Blokkeren en/of verwijderenPUP.Optional.BrowserDefender.A

[John Veldhuijzen]

F-Secure, IObit, ASC en Hitmanpro had ik al eerder geëlimineerd maar blijkbaar zijn er van die programas nog wat resten blijven hangen in de PC. Mijn wens ik door te gaan met AVAST en Malwarebytes Pro. Hierbij de Zoek-resultaten:


Zoek.exe Version 4.0.0.5 Updated 24-November-2013
Tool run by John - HP on 27/11/2013 at 17:11:32.09.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\John - HP\Desktop\zoek\zoek.scr [Script inserted] [Checkboxes used]

==== System Restore Info ======================

27/11/2013 05:16:20 p.m. Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2037617763-37790152-1471653923-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A479E13B-DBEA-4015-A061-D714D56A7156} deleted successfully
HKEY_USERS\S-1-5-21-2037617763-37790152-1471653923-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B3814768-A6BE-4FC6-ADEE-92DDD06872E3} deleted successfully
HKEY_USERS\S-1-5-21-2037617763-37790152-1471653923-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFCD7143-E8C1-4516-A577-637C22B5BD67} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

Added to C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:
user_pref("browser.startup.homepage", "http://websearch.search-guide.info/?pid=924&r=2013/11/07&hid=15774712729319013375&lg=EN&cc=HN&unqvl=40");
user_pref("browser.search.defaulturl",

"http://websearch.search-guide.info/?pid=924&r=2013/11/07&hid=15774712729319013375&lg=EN&cc=HN&unqvl=40&l=1&q=");
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref

("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref

("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("keyword.URL", "http://websearch.search-guide.info/?

pid=924&r=2013/11/07&hid=15774712729319013375&lg=EN&cc=HN&unqvl=40&l=1&q=");

Added to C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://us.yahoo.com?fr=fp-comodo");
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
user_pref("keyword.URL", "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=800236&ilc=12&p=");

Added to C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ----


ProfilePath: C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\0

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_112013_0533_.backup

ProfilePath: C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_112013_0533_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{64A68AAD-B78B-AD7D-E505-6AE8A43AA669}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E610EA41-73A6-F53A-84EB-6672A1D00DA0}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\ Windows\CurrentVersion\Run]
"mobilegeni daemon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Users\John - HP\AppData\Roaming\iminent deleted
C:\Program Files (x86)\Iminent deleted
C:\Program Files (x86)\qualitink deleted
C:\Program Files (x86)\PutLockerDownloader.com deleted
C:\Program Files (x86)\WebSearch deleted
C:\ProgramData\saurf aNd kieep deleted
C:\ProgramData\5d814af22050297f deleted
C:\Program Files (x86)\saurf aNd kieep deleted
C:\ProgramData\InstallMate deleted
C:\Windows\AutoKMS deleted
C:\ProgramData\Malwarebytes' Anti-Malware (portable) deleted
C:\Users\John - HP\AppData\LocalLow\{64A68AAD-B78B-AD7D-E505-6AE8A43AA669} deleted
C:\Users\John - HP\AppData\LocalLow\{E610EA41-73A6-F53A-84EB-6672A1D00DA0} deleted
C:\Users\John - HP\AppData\Local\Packages\windows_ie_ac_001\AC\{64A68AAD-B78B-AD7D-E505-6AE8A43AA669} deleted
C:\Users\John - HP\AppData\Local\Packages\windows_ie_ac_001\AC\{E610EA41-73A6-F53A-84EB-6672A1D00DA0} deleted
C:\Users\John - HP\.android deleted
C:\ProgramData\YoutubeAdblocker deleted
C:\PROGRA~2\YoutubeAdblocker deleted
C:\PROGRA~2\GUMB672.tmp deleted
C:\PROGRA~2\NCH Software\Components\NCHToolbars deleted
C:\PROGRA~2\COMMON~1\Umbrella deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Internet Download Manager deleted
C:\PROGRA~2\Wondershare deleted
C:\extensions.sqlite deleted
C:\Users\John - HP\AppData\Roaming\PlusWinks deleted
C:\Users\John - HP\CD95F661A5C444F5A6AAECDD91C240D3.TMP deleted
C:\ProgramData\Hotspot Shield deleted
C:\ProgramData\WinterSoft deleted
C:\Users\John - HP\AppData\Local\Wondershare deleted
C:\Users\John - HP\AppData\Local\Mobogenie deleted
C:\Users\John - HP\AppData\Local\Cool_Mirage deleted
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie deleted
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com deleted
C:\windows\SysNative\Tasks\PC Performer deleted
C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE} deleted
C:\Users\John - HP\Downloads\tb_HamInfoBar.exe deleted
C:\Users\John - HP\AppData\LocalLow\IObit Apps deleted
C:\Users\John - HP\AppData\LocalLow\SIEN SA deleted
C:\Users\John - HP\AppData\LocalLow\smartdownloader deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Delta deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Softonic deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\PriceGong deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Conduit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\Windows\wininit.ini deleted
C:\Windows\Syswow64\sho22C8.tmp deleted
C:\Windows\Syswow64\sho9C04.tmp deleted
C:\Windows\Syswow64\shoA779.tmp deleted
C:\Windows\Syswow64\shoC0B2.tmp deleted
C:\Windows\Syswow64\shoC38.tmp deleted
C:\Windows\Syswow64\shoC5B7.tmp deleted
C:\Windows\Syswow64\shoDE1F.tmp deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\0\searchplugins\WebSearch.xml deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader2@ftdownloader.com.xpi deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader4@ftdownloader.com.xpi deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi deleted
C:\Users\John - HP\Desktop\PutLockerDownloader.lnk deleted
C:\Users\John - HP\Desktop\VDownloader.lnk deleted
C:\Users\John - HP\Desktop\Mobogenie.lnk deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks deleted
"C:\Windows\tasks\AutoKMS.job" deleted
"C:\Windows\KMSEmulator.exe" deleted
"C:\Windows\Installer\9f8399.msi" deleted
"C:\Windows\Installer\10ff7d1.msi" deleted
"C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\torntv@torntv.com.xpi" deleted
"C:\Users\John - HP\daemonprocess.txt" deleted
"C:\Users\John - HP\AppData\Roaming\Azureus\.certs" deleted
"C:\Users\John - HP\AppData\Roaming\Azureus\.keystore" deleted
"C:\Users\John - HP\AppData\Roaming\Azureus\.lock" deleted
"C:\PROGRA~2\Mobogenie\DaemonProcess.exe" deleted
"C:\PROGRA~2\Mobogenie\libeay32.dll" deleted
"C:\PROGRA~2\Mobogenie\mgusb.exe" deleted
"C:\PROGRA~2\Mobogenie\msvcp100.dll" deleted
"C:\PROGRA~2\Mobogenie\msvcr100.dll" deleted
"C:\PROGRA~2\Mobogenie\QtCore4.dll" deleted
"C:\PROGRA~2\Mobogenie\QtGui4.dll" deleted
"C:\PROGRA~2\Mobogenie\QtNetwork4.dll" deleted
"C:\PROGRA~2\Mobogenie\QtSql4.dll" deleted
"C:\PROGRA~2\Mobogenie\QtWebKit4.dll" deleted
"C:\PROGRA~2\Mobogenie\ssleay32.dll" deleted
"C:\Users\John - HP\AppData\Roaming\Vso" deleted
"C:\Users\John - HP\AppData\Roaming\Mipony" deleted
"C:\Users\John - HP\AppData\Roaming\Azureus" deleted
"C:\PROGRA~2\Mobogenie" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-11-06 20:18:09 9D47397D58EA49F48E359F50E8DF6F8B 11 ----a-r- C:\Windows\amunres.lsl
====== C:\Users\JOHN-H~1\AppData\Local\Temp ====
2013-11-14 21:51:30 4C6C24FF4BB842D35B1A14C909D9D091 10588160 ----a-w- C:\Users\John - HP\AppData\Local\Temp\SkypeToolbars.msi
2013-11-14 21:47:28 BA280290C69BD3334600DB37B9E3201A 24952832 ----a-w- C:\Users\John - HP\AppData\Local\Temp\Skype.msi
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2013-11-14 20:24:00 FED1803F2F9C4BDBA8267EA2DE47CFE2 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 20:23:59 FEB2F07A980A9844AD1B5E886C9B5338 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-11-14 20:23:57 E841206E319069920C394A5E3842568F 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2013-11-14 20:23:57 70F131E94E1B4496469A563C85279192 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2013-11-14 20:23:56 DA5374911037841F81072A4DCBB02D93 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-11-14 20:23:56 8D98D99DC6D4033591354156CEB25153 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 20:23:56 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 20:23:54 AD6639EF2BD655C7E630B6BCF7203463 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 20:23:53 6AD683FF326836EB6AE63B1F144A4F9D 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-11-14 20:23:52 D42525513055C0A65FD4BEFAFACEB134 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-11-14 20:23:51 A5897063A4B6796EFB7B34CEC5BC739F 1138176 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-11-14 20:23:50 98B05ADD60BAA432E708BAFEBE5B1D70 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 20:23:50 5FD4335DCD343D0FEA9FA6B18ED408D9 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-11-14 20:23:47 1191434BB424F18C2609AB5C955DD14E 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-11-14 20:23:43 02A04841906A8892AD6CC7BDBCB5F61D 14355968 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-11-14 16:17:14 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll
2013-11-14 16:17:05 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll
2013-11-14 16:17:05 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll
2013-11-14 16:17:05 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 16:17:00 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
2013-11-14 16:16:58 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 16:16:58 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2013-11-14 16:16:57 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2013-11-14 16:16:53 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2013-11-14 16:16:51 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 16:16:51 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-11-14 20:24:00 668653D2C9ED9E7529386DD8138FAAEB 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-11-14 20:23:59 8D0D46B480BB260FA2AEA1201F15E784 526336 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-11-14 20:23:57 59AD440EFC7A653B55D5DC34E75960B2 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll
2013-11-14 20:23:57 2CA49EB6296DBC1A5CEE141009A6F757 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll
2013-11-14 20:23:56 F08BF4FC30F31350DCAB06F2B59ED1E9 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2013-11-14 20:23:56 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-11-14 20:23:56 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2013-11-14 20:23:55 A96B3E9D360DE75B09EE77698A54412B 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-11-14 20:23:54 1E47964351EA38C20A8E28B413769C80 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-11-14 20:23:53 EFB4937249C7E4D57F69CC4B1986BC4B 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-11-14 20:23:52 90868BDD4047BF951E03620961945149 3959808 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-11-14 20:23:51 F13305A81317DDAEA3968D2D8EC0C0A4 1364992 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-11-14 20:23:50 B83DB27D36C697760E0D33AE0CF76AAD 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-11-14 20:23:49 9706C99DAEBE3FEAC811B239617E98C4 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-11-14 20:23:46 9991ABD246ED906CF420B2CA08BF685A 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-11-14 20:23:45 25C356A79B7002E0A20AAF592ED59DE4 19269632 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-11-14 16:17:15 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll
2013-11-14 16:17:06 34152997FB906895290E0199AC94B85F 1930752 ----a-w- C:\Windows\Sysnative\authui.dll
2013-11-14 16:17:05 8563BA40DF4F1E93A61B70E2C8B60CF8 190464 ----a-w- C:\Windows\Sysnative\SmartcardCredentialProvider.dll
2013-11-14 16:17:05 4403D5ECE7D8323CAF1207D1AA38FA01 197120 ----a-w- C:\Windows\Sysnative\credui.dll
2013-11-14 16:17:01 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll
2013-11-14 16:16:59 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll
2013-11-14 16:16:59 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe
2013-11-14 16:16:59 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2013-11-14 16:16:58 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2013-11-14 16:16:58 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
2013-11-14 16:16:56 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll
2013-11-14 16:16:54 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll
2013-11-14 16:16:52 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL
2013-11-14 16:16:52 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL
2013-11-14 16:16:51 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll
====== C:\Windows\Sysnative\drivers =====
2013-11-14 16:17:08 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2013-11-14 16:17:00 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2013-11-14 16:17:00 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2013-11-14 16:17:00 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2013-11-04 02:22:33 C63BF488680F88B6A1D83302AA0ACD0E 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2013-11-02 23:04:31 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-10-31 13:27:39 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\Sysnative\drivers\hitmanpro37.sys
====== C:\Windows\Tasks ======
2013-11-27 23:11:37 5F0ABF1CC5FB4162FC762D6576781779 3164 ----a-w- C:\Windows\Sysnative\Tasks\{45CA36BF-E951-439E-903D-5CD9452CA657}
2013-11-14 22:01:34 B42B320FB9817DDB209A094E0E658418 3112 ----a-w- C:\Windows\Sysnative\Tasks\{DBBD7FD5-63CE-44F2-AFB3-A95E7A00DC1B}
2013-11-07 16:53:52 57D61146F746719E015FD5DC7833FD80 2954 ----a-w- C:\Windows\Sysnative\Tasks\{4D7B42A6-25FC-4D6D-BD6A-BCA076E3D5C1}
2013-11-04 02:47:27 9E3D17973CCDC4BB898720A5BA91F73F 3176 ----a-w- C:\Windows\Sysnative\Tasks\{43D5C20A-8197-41C3-AA8B-F4BCAFAC9912}
2013-10-31 02:17:46 !HASH: COULD NOT OPEN FILE !!!!! 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-11-21 15:42:44 -------- d-----w- C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2013-11-05 21:09:56 -------- d-----w- C:\PROGRA~2\Download.am
2013-11-03 17:05:44 4216840 ----a-w- C:\PROGRA~2\COMMON~1\vcredist.exe
2013-11-03 17:04:18 -------- d-----w- C:\PROGRA~2\B1 Free Archiver
2013-11-02 16:54:57 -------- d-----w- C:\PROGRA~2\MusicBrainz Picard
2013-11-01 02:43:10 -------- d-----w- C:\PROGRA~2\CDCheck
2013-11-01 01:12:32 -------- d-----w- C:\PROGRA~2\Free CD Ripper
======= C: =====
====== C:\Users\John - HP\AppData\Roaming ======
2013-11-07 03:16:33 -------- d-----w- C:\Users\John - HP\AppData\Local\Packages
2013-11-06 13:54:36 -------- d-----w- C:\Users\John - HP\AppData\Locallow\AdbPlugin
2013-11-05 21:10:19 -------- d-----w- C:\Users\John - HP\AppData\Local\download.am-data
2013-11-05 21:10:08 -------- d-----w- C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-11-05 03:12:14 -------- d-----w- C:\Users\John - HP\AppData\Local\Canon Easy-PhotoPrint EX
2013-11-02 16:55:08 -------- d-----w- C:\Users\John - HP\AppData\Roaming\MusicBrainz
2013-11-01 03:59:38 -------- d-----w- C:\Users\John - HP\AppData\Local\Audiggle_LTD
2013-11-01 02:43:12 -------- d-----w- C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CDCheck
2013-11-01 01:13:03 -------- d-----w- C:\Users\John - HP\AppData\Roaming\FreeCDRipper
2013-10-30 17:15:42 -------- d-----w- C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2013-10-29 02:30:36 -------- d-----w- C:\Users\John - HP\AppData\Local\CatalinaGroup
====== C:\Users\John - HP ======
2013-11-26 15:57:25 E365CECF85C48D24009518F2ED7B71C6 5385920 ----a-w- C:\Users\John - HP\Downloads\mywifi220.exe
2013-11-25 21:20:33 C534A28BE1F2660F062DF2A844126C84 1882808 ----a-w- C:\Users\John - HP\Downloads\wifiguard_windows_setup.exe
2013-11-21 15:41:17 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\John - HP\Downloads\RSITx64.exe
2013-11-14 21:46:23 6EED24ABAB6E8DD750450B25ADFC1049 1550496 ----a-w- C:\Users\John - HP\Downloads\SkypeSetup.exe
2013-11-03 17:07:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver
2013-11-03 16:17:38 -------- d-----w- C:\Users\John - HP\Nueva carpeta
2013-11-01 01:13:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2013-10-31 22:08:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2013-10-31 17:05:20 -------- d-----w- C:\ProgramData\CheckPoint
2013-10-30 17:15:49 -------- d-----w- C:\ProgramData\FreeRIP MP3 Converter

====== C: exe-files ==
2013-11-26 15:59:04 A11A2F0CFE6D0B4C50945989DB6360CD 915128 ----a-w- C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\WinPcap_4_1_3.exe
2013-11-26 15:59:03 B6B5882A38152B94E38C93B8D068226B 719368 ----a-w- C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\unins000.exe
2013-11-26 15:57:25 E365CECF85C48D24009518F2ED7B71C6 5385920 ----a-w- C:\Users\John - HP\Downloads\mywifi220.exe
2013-11-25 21:20:33 C534A28BE1F2660F062DF2A844126C84 1882808 ----a-w- C:\Users\John - HP\Downloads\wifiguard_windows_setup.exe
2013-11-21 15:42:45 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\John - HP.exe
2013-11-21 15:41:17 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\John - HP\Downloads\RSITx64.exe
=== C: other files ==

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"VIP5X@verisign.com"="C:\Program Files (x86)\Symantec\VIP Access Client" [06/11/2013 09:40 p.m.]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- AD Block - %ProfilePath%\extensions\searchads@instair.net
- AccelerateTab - %ProfilePath%\extensions\speeddial@instair.net

ProfilePath: C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\0
- AccelerateTab - %ProfilePath%\extensions\speeddial@instair.net

ProfilePath: C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- AccelerateTab - %ProfilePath%\extensions\speeddial@instair.net

ExtDir: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- MP3 Rocket Downloader - %ExtDir%\mp3rocketdownloader@mp3rocket.me.xpi

ExtDir: C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- GoPhotoIt - %ExtDir%\gophoto@gophoto.it.xpi
- ZiggyTV Downloader - %ExtDir%\ziggytvdownloader@ziggytv.com.xpi

==== Firefox Plugins ======================


==== Deleted Firefox Extensions ======================

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\speeddial@instair.net deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\speeddial@instair.net deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\speeddial@instair.net deleted
C:\Users\John - HP\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
agcomfmgcldafanacbohjjccmkpjjdme - No path found[]
bebnnlollpcjnfpkafhoclljaojgnfok - No path found[]
eoccbpoodnckjdnackiffhjfkogfhnhh - No path found[]
fpknlgclcjbgepbagcobhdainldkgggl - No path found[]
hbcennhacfaagdopikcegfcobcadeocj - No path found[]
icdlfehblmklkikfigmjhbmmpmkmpooj - No path found[]
jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02/10/2012 12:14 p.m.]
ljkcijnbckdflhifmbnfnkjacokloacf - C:\Program Files (x86)\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx[]
mhkaekfpcppmmioggniknbnbdbcigpkk - No path found[]
nenmginbkicadaakopinjeahdnejgffp - C:\ProgramData\AskPartnerNetwork\Toolbar\MP3RV7C\CRX\ToolbarCR.crx[]
pfndaklgolladniicklehhancnlgocpp - No path found[]

YoutubeAdblocker - Dennis - Default\Extensions\eamdpjjlljjdcpekjbjfooibgpfeejod
Skype Click to Call - Dennis - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
qualitink - Dennis - Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf
Google Wallet - Dennis - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
saurf aNd kieep - Dennis - Default\Extensions\pbhdjhhodmpfddjfednhjloammnafioi
YoutubeAdblocker - John - HP - Backup Default\Extensions\eamdpjjlljjdcpekjbjfooibgpfeejod
Iminent - John - HP - Backup Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
saurf aNd kieep - John - HP - Backup Default\Extensions\pbhdjhhodmpfddjfednhjloammnafioi
Google Docs - John - HP - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - John - HP - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
TV - John - HP - Default\Extensions\beobeededemalmllhkmnkinmfembdimh
Quick Maps - John - HP - Default\Extensions\bgbojmobaekecckmomemopckmeipecij
WOT - John - HP - Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - John - HP - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
HIFANA X WK TOKYO LAB - John - HP - Default\Extensions\bmhjjmolopikkbigemoocmebohfpnmkj
X-notifier - John - HP - Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco
Google Search - John - HP - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
FlipClock - John - HP - Default\Extensions\copjokjinhlflggeifkidlmodfepbpgl
Speed Dial - John - HP - Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
YoutubeAdblocker - John - HP - Default\Extensions\eamdpjjlljjdcpekjbjfooibgpfeejod
Send Feedback - John - HP - Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd
YoWindow Weather - John - HP - Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
World tv - John - HP - Default\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm
AccelerateTab - John - HP - Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg
Cool Clock - John - HP - Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce
Skype Click to Call - John - HP - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
qualitink - John - HP - Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf
Google Maps - John - HP - Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
Google Play Books - John - HP - Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb
Google Wallet - John - HP - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
saurf aNd kieep - John - HP - Default\Extensions\pbhdjhhodmpfddjfednhjloammnafioi
Gmail - John - HP - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - John - HP - Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - John - HP - Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - John - HP - Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
\u2605 Chrome Extensions - John - HP - Profile 1\Extensions\bmbpbbnadaecbckmojfinokdnaegcafp
Google Search - John - HP - Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
PutLockerDownloader 2 - John - HP - Profile 1\Extensions\dnnajmlhehgnkclpdlggknanmcplloej
YoutubeAdblocker - John - HP - Profile 1\Extensions\eamdpjjlljjdcpekjbjfooibgpfeejod
Softonic Chrome Toolbar - John - HP - Profile 1\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
MP3 Rocket Downloader - John - HP - Profile 1\Extensions\hfimfliilbabfohebppnfomgjljicpdm
avast WebRep - John - HP - Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
RealDownloader - John - HP - Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Iminent - John - HP - Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Skype Click to Call - John - HP - Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Advanced SystemCare Surfing Protection - John - HP - Profile 1\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
saurf aNd kieep - John - HP - Profile 1\Extensions\pbhdjhhodmpfddjfednhjloammnafioi
GoPhoto.it - John - HP - Profile 1\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Gmail - John - HP - Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljkcijnbckdflhifmbnfnkjacokloacf_0.localstorage deleted successfully
C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nenmginbkicadaakopinjeahdnejgffp_0.localstorage deleted successfully
C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbhdjhhodmpfddjfednhjloammnafioi deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pbhdjhhodmpfddjfednhjloammnafioi deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbhdjhhodmpfddjfednhjloammnafioi deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbhdjhhodmpfddjfednhjloammnafioi deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbhdjhhodmpfddjfednhjloammnafioi_0.localstorage deleted successfully
C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eamdpjjlljjdcpekjbjfooibgpfeejod deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\eamdpjjlljjdcpekjbjfooibgpfeejod deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eamdpjjlljjdcpekjbjfooibgpfeejod deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eamdpjjlljjdcpekjbjfooibgpfeejod deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eamdpjjlljjdcpekjbjfooibgpfeejod_0.localstorage deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elchiiiejkobdbblfejjkbphbddgmljf deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Backup Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage deleted successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi deleted successfully
C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dgpdioedihjhncjafcpgbbjdpbbkikmi_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Search Bar"="http://www.searchgateway.net/search"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A

%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID

%3A11&q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{24735BE4-9E1F-4FFD-B8F4-BBD05126FD2B} New Google Search - Search Here Url="http://www.searchgateway.net/search-Google-Gateway.php?q={searchTerms}&sa=Search+Here&client=pub-

4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC

%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11"
{41ED29AA-70EB-1E4D-F6F9-6F76D6C8E4B2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex=

{startIndex?}&startPage={startPage}"
{6DBDDB2A-05CD-4A15-8A4E-FC99C8014D64} Search By ZoneAlarm Url="http://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&q={searchTerms}

&gu=d171da05196a4d0bb34ea8dd9c178ca0&tu=10G9z00An2C01g0&sku=&tstsId=&ver=&&r=823"
{ADCC25DC-8344-4BB0-9427-FCFC91060BB4} Youtube Url="http://www.youtube.com/results?search_query={searchTerms}"
{B1CF13FC-8E15-4BF9-8415-3EE100064A73} Search The Web(HTM) Url="http://se.earching.info:8080/search.htm?source=&q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Backup Default\Preferences was reset successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Backup Default\Web Data was reset successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\John - HP\Desktop\AMP Calendar.lnk - C:\Program Files (x86)\AMP Calendar\Calendar.exe
C:\Users\John - HP\Desktop\CDCheck.lnk - C:\Program Files (x86)\CDCheck\CDCheck.exe
C:\Users\John - HP\Desktop\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\John - HP\Desktop\Free CD Ripper.lnk - C:\Program Files (x86)\Free CD Ripper\FreeCDRipper.exe
C:\Users\John - HP\Desktop\Free Video Flip and Rotate.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Video Flip and Rotate\FreeVideoFlipAndRotate.exe
C:\Users\John - HP\Desktop\FrostWire 5.5.5.lnk - C:\Program Files (x86)\FrostWire 5\FrostWire.exe
C:\Users\John - HP\Desktop\FRST64 - Acceso directo.lnk - C:\Users\John - HP\Downloads\FRST64.exe
C:\Users\John - HP\Desktop\HijackThis - Acceso directo.lnk - C:\Users\John - HP\Downloads\HijackThis.exe
C:\Users\John - HP\Desktop\mbar - Acceso directo.lnk - C:\Users\John - HP\Documents\mbar\mbar.exe
C:\Users\John - HP\Desktop\Mis documentos.lnk - C:\Users\John - HP\Documents
C:\Users\John - HP\Desktop\MP Navigator EX 4.0.lnk - C:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exe
C:\Users\John - HP\Desktop\Photoshop - Acceso directo.lnk - C:\Program Files (x86)\Adobe\PhotoshopCS5\Photoshop.exe
C:\Users\John - HP\Desktop\Readon TV Movie Radio Player.lnk - C:\Users\John - HP\AppData\Roaming\Microsoft\Installer\{80074966-5231-428D-9AE7-B7D5D2DC3246}\_55F11AB420338FF650F1F4.exe
C:\Users\John - HP\Desktop\Resize.lnk - C:\Users\John - HP\Downloads\resize-setup\Resize.exe
C:\Users\John - HP\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\John - HP\Desktop\RSITx64 - Acceso directo.lnk - C:\Users\John - HP\Downloads\RSITx64.exe
C:\Users\John - HP\Desktop\Skype - Acceso directo.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\John - HP\Desktop\Start Unlocker.lnk - C:\Program Files\Unlocker\Unlocker.exe
C:\Users\John - HP\Desktop\WinAVI All-in-One Converter.lnk - C:\Program Files (x86)\WinAVI\All in One Converter\bin\All in One Converter.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\B1 Free Archiver.lnk - C:\Program Files (x86)\B1 Free Archiver\B1Manager.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe
C:\Users\Public\Desktop\Express Rip.lnk - C:\Program Files (x86)\NCH Software\ExpressRip\expressrip.exe
C:\Users\Public\Desktop\MyTube 6.lnk - C:\Program Files (x86)\S.A.D\MyTube 6\MyTube 6.exe
C:\Users\Public\Desktop\Smart Defrag 2.lnk - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Users\Public\Desktop\Who Is On My Wifi.lnk - C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe

==== shortcuts in Users Start Menu ======================

C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free CD Ripper.lnk - C:\Program Files (x86)\Free CD Ripper\FreeCDRipper.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am\Download.am.lnk - C:\Program Files (x86)\Download.am\download.am.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am\Uninstall Download.am.lnk - C:\Program Files (x86)\Download.am\download.am-uninst.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter\FreeRIP MP3 Converter.lnk - C:\Program Files (x86)\FreeRIP\FreeRIP3.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5\FrostWire 5.6.6-SafeMode.lnk - C:\Program Files (x86)\FrostWire 5\frostwire.bat
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5\FrostWire 5.6.6.lnk - C:\Program Files (x86)\FrostWire 5\FrostWire.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5\Uninstall.lnk - C:\Program Files (x86)\FrostWire 5\Uninstall.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnk - C:\Program Files\Unlocker\README.TXT
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnk - C:\Program Files\Unlocker\Unlocker.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk - C:\Program Files\Unlocker\uninst.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnk - C:\Program Files\Unlocker\Unlocker.url
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\winrar.chm
C:\Users\John - HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver\B1 Free Archiver uninstall.lnk - C:\Program Files (x86)\B1 Free Archiver\installer.exe uninstall.xml
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver\B1 Free Archiver.lnk - C:\Program Files (x86)\B1 Free Archiver\B1Manager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDCheck\CDCheck Help.lnk - C:\Program Files (x86)\CDCheck\Help\index.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDCheck\CDCheck.lnk - C:\Program Files (x86)\CDCheck\CDCheck.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDCheck\Desinstalar CDCheck.lnk - C:\Program Files (x86)\CDCheck\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Free CD Ripper\Desinstalar Free CD Ripper.lnk - C:\Program Files (x86)\Free CD Ripper\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Free CD Ripper\Free CD Ripper.lnk - C:\Program Files (x86)\Free CD Ripper\FreeCDRipper.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Help.lnk - C:\Program Files (x86)\PowerISO\PowerISO.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Virtual Drive Manager.lnk - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO.lnk - C:\Program Files (x86)\PowerISO\PowerISO.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\Uninstall PowerISO.lnk - C:\Program Files (x86)\PowerISO\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Who Is On My Wifi.lnk - C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Who Is On My Wifi\Stop Application.lnk - C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\StopApp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Who Is On My Wifi\Uninstall Who Is On My Wifi.lnk - C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Who Is On My Wifi\Who Is On My Wifi.lnk - C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AIDA64 Extreme Edition.lnk - C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk - C:\Program Files (x86)\Free CD Ripper\FreeCDRipper.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.6.6.lnk - C:\Program Files (x86)\FrostWire 5\FrostWire.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\HamSphere3.lnk - C:\Program Files (x86)\HamSphere3\HamSphere3.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk - C:\Program Files (x86)\JDownloader\JDownloaderPortable.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.2.4.lnk - C:\Program Files (x86)\MP3 Rocket\MP3Rocket.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.4.lnk - C:\Program Files (x86)\MP3 Rocket\MP3Rocket.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MyTube 6.lnk - C:\Program Files (x86)\S.A.D\MyTube 6\MyTube 6.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\YoWindow.lnk - C:\Program Files (x86)\YoWindow\yowindow.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk - C:\Windows\system32\rundll32.exe C:\Windows

\system32\shell32.dll,Options_RunDLL 1
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\avast Antivirus (2).lnk -
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\avast Antivirus.lnk -
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\avast Free Antivirus.lnk -
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\ScreenCapturer component.lnk - C:\Program Files (x86)\Screen Capturer\ScreenCapturer.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Start Screen Capturer.lnk - C:\Program Files (x86)\Screen Capturer\ScreenCapturer.exe -ui
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AMP Calendar.lnk - C:\Program Files (x86)\AMP Calendar\Calendar.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\avast Free Antivirus.lnk -
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CDBurnerXP.lnk - C:\Program Files\CDBurnerXP\cdbxpp.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Character Map.lnk - C:\Windows\system32\charmap.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HijackThis - Acceso directo.lnk - C:\Users\John - HP\Downloads\HijackThis.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Iniciar Google Earth en modo DirectX.lnk - C:\Program Files (x86)\Google\Google Earth\client

\googleearth.exe -setDX
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\JDownloader.lnk - C:\Program Files (x86)\JDownloader\JDownloaderPortable.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Photoshop - Acceso directo.lnk - C:\Program Files (x86)\Adobe\PhotoshopCS5\Photoshop.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype - Acceso directo.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Screen Capturer.lnk - C:\Program Files (x86)\Screen Capturer\ScreenCapturer.exe -ui
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Who Is On My Wifi.lnk - C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
C:\Users\John - HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WinAVI All-in-One Converter.lnk - C:\Program Files (x86)\WinAVI\All in One Converter\bin\All in One

Converter.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DA786FCDC08E1345AF052DDF8C9693C deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0020E1B9-04F3-4079-A292-4CD1DBC3C34F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{78DB483F-B3EF-4FEF-AD04-FBCDA3386AC9} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA02A4CB-FBE2-F0AF-D56B-3CDB1664FFA2} deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\agcomfmgcldafanacbohjjccmkpjjdme deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fpknlgclcjbgepbagcobhdainldkgggl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nenmginbkicadaakopinjeahdnejgffp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\qualitink deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3DA786FCDC08E1345AF052DDF8C9693C deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CatalinaGroup Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLVirtualDrive deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gbrspcontrol deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress8 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDP deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart File Advisor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\John - HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\John - HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\John - HP\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\JOHN-H~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 27/11/2013 at 17:49:39.50 ======================

 

[Klunsig]

Oeps ... de toestand van de PC was nog véél erger dan het er eerst uitzag. Ben even je vorige topic gaan nakijken en dan blijkt dat je daar - op wat discussies na - helemaal niet geholpen bent met je problemen. Jammer, want ook toen zat veel van deze rotzooi al op het toestel blijkbaar.

Hoe draait de PC nu ?

 

[John Veldhuijzen]

Oeps ... de toestand van de PC was nog véél erger dan het er eerst uitzag. Ben even je vorige topic gaan nakijken en dan blijkt dat je daar - op wat discussies na - helemaal niet geholpen bent met je problemen. Jammer, want ook toen zat veel van deze rotzooi al op het toestel blijkbaar.

Hoe draait de PC nu ?

Enkele minuten geleden gescanned met Malwarebytes-Pro met het volgende resultaat: - De PUP.Optional heeft zich na de schoonmaak niet meer laten zien.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
Malwarebytes : Free anti-malware download

Versión de la Base de Datos: v2013.11.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
John - HP :: JOHN [administrador]

Protección: Habilitado

28/11/2013 06:00:38 a.m.
mbam-log-2013-11-28 (06-00-38).txt

Tipos de Análisis: Análisis Completo (C:\|D:\|)
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 428932
Tiempo transcurrido: 1 hora(s), 11 minuto(s), 47 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 1
C:\zoek_backup\C_Windows_AutoKMS\AutoKMS.exe (Trojan.Agent.H) -> En cuarentena y eliminado con éxito.

fin)

Tot op dit moment heb ik de indruk dat alles normaal werkt.

 

[Qtex]

fijn om dit te horen alhoewel er nu hier een vermelding is naar een AutoKMS.exe ( dit is blijkbaar een activator voor de Microsoft Office 2010 of vergis ik me hier in !)
hier gaat dan hoe dan ook een slotje op ....close

lees de forum regels er op na !!


**mocht je dit betwisten gelieve me een pb toe te sturen of je te richten naar de beheerder ...

 

[Qtex]

op verzoek van Klunsig werd deze terug geopend ...
ik citeer ....

Hallo qtex,

In dit topic http://www.pctuts.be/f404/blokkeren-en-verwijderenpup-optional-browserdefender-45208/index2.html heb je de boel gesloten wegens de illegale autoKMS, maar deze is verwijderd van de PC in de fix van zoek.exe. Als je ziet waar hij nu gevonden is door Malwarebytes, zal je ontdekken dat die in de backup van zoek zit en niet meer actief is op de PC. Alles van deze emulator heb ik mee verwijderd, zodat John Veldhuyzen deze niet meer kan gebruiken. Om de PC van hem volledig clean te krijgen, zou het wenselijk zijn om het topic terug te openen.

Klunsig

 

[Klunsig]

Download

Delfix by Xplode naar het bureaublad, deze zal de gebruikte tools en logbestanden weer verwijderen.

Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:

• Activate UAC
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt, echter hoeft u deze niet te plaatsen.

 

[navarro]

op verzoek van Klunsig werd deze terug geopend ...
ik citeer ....

vind dit wel raar verhaal...volgens mijn kleine bescheiden kennis is AutoKMS.exe...idd ilegaal en geraakt niet zo maar op pc!!!
admin Qtex had recht om dit te sluiten!!!TS starter geeft daar zelf bedankje voor!!!nu is topic trug open...kan effe niet meer volgen wat en hoe....

 

[Klunsig]

Admin qtex is geïnformeerd per PB waarom dit topic best terug kon geopend worden ... en was daarmee akkoord. Anders had hij dit zeker niet gedaan. En als je de logjes even bekijkt, zal je dat niet echt een "raar verhaal" vinden.

 

[Qtex]

@ Navarro
heb je de citaat goed gelezen !
dan zag je dat de Office toolkit (AutoKMS.exe ) verwijderd werd zoals vermeld staat ...zoals je kunt nazien in het log bericht #16 van zoek.exe
.
**dit was me eerder ook niet opgevallen ...**
de vermelde regel van het log in malewarebytes haalt immers aan dat het zich bevond in de backup ( C:\zoek_backup\C_Windows_AutoKMS\AutoKMS.exe (Trojan.Agent.H)

 

[navarro]

sorry mannen leg me neer bij jullie beslissing...heb niet zo veel kennis!!!natuurlijk weet ik wel dat MALWAREBYTES zo iets verwijderd !!!moet ik onthouden als ik ook eens logje plaats!!!

 

[Klunsig]

sorry mannen leg me neer bij jullie beslissing...heb niet zo veel kennis!!!natuurlijk weet ik wel dat MALWAREBYTES zo iets verwijderd !!!moet ik onthouden als ik ook eens logje plaats!!!

Geen probleem ... men is nooit te oud om te leren (zoals ze zeggen)

 

[WaWa]

...ik wil me er niet mee moeien, maar toch: Waarom maken jullie regelmatig geen "image"/"systeemkopie"? Heb je een reuzeprobleem met malware of wat dan ook, dan ben je op max. ½ u. weer tiptop in orde. «Shame on you, if you did not do this...»

Walter

 

[Qtex]

@ Wawa
voorafgegaan dat het systeem natuurlijk vrij is van eender andere vervuiling ...waar je dan deze image (systeemkopie ) van neemt !

 

[luc]

@ WaWa
Ik heb mijn systeemkopie gemaakt toen ik wist dat mijn PC goed draaide met Windows 8. Nadat ik de update naar Windows 8.1 gedaan heb en dit zonder problemen is gegaan heb ik gewoon eens de systeemkopie in de PC geplaatst en heb daar dan ook de update naar Windows 8.1 op gedaan en dat verliep ook zonder problemen. Op deze systeemkopie installeer ik enkel maar de updates en voor de rest geen andere software.

 

[John Veldhuijzen]

Verwijderen PUP.Optional

Verwijderen PUP.Optional

Rest mij alleen allen hartelijk dank te zeggen voor de hulp ontvangen voor dit onderwerp. Vandaag vrijdag een complete scan uitgevoerd met Malwarebytes Pro en voor de eerste maal in lange tijd heeft die geen vuiltje ontdekt dankzij de uitgevoerde grote schoonmaak in mijn PC.