Ga naar inhoud

explorer.exe - ongeldige installatiekopie


Aanbevolen berichten

Hallo,

Ik heb hetzelfde probleem als Riekje op 31 okt 2012. Ik krijg steeds de melding van een ongeldige installatiekopie van verschillende programma's.

Ik heb dan ook dezelfde raad als Riekje opgevolgd en Hijack This gedownload en uitgevoerd.

Het volgende bestand werd door Hijack This gegeven.

Kunnen jullie mij helpen?

Alvast bedankt,

Sara

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 16:31:51, on 9/10/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16686)

CHROME: 30.0.1599.69

Boot mode: Safe mode

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Hijackthis\HijackThis.exe

C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\msdt.exe

C:\Windows\System32\sdiagnhost.exe

C:\Windows\system32\conhost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll

R3 - URLSearchHook: WhiteSmoke New V6 Toolbar - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - C:\Program Files\WhiteSmoke_New_V6\prxtbWhit.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: FreeSoundRecorder - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\IPS\IPSBHO.DLL

O2 - BHO: searchgol Helper Object - {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files\searchgol\searchgol\1.8.16.19\bh\searchgol.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll

O2 - BHO: WhiteSmoke New V6 - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - C:\Program Files\WhiteSmoke_New_V6\prxtbWhit.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: searchgol Toolbar - {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll

O3 - Toolbar: WhiteSmoke New V6 Toolbar - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - C:\Program Files\WhiteSmoke_New_V6\prxtbWhit.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKCU\..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU "C:\Windows\TEMP\E_SF8FE.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [ConduitFloatingPlugin_ibcgjcbeckcdemelifnledhihpaighfk] "C:\Windows\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3311268\plugins\TBVerifier.dll",RunConduitFloatingPlugin ibcgjcbeckcdemelifnledhihpaighfk

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Startup: Dropbox.lnk = Sara\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing)

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - MSN Games - Free Online Games

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

O23 - Service: Wsys Service (WsysSvc) - Unknown owner - C:\ProgramData\eSafe\eGdpSvc.exe (file missing)

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 12353 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll

R3 - URLSearchHook: WhiteSmoke New V6 Toolbar - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - C:\Program Files\WhiteSmoke_New_V6\prxtbWhit.dll

O2 - BHO: FreeSoundRecorder - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: searchgol Helper Object - {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files\searchgol\searchgol\1.8.16.19\bh\searchgol.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll

O2 - BHO: WhiteSmoke New V6 - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - C:\Program Files\WhiteSmoke_New_V6\prxtbWhit.dll

O3 - Toolbar: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll

O3 - Toolbar: searchgol Toolbar - {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll

O3 - Toolbar: WhiteSmoke New V6 Toolbar - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - C:\Program Files\WhiteSmoke_New_V6\prxtbWhit.dll

O4 - HKCU\..\Run: [ConduitFloatingPlugin_ibcgjcbeckcdemelifnledhihpaighfk] "C:\Windows\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3311268\plugins\TBVerifier.dll",RunConduitFloatingPlugin ibcgjcbeckcdemelifnledhihpaighfk

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing)

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU)

O20 - AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll

O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

chromelook; 
firefoxlook; 
startupall; 
filesrcm;
hijackthis;
autoclean;

  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Hartelijk bedankt alleszins voor je hulp.

Hier is het gevraagde logje:

Zoek.exe Version 4.0.0.5 Updated 09-October-2013

Tool run by Sara on vr 11/10/2013 at 15:56:29,67.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Sara\Downloads\zoek\zoek.exe [script inserted]

==== System Restore Info ======================

11/10/2013 15:58:34 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BDE9F0B-2749-461F-B2E9-3F8D242B712C} deleted successfully

HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{79C3AC89-42AB-475C-904A-0DBE14C0FD3D} deleted successfully

HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsysSvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WsysSvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BitGuard deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BitGuard deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]

@="C:\\Users\\Sara\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]

@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"bProtector Start Page"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\ProgramData\RMIRdBeVr1vxa0" deleted

"C:\ProgramData\~RMIRdBeVr1vxa0" deleted

"C:\ProgramData\~RMIRdBeVr1vxa0r" deleted

"C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx" deleted

"C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\bprotector web data" deleted

"C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted

"C:\Windows\System32\Tasks\DealPly" deleted

"C:\Windows\System32\Tasks\DealPlyUpdate" deleted

"C:\Users\Sara\Downloads\FreeYouTubeToMP3Converter.exe" deleted

"C:\Users\Sara\Downloads\SoftonicDownloader_voor_free-youtube-download.exe" deleted

"C:\Windows\system32\Tasks\EPUpdater" deleted

"C:\Windows\system32\tasks\BitGuard" deleted

"C:\user.js" deleted

"C:\END" deleted

"C:\Windows\system32\roboot.exe" deleted

"C:\Windows\System32\sho81D3.tmp" deleted

"C:\Windows\System32\shoCB82.tmp" deleted

"C:\Windows\System32\shoCC57.tmp" deleted

"C:\Windows\System32\shoF810.tmp" deleted

"C:\Users\Sara\AppData\Roaming\Delta" deleted

"C:\Windows\system32\appdata" deleted

"C:\Program Files\Softonic_English" deleted

"C:\Program Files\Delta" deleted

"C:\Program Files\Common Files\DVDVideoSoft\bin" deleted

"C:\Program Files\DealPly" deleted

"C:\Program Files\LyricsMonkey" deleted

"C:\Program Files\XingHaoLyrics" deleted

"C:\Program Files\WhiteSmoke_New_V6" deleted

"C:\Program Files\Conduit" deleted

"C:\Program Files\searchgol" deleted

"C:\Users\Sara\AppData\Roaming\BabSolution" deleted

"C:\Users\Sara\AppData\Roaming\Babylon" deleted

"C:\Users\Sara\AppData\Roaming\DealPly" deleted

"C:\Users\Sara\AppData\Roaming\Delta" deleted

"C:\Users\Sara\AppData\Roaming\searchgol" deleted

"C:\Users\Sara\AppData\Roaming\PerformerSoft" deleted

"C:\Users\Sara\AppData\Roaming\OpenCandy" deleted

"C:\Windows\system32\config\systemprofile\AppData\Roaming\DealPly" deleted

"C:\ProgramData\BitGuard" deleted

"C:\ProgramData\eSafe" deleted

"C:\ProgramData\IBUpdaterService" deleted

"C:\ProgramData\Babylon" deleted

"C:\Users\Sara\AppData\Local\CRE" deleted

"C:\Users\Sara\AppData\Local\Conduit" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly" deleted

"C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard" deleted

"C:\Users\Sara\AppData\LocalLow\Delta" deleted

"C:\Users\Sara\AppData\LocalLow\PriceGong" deleted

"C:\Users\Sara\AppData\LocalLow\Conduit" deleted

"C:\Users\Sara\AppData\LocalLow\Toolbar4" deleted

"C:\Windows\System32\searchplugins" deleted

"C:\Windows\System32\Extensions" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Sara\AppData\Local\Temp ====

2013-10-09 13:27:06 6A0F411CA91A97A709B98E114F4052D5 76344 ----a-w- C:\Users\Sara\AppData\Local\Temp\ct3311268\statisticsStub.exe

2013-10-09 13:26:15 4AE5F34AB33261FEB8B94F5FFC8E8F19 73543 ----a-w- C:\Users\Sara\AppData\Local\Temp\ct3311268\ctbe.exe

2013-10-09 13:26:04 8DE01B810296E6F5C49033C7F96CCE27 152096 ----a-w- C:\Users\Sara\AppData\Local\Temp\setup__3862.exe

2013-10-09 13:04:20 B212865E7E478A28A97268F960079A8D 132096 ----a-w- C:\Users\Sara\AppData\Local\Temp\4E333A09-BAB0-7891-9549-E553E3897DD3\Latest\BExternal.dll

2013-10-09 13:04:20 A21DE5067618D4F2DF261416315ED120 6144 ----a-w- C:\Users\Sara\AppData\Local\Temp\4E333A09-BAB0-7891-9549-E553E3897DD3\Latest\IEHelper.dll

2013-10-09 13:04:20 0F66E8E2340569FB17E774DAC2010E31 520234 ----a-w- C:\Users\Sara\AppData\Local\Temp\4E333A09-BAB0-7891-9549-E553E3897DD3\Latest\sqlite3.dll

2013-10-09 13:04:14 B4F54911FD477012FDABF5EF7EFAA945 1706064 ----a-w- C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\eGdpSvc.exe

2013-10-09 13:04:14 0B428B42B615A357666D3F5131878D62 629816 ----a-w- C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\eXQ.exe

2013-10-09 13:03:54 663C0061B5141CBFA401E578C36F129C 12612850 ----a-w- C:\Users\Sara\AppData\Local\Temp\is1244477948\345683676_Setup.EXE

2013-10-03 14:22:12 F8F24C37A1E930ECADB7736C69F3E7F4 488016 ------w- C:\Users\Sara\AppData\Local\Temp\is1244477948\cor_ar_qvo6.exe

2013-09-29 16:29:18 4B5B56BBC4D472D52C03C7DC6C33026D 734576 ------w- C:\Users\Sara\AppData\Local\Temp\is1244477948\SearchGol.exe

====== Java Cache =====

====== C:\Windows\system32 =====

====== C:\Windows\system32\drivers =====

2013-09-15 15:10:22 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys

====== C:\Windows\Tasks ======

2013-10-11 13:57:01 5E6236C7A74AB2E2FDBFDABFED28772F 2936 ----a-w- C:\Windows\system32\Tasks\{5029B598-40F2-45F7-8088-E5F27E072144}

2013-10-11 13:55:55 5E6236C7A74AB2E2FDBFDABFED28772F 2936 ----a-w- C:\Windows\system32\Tasks\{6B28D7A1-647A-4EB9-A5DE-F03C66F4A762}

2013-10-11 13:25:13 96A1DD0BD82AC72456635F119FC336B3 3080 ----a-w- C:\Windows\system32\Tasks\{8A7D41B4-95F3-4DA8-8B57-1098AD8964C9}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-10-09 13:25:47 -------- d-----w- C:\Program Files\Common Files\DVDVideoSoft

2013-10-09 13:25:46 -------- d-----w- C:\Program Files\DVDVideoSoft

======= C: =====

====== C:\Users\Sara\AppData\Roaming ======

2013-10-09 13:26:54 -------- d-----w- C:\Users\Sara\AppData\Locallow\WhiteSmoke_New_V6

2013-10-09 13:25:46 -------- d-----w- C:\Users\Sara\AppData\Roaming\DVDVideoSoft

2013-10-09 13:18:49 -------- d-----w- C:\Users\Sara\AppData\Local\Programs

====== C:\Users\Sara ======

2013-10-09 13:26:53 -------- d-----w- C:\ProgramData\Conduit

2013-10-09 13:26:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2013-10-09 12:59:59 6B16010C9C28A444D56E6E9358FF94EC 640864 ----a-w- C:\Users\Sara\Downloads\FreeYouTubeDownloaderInstallerIC.exe

====== C: exe-files ==

2013-10-10 15:48:32 EB8EEB98D01B5D31898D8E53C3789832 59784 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateBroker.exe

2013-10-10 15:48:32 CEFEBDB9E274BD90C12D131ED25CC819 59784 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe

2013-10-10 15:48:32 4AFFF5FE4E69C8E7C5F1E4F3511301CF 818968 ----a-w- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdateSetup.exe

2013-10-10 15:48:23 0DC0DE2966A6DBA4CFBF6639DF44F5BA 319880 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

2013-10-10 15:48:22 CF7B0E597C1F34E528285495721DEEE9 237960 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe

2013-10-10 15:48:22 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.21.165\GoogleUpdate.exe

2013-10-10 15:48:18 4AFFF5FE4E69C8E7C5F1E4F3511301CF 818968 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.165\GoogleUpdateSetup.exe

2013-10-10 00:34:53 4B78E9AE06F7C310E30EE2FA5B7EBC3C 1721296 ----a-w- C:\Program Files\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe

2013-10-10 00:34:46 BB4F6465EEB9ACAA5C60C36983740219 310352 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarUser_32_4814EB429669E41D.exe

2013-10-10 00:34:42 B9D8842FF3EDAC918039C6F62F322E9A 1073232 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe

2013-10-10 00:33:45 A30351F539D71D6199BD2295CC234E96 531424 ----a-w- C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4601.54\GoogleToolbarInstaller_updater_signed.exe

2013-10-09 14:41:21 09CC23CC2BAEF187A065108D0388DEA0 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-20367086-7761515-2426169248-1000\$IZN40WD.exe

2013-10-09 13:41:40 77CD01759537E0B7D0745BE451E5890D 2651192 ----a-w- C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

2013-10-09 13:40:43 E1B93ECBC9C0CB0575DDFE1EDD0C9838 1176256 ----a-w- C:\Program Files\DVDVideoSoft\unins001.exe

2013-10-09 13:27:06 6A0F411CA91A97A709B98E114F4052D5 76344 ----a-w- C:\Users\Sara\AppData\Local\Temp\ct3311268\statisticsStub.exe

2013-10-09 13:26:15 4AE5F34AB33261FEB8B94F5FFC8E8F19 73543 ----a-w- C:\Users\Sara\AppData\Local\Temp\ct3311268\ctbe.exe

2013-10-09 13:26:11 E1C9FE18705AFBED727733D5C271579A 2527288 ----a-w- C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe

2013-10-09 13:26:09 703FA3A7A7720CCF080DA114319E3EAE 6468376 ----a-w- C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe

2013-10-09 13:26:04 8DE01B810296E6F5C49033C7F96CCE27 152096 ----a-w- C:\Users\Sara\AppData\Local\Temp\setup__3862.exe

2013-10-09 13:25:59 F330AEEF34F027B875352BC48D5BD187 285240 ----a-w- C:\Program Files\Common Files\DVDVideoSoft\lib\ffmpeg.exe

2013-10-09 13:25:55 933308ACF5D8BC83308616C30EEBBBBA 243256 ----a-w- C:\Program Files\Common Files\DVDVideoSoft\lib\dvsservice.exe

2013-10-09 13:25:48 25E4395BCCF00E46D7F9D447F99A1781 305320 ----a-w- C:\Program Files\Common Files\DVDVideoSoft\lib\Uninstall.exe

2013-10-09 13:25:46 9F00B8BBAB6C44AB29037D711DCC417B 1176240 ----a-w- C:\Program Files\DVDVideoSoft\unins000.exe

2013-10-09 13:15:13 DB276D074E0C2080C3F69862AE7D5F91 27378952 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-20367086-7761515-2426169248-1000\$RZN40WD.exe

2013-10-09 13:04:14 B4F54911FD477012FDABF5EF7EFAA945 1706064 ----a-w- C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\eGdpSvc.exe

2013-10-09 13:04:14 0B428B42B615A357666D3F5131878D62 629816 ----a-w- C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\eXQ.exe

2013-10-09 13:03:54 663C0061B5141CBFA401E578C36F129C 12612850 ----a-w- C:\Users\Sara\AppData\Local\Temp\is1244477948\345683676_Setup.EXE

2013-10-09 12:59:59 6B16010C9C28A444D56E6E9358FF94EC 640864 ----a-w- C:\Users\Sara\Downloads\FreeYouTubeDownloaderInstallerIC.exe

=== C: other files ==

2013-10-11 13:52:03 9F5A5CB71AC30F5DC0E1BA73167BE4C1 156 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys

2013-10-09 13:04:14 2D0E258C08354FA84E5CB5D312B8E83F 416279 ----a-w- C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\newtab.crx

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"EPSON SX410 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU C:\Windows\TEMP\E_SF8FE.tmp /EF HKCU"

"Google Update"="C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe"

"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe"

"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"NBAgent"="C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe /WinStart"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"EPSON SX410 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU C:\Windows\TEMP\E_SF8FE.tmp /EF HKCU"

"Google Update"="C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

==== Startup Folders ======================

2013-10-02 12:55:06 1051 ----a-w- C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2012-07-22 14:29:07 937 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/07/2011 17:32]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-20367086-7761515-2426169248-1000Core.job --ah----- C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe [03/11/2011 18:41]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-20367086-7761515-2426169248-1000Core" [C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-20367086-7761515-2426169248-1000UA" [C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\WSCStub.exe"]

"C:\Windows\system32\tasks\Sara 08 02 13" [C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe]

"C:\Windows\system32\tasks\Sara backup" [C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe]

"C:\Windows\system32\tasks\Sara NBAgent 6 0" ["C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe"]

"C:\Windows\system32\tasks\Sara Nero LIVEBackup 6 0" [C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe]

"C:\Windows\system32\tasks\Sara Nero LIVEBackup Merge 6 0" ["C:\Program Files\Nero\Nero 11\Nero BackItUp\NBCore.exe"]

"C:\Windows\system32\tasks\{5029B598-40F2-45F7-8088-E5F27E072144}" [C:\Users\Sara\Downloads\zoek\zoek.exe]

"C:\Windows\system32\tasks\{6B28D7A1-647A-4EB9-A5DE-F03C66F4A762}" [C:\Users\Sara\Downloads\zoek\zoek.exe]

"C:\Windows\system32\tasks\Norton AntiVirus\Norton Error Analyzer" [C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\SymErr.exe]

"C:\Windows\system32\tasks\Norton AntiVirus\Norton Error Processor" [C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\SymErr.exe]

"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFF" [09/10/2013 19:52]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

aipfmkinhleccnodemkoofnnofpbbpac - C:\Users\Sara\AppData\Roaming\BabSolution\CR\searchgol.crx[]

eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\Sara\AppData\Roaming\BabSolution\CR\delta1.crx[]

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

ibcgjcbeckcdemelifnledhihpaighfk - C:\Users\Sara\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx[]

ifohbjbgfchkkfhphahclmkpgejiplfo - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx[]

khialnikbocfgkohdegnebhmmaifoglp - C:\Program Files\LyricsMonkey\Chrome.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

ibcgjcbeckcdemelifnledhihpaighfk - C:\Users\Sara\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx[]

Search-Gol Toolbar - Sara - Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac

YouTube - Sara - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Kotnet Login - Sara - Default\Extensions\cmbaobaaddnblbcnfjpmikfbdcpmncid

Google Search - Sara - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

AdBlock - Sara - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

WhiteSmoke New V6 - Sara - Default\Extensions\ibcgjcbeckcdemelifnledhihpaighfk

Select City - Sara - Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo

Lyrics Monkey - Sara - Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp

Chrome In-App Payments service - Sara - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Sara - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac deleted successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aipfmkinhleccnodemkoofnnofpbbpac_0.localstorage deleted successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcgjcbeckcdemelifnledhihpaighfk deleted successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibcgjcbeckcdemelifnledhihpaighfk_0.localstorage deleted successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibcgjcbeckcdemelifnledhihpaighfk_0.localstorage-journal deleted successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ibcgjcbeckcdemelifnledhihpaighfk_0 deleted successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo deleted successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage deleted successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{3BDE9F0B-2749-461F-B2E9-3F8D242B712C}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BDE9F0B-2749-461F-B2E9-3F8D242B712C}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{F9341B97-B18A-4EFD-B887-31AA9F3CF275} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox"

==== Reset Google Chrome ======================

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lyricsmonkey@mendoni.net deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-20367086-7761515-2426169248-1000\Software\Mozilla\Firefox\Extensions\lyricsmonkey@mendoni.net deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Gast\Desktop\VNC Viewer 4.lnk - C:\Program Files\RealVNC\VNC4\vncviewer.exe

C:\Users\Sara\Desktop\Dropbox.lnk - C:\Users\Sara\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Sara\Desktop\Free Sound Recorder.lnk - C:\Program Files\Free Sound Recorder\FreeSoundRecorder.exe

C:\Users\Sara\Desktop\Microsoft Excel.lnk - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Users\Sara\Desktop\Microsoft Word.lnk - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Users\Sara\Desktop\PIXresizer.lnk - C:\Program Files\PIXresizer\PIXresizer.exe

C:\Users\Sara\Desktop\System Check.lnk - C:\ProgramData\RMIRdBeVr1vxa0.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Download Assistant.lnk - C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe

C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Users\Public\Desktop\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe

C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

C:\Users\Public\Desktop\Google SketchUp 8.lnk - C:\Program Files\Google\Google SketchUp 8\SketchUp.exe

C:\Users\Public\Desktop\Nero BackItUp 11.lnk -

C:\Users\Public\Desktop\Norton AntiVirus.lnk - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\uistub.exe

C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe

C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk - C:\Program Files\Atari\RollerCoaster Tycoon 3 Platinum\RCT3plus.exe

C:\Users\Public\Desktop\µTorrent.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6

C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6

C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Sara\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe QVO6

C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Sara\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free Studio Manager.lnk - C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files\Common Files\DVDVideoSoft\bin\DVSSysReport.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs.lnk - C:\Users\Sara\AppData\Roaming\DVDVideoSoft\DVDVideoSoft

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Rocket Subscription.lnk - C:\Program Files\Common Files\DVDVideoSoft\bin\SubscriptionOffer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files\Common Files\DVDVideoSoft\lib\Uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk - C:\ProgramData\RMIRdBeVr1vxa0.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel.lnk - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office 2010 component.lnk - C:\Program Files\Microsoft Office\Office14\ACCICONS.EXE

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft OneNote.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint.lnk - C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word.lnk - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\System32\mspaint.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe QVO6

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft PowerPoint 2010.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft PowerPoint 2010 9014006204130000"

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Verkenner.lnk - C:\Windows\explorer.exe

==== shortcuts After Repair ======================

C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aipfmkinhleccnodemkoofnnofpbbpac deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ibcgjcbeckcdemelifnledhihpaighfk deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\khialnikbocfgkohdegnebhmmaifoglp deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ibcgjcbeckcdemelifnledhihpaighfk deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\IPS\IPSBHO.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKCU\..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU "C:\Windows\TEMP\E_SF8FE.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Startup: Dropbox.lnk = Sara\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - MSN Games - Free Online Games

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Sara\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Sara\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0R1QZA3 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Sara\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0R1QZA3" not found

==== EOF on vr 11/10/2013 at 16:54:09,68 ======================

Link naar reactie
Delen op andere sites

Dubbelklik op Zoek.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  C:\Program Files\Common Files\DVDVideoSoft
 C:\Program Files\DVDVideoSoft
 C:\Users\Sara\AppData\Locallow\WhiteSmoke_New_V6
 C:\Users\Sara\AppData\Roaming\DVDVideoSoft
 C:\ProgramData\Conduit
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
 C:\Users\Sara\AppData\Local\Temp\eIntaller\A138368873E14767B1BB7C49138202F1\newtab.crx;f
 C:\Users\Sara\AppData\Roaming\BabSolution\CR\delta1.crx;f
 C:\Program Files\DealPly\DealPly.crx;f
 C:\Users\Public\Desktop\µTorrent.lnk;f
 C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk;f
 C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk;f
 C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Sara\AppData\Local\Google\Chrome\Application\chrome.exe;f
 C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk;f
 C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk;f
 C:\Users\Sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk;f

  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.