Facebook Video Calling Plugin},{enabled:true,name:Google Earth Plugin},{enabled:true,name:Google Update},{enabled:true,name:Java™},{enabled:true,name:Microsoft Office},{enabled:true,name:Native Client},{enabled:true,name:Silverlight},{enabled:true,name:Skype Toolbars},{enabled:true,name:Windows Live™ Photo Gallery},{enabled:true,name:chromeNPAPI},{enabled:true,name:iTunes Application Detector}]},profile:{avatar_index:0,content_settings:{clear_on_exit_migrated:true,pref_version:1},exited_cleanly:true,name:Eerste gebruiker},session:{restore_on_startup:4,restore_on_startup_migrated:true,urls_to_restore_on_startup:[http://visualbee.del...220CF30762AE3]}
CHR - Extension: No name found = C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfldpfnhfpiclgobehefdjjjhdnhlfnj\1.0_0\
CHR - Extension: No name found = C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.2023_0\
CHR - Extension: No name found = C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Noemi Osselaer\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Noemi Osselaer\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (PHPNukeDU Toolbar) - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
O2 - BHO: (visualbee Helper Object) - {66F57190-01EB-45A6-8260-7895267209F7} - C:\Program Files (x86)\visualbee\visualbee\1.8.9.1\bh\visualbee.dll (Visualbee)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PHPNukeDU Toolbar) - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Noemi Osselaer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.2 195.130.131.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5F2D15B-ED47-4071-89A4-6C3CA1171EEC}: DhcpNameServer = 195.130.130.2 195.130.131.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e00ffc81-dcba-11df-87be-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e00ffc81-dcba-11df-87be-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-07-10 17:29:02 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{C3C3D0F2-3806-442B-BEC9-4C9055BBB799}
[2013-07-07 17:50:49 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{12D69529-A0E6-453A-A449-11F48D7D5611}
[2013-07-05 15:21:07 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{38F13457-09B6-496E-AB75-17B8AFEA757E}
[2013-05-22 13:33:40 | 000,000,000 | ---D | C] -- C:\spyware
[2013-05-22 10:39:06 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{9737E3AF-6250-40A5-994D-1B79B569C502}
[2013-05-18 22:40:56 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{8B8C46B2-914C-4402-AF6B-7521FD1435DF}
[2013-05-18 19:44:48 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{7FBA2111-8746-4A19-9659-B060A2DBE5C0}
[2013-05-18 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Roaming\Malwarebytes
[2013-05-18 17:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-05-18 17:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-05-18 17:42:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-05-18 17:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-05-18 17:42:22 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\Programs
[2013-05-17 19:05:43 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{8D3F726B-2B4C-454A-9A01-E97E983CF9F3}
[2013-05-15 21:58:03 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{86CC7D14-DC3A-4F79-BD73-48E1E536D247}
[2013-05-14 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{9C5BF444-0686-4A69-8677-CA23106DB5A3}
[2013-05-13 17:14:04 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{3C2A72C3-4903-4CBF-B707-1CC2F1B7040C}
[2013-05-11 23:46:31 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{5F061D7B-DBDB-44F8-A83B-C42F75AA5C06}
[2013-05-09 14:20:33 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{3908174B-6697-4C93-9D35-6B09CAFEFB8B}
[2013-05-09 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\Documents\Adobe
[6 C:\Users\Noemi Osselaer\Documents\*.tmp files -> C:\Users\Noemi Osselaer\Documents\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-05-22 15:02:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-05-22 14:35:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-22 14:21:22 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013-05-22 13:53:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876256605-4006223907-461243498-1000UA.job
[2013-05-22 13:53:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876256605-4006223907-461243498-1000Core.job
[2013-05-22 13:47:52 | 000,350,084 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck
[2013-05-22 13:47:52 | 000,350,084 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT
[2013-05-22 13:38:52 | 000,447,324 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls.bck
[2013-05-22 13:38:52 | 000,447,324 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls
[2013-05-22 13:38:52 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck
[2013-05-22 13:38:52 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG
[2013-05-22 13:38:52 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg.bck
[2013-05-22 13:38:52 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg
[2013-05-22 13:38:52 | 000,000,092 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt.bck
[2013-05-22 13:38:52 | 000,000,092 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt
[2013-05-22 13:38:52 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg.bck
[2013-05-22 13:38:52 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg
[2013-05-22 13:38:52 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg.bck
[2013-05-22 13:38:52 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg
[2013-05-22 13:38:52 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg.bck
[2013-05-22 13:38:52 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg
[2013-05-22 13:37:23 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-05-22 13:37:21 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (Local).job
[2013-05-22 13:37:21 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2013-05-22 13:06:09 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-05-22 13:06:09 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-05-22 12:58:21 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck
[2013-05-22 12:58:21 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg
[2013-05-22 12:58:20 | 000,000,072 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt.bck
[2013-05-22 12:58:20 | 000,000,072 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt
[2013-05-22 12:52:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-22 12:51:55 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2013-05-22 10:37:37 | 000,001,487 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013-05-18 19:41:57 | 005,036,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-05-18 17:42:40 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-05-18 17:40:26 | 001,665,528 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-05-18 17:40:26 | 000,744,022 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-05-18 17:40:26 | 000,652,828 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-05-18 17:40:26 | 000,152,848 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-05-18 17:40:26 | 000,121,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-05-11 14:31:03 | 001,643,688 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-05-09 21:59:46 | 000,000,512 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\wnmuth.wlt.bck
[2013-05-09 21:59:46 | 000,000,512 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\wnmuth.wlt
[2013-05-09 15:34:24 | 000,002,322 | ---- | M] () -- C:\Users\Noemi Osselaer\Desktop\james bond bath scene.wlmp
[2013-05-09 11:55:28 | 000,001,520 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[6 C:\Users\Noemi Osselaer\Documents\*.tmp files -> C:\Users\Noemi Osselaer\Documents\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-05-18 17:42:40 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-05-09 15:34:23 | 000,002,322 | ---- | C] () -- C:\Users\Noemi Osselaer\Desktop\james bond bath scene.wlmp
[2013-05-09 11:55:28 | 000,001,532 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013-05-09 11:55:28 | 000,001,520 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2012-07-13 14:33:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-06-24 21:30:43 | 000,302,425 | ---- | C] () -- C:\Users\Noemi Osselaer\AppData\Local\funmoods-speeddial.crx
[2011-07-10 15:01:04 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
[2011-06-27 13:36:03 | 001,811,849 | ---- | C] () -- C:\Users\Noemi Osselaer\AppData\Local\scene_temp.jpg
[2011-06-24 14:13:09 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2011-06-24 14:13:09 | 000,029,741 | ---- | C] () -- C:\Windows\unins000.dat
[2011-01-20 20:24:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-01-19 18:34:32 | 000,025,600 | ---- | C] () -- C:\Users\Noemi Osselaer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-21 04:18:51 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011-01-18 19:55:04 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Asus WebStorage
[2012-03-25 00:11:37 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Babylon
[2011-04-11 20:01:02 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Canon
[2012-04-07 13:36:29 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011-07-28 13:20:36 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012-06-24 21:28:11 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Complitly
[2011-06-24 14:13:44 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Easy MP3 Recorder
[2011-06-30 17:16:56 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\go
[2012-06-24 21:36:49 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\LimeWire Music
[2011-07-29 13:54:58 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\PACE Anti-Piracy
[2011-07-11 19:29:33 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Panda Security
[2012-08-03 19:07:37 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\PDAppFlex
[2013-03-31 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Publish Providers
[2011-07-01 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\SmartDraw
[2013-05-18 19:38:26 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\SoftGrid Client
[2013-03-31 17:46:20 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Sony
[2012-03-30 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011-07-18 17:44:14 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\TFP
[2011-01-18 22:13:22 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\TP
[2013-05-22 15:38:05 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\uTorrent
[2011-07-01 13:00:40 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\visualbee
[2011-06-27 20:54:31 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 957 bytes -> C:\Users\Noemi Osselaer\AppData\Local\Temp:OCtGXVjtjPfvtM1MnQq1v
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
@Alternate Data Stream - 1036 bytes -> C:\Users\Noemi Osselaer\AppData\Local\hwzfi3mhIQ:C39geFDMN01V53CvrnWnHv3V3

< End of report >

Attached Files

•  OTL.Txt   148.4KB   65 downloads

[Advertisements]

Hello Moosch32 and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

• Please read all of my response through at least once before attempting to follow the procedures described.
• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
• Please follow the steps exactly as written, in the same order.
• If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Hi,
First thing that I would like you to do is to move the OTL.exe file from the folder that it is in, and place it on your desktop. This will make things easier for both of us.
Second, next set of logs you get, please paste the contents of them into your next response, as that will make it easier for me.

I see that your available free space on your system drive (c:) is real low on space. You have 9,55% Space Free presently, and Windows is happiest when you have about %20 free minimum. See if you can delete some old programs, or move some data off onto an external drive.

Also -
I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.

• uTorrent

This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
Please visit the following site:
P2P File Sharing: Evaluate the Risks
If you do not want to remove them and are willing to accept the risk involved by using them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

Also, if you could post a log from the malwarebytes anti rootkit I would appreciate it.

So, I do see a bunch of adware, so I would like to clear that out, and then see how your computer is feeling. Let's start....

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as administrator

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :OTL
  IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.php....php?rvs=google
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...e=true&tid=2937
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=19405
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...e=true&tid=2937
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...e=true&tid=2937
  IE - HKLM\..\URLSearchHook: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
  IE - HKLM\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll (Conduit Ltd.)
  IE - HKLM\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
  IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
  IE - HKLM\..\SearchScopes\{2767D8A6-9BEA-B9CA-947B-4524CC04B624}: "URL" = http://dts.search-re...q={searchTerms}
  IE - HKLM\..\SearchScopes\{566B2F24-33BE-4DA4-BEDA-5721A13D5555}: "URL" = http://downloads.php....php?rvs=google
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://visualbee.del...29220CF30762AE3
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...e=true&tid=2937
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...e=true&tid=2937
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...e=true&tid=2937
  IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://visualbee.del...29220CF30762AE3
  IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
  FF - prefs.js..CT1269415.browser.search.defaultthis.engineName: true
  FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true
  FF - prefs.js..browser.search.defaultengine: "Web Search"
  FF - prefs.js..browser.search.defaultenginename: "Web Search"
  FF - prefs.js..browser.search.order.1: "Web Search"
  FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.0
  FF - prefs.js..extensions.enabledAddons: {0F827075-B026-42F3-885D-98981EE7B1AE}:2.6.1125.80
  FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2011-07-22 19:42:39 | 000,000,000 | ---D | M]
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2011-07-01 13:01:12 | 000,000,000 | ---D | M]
  [2011-07-01 13:01:12 | 000,000,000 | ---D | M] (VisualBee Toolbar) -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions\[email protected]
  [2012-01-03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\askcom.xml
  [2011-07-22 19:42:56 | 000,002,432 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\babylon1.xml
  [2012-08-14 19:17:23 | 000,000,919 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\conduit.xml
  [2011-07-13 15:22:16 | 000,001,797 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\funmoods.xml
  [2012-08-08 16:16:57 | 000,002,519 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\Search_Results.xml
  [2011-07-01 13:02:57 | 000,001,292 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\visualbee.xml
  [2011-07-10 15:00:33 | 000,003,269 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\Web Search.xml
  [2011-07-01 13:01:12 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
  [2011-07-01 13:02:03 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
  [2012-08-08 16:16:57 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
  [2011-07-10 15:00:33 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
  O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Noemi Osselaer\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
  O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
  O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Noemi Osselaer\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
  O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
  O2 - BHO: (PHPNukeDU Toolbar) - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
  O2 - BHO: (visualbee Helper Object) - {66F57190-01EB-45A6-8260-7895267209F7} - C:\Program Files (x86)\visualbee\visualbee\1.8.9.1\bh\visualbee.dll (Visualbee)
  O2 - BHO: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
  O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
  O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (PHPNukeDU Toolbar) - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O3 - HKLM\..\Toolbar: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
  O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
  O33 - MountPoints2\{e00ffc81-dcba-11df-87be-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{e00ffc81-dcba-11df-87be-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe
  [2012-03-25 00:11:37 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Babylon
  [2012-06-24 21:28:11 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Complitly
  [2011-07-01 13:00:40 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\visualbee
  @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
  :commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log it produces in your next reply.

Step 2
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 4
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs in your next response

In your next reply I would like to see:

• OTL fix log
• ADWcleaner log
• RogueKiller log
• OTL custom scan log
• How is your computer doing now?

[Crowbar]

Hello Moosch32 and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

• Please read all of my response through at least once before attempting to follow the procedures described.
• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
• Please follow the steps exactly as written, in the same order.
• If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Hi,
First thing that I would like you to do is to move the OTL.exe file from the folder that it is in, and place it on your desktop. This will make things easier for both of us.
Second, next set of logs you get, please paste the contents of them into your next response, as that will make it easier for me.

I see that your available free space on your system drive (c:) is real low on space. You have 9,55% Space Free presently, and Windows is happiest when you have about %20 free minimum. See if you can delete some old programs, or move some data off onto an external drive.

Also -
I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.

• uTorrent

This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
Please visit the following site:
P2P File Sharing: Evaluate the Risks
If you do not want to remove them and are willing to accept the risk involved by using them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

Also, if you could post a log from the malwarebytes anti rootkit I would appreciate it.

So, I do see a bunch of adware, so I would like to clear that out, and then see how your computer is feeling. Let's start....

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as administrator

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :OTL
  IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.php....php?rvs=google
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...e=true&tid=2937
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=19405
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...e=true&tid=2937
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...e=true&tid=2937
  IE - HKLM\..\URLSearchHook: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
  IE - HKLM\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll (Conduit Ltd.)
  IE - HKLM\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
  IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
  IE - HKLM\..\SearchScopes\{2767D8A6-9BEA-B9CA-947B-4524CC04B624}: "URL" = http://dts.search-re...q={searchTerms}
  IE - HKLM\..\SearchScopes\{566B2F24-33BE-4DA4-BEDA-5721A13D5555}: "URL" = http://downloads.php....php?rvs=google
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://visualbee.del...29220CF30762AE3
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...e=true&tid=2937
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...e=true&tid=2937
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...e=true&tid=2937
  IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://visualbee.del...29220CF30762AE3
  IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
  FF - prefs.js..CT1269415.browser.search.defaultthis.engineName: true
  FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true
  FF - prefs.js..browser.search.defaultengine: "Web Search"
  FF - prefs.js..browser.search.defaultenginename: "Web Search"
  FF - prefs.js..browser.search.order.1: "Web Search"
  FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.0
  FF - prefs.js..extensions.enabledAddons: {0F827075-B026-42F3-885D-98981EE7B1AE}:2.6.1125.80
  FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2011-07-22 19:42:39 | 000,000,000 | ---D | M]
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2011-07-01 13:01:12 | 000,000,000 | ---D | M]
  [2011-07-01 13:01:12 | 000,000,000 | ---D | M] (VisualBee Toolbar) -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions\[email protected]
  [2012-01-03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\askcom.xml
  [2011-07-22 19:42:56 | 000,002,432 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\babylon1.xml
  [2012-08-14 19:17:23 | 000,000,919 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\conduit.xml
  [2011-07-13 15:22:16 | 000,001,797 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\funmoods.xml
  [2012-08-08 16:16:57 | 000,002,519 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\Search_Results.xml
  [2011-07-01 13:02:57 | 000,001,292 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\visualbee.xml
  [2011-07-10 15:00:33 | 000,003,269 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\Web Search.xml
  [2011-07-01 13:01:12 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
  [2011-07-01 13:02:03 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
  [2012-08-08 16:16:57 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
  [2011-07-10 15:00:33 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
  O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Noemi Osselaer\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
  O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
  O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Noemi Osselaer\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
  O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
  O2 - BHO: (PHPNukeDU Toolbar) - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
  O2 - BHO: (visualbee Helper Object) - {66F57190-01EB-45A6-8260-7895267209F7} - C:\Program Files (x86)\visualbee\visualbee\1.8.9.1\bh\visualbee.dll (Visualbee)
  O2 - BHO: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
  O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
  O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (PHPNukeDU Toolbar) - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O3 - HKLM\..\Toolbar: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
  O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
  O33 - MountPoints2\{e00ffc81-dcba-11df-87be-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{e00ffc81-dcba-11df-87be-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe
  [2012-03-25 00:11:37 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Babylon
  [2012-06-24 21:28:11 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Complitly
  [2011-07-01 13:00:40 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\visualbee
  @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
  :commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log it produces in your next reply.

Step 2
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 4
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs in your next response

In your next reply I would like to see:

• OTL fix log
• ADWcleaner log
• RogueKiller log
• OTL custom scan log
• How is your computer doing now?

[Moosch32]

hallo Crowbar,

first of all, thanks for all your help.

Here are the files you requested:
OTL fix log
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{46735dee-f862-49d1-876d-6382794dc625} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46735dee-f862-49d1-876d-6382794dc625}\ deleted successfully.
C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad708c09-d51b-45b3-9d28-4eba2681febf}\ deleted successfully.
C:\Program Files (x86)\Download_Energy\prxtbDown.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cce665dd-f6dd-4808-968e-eaec971f70ef} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cce665dd-f6dd-4808-968e-eaec971f70ef}\ deleted successfully.
C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2767D8A6-9BEA-B9CA-947B-4524CC04B624}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2767D8A6-9BEA-B9CA-947B-4524CC04B624}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{566B2F24-33BE-4DA4-BEDA-5721A13D5555}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{566B2F24-33BE-4DA4-BEDA-5721A13D5555}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Prefs.js: true removed from CT1269415.browser.search.defaultthis.engineName
Prefs.js: true removed from CT3198785.browser.search.defaultthis.engineName
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: [email protected]:1.6.0 removed from extensions.enabledAddons
Prefs.js: {0F827075-B026-42F3-885D-98981EE7B1AE}:2.6.1125.80 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58bd07eb-0ee0-4df0-8121-dc9b693373df}\ not found.
C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components folder moved successfully.
C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension folder moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F827075-B026-42F3-885D-98981EE7B1AE}\ not found.
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components folder moved successfully.
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension folder moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions\[email protected] folder moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\askcom.xml moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\babylon1.xml moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\conduit.xml moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\funmoods.xml moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\Search_Results.xml moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\visualbee.xml moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\firefox\profiles\faza350x.default\searchplugins\Web Search.xml moved successfully.
Folder C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION\ not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\Complitly\64\Complitly64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\Complitly\Complitly.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46735dee-f862-49d1-876d-6382794dc625}\ not found.
File C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66F57190-01EB-45A6-8260-7895267209F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66F57190-01EB-45A6-8260-7895267209F7}\ deleted successfully.
C:\Program Files (x86)\visualbee\visualbee\1.8.9.1\bh\visualbee.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cce665dd-f6dd-4808-968e-eaec971f70ef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cce665dd-f6dd-4808-968e-eaec971f70ef}\ not found.
File C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{46735dee-f862-49d1-876d-6382794dc625} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46735dee-f862-49d1-876d-6382794dc625}\ not found.
File C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.
C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad708c09-d51b-45b3-9d28-4eba2681febf}\ not found.
File C:\Program Files (x86)\Download_Energy\prxtbDown.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cce665dd-f6dd-4808-968e-eaec971f70ef} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cce665dd-f6dd-4808-968e-eaec971f70ef}\ not found.
File C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
C:\Program Files (x86)\uTorrent\uTorrent.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e00ffc81-dcba-11df-87be-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e00ffc81-dcba-11df-87be-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e00ffc81-dcba-11df-87be-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e00ffc81-dcba-11df-87be-806e6f6e6963}\ not found.
File E:\Install.exe not found.
C:\Users\Noemi Osselaer\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\Complitly\64 folder moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\Complitly folder moved successfully.
C:\Users\Noemi Osselaer\AppData\Roaming\visualbee folder moved successfully.
ADS C:\ProgramData\Temp:D20FFA63 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Caroline
->Temp folder emptied: 2753711 bytes
->Temporary Internet Files folder emptied: 220543996 bytes
->FireFox cache emptied: 55065672 bytes
->Flash cache emptied: 63630 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Noemi Osselaer
->Temp folder emptied: 1944320671 bytes
->Temporary Internet Files folder emptied: 518548621 bytes
->Java cache emptied: 58617 bytes
->FireFox cache emptied: 69774807 bytes
->Google Chrome cache emptied: 6439128 bytes
->Flash cache emptied: 3157177 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 764717890 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78134 bytes
RecycleBin emptied: 947871518 bytes

Total Files Cleaned = 4.323,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05232013_210852

Files\Folders moved on Reboot...
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SRVV3WOT\lat=pc;dc_dedup=1;kage=16;kar=2;kauth=1;kcr=be;kga=1000;kgender=f;kgg=2;klg=nl;kmyd=ad_creative_1;kr=F;kw=x+factor+2012+usa+live+show+3+emblem+3;ord=934675298017199[1].htm not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SRVV3WOT\pnjAE7XQKFFEtm1AAbrviXM75nWt6R6PILzScDDIonRBEJe5G3aT7LDtCvBM9NM1DB2r93gGVgc4LZslQlkBE1bjctwzpF8IqrVtd3gilQAdUILUv_RkdGrFRzrM9ppLF8OhGspWKFNyRIpQu3EBwyEMY-jOReTHFwSf[1].gif not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SRVV3WOT\rviXM75nWt6R6PILzScDDIonRBEJe5G3aT7LDtCvBM9NM1DB2r93gGVgc4LZslQlkBE1bjctwzpF8IqrVtd3gilQAdUILUv_RkdGrFRzrM9ppLF8OhGspWKFNyRIpQu3EBwyEMY-jOReTHFwSf&callback=google.LU[1].js not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SRVV3WOT\x250;tile=1;dcopt=ist;klg=nl;kr=F;kgender=f;kauth=1;kga=1000;kar=2;kage=15;kgg=2;kt=U;kw=angel+cody+simpson;kcr=nl;dc_dedup=1;kmyd=ad_creative_1;ord=6737861005281101[1].js not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\PPFY8O7L\ucgTNFgplm4,6zG2SurwktQwYFh3GGK7FVqQtF8W5BG5bbDfAfyOscH4GAl1Lyiku_RKUvB4--933o1xvcDwqZILmdNQ3JW6g-4-v7Q_rgw-XCP5TS7rabMaRZZwwa3NzYA7kgrU2W7RTZG7VQ&callback=google.LU[1].js not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\PPFY8O7L\Z007O5HUlEa0K7LX5R_r8S31tm5ftcNJfeSaSBWyZ7LM5ARQCvwBEWLIRrR-q4mi0prjQlzSo2t5PL_uBuRhCrnmIRDLc7ZOxFWIqo8-CKK2qDqD0fR9hm10OwMubY5tjovvSzdO6oUlSz7dWJM1_xma6zhePxlkXaEr[1].gif not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\PPFY8O7L\_WIPLDYoIWcfVXxvZu9XwJ55OX7Ag,EpCZV6wAX9KTWh9XdlEnfUxAlms7mzUSFgPULqdsLsiCWczU8bmQVx1n1rDx5fuOeSaW4IWM4-ruyzb7mB9NtDq5cdcey5YL4bBdP7PgjhS_9ckxJHIGuuZ9fDP925RCzfWxsQ[1].gif not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\PPFY8O7L\_WIPLDYoIWcfVXxvZu9XwJ55OX7Ag,Ndm5K-tFYgAofuuvcHO6VLBk7enIudVRbbMe-w4axd-t40_NEjuAheACX3k6BXsuAZvYR1qNbqnls5sxYQ76IGg5ahIuJzLEEbH4tO_dHkRVssDRoBvHXqXV0JIhmo9yGd7Quw[1].gif not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\J5VUMZZA\ucgTNFgplm4,EpCZV6wAX9KTWh9XdlEnfUxAlms7mzUSFgPULqdsLsiCWczU8bmQVx1n1rDx5fuOeSaW4IWM4-ruyzb7mB9NtDq5cdcey5YL4bBdP7PgjhS_9ckxJHIGuuZ9fDP925RCzfWxsQ&callback=google.LU[1].js not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\J5VUMZZA\ucgTNFgplm4,Ndm5K-tFYgAofuuvcHO6VLBk7enIudVRbbMe-w4axd-t40_NEjuAheACX3k6BXsuAZvYR1qNbqnls5sxYQ76IGg5ahIuJzLEEbH4tO_dHkRVssDRoBvHXqXV0JIhmo9yGd7Quw&callback=google.LU[1].js not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\86GA2K2K\ile=1;plat=pc;dc_dedup=1;kage=15;kar=2;kcr=be;kga=1000;kgender=f;kgg=2;klg=nl;kmyd=ad_creative_1;kr=F;kw=x+factor+2012+usa+live+show+3+emblem+3;ord=9100691132160252[1].htm not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\67UZOT73\ile=1;plat=pc;dc_dedup=1;kage=15;kar=2;kcr=be;kga=1000;kgender=f;kgg=2;klg=nl;kmyd=ad_creative_1;kr=F;kw=x+factor+2012+usa+live+show+3+emblem+3;ord=2272842045943268[1].htm not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\67UZOT73\_WIPLDYoIWcfVXxvZu9XwJ55OX7Ag,6zG2SurwktQwYFh3GGK7FVqQtF8W5BG5bbDfAfyOscH4GAl1Lyiku_RKUvB4--933o1xvcDwqZILmdNQ3JW6g-4-v7Q_rgw-XCP5TS7rabMaRZZwwa3NzYA7kgrU2W7RTZG7VQ[1].gif not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1HZHS2DF\at=pc;dc_dedup=1;kage=16;kar=2;kauth=1;kcr=be;kga=1000;kgender=f;kgg=2;klg=nl;kmyd=ad_creative_1;kr=F;kw=x+factor+2012+usa+live+show+3+emblem+3;ord=4741299713439694[1].htm not found!
File\Folder C:\Users\Noemi Osselaer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1BBBFK2K\;sz=300x250;tile=1;dcopt=ist;klg=nl;kr=F;kgender=f;kauth=1;kga=1000;kar=2;kage=15;kgg=2;kt=U;kw=Ronan+parke;kcr=nl;dc_dedup=1;kmyd=ad_creative_1;ord=4232950086973862[1].js not found!
C:\Users\Noemi Osselaer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Noemi Osselaer\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



ADWcleaner log
# AdwCleaner v2.301 - Verslag gemaakt op 23/05/2013 om 21:29:50
# Geactualiseerd op 16/05/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Noemi Osselaer - NOEMIOSSELAER
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Noemi Osselaer\Desktop\adwcleaner.exe
# Optie [Verwijderen]


***** [Diensten] *****

Gestopt & Verwijdert : BrowserProtect

***** [Files / Mappen] *****

File Verwijdert : C:\END
File Verwijdert : C:\user.js
File Verwijdert : C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\wngjs8p3.default\searchplugins\softonic.xml
File Verwijdert : C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\wngjs8p3.default\searchplugins\Web Search.xml
File Verwijdert : C:\Users\Noemi Osselaer\AppData\Local\funmoods-speeddial.crx
File Verwijdert : C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Verwijdert : C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Verwijdert : C:\Users\Noemi Osselaer\AppData\Roaming\Mozilla\Firefox\Profiles\faza350x.default\bprotector_extensions.sqlite
File Verwijdert : C:\Users\Noemi Osselaer\AppData\Roaming\Mozilla\Firefox\Profiles\faza350x.default\bprotector_prefs.js
File Verwijdert : C:\Users\Noemi Osselaer\AppData\Roaming\Mozilla\Firefox\Profiles\faza350x.default\searchplugins\search.xml
File Verwijdert : C:\Users\Public\Desktop\eBay.lnk
Map Verwijdert : C:\Program Files (x86)\Complitly
Map Verwijdert : C:\Program Files (x86)\Conduit
Map Verwijdert : C:\Program Files (x86)\ConduitEngine
Map Verwijdert : C:\Program Files (x86)\DealPly
Map Verwijdert : C:\Program Files (x86)\Moozy
Map Verwijdert : C:\Program Files (x86)\PHPNukeDU
Map Verwijdert : C:\Program Files (x86)\Protected Search
Map Verwijdert : C:\Program Files (x86)\Red Sky
Map Verwijdert : C:\Program Files (x86)\search results toolbar
Map Verwijdert : C:\Program Files (x86)\Searchqu Toolbar
Map Verwijdert : C:\Program Files (x86)\Softonic
Map Verwijdert : C:\Program Files (x86)\visualbee
Map Verwijdert : C:\Program Files (x86)\WhiteSmoke_US
Map Verwijdert : C:\ProgramData\Ask
Map Verwijdert : C:\ProgramData\Babylon
Map Verwijdert : C:\ProgramData\boost_interprocess
Map Verwijdert : C:\ProgramData\bProtectorForWindows
Map Verwijdert : C:\ProgramData\BrowserProtect
Map Verwijdert : C:\ProgramData\InstallMate
Map Verwijdert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Map Verwijdert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moozy
Map Verwijdert : C:\ProgramData\Partner
Map Verwijdert : C:\ProgramData\Premium
Map Verwijdert : C:\ProgramData\visualbee
Map Verwijdert : C:\Users\Caroline\AppData\LocalLow\AskToolbar
Map Verwijdert : C:\Users\Caroline\AppData\LocalLow\BabylonToolbar
Map Verwijdert : C:\Users\Caroline\AppData\LocalLow\Conduit
Map Verwijdert : C:\Users\Caroline\AppData\LocalLow\ConduitEngine
Map Verwijdert : C:\Users\Caroline\AppData\LocalLow\PHPNukeDU
Map Verwijdert : C:\Users\Caroline\AppData\LocalLow\PriceGong
Map Verwijdert : C:\Users\Caroline\AppData\LocalLow\Softonic
Map Verwijdert : C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\wngjs8p3.default\extensions\[email protected]
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\Local\Conduit
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\Local\DownTango
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\Local\Ilivid Player
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\Local\PackageAware
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\Local\visualbeeexe
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\LocalLow\BabylonToolbar
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\LocalLow\boost_interprocess
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\LocalLow\Conduit
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\LocalLow\ConduitEngine
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\LocalLow\PHPNukeDU
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\LocalLow\PriceGong
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\LocalLow\searchquband
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\LocalLow\Searchqutoolbar
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\LocalLow\simplytech
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\LocalLow\WhiteSmoke_US
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\Roaming\Mozilla\Firefox\Profiles\faza350x.default\Searchqutoolbar
Map Verwijdert : C:\Users\Noemi Osselaer\AppData\Roaming\Mozilla\Firefox\Profiles\faza350x.default\Smartbar
Verwijdert bij het opstarten : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\WhiteSmoke_US
Sleutel Verwijdert : HKCU\Software\Blabbers
Sleutel Verwijdert : HKCU\Software\BrowserCompanion
Sleutel Verwijdert : HKCU\Software\DataMngr
Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar
Sleutel Verwijdert : HKCU\Software\ilivid
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46735DEE-F862-49D1-876D-6382794DC625}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46735DEE-F862-49D1-876D-6382794DC625}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Sleutel Verwijdert : HKCU\Software\ProtectedSearch
Sleutel Verwijdert : HKCU\Software\5f4d7dbb735e512
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Sleutel Verwijdert : HKLM\Software\Babylon
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Conduit.Engine
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT1269415
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2102399
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Sleutel Verwijdert : HKLM\Software\DataMngr
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\DownTangoFTToolbar_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\DownTangoFTToolbar_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F0D5392A-C0E3-4C2C-8A17-49D4F8F84471}
Sleutel Verwijdert : HKLM\Software\PHPNukeDU
Sleutel Verwijdert : HKLM\Software\SearchquMediabarTb
Sleutel Verwijdert : HKLM\Software\SimplyGen
Sleutel Verwijdert : HKLM\Software\Softonic
Sleutel Verwijdert : HKLM\Software\WhiteSmoke_US
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\5f4d7dbb735e512
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0D5392A-C0E3-4C2C-8A17-49D4F8F84471}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2039F8B5-CB50-4F21-B0F0-E3909A86C6A1}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AA17017-5AED-4E91-8470-EA42119FC278}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E13D1976-D3CE-4DD3-AF1A-A5AB7B5929A8}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeDU Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Sleutel Verwijdert : HKLM\SOFTWARE\DataMngr
Sleutel Verwijdert : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

Vervangen : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q=%s --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (nl)

File : C:\Users\Noemi Osselaer\AppData\Roaming\Mozilla\Firefox\Profiles\faza350x.default\prefs.js

C:\Users\Noemi Osselaer\AppData\Roaming\Mozilla\Firefox\Profiles\faza350x.default\user.js ... Verwijdert !

Verwijdert : user_pref("CT1269415.1000082.isPlayDisplay", "true");
Verwijdert : user_pref("CT1269415.1000082.shrinkState", "shrinked");
Verwijdert : user_pref("CT1269415.1000082.state", "{\"state\":\"stopped\",\"text\":\"Classic R...\",\"description[...]
Verwijdert : user_pref("CT1269415.1000234.TWC_TMP_city", "BRUSSELS");
Verwijdert : user_pref("CT1269415.1000234.TWC_TMP_country", "BE");
Verwijdert : user_pref("CT1269415.1000234.TWC_locId", "BEXX0005");
Verwijdert : user_pref("CT1269415.1000234.TWC_location", "Brussels, Belgium");
Verwijdert : user_pref("CT1269415.1000234.TWC_region", "OT");
Verwijdert : user_pref("CT1269415.1000234.TWC_temp_dis", "c");
Verwijdert : user_pref("CT1269415.1000234.TWC_wind_dis", "kmh");
Verwijdert : user_pref("CT1269415.1000234.weatherData", "{\"icon\":\"11.png\",\"temperature\":\"9°C\",\"temperatu[...]
Verwijdert : user_pref("CT1269415.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijdert : user_pref("CT1269415.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Verwijdert : user_pref("CT1269415.Facebook_Mode", "2");
Verwijdert : user_pref("CT1269415.Facebook_User_Locale", "fr");
Verwijdert : user_pref("CT1269415.FirstTime", "true");
Verwijdert : user_pref("CT1269415.FirstTimeFF3", "true");
Verwijdert : user_pref("CT1269415.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT126[...]
Verwijdert : user_pref("CT1269415.UserID", "UN81165021249469752");
Verwijdert : user_pref("CT1269415.addressBarTakeOverEnabledInHidden", "true");
Verwijdert : user_pref("CT1269415.autoDisableScopes", -1);
Verwijdert : user_pref("CT1269415.browser.search.defaultthis.engineName", "");
Verwijdert : user_pref("CT1269415.defaultSearch", "true");
Verwijdert : user_pref("CT1269415.embeddedsData", "[{\"appId\":\"128333655015757195\",\"apiPermissions\":{\"cross[...]
Verwijdert : user_pref("CT1269415.enableAlerts", "always");
Verwijdert : user_pref("CT1269415.enableSearchFromAddressBar", "true");
Verwijdert : user_pref("CT1269415.firstTimeDialogOpened", "true");
Verwijdert : user_pref("CT1269415.fixPageNotFoundError", "true");
Verwijdert : user_pref("CT1269415.fixPageNotFoundErrorInHidden", "true");
Verwijdert : user_pref("CT1269415.fixUrls", true);
Verwijdert : user_pref("CT1269415.hxxp___pinterest_aot_im.isEnabled", "Y");
Verwijdert : user_pref("CT1269415.installId", "ct1269415_download_energy.exe");
Verwijdert : user_pref("CT1269415.installType", "ConduitNSISIntegration");
Verwijdert : user_pref("CT1269415.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijdert : user_pref("CT1269415.isNewTabEnabled", true);
Verwijdert : user_pref("CT1269415.isPerformedSmartBarTransition", "true");
Verwijdert : user_pref("CT1269415.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Verwijdert : user_pref("CT1269415.keyword", true);
Verwijdert : user_pref("CT1269415.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Verwijdert : user_pref("CT1269415.openThankYouPage", "false");
Verwijdert : user_pref("CT1269415.openUninstallPage", "true");
Verwijdert : user_pref("CT1269415.search.searchAppId", "128333655015757195");
Verwijdert : user_pref("CT1269415.search.searchCount", "0");
Verwijdert : user_pref("CT1269415.searchInNewTabEnabledInHidden", "true");
Verwijdert : user_pref("CT1269415.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijdert : user_pref("CT1269415.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Verwijdert : user_pref("CT1269415.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Verwijdert : user_pref("CT1269415.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Verwijdert : user_pref("CT1269415.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Verwijdert : user_pref("CT1269415.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Verwijdert : user_pref("CT1269415.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Verwijdert : user_pref("CT1269415.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Verwijdert : user_pref("CT1269415.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1311356550604");
Verwijdert : user_pref("CT1269415.serviceLayer_services_appTracking_lastUpdate", "1344964214742");
Verwijdert : user_pref("CT1269415.serviceLayer_services_appsMetadata_lastUpdate", "1311356538816");
Verwijdert : user_pref("CT1269415.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1310299146998");
Verwijdert : user_pref("CT1269415.serviceLayer_services_login_10.10.10.4_lastUpdate", "1340705997515");
Verwijdert : user_pref("CT1269415.serviceLayer_services_login_10.10.12.5_lastUpdate", "1344008293782");
Verwijdert : user_pref("CT1269415.serviceLayer_services_login_10.10.2.10_lastUpdate", "1340567070650");
Verwijdert : user_pref("CT1269415.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345467796814");
Verwijdert : user_pref("CT1269415.serviceLayer_services_login_10.10.27.6_lastUpdate", "1311356538532");
Verwijdert : user_pref("CT1269415.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1310299147119");
Verwijdert : user_pref("CT1269415.serviceLayer_services_searchAPI_lastUpdate", "1311356539395");
Verwijdert : user_pref("CT1269415.serviceLayer_services_serviceMap_lastUpdate", "1311356541581");
Verwijdert : user_pref("CT1269415.serviceLayer_services_toolbarContextMenu_lastUpdate", "1310299147216");
Verwijdert : user_pref("CT1269415.serviceLayer_services_toolbarSettings_lastUpdate", "1311356539273");
Verwijdert : user_pref("CT1269415.serviceLayer_services_translation_lastUpdate", "1311356546867");
Verwijdert : user_pref("CT1269415.settingsINI", true);
Verwijdert : user_pref("CT1269415.shouldFirstTimeDialog", "false");
Verwijdert : user_pref("CT1269415.smartbar.CTID", "CT1269415");
Verwijdert : user_pref("CT1269415.smartbar.Uninstall", "0");
Verwijdert : user_pref("CT1269415.smartbar.homepage", true);
Verwijdert : user_pref("CT1269415.smartbar.toolbarName", "Download Energy ");
Verwijdert : user_pref("CT1269415.toolbarBornServerTime", "24-6-2012");
Verwijdert : user_pref("CT1269415.toolbarCurrentServerTime", "14-12-2012");
Verwijdert : user_pref("CT3198785.1000082.isPlayDisplay", "true");
Verwijdert : user_pref("CT3198785.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Verwijdert : user_pref("CT3198785.CBOpenMAMSettings", "0");
Verwijdert : user_pref("CT3198785.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijdert : user_pref("CT3198785.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Verwijdert : user_pref("CT3198785.Facebook_Mode", "2");
Verwijdert : user_pref("CT3198785.Facebook_User_Locale", "fr");
Verwijdert : user_pref("CT3198785.FirstTime", "true");
Verwijdert : user_pref("CT3198785.FirstTimeFF3", "true");
Verwijdert : user_pref("CT3198785.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
Verwijdert : user_pref("CT3198785.UserID", "UN03309534805840064");
Verwijdert : user_pref("CT3198785.UserId", "63566445-3eb0-7fa6-5135-79fc87dd631e");
Verwijdert : user_pref("CT3198785.addressBarTakeOverEnabledInHidden", "true");
Verwijdert : user_pref("CT3198785.autoDisableScopes", -1);
Verwijdert : user_pref("CT3198785.browser.search.defaultthis.engineName", "");
Verwijdert : user_pref("CT3198785.cb_experience_000", "60");
Verwijdert : user_pref("CT3198785.cb_firstuse0100", "1");
Verwijdert : user_pref("CT3198785.cbcountry_001", "BE");
Verwijdert : user_pref("CT3198785.cbfirsttime", "Tue Aug 14 2012 19:13:14 GMT+0200 (Romance (zomertijd))");
Verwijdert : user_pref("CT3198785.defaultSearch", "true");
Verwijdert : user_pref("CT3198785.embeddedsData", "[{\"appId\":\"129761883813986480\",\"apiPermissions\":{\"cross[...]
Verwijdert : user_pref("CT3198785.enableAlerts", "always");
Verwijdert : user_pref("CT3198785.enableSearchFromAddressBar", "true");
Verwijdert : user_pref("CT3198785.firstTimeDialogOpened", "true");
Verwijdert : user_pref("CT3198785.first_time_search", "1");
Verwijdert : user_pref("CT3198785.fixPageNotFoundError", "true");
Verwijdert : user_pref("CT3198785.fixPageNotFoundErrorInHidden", "true");
Verwijdert : user_pref("CT3198785.fixUrls", true);
Verwijdert : user_pref("CT3198785.hxxp___api15_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api18_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api19_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api20_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api21_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api22_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api25_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api26_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api28_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api29_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api30_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api31_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api32_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___api6_starwebnet_com.pid2", "77cfed8897fd99eb");
Verwijdert : user_pref("CT3198785.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscro[...]
Verwijdert : user_pref("CT3198785.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache", "[\"c822c1b63853ed273b89[...]
Verwijdert : user_pref("CT3198785.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui", "{\"gui\":[{\"type\[...]
Verwijdert : user_pref("CT3198785.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings", "{\"initUrl\":\"hxxp:[...]
Verwijdert : user_pref("CT3198785.hxxp___toolbar_jollywallet_com_tlb_2.lastAccess", "2011-5-19");
Verwijdert : user_pref("CT3198785.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]
Verwijdert : user_pref("CT3198785.installId", "9513");
Verwijdert : user_pref("CT3198785.installType", "ConduitNSISIntegration");
Verwijdert : user_pref("CT3198785.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijdert : user_pref("CT3198785.isNewTabEnabled", true);
Verwijdert : user_pref("CT3198785.isPerformedSmartBarTransition", "true");
Verwijdert : user_pref("CT3198785.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Verwijdert : user_pref("CT3198785.keyword", true);
Verwijdert : user_pref("CT3198785.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Verwijdert : user_pref("CT3198785.openThankYouPage", "false");
Verwijdert : user_pref("CT3198785.openUninstallPage", "false");
Verwijdert : user_pref("CT3198785.search.searchAppId", "129761883813986480");
Verwijdert : user_pref("CT3198785.search.searchCount", "1");
Verwijdert : user_pref("CT3198785.searchInNewTabEnabledInHidden", "true");
Verwijdert : user_pref("CT3198785.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijdert : user_pref("CT3198785.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Verwijdert : user_pref("CT3198785.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Verwijdert : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Verwijdert : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Verwijdert : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Verwijdert : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Verwijdert : user_pref("CT3198785.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Verwijdert : user_pref("CT3198785.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1311356548131");
Verwijdert : user_pref("CT3198785.serviceLayer_services_appTracking_lastUpdate", "1344964111311");
Verwijdert : user_pref("CT3198785.serviceLayer_services_appsMetadata_lastUpdate", "1311356541659");
Verwijdert : user_pref("CT3198785.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1310299147829");
Verwijdert : user_pref("CT3198785.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345467796819");
Verwijdert : user_pref("CT3198785.serviceLayer_services_login_10.10.27.6_lastUpdate", "1311356539684");
Verwijdert : user_pref("CT3198785.serviceLayer_services_optimizer_lastUpdate", "1311356548150");
Verwijdert : user_pref("CT3198785.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1310299146481");
Verwijdert : user_pref("CT3198785.serviceLayer_services_searchAPI_lastUpdate", "1311356541137");
Verwijdert : user_pref("CT3198785.serviceLayer_services_serviceMap_lastUpdate", "1311356539456");
Verwijdert : user_pref("CT3198785.serviceLayer_services_toolbarContextMenu_lastUpdate", "1310299146570");
Verwijdert : user_pref("CT3198785.serviceLayer_services_toolbarSettings_lastUpdate", "1311356539512");
Verwijdert : user_pref("CT3198785.serviceLayer_services_translation_lastUpdate", "1311356544150");
Verwijdert : user_pref("CT3198785.settingsINI", true);
Verwijdert : user_pref("CT3198785.shouldFirstTimeDialog", "false");
Verwijdert : user_pref("CT3198785.smartbar.CTID", "CT3198785");
Verwijdert : user_pref("CT3198785.smartbar.Uninstall", "0");
Verwijdert : user_pref("CT3198785.smartbar.homepage", true);
Verwijdert : user_pref("CT3198785.smartbar.toolbarName", "WhiteSmoke US ");
Verwijdert : user_pref("CT3198785.toolbarBornServerTime", "14-8-2012");
Verwijdert : user_pref("CT3198785.toolbarCurrentServerTime", "14-12-2012");
Verwijdert : user_pref("CT3198785.url_history0001", "hxxp://lyceumaalst.smartschool.be/index.php?module=Enquetes&[...]
Verwijdert : user_pref("Smartbar.ConduitHomepagesList", "");
Verwijdert : user_pref("Smartbar.ConduitSearchEngineList", "");
Verwijdert : user_pref("Smartbar.ConduitSearchUrlList", "");
Verwijdert : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=3[...]
Verwijdert : user_pref("Smartbar.keywordURLSelectedCTID", "CT3198785");
Verwijdert : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Verwijdert : user_pref("browser.newtab.url", "hxxp://visualbee.delta-search.com/?affID=121376&babsrc=NT_ss&mntrId[...]
Verwijdert : user_pref("extensions.BabylonToolbar.admin", false);
Verwijdert : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Verwijdert : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Verwijdert : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Verwijdert : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Verwijdert : user_pref("extensions.BabylonToolbar.excTlbr", false);
Verwijdert : user_pref("extensions.BabylonToolbar.id", "4292399c00000000000020cf30762ae3");
Verwijdert : user_pref("extensions.BabylonToolbar.instlDay", "15177");
Verwijdert : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Verwijdert : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Verwijdert : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Verwijdert : user_pref("extensions.BabylonToolbar.rvrt", "false");
Verwijdert : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Verwijdert : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Verwijdert : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
Verwijdert : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
Verwijdert : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Verwijdert : user_pref("extensions.BabylonToolbar_i.babExt", "");
Verwijdert : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114656&tt=5012_3");
Verwijdert : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Verwijdert : user_pref("extensions.BabylonToolbar_i.hardId", "4292399c00000000000020cf30762ae3");
Verwijdert : user_pref("extensions.BabylonToolbar_i.id", "4292399c00000000000020cf30762ae3");
Verwijdert : user_pref("extensions.BabylonToolbar_i.instlDay", "15534");
Verwijdert : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Verwijdert : user_pref("extensions.BabylonToolbar_i.newTab", false);
Verwijdert : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=06061[...]
Verwijdert : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Verwijdert : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Verwijdert : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Verwijdert : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Verwijdert : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.919:42:39");
Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Verwijdert : user_pref("extensions.funmoods.SimilarSitesStorage-pid2", "a876ed4777cd56a4");
Verwijdert : user_pref("extensions.funmoods.admin", false);
Verwijdert : user_pref("extensions.funmoods.aflt", "fmtgl");
Verwijdert : user_pref("extensions.funmoods.autoRvrt", false);
Verwijdert : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Verwijdert : user_pref("extensions.funmoods.cntry", "BE");
Verwijdert : user_pref("extensions.funmoods.cv", "cv5");
Verwijdert : user_pref("extensions.funmoods.dfltLng", "");
Verwijdert : user_pref("extensions.funmoods.dfltSrch", true);
Verwijdert : user_pref("extensions.funmoods.dfltlng", "EN");
Verwijdert : user_pref("extensions.funmoods.dfltsrch", true);
Verwijdert : user_pref("extensions.funmoods.dnsErr", true);
Verwijdert : user_pref("extensions.funmoods.envrmnt", "production");
Verwijdert : user_pref("extensions.funmoods.excTlbr", false);
Verwijdert : user_pref("extensions.funmoods.hdrMd5", "B1DC1010E6095D8B10F64E8434CD502C");
Verwijdert : user_pref("extensions.funmoods.hmpg", true);
Verwijdert : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2Xzut[...]
Verwijdert : user_pref("extensions.funmoods.hrdid", "0");
Verwijdert : user_pref("extensions.funmoods.id", "4292399c00000000000020cf30762ae3");
Verwijdert : user_pref("extensions.funmoods.instlDay", "15515");
Verwijdert : user_pref("extensions.funmoods.instlRef", "fmtgl");
Verwijdert : user_pref("extensions.funmoods.instlday", "15168");
Verwijdert : user_pref("extensions.funmoods.instlref", "");
Verwijdert : user_pref("extensions.funmoods.isdcmntcmplt", true);
Verwijdert : user_pref("extensions.funmoods.keywordurl", "");
Verwijdert : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2221:26:47");
Verwijdert : user_pref("extensions.funmoods.logicsMngrDailyReportTime", "23-06-2012");
Verwijdert : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Verwijdert : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2Xz[...]
Verwijdert : user_pref("extensions.funmoods.newtab", true);
Verwijdert : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=bf4");
Verwijdert : user_pref("extensions.funmoods.noFFXTlbr", false);
Verwijdert : user_pref("extensions.funmoods.prdct", "funmoods");
Verwijdert : user_pref("extensions.funmoods.prtnrId", "funmoods");
Verwijdert : user_pref("extensions.funmoods.prtnrid", "funmoods");
Verwijdert : user_pref("extensions.funmoods.sg", "{smplGrp}");
Verwijdert : user_pref("extensions.funmoods.smplgrp", "none");
Verwijdert : user_pref("extensions.funmoods.srch", "");
Verwijdert : user_pref("extensions.funmoods.srchPrvdr", "Search");
Verwijdert : user_pref("extensions.funmoods.srchprvdr", "Search");
Verwijdert : user_pref("extensions.funmoods.stAdmnPrms", true);
Verwijdert : user_pref("extensions.funmoods.tlbrId", "base");
Verwijdert : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Verwijdert : user_pref("extensions.funmoods.tlbrid", "base");
Verwijdert : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=");
Verwijdert : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Verwijdert : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Verwijdert : user_pref("extensions.funmoods.vrsnts", "1.5.12.215:22:22");
Verwijdert : user_pref("extensions.funmoods_i.aflt", "bf4");
Verwijdert : user_pref("extensions.funmoods_i.dfltLng", "");
Verwijdert : user_pref("extensions.funmoods_i.dfltSrch", true);
Verwijdert : user_pref("extensions.funmoods_i.dnsErr", true);
Verwijdert : user_pref("extensions.funmoods_i.excTlbr", false);
Verwijdert : user_pref("extensions.funmoods_i.hmpg", true);
Verwijdert : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=bf4");
Verwijdert : user_pref("extensions.funmoods_i.id", "4292399c00000000000020cf30762ae3");
Verwijdert : user_pref("extensions.funmoods_i.instlDay", "15168");
Verwijdert : user_pref("extensions.funmoods_i.instlRef", "");
Verwijdert : user_pref("extensions.funmoods_i.newTab", true);
Verwijdert : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=bf4");
Verwijdert : user_pref("extensions.funmoods_i.prdct", "funmoods");
Verwijdert : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Verwijdert : user_pref("extensions.funmoods_i.smplGrp", "none");
Verwijdert : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Verwijdert : user_pref("extensions.funmoods_i.tlbrId", "base");
Verwijdert : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=")[...]
Verwijdert : user_pref("extensions.funmoods_i.vrsn", "1.5.12.2");
Verwijdert : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:26:47");
Verwijdert : user_pref("extensions.funmoods_i.vrsni", "1.5.12.2");

File : C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\wngjs8p3.default\prefs.js

C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\wngjs8p3.default\user.js ... Verwijdert !

Verwijdert : user_pref("browser.search.defaultengine", "Web Search");
Verwijdert : user_pref("browser.search.defaultenginename", "Web Search");
Verwijdert : user_pref("browser.search.order.1", "Web Search");
Verwijdert : user_pref("browser.search.selectedEngine", "Web Search");
Verwijdert : user_pref("extensions.Softonic.admin", false);
Verwijdert : user_pref("extensions.Softonic.aflt", "SD");
Verwijdert : user_pref("extensions.Softonic.autoRvrt", "false");
Verwijdert : user_pref("extensions.Softonic.cntry", "BE");
Verwijdert : user_pref("extensions.Softonic.cv", "cv5");
Verwijdert : user_pref("extensions.Softonic.dfltLng", "nl");
Verwijdert : user_pref("extensions.Softonic.dfltSrch", true);
Verwijdert : user_pref("extensions.Softonic.dfltlng", "nl");
Verwijdert : user_pref("extensions.Softonic.dfltsrch", true);
Verwijdert : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Verwijdert : user_pref("extensions.Softonic.dspOld", "Ask.com");
Verwijdert : user_pref("extensions.Softonic.envrmnt", "production");
Verwijdert : user_pref("extensions.Softonic.excTlbr", false);
Verwijdert : user_pref("extensions.Softonic.hdrMd5", "A63516BBD7FB4ECC083CA143BCCFFE4B");
Verwijdert : user_pref("extensions.Softonic.hmpg", true);
Verwijdert : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF00008/tb_v1?SearchSource=13&[...]
Verwijdert : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF00008/tb_v1?SearchSource=13&cc[...]
Verwijdert : user_pref("extensions.Softonic.hpOld", "");
Verwijdert : user_pref("extensions.Softonic.hrdid", "4292399c00000000000020cf30762ae3");
Verwijdert : user_pref("extensions.Softonic.id", "4292399c00000000000020cf30762ae3");
Verwijdert : user_pref("extensions.Softonic.instlDay", "15653");
Verwijdert : user_pref("extensions.Softonic.instlRef", "INF00008");
Verwijdert : user_pref("extensions.Softonic.instlday", "15653");
Verwijdert : user_pref("extensions.Softonic.instlref", "INF00008");
Verwijdert : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Verwijdert : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF00008/tb_v1?SearchSource=[...]
Verwijdert : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/INF00008/tb_v1?SearchSource=[...]
Verwijdert : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.419:49:59");
Verwijdert : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Verwijdert : user_pref("extensions.Softonic.newTab", true);
Verwijdert : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF00008/tb_v1?SearchSource=1[...]
Verwijdert : user_pref("extensions.Softonic.newtab", true);
Verwijdert : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/INF00008/tb_v1?SearchSource=1[...]
Verwijdert : user_pref("extensions.Softonic.prdct", "Softonic");
Verwijdert : user_pref("extensions.Softonic.propectorlck", 91282077);
Verwijdert : user_pref("extensions.Softonic.prtkhmpg", 1);
Verwijdert : user_pref("extensions.Softonic.prtnrId", "softonic");
Verwijdert : user_pref("extensions.Softonic.prtnrid", "softonic");
Verwijdert : user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"101\",\"name\":\"Radio Mambo 106 FM\",\[...]
Verwijdert : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Verwijdert : user_pref("extensions.Softonic.savedVrsnTs", "1");
Verwijdert : user_pref("extensions.Softonic.sg", "az");
Verwijdert : user_pref("extensions.Softonic.smplGrp", "none");
Verwijdert : user_pref("extensions.Softonic.smplgrp", "none");
Verwijdert : user_pref("extensions.Softonic.srch", "");
Verwijdert : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Verwijdert : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)");
Verwijdert : user_pref("extensions.Softonic.tlbrId", "base");
Verwijdert : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF00008/tb_v1?SearchSource[...]
Verwijdert : user_pref("extensions.Softonic.tlbrid", "base");
Verwijdert : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/INF00008/tb_v1?SearchSource[...]
Verwijdert : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
Verwijdert : user_pref("extensions.Softonic.vrsnTs", "1.6.7.419:49:59");
Verwijdert : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
Verwijdert : user_pref("extensions.Softonic.vrsnts", "1.6.7.419:49:59");
Verwijdert : user_pref("extensions.Softonic_i.dnsErr", true);
Verwijdert : user_pref("extensions.Softonic_i.hmpg", true);
Verwijdert : user_pref("extensions.Softonic_i.newTab", true);
Verwijdert : user_pref("extensions.Softonic_i.smplGrp", "none");
Verwijdert : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.419:49:59");
Verwijdert : user_pref("extensions.asktb.ff-original-keyword-url", "");
Verwijdert : user_pref("extensions.enabledAddons", "[email protected]:1.6.0,{972ce4c6-7e08-4474-a285-3208198c[...]
Verwijdert : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=");

-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

File : C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Preferences

Verwijdert [l.8] : homepage = "hxxp://visualbee.delta-search.com/?affID=121376&babsrc=HP_ss&mntrId=429220CF30762[...]
Verwijdert [l.11] : urls_to_restore_on_startup = [ "hxxp://visualbee.delta-search.com/?affID=121376&babsrc=HP_[...]
Verwijdert [l.151] : homepage = "hxxp://visualbee.delta-search.com/?affID=121376&babsrc=HP_ss&mntrId=429220CF30762AE3[...]
Verwijdert [l.369] : urls_to_restore_on_startup = [ "hxxp://visualbee.delta-search.com/?affID=121376&babsrc=HP_ss&[...]

*************************

AdwCleaner[S1].txt - [54658 octets] - [23/05/2013 21:29:50]

########## EOF - C:\AdwCleaner[S1].txt - [54719 octets] ##########


RogueKiller log
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart vanuit : Normale modus
Gebruiker : Noemi Osselaer [Administrator rechten]
Modus : Scan -- Datum : 05/23/2013 21:41:25
| ARK || FAK || MBR |

¤¤¤ Kwaadaardige processen : 0 ¤¤¤

¤¤¤ Register verwijzingen : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

¤¤¤ Speciale Files / Folders: ¤¤¤

¤¤¤ Driver : [Niet geladen] ¤¤¤

¤¤¤ HOSTS Bestand: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Controle: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] adb0aa9ec6250927eb9163cc393d5494
[BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 20002 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40965750 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 285153280 | Size: 337704 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB DISK 2.0 USB Device +++++
--- User ---
[MBR] 4d186890a9c0a2908bc144420aab001c
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3810 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Gereed : << RKreport[1]_S_05232013_02d2141.txt >>
RKreport[1]_S_05232013_02d2141.txt



OTL custom scan log
OTL logfile created on: 23-5-2013 21:52:27 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Noemi Osselaer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000413 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,86 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 64,43% Memory free
7,71 Gb Paging File | 5,57 Gb Available in Paging File | 72,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 15,74 Gb Free Space | 13,52% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 24,38 Gb Free Space | 7,39% Space Free | Partition Type: NTFS
Drive F: | 3,72 Gb Total Space | 1,97 Gb Free Space | 52,92% Space Free | Partition Type: FAT32

Computer Name: NOEMIOSSELAER | User Name: Noemi Osselaer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-05-23 20:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Noemi Osselaer\Desktop\OTL.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-12-12 10:42:18 | 001,038,192 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\ApVxdWin.exe
PRC - [2012-11-19 17:11:38 | 000,177,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrlS.exe
PRC - [2012-11-16 12:52:52 | 000,173,344 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe
PRC - [2012-09-21 07:25:02 | 000,202,016 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe
PRC - [2012-04-04 17:00:28 | 000,108,032 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\WebProxy.exe
PRC - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012-02-10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011-10-18 12:43:48 | 000,112,128 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavBckPT.exe
PRC - [2011-10-18 12:43:48 | 000,091,648 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\SrvLoad.exe
PRC - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011-07-29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011-04-13 11:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe
PRC - [2011-03-07 14:27:06 | 000,225,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\AVENGINE.EXE
PRC - [2010-10-21 04:38:35 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010-08-16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\psksvc.exe
PRC - [2010-03-02 20:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010-01-20 17:49:04 | 000,308,640 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010-01-05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009-11-26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files (x86)\Panda Security\Panda Internet Security 2013\FIREWALL\PSHost.exe
PRC - [2009-11-24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009-11-10 04:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009-11-02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009-10-27 05:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009-10-01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009-10-01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009-08-20 05:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009-08-12 21:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009-06-19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009-05-19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008-06-19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe
PRC - [2008-02-04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007-06-15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe


========== Modules (No Company Name) ==========

MOD - [2012-05-30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-05-30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-07-29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011-07-29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010-01-05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009-11-24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009-11-02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009-11-02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009-09-23 20:07:14 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007-02-14 12:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\MiniCrypto.dll
MOD - [2004-05-19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\LIBXML2.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2011-08-12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-12-08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009-11-11 10:29:13 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-11-19 17:11:38 | 000,177,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2012-11-16 12:52:52 | 000,173,344 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe -- (TPSrv)
SRV - [2012-11-09 22:04:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-09-21 07:25:02 | 000,202,016 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2012-08-24 17:05:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012-02-10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011-04-13 11:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe -- (PAVSRV)
SRV - [2010-08-16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\psksvc.exe -- (PskSvcRetail)
SRV - [2010-04-05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-11-26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\Program Files (x86)\Panda Security\Panda Internet Security 2013\FIREWALL\PSHost.exe -- (PSHost)
SRV - [2009-11-10 04:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009-10-01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-10-01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-06-19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe -- (PSIMSVC)
SRV - [2008-02-04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv)
SRV - [2007-06-15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-09-28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-03-26 17:57:36 | 000,071,432 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
DRV:64bit: - [2012-03-08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-11-03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011-10-01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011-10-01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011-10-01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011-10-01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011-07-22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011-07-12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011-07-11 19:31:19 | 000,015,928 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\COMFiltr.sys -- (ComFiltr)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-01-31 15:41:28 | 000,129,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\APPFLT64.SYS -- (APPFLT)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-09-09 15:23:00 | 000,078,920 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idsflt64.sys -- (IDSFLT)
DRV:64bit: - [2010-09-01 10:09:12 | 000,216,648 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\n64i1644.sys -- (NETIMFLT01060044)
DRV:64bit: - [2010-06-22 17:20:18 | 000,030,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009-11-13 11:47:35 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009-11-11 11:02:11 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-10-27 11:07:42 | 000,048,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ShldFlt.sys -- (ShldFlt)
DRV:64bit: - [2009-10-15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009-10-05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-09-30 03:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009-09-25 13:54:08 | 000,074,760 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wnmflt64.sys -- (WNMFLT)
DRV:64bit: - [2009-09-25 13:54:06 | 000,170,504 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NETTDI64.SYS -- (NETFLTDI)
DRV:64bit: - [2009-09-25 13:54:02 | 000,082,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\dsaflt64.sys -- (DSAFLT)
DRV:64bit: - [2009-09-25 13:54:02 | 000,031,752 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fnetm64.sys -- (FNETMON)
DRV:64bit: - [2009-09-17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009-08-21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009-08-12 05:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009-08-06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009-07-20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009-07-14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009-06-10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008-05-24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2006-08-25 15:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV:64bit: - [2005-09-23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/de....aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-BE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F 13 9D 88 FC 3E CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Noemi Osselaer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-03 09:16:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-08-24 17:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-07-03 09:16:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-08-24 17:05:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-07-03 09:16:20 | 000,000,000 | ---D | M]

[2012-08-08 16:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Extensions
[2013-05-23 21:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noemi Osselaer\AppData\Roaming\mozilla\Firefox\Profiles\faza350x.default\extensions
[2012-08-08 16:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-08-07 19:13:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-07-03 09:16:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2012-08-24 17:05:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-04-02 21:22:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-04-02 21:22:05 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012-04-02 21:22:05 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012-04-02 21:22:05 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: (Enabled) = C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Noemi Osselaer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - Extension: Torch Share = C:\Users\Noemi Osselaer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.2023_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Noemi Osselaer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.2 195.130.131.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5F2D15B-ED47-4071-89A4-6C3CA1171EEC}: DhcpNameServer = 195.130.130.2 195.130.131.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-07-10 17:29:02 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{C3C3D0F2-3806-442B-BEC9-4C9055BBB799}
[2013-07-07 17:50:49 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{12D69529-A0E6-453A-A449-11F48D7D5611}
[2013-07-05 15:21:07 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{38F13457-09B6-496E-AB75-17B8AFEA757E}
[2013-05-23 21:37:40 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\Desktop\RK_Quarantine
[2013-05-23 21:08:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-05-23 20:40:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Noemi Osselaer\Desktop\OTL.exe
[2013-05-23 20:33:49 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{F29DB517-36B6-46BD-93CE-126EEDB537F6}
[2013-05-22 13:33:40 | 000,000,000 | ---D | C] -- C:\spyware
[2013-05-22 10:39:06 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{9737E3AF-6250-40A5-994D-1B79B569C502}
[2013-05-18 22:40:56 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{8B8C46B2-914C-4402-AF6B-7521FD1435DF}
[2013-05-18 19:44:48 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{7FBA2111-8746-4A19-9659-B060A2DBE5C0}
[2013-05-18 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Roaming\Malwarebytes
[2013-05-18 17:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-05-18 17:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-05-18 17:42:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-05-18 17:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-05-18 17:42:22 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\Programs
[2013-05-17 19:05:43 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{8D3F726B-2B4C-454A-9A01-E97E983CF9F3}
[2013-05-15 21:58:03 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{86CC7D14-DC3A-4F79-BD73-48E1E536D247}
[2013-05-14 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{9C5BF444-0686-4A69-8677-CA23106DB5A3}
[2013-05-13 17:14:04 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{3C2A72C3-4903-4CBF-B707-1CC2F1B7040C}
[2013-05-11 23:46:31 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{5F061D7B-DBDB-44F8-A83B-C42F75AA5C06}
[2013-05-09 14:20:33 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\AppData\Local\{3908174B-6697-4C93-9D35-6B09CAFEFB8B}
[2013-05-09 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Noemi Osselaer\Documents\Adobe
[6 C:\Users\Noemi Osselaer\Documents\*.tmp files -> C:\Users\Noemi Osselaer\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-05-23 22:03:04 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck
[2013-05-23 22:03:04 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg
[2013-05-23 22:02:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-05-23 21:40:52 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-05-23 21:40:52 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-05-23 21:38:39 | 000,347,320 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck
[2013-05-23 21:38:39 | 000,347,320 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT
[2013-05-23 21:36:57 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck
[2013-05-23 21:36:57 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG
[2013-05-23 21:36:57 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg.bck
[2013-05-23 21:36:57 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg
[2013-05-23 21:36:57 | 000,000,092 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt.bck
[2013-05-23 21:36:57 | 000,000,092 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt
[2013-05-23 21:36:57 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg.bck
[2013-05-23 21:36:57 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg
[2013-05-23 21:36:57 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg.bck
[2013-05-23 21:36:57 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg
[2013-05-23 21:36:57 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg.bck
[2013-05-23 21:36:57 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg
[2013-05-23 21:36:56 | 000,447,324 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls.bck
[2013-05-23 21:36:56 | 000,447,324 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls
[2013-05-23 21:35:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-23 21:33:57 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (Local).job
[2013-05-23 21:33:57 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2013-05-23 21:33:55 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-05-23 21:33:47 | 000,000,072 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt.bck
[2013-05-23 21:33:47 | 000,000,072 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt
[2013-05-23 21:32:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-23 21:32:39 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2013-05-23 21:30:54 | 000,000,156 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013-05-23 20:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Noemi Osselaer\Desktop\OTL.exe
[2013-05-23 20:26:24 | 000,791,040 | ---- | M] () -- C:\Users\Noemi Osselaer\Desktop\RogueKillerX64.exe
[2013-05-23 20:25:54 | 000,632,031 | ---- | M] () -- C:\Users\Noemi Osselaer\Desktop\adwcleaner.exe
[2013-05-23 19:52:59 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876256605-4006223907-461243498-1000UA.job
[2013-05-22 21:00:37 | 000,007,603 | ---- | M] () -- C:\Users\Noemi Osselaer\AppData\Local\Resmon.ResmonCfg
[2013-05-22 14:21:22 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013-05-22 13:53:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876256605-4006223907-461243498-1000Core.job
[2013-05-22 10:37:37 | 000,001,487 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013-05-18 19:41:57 | 005,036,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-05-18 17:42:40 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-05-18 17:40:26 | 001,665,528 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-05-18 17:40:26 | 000,744,022 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-05-18 17:40:26 | 000,652,828 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-05-18 17:40:26 | 000,152,848 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-05-18 17:40:26 | 000,121,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-05-11 14:31:03 | 001,643,688 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-05-09 21:59:46 | 000,000,512 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\wnmuth.wlt.bck
[2013-05-09 21:59:46 | 000,000,512 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\wnmuth.wlt
[2013-05-09 15:34:24 | 000,002,322 | ---- | M] () -- C:\Users\Noemi Osselaer\Desktop\james bond bath scene.wlmp
[2013-05-09 11:55:28 | 000,001,520 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[6 C:\Users\Noemi Osselaer\Documents\*.tmp files -> C:\Users\Noemi Osselaer\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-05-23 21:37:27 | 000,791,040 | ---- | C] () -- C:\Users\Noemi Osselaer\Desktop\RogueKillerX64.exe
[2013-05-23 21:30:14 | 000,000,156 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013-05-23 21:28:18 | 000,632,031 | ---- | C] () -- C:\Users\Noemi Osselaer\Desktop\adwcleaner.exe
[2013-05-22 20:28:08 | 000,007,603 | ---- | C] () -- C:\Users\Noemi Osselaer\AppData\Local\Resmon.ResmonCfg
[2013-05-18 17:42:40 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-05-09 15:34:23 | 000,002,322 | ---- | C] () -- C:\Users\Noemi Osselaer\Desktop\james bond bath scene.wlmp
[2013-05-09 11:55:28 | 000,001,532 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013-05-09 11:55:28 | 000,001,520 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2012-07-13 14:33:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-07-10 15:01:04 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
[2011-06-27 13:36:03 | 001,811,849 | ---- | C] () -- C:\Users\Noemi Osselaer\AppData\Local\scene_temp.jpg
[2011-06-24 14:13:09 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2011-06-24 14:13:09 | 000,029,741 | ---- | C] () -- C:\Windows\unins000.dat
[2011-01-20 20:24:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-01-19 18:34:32 | 000,025,600 | ---- | C] () -- C:\Users\Noemi Osselaer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-21 04:18:51 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011-01-18 19:55:04 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Asus WebStorage
[2011-04-11 20:01:02 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Canon
[2012-04-07 13:36:29 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011-07-28 13:20:36 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011-06-24 14:13:44 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Easy MP3 Recorder
[2011-06-30 17:16:56 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\go
[2012-06-24 21:36:49 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\LimeWire Music
[2011-07-29 13:54:58 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\PACE Anti-Piracy
[2011-07-11 19:29:33 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Panda Security
[2012-08-03 19:07:37 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\PDAppFlex
[2013-03-31 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Publish Providers
[2011-07-01 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\SmartDraw
[2013-05-18 19:38:26 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\SoftGrid Client
[2013-03-31 17:46:20 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Sony
[2012-03-30 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011-07-18 17:44:14 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\TFP
[2011-01-18 22:13:22 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\TP
[2013-05-23 21:05:52 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\uTorrent
[2011-06-27 20:54:31 | 000,000,000 | ---D | M] -- C:\Users\Noemi Osselaer\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009-07-14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013-02-27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009-07-14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010-11-20 15:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010-11-20 15:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011-11-17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009-07-14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009-07-14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012-07-05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012-06-02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012-06-02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010-11-20 15:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010-11-20 15:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010-11-20 14:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011-03-03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009-07-14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009-07-14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009-07-14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009-07-14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010-11-20 15:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009-07-14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009-07-14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009-07-14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009-07-14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009-07-14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012-10-03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009-07-14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011-05-24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012-02-11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011-11-17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009-07-14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010-11-20 15:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010-11-20 15:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010-11-20 15:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011-11-17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009-07-14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010-11-20 15:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010-11-20 15:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010-11-20 14:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010-11-20 15:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010-11-20 15:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010-11-20 14:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012-05-01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010-11-20 15:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010-11-20 15:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010-11-20 15:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010-11-20 15:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010-11-20 15:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010-11-20 15:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010-11-20 15:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010-11-20 15:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010-11-20 14:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009-07-14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012-06-03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010-11-20 15:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009-07-14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010-11-20 15:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010-10-21 04:24:49 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-02-26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010-10-21 04:11:46 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-10-21 04:24:49 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010-10-21 04:11:46 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010-11-20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010-10-21 04:24:49 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010-10-21 04:11:46 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010-10-21 04:24:49 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011-02-26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010-10-21 04:11:46 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2010-11-20 15:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010-11-20 15:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009-07-14 03:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009-06-10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009-08-04 12:13:50 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=B84CF40C8CF1DA44A95CC37E360EB977 -- C:\Windows\SysNative\nl-NL\services.exe.mui
[2009-08-04 12:13:50 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=B84CF40C8CF1DA44A95CC37E360EB977 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_7efe2a1cc8ae306f\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009-07-14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009-07-14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009-06-10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009-06-10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009-06-10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009-06-10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009-06-10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009-06-10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009-08-04 12:13:48 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\SysNative\nl-NL\services.msc
[2009-08-04 12:13:51 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\SysWOW64\nl-NL\services.msc
[2009-08-04 12:13:48 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_b93ffa089f17ca62\services.msc
[2009-08-04 12:13:51 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_5d215e84e6ba592c\services.msc

< MD5 for: SERVICES.PTXML >
[2009-07-13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009-07-13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010-11-20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010-11-20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010-10-21 04:24:49 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010-10-21 04:24:49 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir C:\ /S /A:L /C >
De volumenaam van station C is OS
Het volumenummer is 4292-399C
Map van C:\
14/07/2009 07:08 <KOPPELING> Documents and Settings [C:\Users]
0 bestand(en) 0 bytes
Map van C:\ProgramData
14/07/2009 07:08 <KOPPELING> Application Data [C:\ProgramData]
14/07/2009 07:08 <KOPPELING> Desktop [C:\Users\Public\Desktop]
14/07/2009 07:08 <KOPPELING> Documents [C:\Users\Public\Documents]
14/07/2009 07:08 <KOPPELING> Favorites [C:\Users\Public\Favorites]
14/07/2009 07:08 <KOPPELING> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 07:08 <KOPPELING> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 bestand(en) 0 bytes
Map van C:\Users
14/07/2009 07:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 07:08 <KOPPELING> Default User [C:\Users\Default]
0 bestand(en) 0 bytes
Map van C:\Users\All Users
14/07/2009 07:08 <KOPPELING> Application Data [C:\ProgramData]
14/07/2009 07:08 <KOPPELING> Desktop [C:\Users\Public\Desktop]
14/07/2009 07:08 <KOPPELING> Documents [C:\Users\Public\Documents]
14/07/2009 07:08 <KOPPELING> Favorites [C:\Users\Public\Favorites]
14/07/2009 07:08 <KOPPELING> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 07:08 <KOPPELING> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 bestand(en) 0 bytes
Map van C:\Users\Caroline
04/05/2012 22:05 <KOPPELING> Application Data [C:\Users\Caroline\AppData\Roaming]
04/05/2012 22:05 <KOPPELING> Cookies [C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies]
04/05/2012 22:05 <KOPPELING> Local Settings [C:\Users\Caroline\AppData\Local]
04/05/2012 22:05 <KOPPELING> Menu Start [C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu]
04/05/2012 22:05 <KOPPELING> Mijn documenten [C:\Users\Caroline\Documents]
04/05/2012 22:05 <KOPPELING> NetHood [C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/05/2012 22:05 <KOPPELING> Netwerkprinteromgeving [C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/05/2012 22:05 <KOPPELING> Recent [C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Recent]
04/05/2012 22:05 <KOPPELING> SendTo [C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\SendTo]
04/05/2012 22:05 <KOPPELING> Sjablonen [C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Templates]
0 bestand(en) 0 bytes
Map van C:\Users\Caroline\AppData\Local
04/05/2012 22:05 <KOPPELING> Application Data [C:\Users\Caroline\AppData\Local]
04/05/2012 22:05 <KOPPELING> Geschiedenis [C:\Users\Caroline\AppData\Local\Microsoft\Windows\History]
04/05/2012 22:05 <KOPPELING> Temporary Internet Files [C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 bestand(en) 0 bytes
Map van C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu
04/05/2012 22:05 <KOPPELING> Programma's [C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 bestand(en) 0 bytes
Map van C:\Users\Caroline\Documents
04/05/2012 22:05 <KOPPELING> Mijn afbeeldingen [C:\Users\Caroline\Pictures]
04/05/2012 22:05 <KOPPELING> Mijn muziek [C:\Users\Caroline\Music]
04/05/2012 22:05 <KOPPELING> Mijn video's [C:\Users\Caroline\Videos]
0 bestand(en) 0 bytes
Map van C:\Users\Default
14/07/2009 07:08 <KOPPELING> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 07:08 <KOPPELING> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 07:08 <KOPPELING> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 07:08 <KOPPELING> My Documents [C:\Users\Default\Documents]
14/07/2009 07:08 <KOPPELING> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 07:08 <KOPPELING> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 07:08 <KOPPELING> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 07:08 <KOPPELING> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 07:08 <KOPPELING> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 07:08 <KOPPELING> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 bestand(en) 0 bytes
Map van C:\Users\Default\AppData\Local
14/07/2009 07:08 <KOPPELING> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 07:08 <KOPPELING> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 07:08 <KOPPELING> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 bestand(en) 0 bytes
Map van C:\Users\Default\Documents
14/07/2009 07:08 <KOPPELING> My Music [C:\Users\Default\Music]
14/07/2009 07:08 <KOPPELING> My Pictures [C:\Users\Default\Pictures]
14/07/2009 07:08 <KOPPELING> My Videos [C:\Users\Default\Videos]
0 bestand(en) 0 bytes
Map van C:\Users\Noemi Osselaer
18/01/2011 19:34 <KOPPELING> Application Data [C:\Users\Noemi Osselaer\AppData\Roaming]
18/01/2011 19:34 <KOPPELING> Cookies [C:\Users\Noemi Osselaer\AppData\Roaming\Microsoft\Windows\Cookies]
18/01/2011 19:34 <KOPPELING> Local Settings [C:\Users\Noemi Osselaer\AppData\Local]
18/01/2011 19:34 <KOPPELING> Menu Start [C:\Users\Noemi Osselaer\AppData\Roaming\Microsoft\Windows\Start Menu]
18/01/2011 19:34 <KOPPELING> Mijn documenten [C:\Users\Noemi Osselaer\Documents]
18/01/2011 19:34 <KOPPELING> NetHood [C:\Users\Noemi Osselaer\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18/01/2011 19:34 <KOPPELING> Netwerkprinteromgeving [C:\Users\Noemi Osselaer\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18/01/2011 19:34 <KOPPELING> Recent [C:\Users\Noemi Osselaer\AppData\Roaming\Microsoft\Windows\Recent]
18/01/2011 19:34 <KOPPELING> SendTo [C:\Users\Noemi Osselaer\AppData\Roaming\Microsoft\Windows\SendTo]
18/01/2011 19:34 <KOPPELING> Sjablonen [C:\Users\Noemi Osselaer\AppData\Roaming\Microsoft\Windows\Templates]
0 bestand(en) 0 bytes
Map van C:\Users\Noemi Osselaer\AppData\Local
18/01/2011 19:34 <KOPPELING> Application Data [C:\Users\Noemi Osselaer\AppData\Local]
18/01/2011 19:34 <KOPPELING> Geschiedenis [C:\Users\Noemi Osselaer\AppData\Local\Microsoft\Windows\History]
18/01/2011 19:34 <KOPPELING> Temporary Internet Files [C:\Users\Noemi Osselaer\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 bestand(en) 0 bytes
Map van C:\Users\Noemi Osselaer\AppData\LocalLow
16/05/2011 17:28 <KOPPELING> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 bestand(en) 0 bytes
Map van C:\Users\Noemi Osselaer\AppData\Roaming\Microsoft\Windows\Start Menu
18/01/2011 19:34 <KOPPELING> Programma's [C:\Users\Noemi Osselaer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 bestand(en) 0 bytes
Map van C:\Users\Noemi Osselaer\Documents
18/01/2011 19:34 <KOPPELING> Mijn afbeeldingen [C:\Users\Noemi Osselaer\Pictures]
18/01/2011 19:34 <KOPPELING> Mijn muziek [C:\Users\Noemi Osselaer\Music]
18/01/2011 19:34 <KOPPELING> Mijn video's [C:\Users\Noemi Osselaer\Videos]
0 bestand(en) 0 bytes
Map van C:\Users\Public\Documents
14/07/2009 07:08 <KOPPELING> My Music [C:\Users\Public\Music]
14/07/2009 07:08 <KOPPELING> My Pictures [C:\Users\Public\Pictures]
14/07/2009 07:08 <KOPPELING> My Videos [C:\Users\Public\Videos]
0 bestand(en) 0 bytes
Totaal aantal weergegeven bestanden:
0 bestand(en) 0 bytes
69 map(pen) 16.635.695.104 bytes beschikbaar

========== Alternate Data Streams ==========

@Alternate Data Stream - 957 bytes -> C:\Users\Noemi Osselaer\AppData\Local\Temp:OCtGXVjtjPfvtM1MnQq1v
@Alternate Data Stream - 1036 bytes -> C:\Users\Noemi Osselaer\AppData\Local\hwzfi3mhIQ:C39geFDMN01V53CvrnWnHv3V3

< End of report >

No Extras.txt file was created by OTL.
And I don't seem to find the log file created by malwarebytes rootkit.


The computer starts up a lot quicker than before. Firefox starts normally, and I can go to every website I want. Thanks!!!!!!!!!!!

[Crowbar]

Hi again,
You are very welcome!

When you ran MalwareBytes anti rootkit, did you click on the Cleanup button after the scan? If so, then the log file should be in the MBAR folder.
Let's search for it,
click on the Start orb
in the search box type in:
mbar-log-2013*.txt
See if that guides you to the MBAR log file, if so, please paste it in next response

You did well freeing up some space, but your free space is still too small.

Drive C: | 116,44 Gb Total Space | 15,74 Gb Free Space | 13,52% Space Free | Partition Type: NTFS

Your computer will be a little happier still if you can get that free space up to at least %15, but %20 would be even better!
I would like to sweep for any remnants now and check your security setup:

Step 1
I need you to manually remove an plug in from Chrome:
With Chrome running type this in the URL bar:
about:plugins
on the plug-ins page, please locate these plugins and disable them:

• Babylon ToolBar
• Conduit Chrome Plugin

Step 2
Please run Malwarebytes' Anti-Malware

• Go to the Update tab and check for updates, please install any updates found.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step 4
Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:

• MalwareBytes log file
• ESET online scan log
• checkup.txt

[Moosch32]

hallo,

sorry to keep you waiting. EST has been doing it 's job for 18 hours and is still buzy scanning. I 'll send the reports as soon as possible.

[Moosch32]

hallo,

I didn't find the 2 mentioned addon toolbars for google chrome. I did find 16 other addons. My daughter doesn't really need google chrome. Can I uninstall it?

Here are the reports:
malware bytes:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Caroline :: NOEMIOSSELAER [administrator]

26/06/2013 10:38:37
mbam-log-2011-06-26 (10-38-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241888
Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESet online scan:
C:\Users\Noemi Osselaer\Downloads\iLividSetup(1).exe Win32/Toolbar.SearchSuite application
C:\Users\Noemi Osselaer\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\05232013_210852\C_ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-14.0.1.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\05232013_210852\C_ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-15.0.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\05232013_210852\C_ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-16.0.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\05232013_210852\C_ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-17.0.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\05232013_210852\C_ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js Win32/bProtector.C application
C:\_OTL\MovedFiles\05232013_210852\C_ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-14.0.1.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\05232013_210852\C_ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js Win32/bProtector.F application
D:\NOEMIOSSELAER\Backup Set 2012-07-01 190004\Backup Files 2012-07-01 190004\Backup files 13.zip multiple threats
D:\NOEMIOSSELAER\Backup Set 2012-07-01 190004\Backup Files 2012-07-01 190004\Backup files 8.zip Win32/BrowserCompanion.G application
D:\NOEMIOSSELAER\Backup Set 2012-07-01 190004\Backup Files 2012-08-02 174126\Backup files 2.zip multiple threats
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2012-08-05 190010\Backup files 11.zip multiple threats
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2012-08-05 190010\Backup files 9.zip Win32/BrowserCompanion.G application
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2012-08-26 192040\Backup files 1.zip Win32/BrowserCompanion.G application
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2012-11-09 193547\Backup files 2.zip Win32/BrowserCompanion.G application
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2012-11-09 193547\Backup files 5.zip Win32/TopMedia.B application
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2013-07-02 114709\Backup files 2.zip Win32/BrowserCompanion.G application
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2013-07-02 114709\Backup files 3.zip multiple threats
D:\NOEMIOSSELAER\Backup Set 2013-03-31 190004\Backup Files 2013-03-31 190004\Backup files 11.zip Win32/BrowserCompanion.G application
D:\NOEMIOSSELAER\Backup Set 2013-03-31 190004\Backup Files 2013-03-31 190004\Backup files 13.zip multiple threats
D:\NOEMIOSSELAER\Backup Set 2013-03-31 190004\Backup Files 2013-05-12 190007\Backup files 3.zip multiple threats


checkit:
Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Panda Internet Security 2013
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versie 1.75.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
panda security panda internet security 2013 firewall PSHOST.EXE
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````


Thanks for all your help!!!!!!!!!!!!!!!

[Crowbar]

Hi there,
Sorry about the ESet scan taking so long.
It looks like ESET found some bad stuff in your backup files - as these are labeled backups, I don't want to delete them, that is up to you.
I would first make a fresh backup, then delete those old ones.
If she does not use Chrome, then by all means uninstall it. That will help you reclaim a little more free disk space.

So now, I would like to clean up the little pieces that I see from ESET, then clean up my tools and give you some recommendations:

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :OTL
  :files
  C:\Users\Noemi Osselaer\Downloads\iLividSetup(1).exe
  C:\Users\Noemi Osselaer\Downloads\iLividSetup.exe
  :commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log it produces in your next reply.

The backup files to delete are here:
D:\NOEMIOSSELAER\Backup Set 2012-07-01 190004\Backup Files 2012-07-01 190004\Backup files 13.zip
D:\NOEMIOSSELAER\Backup Set 2012-07-01 190004\Backup Files 2012-07-01 190004\Backup files 8.zip
D:\NOEMIOSSELAER\Backup Set 2012-07-01 190004\Backup Files 2012-08-02 174126\Backup files 2.zip
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2012-08-05 190010\Backup files 11.zip
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2012-08-05 190010\Backup files 9.zip
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2012-08-26 192040\Backup files 1.zip
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2012-11-09 193547\Backup files 2.zip
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2012-11-09 193547\Backup files 5.zip
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2013-07-02 114709\Backup files 2.zip
D:\NOEMIOSSELAER\Backup Set 2012-08-05 190010\Backup Files 2013-07-02 114709\Backup files 3.zip
D:\NOEMIOSSELAER\Backup Set 2013-03-31 190004\Backup Files 2013-03-31 190004\Backup files 11.zip
D:\NOEMIOSSELAER\Backup Set 2013-03-31 190004\Backup Files 2013-03-31 190004\Backup files 13.zip
D:\NOEMIOSSELAER\Backup Set 2013-03-31 190004\Backup Files 2013-05-12 190007\Backup files 3.zip

If you don't care about those zip files, you can add them to the OTL fix above, or just delete them manually.

Out of date programs:
You have several out of date programs, these can be important to bring up to date, as older versions are subject to being exploited.
Java - if you don't use Java, I recommend that you uninstall it completely, as it's one of the most exploited programs out there at this time.
If you do need to keep Java, please update it to the newest version:
Go to Java.com and click on the Do I have Java? link
Click on the red Verify Java Version button.
This will verify the version and give you a link to install the newest version of Java

Adobe Flash player is out of date, please visit the Adobe site here and click on Get the latest version
follow those instructions.

Adobe reader is out of date
Please uninstall your current version of the Adobe Reader 9 then,
Please visit here
Please note that you should uncheck the box next to whatever extra product they are trying to install on this page (looks like it's McAfee security scan at this time)
then follow the instructions on the screen.

Firefox is also out of date, you can usually (depending on the version) update Firefox by clicking on Help, then About. In the about box you will see a link to update the program.

After you do all of this you should be clear of all the bad stuff, so---
Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Go to control panel
• Select folder options (Appearance > Folder options in category view)
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Do you use Java If you do not use it, you are better off uninstalling it completely. Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list. If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infectd in the first place

Keep safe

[Moosch32]

The computer works fine again. Thanks for all your help! Enjoy the weekend!

[Crowbar]

Excellent news, and you are very welcome!

I hope we don't see you back here in the malware removal forums anytime soon!

[Crowbar]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.