Mededeling

**Juisterr** · 13-08-13, 11:50

Probeer dit eens.

Download zoek.exe naar het bureaublad.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.
Dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Code:
```
emptyclsid;
firefoxlook; 
Chromelook; 
autoclean; 
iedefaults;
```
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht als bijlage.

**Mustang** · 13-08-13, 12:57

Ik heb het uitgevoerd. Hier is het logje:

Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by kim on di 13-08-2013 at 13:05:34,88.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\kim\Desktop\zoek.exe [Script inserted]

==== System Restore Info ======================

13-8-2013 13:07:45 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default

user.js not found
---- Lines imesh removed from prefs.js ----

---- Lines imesh modified from prefs.js ----

---- Lines yontoo removed from prefs.js ----

---- Lines yontoo modified from prefs.js ----

user_pref("extensions.enabledAddons", "{C2C2A16E-2E64-478A-992C-82E136577FCD}:5.0.0.7281,[email protected]:1.20.02,[email protected]:15.4.0.5,{4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1251905532940},\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\Program Files\\\\McAfee\\\\SiteAdvisor\",\"mtime\":1376157534489},\"[email protected]\":{\"descriptor\":\"C:\\\\Pr ogramData\\\\AVG Secure Search\\\\FireFoxExt\\\\15.4.0.5\",\"mtime\":1375221917008},\"[email protected]_4z.com \":{\"descriptor\":\"C:\\\\Program Files\\\\VideoDownloadConverter_4z\\\\bar\\\\1.bin\",\"mtime\":1368896637346}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1353248707931}}},{\"name\":\"app-profile\",\"addons\":{\"[email protected]_4z.com\":{\"descriptor\":\"C:\\\\Users\\\\ki m\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2h3hx9kb.default\\\\extensions\\\\4zffx [email protected]_4z.com\",\"mtime\":1368896618250},\"[email protected]\":{\"descriptor\":\ "C:\\\\Users\\\\kim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2h3hx9kb.default\\\\e xtensions\\\\[email protected]\",\"mtime\":1368898828063},\"{503e067f-2914-4edd-8432-2d6c52635e23}\":{\"descriptor\":\"C:\\\\Users\\\\kim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\ Profiles\\\\2h3hx9kb.default\\\\extensions\\\\{503e067f-2914-4edd-8432-2d6c52635e23}\",\"mtime\":1368897591130},\"{C2C2A16E-2E64-478A-992C-82E136577FCD}\":{\"descriptor\":\"C:\\\\Users\\\\kim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\ Profiles\\\\2h3hx9kb.default\\\\extensions\\\\{C2C2A16E-2E64-478A-992C-82E136577FCD}\",\"mtime\":1368897527452},\"{d50dcc43-2971-45e3-a12b-b05dd8997be6}\":{\"descriptor\":\"C:\\\\Users\\\\kim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\ Profiles\\\\2h3hx9kb.default\\\\extensions\\\\{d50dcc43-2971-45e3-a12b-b05dd8997be6}\",\"mtime\":1368898873203}}}]");

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 1);

---- Lines browser.startup.page modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_13-08-2013_1313_.backup

==== Deleting Files \ Folders ======================

"C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default\extensions\[email protected] " not found
"C:\Windows\system32\tasks\Desk 365 RunAsStdUser" deleted
"C:\Windows\System32\Tasks\Browser Updater" deleted
"C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default\imeshtoolbar" deleted
"C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default\imeshtoolbar" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default
- Undetermined - C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
- Undetermined - C:\Program Files\McAfee\SiteAdvisor
- New Tab - %ProfilePath%\extensions\{C2C2A16E-2E64-478A-992C-82E136577FCD}

==== Firefox Plugins ======================

Profilepath: C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default
F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
0132218093298D7F72A40222F4FBF04F - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2
A7DA4A3F6E86E55E25F60D2BA46B24D0 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2
CE1411064661AFB6DC4E18BACB50BF61 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2
052575195474BA9646272680BF993D64 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2
A8CD2D78D83C1466BB81BBC94A6C96A3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2
136ECFCBEA4FBFF8918D3B4AE2729C7F - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2
1E17EB861D4EAD9CAC51C246B5E3426A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2
D28AD1CB902AC6D228532812D3850C7D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
BCA175A4D68910B97C9391F2B5F02A4D - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
CF46E0E1398B382CE0CE738C67A38DD1 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
7ABA2EAB736F7E9EB0E03ACAA42CCB51 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight

==== Deleting Files \ Folders ======================

"C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default\extensions\{C2C2A16E-2E64-478A-992C-82E136577FCD}" deleted

==== Chrome Look ======================

Docs - kim - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - kim - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - kim - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - kim - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Norton Identity Protection - kim - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Gmail - kim - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=44958&st=bs&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=44958&st=bs&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=44958&st=bs&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search/?q=%s"
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"
{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} Unknown Url="Not_Found"
{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
HKEY_USERS\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
HKEY_USERS\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} deleted successfully
HKEY_USERS\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\kim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

**Juisterr** · 13-08-13, 14:31

Delta werd niet gevonden?

Download AdwCleaner by Xplode naar het bureaublad.

Sluit alle openstaande vensters.
Dubbelklik op AdwCleaner om hem te starten.
Klik vervolgens op Verwijderen.
Klik bij AdwCleaner – Informatie op OK
Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.
Nadat de PC opnieuw is opgestart, opent een logfile.
Post aansluitend de inhoud van dit log in je volgende bericht als bijlage.

vertel ook even hoe het nu gaat aub.

**Mustang** · 13-08-13, 15:18

Hallo Juisterr,

Ik zit inmiddels op mijn werk, dus ik kan tot vanavond 23:00 uur niets doen.
Ik heb dat programma al op de laptop staan en ook al een aantal keer laten draaien.

adwCleaner heeft voor mij het probleem Yontoo de nek omgedraaid.
Ik heb met het programma Revo uninstaller ook al een een deel van Delta verwijderd. Maar ik kan nog steeds de homepage niet wijzigen. Hij blijft Delta-homes als startpagina houden. Dit had ik overigens al gedaan voordat ik dit bericht had geplaatst.

Ik hoop je zo voorlopig voldoende te hebben geinformeerd.

Gr.

**Juisterr** · 13-08-13, 16:59

Ik snap het, vandaar dat ik hem niet meer zien kan.
We gaan hem opzoeken.

Download OTL naar je Bureaublad

Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
Zet een vinkje bij Scan All Users.
Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
- Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
- Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.

**Mustang** · 13-08-13, 23:04

Hier zijn de 2 logjes:

1. OTL.txt

OTL logfile created on: 13-8-2013 23:35:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kim\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1,93 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 34,02% Memory free
4,10 Gb Paging File | 2,43 Gb Available in Paging File | 59,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,02 Gb Total Space | 4,04 Gb Free Space | 5,86% Space Free | Partition Type: NTFS
Drive D: | 69,02 Gb Total Space | 68,90 Gb Free Space | 99,82% Space Free | Partition Type: NTFS

Computer Name: PC_VAN_KIM | User Name: kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-08-13 23:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.com
PRC - [2013-08-13 13:18:52 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\kim\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2013-08-12 21:06:50 | 005,703,408 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013-05-23 22:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013-03-09 20:33:03 | 007,330,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgmfapx.exe
PRC - [2012-12-11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012-11-16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012-10-30 05:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012-10-22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012-10-22 14:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012-10-22 14:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2009-10-28 11:57:22 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-09-01 03:17:00 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008-06-11 10:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008-04-28 09:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008-04-15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008-04-15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008-03-21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008-01-16 11:16:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006-11-03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2013-08-11 13:20:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59375bfcbdf9a51a963b71c10f6204d4 \System.Runtime.Remoting.ni.dll
MOD - [2013-08-11 13:19:46 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xm l.ni.dll
MOD - [2013-08-11 13:19:09 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91 \System.Windows.Forms.ni.dll
MOD - [2013-08-11 13:18:48 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\Syste m.Drawing.ni.dll
MOD - [2013-08-11 13:16:20 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll
MOD - [2013-08-11 13:15:37 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni .dll
MOD - [2011-11-02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-11-02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009-03-31 20:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009-01-14 04:53:06 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009-01-14 04:53:06 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008-06-11 10:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008-04-28 10:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

========== Services (SafeList) ==========

SRV - [2013-06-12 20:53:58 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-23 22:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012-11-16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-10-22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012-10-02 03:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009-10-28 11:57:22 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008-04-15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008-03-21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008-01-21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-16 11:16:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012-11-16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012-10-22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012-10-15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012-10-02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012-09-21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-09-21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012-09-21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012-09-14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-07-22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008-07-28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-07-22 09:46:22 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008-06-05 04:01:14 | 000,146,688 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2008-04-08 03:22:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008-03-21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007-04-17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007-01-31 19:01:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006-12-05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage:
FF - prefs.js..extensions.enabledAddons: {C2C2A16E-2E64-478A-992C-82E136577FCD}:5.0.0.7281
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.02
FF - prefs.js..extensions.enabledAddons: [email protected]:15.4.0.5
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

[2011-12-31 20:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\mozilla\Extensions
[2013-08-13 13:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\mozilla\Firefox\Profiles\2h3hx9kb.default\extensions
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.4.0.5
File not found (No name found) -- C:\USERS\KIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H3HX9KB.DEFAULT\EXTENSIONS\{C2C2A16E-2E64-478A-992C-82E136577FCD}
File not found (No name found) -- C:\USERS\KIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H3HX9KB.DEFAULT\EXTENSIONS\[email protected]
[2013-07-05 20:11:01 | 000,000,793 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: Docs = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Norton Identity Protection = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-84923639-2516154625-2707148456-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005

- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD54D1C7-7B66-4288-B527-91A00FF911FC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF2A9FCC-3244-44C7-89B6-BD11F31A5BD0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f7ab4cfe-7ed0-11df-bcfa-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{f7ab4cfe-7ed0-11df-bcfa-806e6f6e6963}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-08-13 23:32:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.com
[2013-08-13 13:18:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013-08-13 13:15:57 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013-08-13 13:15:57 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\Temp
[2013-08-13 13:04:22 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\CrashDumps
[2013-08-13 11:05:41 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\kim\Desktop\dds.com
[2013-08-13 10:24:36 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\SUPERAntiSpyware.com
[2013-08-13 10:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013-08-13 10:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013-08-13 10:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013-08-12 19:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013-08-12 19:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013-08-12 18:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013-08-12 18:30:08 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013-08-12 16:09:19 | 000,000,000 | ---D | C] -- C:\Users\kim\Option
[2013-08-11 21:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013-08-11 21:10:59 | 009,167,352 | ---- | C] (SurfRight B.V.) -- C:\Users\kim\Desktop\HitmanPro.exe
[2013-08-11 21:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013-08-11 15:49:20 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Malwarebytes
[2013-08-11 15:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-08-11 15:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-08-11 15:48:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013-08-11 15:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-08-11 15:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013-08-11 14:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2013-08-11 14:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013-08-11 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2013-08-11 12:21:14 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2013-08-11 12:20:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013-08-11 11:43:01 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\Windows Live
[2013-08-11 09:02:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013-08-11 08:41:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2013-08-11 08:41:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2013-08-11 08:41:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2013-08-11 08:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013-08-11 08:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-08-10 20:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2013-08-13 23:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.com
[2013-08-13 23:31:16 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013-08-13 23:31:16 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013-08-13 23:31:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013-08-13 23:30:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-08-13 23:30:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-08-13 23:30:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-08-13 23:30:39 | 2070,831,104 | -HS- | M] () -- C:\hiberfil.sys
[2013-08-13 13:52:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-08-13 13:03:32 | 001,276,904 | ---- | M] () -- C:\Users\kim\Desktop\zoek.exe
[2013-08-13 11:25:49 | 000,377,856 | ---- | M] () -- C:\Users\kim\Desktop\t5kwl6o3.exe
[2013-08-13 11:11:25 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9675ccde-b129-4066-bab1-de9d7511e303.job
[2013-08-13 11:11:25 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 81e92a0d-f2c1-4011-8d3f-0af91e5ee672.job
[2013-08-13 11:05:41 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\kim\Desktop\dds.com
[2013-08-13 10:46:29 | 000,000,000 | ---- | M] () -- C:\Users\kim\defogger_reenable
[2013-08-13 10:46:12 | 000,000,680 | ---- | M] () -- C:\Users\kim\AppData\Local\d3d9caps.dat
[2013-08-13 10:46:10 | 000,050,477 | ---- | M] () -- C:\Users\kim\Desktop\Defogger.exe
[2013-08-13 10:39:32 | 000,000,079 | ---- | M] () -- C:\Windows\WININIT.INI
[2013-08-13 10:30:00 | 000,000,947 | ---- | M] () -- C:\Users\kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013-08-13 10:24:25 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013-08-12 18:30:08 | 000,001,061 | ---- | M] () -- C:\Users\kim\Desktop\Revo Uninstaller.lnk
[2013-08-12 18:06:15 | 000,733,468 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013-08-12 18:06:15 | 000,642,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-08-12 18:06:15 | 000,154,704 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013-08-12 18:06:15 | 000,121,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-08-11 21:40:57 | 000,000,604 | ---- | M] () -- C:\Windows\System32\.crusader
[2013-08-11 21:25:05 | 000,666,633 | ---- | M] () -- C:\Users\kim\Desktop\AdwCleaner.exe
[2013-08-11 21:10:59 | 009,167,352 | ---- | M] (SurfRight B.V.) -- C:\Users\kim\Desktop\HitmanPro.exe
[2013-08-11 15:49:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-08-11 13:57:26 | 000,000,497 | ---- | M] () -- C:\Windows\Temp - Snelkoppeling.lnk
[2013-08-11 13:11:03 | 000,375,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-08-11 13:04:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2013-08-11 13:04:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013-08-11 10:58:09 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2013-08-11 10:58:09 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2013-08-11 10:57:41 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013-08-10 22:04:20 | 000,274,774 | ---- | M] () -- C:\Users\kim\AppData\Local\census.cache
[2013-08-10 22:03:50 | 000,180,678 | ---- | M] () -- C:\Users\kim\AppData\Local\ars.cache
[2013-08-10 21:08:03 | 000,000,036 | ---- | M] () -- C:\Users\kim\AppData\Local\housecall.guid.cache
[2013-08-10 20:51:07 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013-08-13 13:03:31 | 001,276,904 | ---- | C] () -- C:\Users\kim\Desktop\zoek.exe
[2013-08-13 11:25:33 | 000,377,856 | ---- | C] () -- C:\Users\kim\Desktop\t5kwl6o3.exe
[2013-08-13 10:46:29 | 000,000,000 | ---- | C] () -- C:\Users\kim\defogger_reenable
[2013-08-13 10:46:06 | 000,050,477 | ---- | C] () -- C:\Users\kim\Desktop\Defogger.exe
[2013-08-13 10:24:54 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9675ccde-b129-4066-bab1-de9d7511e303.job
[2013-08-13 10:24:54 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 81e92a0d-f2c1-4011-8d3f-0af91e5ee672.job
[2013-08-13 10:24:25 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013-08-13 05:09:57 | 000,000,680 | ---- | C] () -- C:\Users\kim\AppData\Local\d3d9caps.dat
[2013-08-12 19:03:15 | 2070,831,104 | -HS- | C] () -- C:\hiberfil.sys
[2013-08-12 18:30:08 | 000,001,061 | ---- | C] () -- C:\Users\kim\Desktop\Revo Uninstaller.lnk
[2013-08-11 21:40:57 | 000,000,604 | ---- | C] () -- C:\Windows\System32\.crusader
[2013-08-11 21:24:32 | 000,666,633 | ---- | C] () -- C:\Users\kim\Desktop\AdwCleaner.exe
[2013-08-11 15:49:02 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-08-11 15:09:03 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013-08-11 13:57:26 | 000,000,497 | ---- | C] () -- C:\Windows\Temp - Snelkoppeling.lnk
[2013-08-11 13:04:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2013-08-11 13:04:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013-08-11 12:20:54 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013-08-11 12:20:25 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013-08-11 12:19:16 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013-08-11 10:57:41 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013-08-11 10:15:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013-08-11 10:15:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013-08-11 08:52:31 | 000,000,947 | ---- | C] () -- C:\Users\kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013-08-10 22:04:20 | 000,274,774 | ---- | C] () -- C:\Users\kim\AppData\Local\census.cache
[2013-08-10 22:03:50 | 000,180,678 | ---- | C] () -- C:\Users\kim\AppData\Local\ars.cache
[2013-08-10 21:08:03 | 000,000,036 | ---- | C] () -- C:\Users\kim\AppData\Local\housecall.guid.cache
[2013-08-10 20:51:07 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-08-10 20:20:15 | 000,000,079 | ---- | C] () -- C:\Windows\WININIT.INI
[2011-10-05 20:53:15 | 000,124,912 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010-03-20 12:51:40 | 000,037,888 | ---- | C] () -- C:\Users\kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-29 14:50:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2006-11-02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-10-13 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-10-13 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2011-08-24 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Amsterdams Poker
[2012-02-20 19:34:45 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\AVG
[2012-10-07 03:02:58 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\AVG2013
[2009-08-16 17:39:00 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\eSobi
[2013-08-10 20:34:12 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\IObit
[2013-05-18 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\MusicNet
[2011-12-31 22:15:05 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\redsn0w
[2012-10-06 15:58:30 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\TuneUp Software
[2011-08-24 20:53:08 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\YoyPoker

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

**Mustang** · 13-08-13, 23:05

2. Extras.txt

OTL Extras logfile created on: 13-8-2013 23:35:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kim\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1,93 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 34,02% Memory free
4,10 Gb Paging File | 2,43 Gb Available in Paging File | 59,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,02 Gb Total Space | 4,04 Gb Free Space | 5,86% Space Free | Partition Type: NTFS
Drive D: | 69,02 Gb Total Space | 68,90 Gb Free Space | 99,82% Space Free | Partition Type: NTFS

Computer Name: PC_VAN_KIM | User Name: kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{307D078E-716A-4F5D-A494-DEDFADB0C020}" = lport=138 | protocol=17 | dir=in | app=system |
"{3277A07D-B1B4-4C04-BF72-2C92210AAB06}" = rport=138 | protocol=17 | dir=out | app=system |
"{33DF3206-D5ED-4208-8E11-9E83DF02A9C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{6372E240-4870-4A8A-ADED-BC47F8A217B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A1BBC58-AADF-4E4B-8D4D-8A1C8C250C6E}" = lport=137 | protocol=17 | dir=in | app=system |
"{7C4DB140-00D0-4021-A38A-7019F1E089C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A3F27051-571D-4510-8157-5A7C32F9633D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A670CC42-CA87-407B-A33E-D8E27C205615}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8777FA2-C979-4E49-8FCA-8C173B984039}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AB1BBDCE-1680-423A-B47D-A53C4C2A1AE2}" = rport=139 | protocol=6 | dir=out | app=system |
"{B0AA7D7F-C6B0-41B2-9164-DB338F5DD8F3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C089CBB9-FB47-4BFD-AF34-473B3529C5F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E93A8B0D-4F82-4BCF-AA00-CC968E952650}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{08C70D27-C1A6-4CBB-B5D6-A980C2D86182}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{11985BF7-AABC-45A0-B26F-1A1802475A11}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1FB93B7E-E226-46F5-B598-0B0D9A2F8CED}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{27F64EA8-581F-44A3-8DFE-B2ED4553AA51}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{364D3B8A-7A89-4BCD-8B8C-0781C9E80A5A}" = protocol=58 | dir=out | [email protected],-28546 |
"{42A7716F-3E4B-426E-8FA1-88B7BB6B9202}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{4401D6C9-9FE2-4674-BDDC-BFE877E8259D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{4403B877-0B86-4BAC-9BE1-B465CFCFC0A1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{569B75CA-DBAC-4BB8-9752-83E9429F82A1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5B37CF47-DF9C-420A-865B-957F4A489B19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D06C567-A4D9-4A2D-B144-AE256CAC38E1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7FE4161C-F4B1-45E9-8278-52534C9FB67C}" = protocol=58 | dir=in | [email protected],-28545 |
"{86D82524-D09D-479D-9F8B-503E462C1EAF}" = protocol=1 | dir=in | [email protected],-28543 |
"{B52D8E0C-08F2-4231-85F8-BFA6A8316FE1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{CC44485B-1989-4AAD-9061-BE00BD6734E4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{D08EF787-0F24-4BD5-BA05-1D0EEA4B2338}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{D452F86F-C188-484D-89D7-F00D9041B949}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D85E10EE-D7FF-4D99-AF7B-1BBA06EDA4EC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{E67CE904-43E4-4B5E-A74B-CBA88979D0DC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{E7FB8883-3E44-4EA3-9F5D-1025AFCE9C13}" = protocol=1 | dir=out | [email protected],-28544 |
"{F223100C-83E4-4EE6-BC49-F18C1E6D5F3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F4333165-4010-44E8-9864-C486068B2955}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FBC22EFC-44B6-4592-95E3-F35222680570}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}" = AVG 2013
"{0680FE0B-DEBA-419F-A0AC-8D990F32DE60}" = AVG 2013
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FE93ACC-83FB-4FE5-9147-8BAD2D33E2EF}" = AVG 2012
"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013
"{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACBE725-9800-54D0-4B4B-4B1BD3E97E7E}" = FlipShare
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E0C89A4-4040-47C7-AD0C-0E8226B6AFE2}" = AVG 2012
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{55CCA8B6-977B-4CAC-8762-68394171E4AB}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6669B6EE-2335-49FA-BDEF-4D3419AAFF68}" = Microsoft SQL Server Native Client
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business-verbindingsonderdelen
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1043-7B44-A95000000001}" = Adobe Reader 9.5.5 - Nederlands
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBBB226E-2289-4D29-8E5C-1331E7D71ED9}" = AVG 2013
"{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
"{cd4c80be-63bf-48c0-b95b-b3d8b3d97739}" = Business Contact Manager voor Outlook 2007 SP2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.59.528
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D836006A-10F3-4069-B4FF-1A78D2B70234}" = Microsoft SQL Server Setup-ondersteuningsbestanden (Engels)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8E5ED05-E8CE-4313-A18C-49723394E0C9}" = Microsoft SQL Server VSS Writer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2013
"Business Contact Manager" = Business Contact Manager voor Outlook 2007 SP2
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"Revo Uninstaller" = Revo Uninstaller 1.94
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AmsterdamsPoker_21_0" = Amsterdams Poker
"YoyPoker_102_0" = YoyPoker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10-8-2013 13:48:27 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10-8-2013 13:48:27 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 106923

Error - 10-8-2013 13:48:27 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 106923

Error - 10-8-2013 13:48:29 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10-8-2013 13:48:29 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 108171

Error - 10-8-2013 13:48:29 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 108171

Error - 10-8-2013 13:56:53 | Computer Name = PC_van_kim | Source = Application Error | ID = 1000
Description = Toepassing met fout iexplore.exe, versie 7.0.6001.18639, tijdstempel
0x4db02c95, module met fout searchresultstb.dll, versie 5.0.8.244, tijdstempel
0x50b69ae6, uitzonderingscode 0xc0000005, foutmarge 0x00016b3c, proces-id 0x3734,
starttijd van toepassing 0x01ce95f2d653bf40.

Error - 10-8-2013 14:03:10 | Computer Name = PC_van_kim | Source = Application Error | ID = 1000
Description = Toepassing met fout Explorer.EXE, versie 6.0.6001.18164, tijdstempel
0x4907e242, module met fout edis.dll_unloaded, versie 0.0.0.0, tijdstempel 0x518a04a1,
uitzonderingscode 0xc0000005, foutmarge 0x6baa32c3, proces-id 0xc18, starttijd van
toepassing 0x01ce87dc9867960a.

Error - 10-8-2013 14:07:11 | Computer Name = PC_van_kim | Source = Application Hang | ID = 1002
Description = Programma iexplore.exe, versie 7.0.6001.18639 reageert niet meer op
Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem
beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en
-oplossingen in het Configuratiescherm controleren. Proces-id: 3080 Starttijd: 01ce95f40cf96990
Eindtijd:
31

Error - 10-8-2013 14:31:08 | Computer Name = PC_van_kim | Source = WinMgmt | ID = 10
Description =

Error - 10-8-2013 14:40:42 | Computer Name = PC_van_kim | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 13-8-2013 7:17:49 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7006
Description =

Error - 13-8-2013 7:17:49 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7024
Description =

Error - 13-8-2013 7:32:43 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7030
Description =

Error - 13-8-2013 7:32:44 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7030
Description =

Error - 13-8-2013 7:32:44 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7030
Description =

Error - 13-8-2013 7:32:45 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7030
Description =

Error - 13-8-2013 7:32:46 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7030
Description =

Error - 13-8-2013 17:31:00 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7006
Description =

Error - 13-8-2013 17:31:00 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7006
Description =

Error - 13-8-2013 17:31:14 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7024
Description =

< End of report >

**Juisterr** · 14-08-13, 10:58

Het is een plug-in bij Firefox. Eens kijken of hij zo weg wil.

Start OTL opnieuw.

Kopieer en plak In het Custom Scans/Fixes veld de onderstaande code.

Code:

:Commands
[CREATERESTOREPOINT]
:OTL
[2013-07-05 20:11:01 | 000,000,793 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
[reboot]

Klik op Run Fix bovenaan.
Laat het programma ongehinderd werken, herstart de computer als het klaar is en sla de log op die verschijnt.
Open OTL weer en klik op Quick Scan bovenaan.
Plaats de log van de "Quick Scan" en van de "Fix" beide als bijlage in het volgende bericht.

**Mustang** · 14-08-13, 12:05

OTL1.Txt

Het fix logje kan ik niet vinden. Er staan wel 2 .ini configuratie bestanden op mijn bureaublad.

Voor jou informatie, ik heb eerder al google chrome en mozilla FF verwijderd van de computer. Ik maak gebruik van IE. Daar heb ik nog steeds delta-homes als startpagina en deze is nog steeds niet te wijzigen.

**Juisterr** · 14-08-13, 17:11

Ok, eens kijken of we die wegkrijgen.

Download Shortcut Cleaner (mirror)

Dubbelklik op sc-cleaner.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Wanneer de tool gereed is krijgt u de melding "A log file called sc-cleaner.txt has been created on your desktop and will be shown automatically. This file contains those shortcuts hijacked by this malware." te zien.
Klik op Ok en plaats de inhoud van sc-cleaner.txt in het volgende bericht

**Mustang** · 14-08-13, 18:46

Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)

BleepingComputer

http://www.bleepingcomputer.com/

BleepingComputer.com is a premier destination for computer users of all skill levels to learn how to use and receive support for their computer.

Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:

Download Shortcut Cleaner

http://www.bleepingcomputer.com/download/shortcut-cleaner/

Shortcut Cleaner is a utility that will scan your computer for Windows shortcuts that have been hijacked by unwanted or malicious software. When Shortcut Cleaner finds bad shortcuts, it will automatically clean them so that they do not open unwanted programs.

Windows Version: Windows Vista (TM) Business Service Pack 2
Program started at: 08/14/2013 07:45:23 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\kim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\kim\Desktop

0 bad shortcuts found.

Program finished at: 08/14/2013 07:45:35 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

**Juisterr** · 14-08-13, 19:24

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

**Mustang** · 14-08-13, 20:53

ComboFix.txt

Hierbij het logje van combofix. Het delta-homes probleem is opgelost. ik kan nu weer de startpagina instellen zoals ik dat wil.

**Juisterr** · 15-08-13, 08:57

Kijk eens aan, CF logje ziet er goed uit, verder nog problemen?

Mededeling

Delta-homes en meer

Delta-homes en meer

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment