HiJackThis-log

[glennbeerten]

Beste,

Mijn vriendin klaagde dat haar laptop traag was geworden (zacht uitgedrukt als je t mij vraagt..).

Ik heb al heel wat toolbars verwijderd maar er zijn wel meer problemen vrees ik. bij deze dus een HJT-logje dat je eens mag bekijken.

Alvast bedankt!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:59:54, on 10/08/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16490)

Boot mode: Normal

Running processes:

C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Users\Craeghs\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Users\Craeghs\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Craeghs\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Protected Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Protected Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Protected Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Protected Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Protected Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Craeghs\AppData\Roaming\Complitly\Complitly.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Craeghs\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Craeghs\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Craeghs\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Startup: Dropbox.lnk = Craeghs\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Craeghs\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~2\261519~1.190\{c16c1~1\browse~1.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Craeghs\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe

O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - Unknown owner - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--

End of file - 15437 bytes

[juisterr]

Probeer dit eens.

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

  emptyclsid;
  firefoxlook; 
  Chromelook; 
  autoclean; 
  iedefaults; 
  {ad708c09-d51b-45b3-9d28-4eba2681febf};c
  {c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8};c
  {0FB6A909-6086-458F-BD92-1F8EE10042A0};c
  {7F6AFBF1-E065-4627-A2FD-810366367D01};c
  

  
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  

[glennbeerten]

Zoek.exe Version 4.0.0.4 Updated 10-August-2013

Tool run by Craeghs on za 10/08/2013 at 14:18:44,12.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Craeghs\Downloads\zoek.exe [script inserted]

==== System Restore Info ======================

10/08/2013 14:19:38 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1B90E85D-BB1F-4A8A-B82B-48F50E44A2F8} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B12D7E35-54D6-4FA6-9773-05BC0773FFB8} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\defaulttabupdate deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\defaulttabupdate deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default

---- Lines delta removed from prefs.js ----

user_pref("avg.install.userHPSettings", "http://www1.delta-search.com/?affid=1215612&babsrc=hp_ss&mntrid=425d0aa3c4b1ab36");

user_pref("avg.install.userSPSettings", "Delta Search");

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.dfltLng", "en");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.id", "425d9bf50000000000000aa3c4b1ab36");

user_pref("extensions.delta.instlDay", "15799");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.newTab", false);

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.vrsn", "1.8.10.0");

user_pref("extensions.delta.vrsni", "1.8.10.0");

user_pref("extensions.delta.vrsnTs", "1.8.10.022:08:38");

---- Lines delta modified from prefs.js ----

---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.id", "425d9bf50000000000000aa3c4b1ab36");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.instlDay", "15799");

user_pref("extensions.delta.vrsn", "1.8.10.0");

user_pref("extensions.delta.vrsni", "1.8.10.0");

user_pref("extensions.delta.vrsnTs", "1.8.10.022:08:38");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.dfltLng", "en");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.newTab", false);

---- Lines babylon removed from prefs.js ----

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.dfltLng", "nl");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.id", "425d9bf50000000000000aa3c4b1ab36");

user_pref("extensions.BabylonToolbar.instlDay", "15647");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=425d9bf50000000000000aa3c4b1ab36&q=");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.818:23:30");

---- Lines babylon modified from prefs.js ----

---- Lines babylon removed from user.js ----

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=425d9bf50000000000000aa3c4b1ab36&q=");

user_pref("extensions.BabylonToolbar.id", "425d9bf50000000000000aa3c4b1ab36");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.instlDay", "15647");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.818:23:30");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.dfltLng", "nl");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.admin", false);

---- Lines search.com removed from prefs.js ----

---- Lines search.com modified from prefs.js ----

---- Lines search.com removed from user.js ----

---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from prefs.js ----

---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1373450314781,\"rdfTime\":1373450314750}}},{\"name\":\"app-profile\",\"addons\":{\"zoompage@DW-dev\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\zoompage@DW-dev.xpi\",\"mtime\":1376133423861},\"{33e0daa6-3af3-d8b5-6752-10e949c61516}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{33e0daa6-3af3-d8b5-6752-10e949c61516}\",\"mtime\":1354458030331,\"rdfTime\":1337563998000},\"{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\",\"mtime\":1354457999561,\"rdfTime\":1351151260000},\"{ad708c09-d51b-45b3-9d28-4eba2681febf}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{ad708c09-d51b-45b3-9d28-4eba2681febf}\",\"mtime\":1376131539796,\"rdfTime\":1376131533726},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1376133286457},\"{66E978CD-981F-47DF-AC42-E3CF417C1467}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi\",\"mtime\":1376134351252}}}]");

---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from user.js ----

---- Lines {ad708c09-d51b-45b3-9d28-4eba2681febf} removed from prefs.js ----

---- Lines {ad708c09-d51b-45b3-9d28-4eba2681febf} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1373450314781,\"rdfTime\":1373450314750}}},{\"name\":\"app-profile\",\"addons\":{\"zoompage@DW-dev\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\zoompage@DW-dev.xpi\",\"mtime\":1376133423861},\"{disabled}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{disabled}\",\"mtime\":1354458030331,\"rdfTime\":1337563998000},\"{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}\",\"mtime\":1354457999561,\"rdfTime\":1351151260000},\"{ad708c09-d51b-45b3-9d28-4eba2681febf}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{ad708c09-d51b-45b3-9d28-4eba2681febf}\",\"mtime\":1376131539796,\"rdfTime\":1376131533726},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1376133286457},\"{66E978CD-981F-47DF-AC42-E3CF417C1467}\":{\"descriptor\":\"C:\\\\Users\\\\Craeghs\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\d0ca05cj.default\\\\extensions\\\\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi\",\"mtime\":1376134351252}}}]");

---- Lines {ad708c09-d51b-45b3-9d28-4eba2681febf} removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user_20131008_1428_.backup

prefs_20131008_1428_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"bProtector Start Page"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\ProgramData\jcipxsaerchkozh" deleted

"C:\ProgramData\zddsribnbfcvarn" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\delta.xml" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\babylon.xml" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml" deleted

"C:\Users\Craeghs\AppData\Roaming\cache.dat" deleted

"C:\windows\SysNative\Tasks\DealPly" deleted

"C:\ProgramData\dsgsdgdsgdsgw.pad" deleted

"C:\windows\SysNative\Tasks\BrowserProtect" deleted

"C:\END" deleted

"C:\windows\Launcher.exe" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\browsemngr.xml" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\babylon.xml" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\search-here.xml" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\searchplugins\Web Search.xml" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\bprotector_extensions.sqlite" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\bprotector_prefs.js" deleted

"C:\Users\Public\Desktop\iLivid.lnk" deleted

"C:\Users\Craeghs\Desktop\SoftonicDownloader_voor_free-youtube-download.exe" deleted

"C:\Users\Craeghs\Desktop\SoftonicDownloader_voor_free-youtube-download.exe" deleted

"C:\Users\Craeghs\AppData\Roaming\Udys\valui.exe" deleted

"C:\Users\Craeghs\AppData\Roaming\Bomeri\unat.ecy" deleted

"C:\Users\Craeghs\AppData\Roaming\Gepyup\iqiqe.ire" deleted

"C:\Users\Craeghs\AppData\Roaming\Guvean\paepu.qyv" deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted

"C:\Users\Craeghs\AppData\Roaming\Awlo" deleted

"C:\Users\Craeghs\AppData\Roaming\Rayp" deleted

"C:\Users\Craeghs\AppData\Roaming\Udys" deleted

"C:\Users\Craeghs\AppData\Roaming\Bomeri" deleted

"C:\Users\Craeghs\AppData\Roaming\Gepyup" deleted

"C:\Users\Craeghs\AppData\Roaming\Guvean" deleted

"C:\Program Files (x86)\TornTV.com" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted

"C:\Program Files (x86)\DealPly" deleted

"C:\Program Files (x86)\Protected Search" deleted

"C:\Program Files (x86)\MarineAquarium3Free_57EI" deleted

"C:\Program Files (x86)\Complitly" deleted

"C:\Program Files (x86)\Conduit" deleted

"C:\Users\Craeghs\AppData\Roaming\Complitly" deleted

"C:\found.000" deleted

"C:\found.001" deleted

"C:\Users\Craeghs\AppData\Roaming\DVDVideoSoftIEHelpers" deleted

"C:\Users\Craeghs\AppData\Roaming\Babylon" deleted

"C:\Users\Craeghs\AppData\Roaming\DealPly" deleted

"C:\Users\Craeghs\AppData\Roaming\File Scout" deleted

"C:\Users\Craeghs\AppData\Roaming\DefaultTab" deleted

"C:\Users\Craeghs\AppData\Roaming\OpenCandy" deleted

"C:\ProgramData\BrowserProtect" not deleted

"C:\ProgramData\Ask" deleted

"C:\ProgramData\Babylon" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search" deleted

"C:\Users\Craeghs\AppData\Local\APN" deleted

"C:\Users\Craeghs\AppData\Local\Conduit" deleted

"C:\Users\Craeghs\AppData\LocalLow\BabylonToolbar" deleted

"C:\Users\Craeghs\AppData\LocalLow\Conduit" deleted

"C:\windows\SysNative\tasks\ProtectedSearch" deleted

"C:\windows\SysWow64\searchplugins" deleted

"C:\windows\SysWow64\Extensions" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\jetpack" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\extensions\staged" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}" deleted

"C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}" deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default

- Zoom Page - %ProfilePath%\extensions\zoompage@DW-dev

- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}

- Protected Toolbar - %ProfilePath%\extensions\{83ac1a2f-92fc-4314-bc93-c5782d0ba7be}

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

- Zoom Page - %ProfilePath%\extensions\zoompage@DW-dev.xpi

- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Craeghs\AppData\Roaming\Mozilla\Firefox\Profiles\d0ca05cj.default

3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash

66640A55AEFF3819C94E0A8D40D7E0AD - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director

0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Craeghs\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dlfienamagdnkekbbbocojppncdambda - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[]

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]

nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

"Search Page"="http://www.google.com"

"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Default_Search_URL"="http://www.google.com/ie"

"Search Bar"="http://www.google.com/ie"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.protectedsearch.com?si=41570&bs=true&tid=3026&q=%s"

@="http://www.google.com/search?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Default_Search_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Start Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Start Default_Page_URL"="http://search.protectedsearch.com?si=41570&home=true&tid=3026"

"Default_Search_URL"="http://www.google.com/ie"

"Search Bar"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"Search Page"="http://search.protectedsearch.com?si=41570&home=true&tid=3026&q="

"SearchAssistant"="http://www.google.com/ie"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{B12D7E35-54D6-4FA6-9773-05BC0773FFB8}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B12D7E35-54D6-4FA6-9773-05BC0773FFB8}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.be/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Yahoo Url="http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF"

{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing Url="http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4156162080-868297462-3842664011-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Craeghs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Craeghs\AppData\Local\Mozilla\Firefox\Profiles\d0ca05cj.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied

C:\Users\Craeghs\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found

"C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found

"C:\Users\Craeghs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\ProgramData\BrowserProtect" not found

==== EOF on za 10/08/2013 at 14:32:45,55 ======================

[juisterr]

Mag ik vragen of u nog problemen heeft ?

[glennbeerten]

Momenteel ondervindt ik geen problemen meer.

hartelijk bedankt!

[glennbeerten]

malwarebytes geeft echter wel deze log weer:

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes : Free anti-malware download

Databaseversie: v2013.08.10.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Craeghs :: PORTCRAEGHS [administrator]

10/08/2013 16:31:45

MBAM-log-2013-08-10 (16-40-03).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 213869

Verstreken tijd: 3 minuut/minuten, 56 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Geen actie ondernomen.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Geen actie ondernomen.

HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Geen actie ondernomen.

Registerwaarden gedetecteerd: 1

HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Data: -> Geen actie ondernomen.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 1

C:\Users\Craeghs\Downloads\installer_total_audio_converter.exe (PUP.BundleInstaller.DT) -> Geen actie ondernomen.

(einde)

[juisterr]

update je Malwarebytes en doe een nieuwe scan, verwijder nu alles wat het vind en start daarna opnieuw op.

[glennbeerten]

oké, het is weg nu, thanks.

[juisterr]

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.