logs follow
AdwCleaner v2.002 - Verslag gemaakt op 09/17/2012 om 23:38:28
Geactualiseerd op 16/09/2012 door Xplode
Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
Gebruiker : dani - DANI-PC
Opstarten Modus : Normale modus
Gelanceerd vanaf : C:\Users\dani\Downloads\adwcleaner.exe
Optie [Zoeken]
***** [Diensten] *****
***** [Files / Mappen] *****
Map Aanwezig : C:\Users\dani\AppData\Roaming\DefaultTab
***** [Register] *****
Sleutel Aanwezig : HKLM\Software\Default Tab
***** [Browsers] *****
-\ Internet Explorer v9.0.8112.16421
[OK] Het register bevat geen enkele ongeoorloofde invoer.
-\ Mozilla Firefox v15.0.1 (nl)
Profielnaam : default
File : C:\Users\dani\AppData\Roaming\Mozilla\Firefox\Profiles\k0ekp7sk.default\prefs.js
Aanwezig : user_pref(“extensions.3499ur3ur4hfsudfs.scode”, "(function(){try{if('aol.com,mystart.incredibar.com,[…]
Aanwezig : user_pref(“extensions.BabylonToolbar_i.aflt”, “babsst”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.babExt”, “”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.babTrack”, “affID=111789&tt=050412_30b”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.hardId”, “0a2cb86900000000000018f46a233902”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.id”, “0a2cb86900000000000018f46a233902”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.instlDay”, “15435”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.instlRef”, “sst”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.prdct”, “BabylonToolbar”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.prtnrId”, “babylon”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.smplGrp”, “none”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.srcExt”, “ss”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.tlbrId”, “base”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.vrsn”, “1.5.3.17”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.vrsnTs”, “1.5.3.1715:36:50”);
Aanwezig : user_pref(“extensions.BabylonToolbar_i.vrsni”, “1.5.3.17”);
Aanwezig : user_pref(“extensions.defaulttab.config”, "{"status": "ok", "config": {"dns_error_handling":[…]
AdwCleaner[R1].txt - [9580 octets] - [17/09/2012 22:52:28]
AdwCleaner[S1].txt - [7915 octets] - [17/09/2012 22:53:05]
AdwCleaner[R2].txt - [2410 octets] - [17/09/2012 22:54:56]
AdwCleaner[S2].txt - [563 octets] - [17/09/2012 22:56:08]
AdwCleaner[R3].txt - [2446 octets] - [17/09/2012 23:38:28]
########## EOF - C:\AdwCleaner[R3].txt - [2506 octets] ##########
Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400
www.malwarebytes.org
Databaseversie: v2012.09.17.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
dani :: DANI-PC [administrator]
Realtime bescherming: Ingeschakeld
17-9-2012 23:41:51
mbam-log-2012-09-17 (23-41-51).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 202231
Verstreken tijd: 4 minuut/minuten, 3 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
The OTL log will show the bad boy… Either Crossrider codecv or something similar
.OTL logfile created on: 9/17/2012 11:56:35 PM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\dani\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
2.93 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 57.10% Memory free
5.86 Gb Paging File | 4.19 Gb Available in Paging File | 71.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 138.88 Gb Free Space | 48.73% Space Free | Partition Type: NTFS
Computer Name: DANI-PC | User Name: dani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/17 23:54:11 | 000,600,064 | ---- | M] (OldTimer Tools) – C:\Users\dani\Downloads\OTL.exe
PRC - [2012/09/14 17:12:32 | 000,917,984 | ---- | M] (Mozilla Corporation) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) – C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) – C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamscheduler.exe
PRC - [2012/08/21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/18 17:22:16 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/07/16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) – C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/04/15 10:08:57 | 000,107,520 | ---- | M] (TODO: ) – C:\Users\dani\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) – C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/09/22 20:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) – C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/06/29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) – C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/06/22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) – C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) – C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) – C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
========== Modules (No Company Name) ==========
MOD - [2012/09/14 17:12:30 | 002,244,064 | ---- | M] () – C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/18 17:22:15 | 009,465,032 | ---- | M] () – C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () – C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV:64bit: - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\AVAST Software\Avast\AvastSvc.exe – (avast! Antivirus)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] – C:\Program Files\Acer\Acer Updater\UpdaterService.exe – (Live Updater Service)
SRV:64bit: - [2010/06/11 23:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] – C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe – (ePowerSvc)
SRV:64bit: - [2010/05/27 06:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] – C:\Windows\SysNative\atiesrxx.exe – (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV - [2012/09/14 17:12:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)
SRV - [2012/09/11 12:19:14 | 004,537,664 | ---- | M] () [Auto | Running] – c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll – (Akamai)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] – C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe – (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] – C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamscheduler.exe – (MBAMScheduler)
SRV - [2012/08/18 17:22:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] – C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe – (TeamViewer7)
SRV - [2012/05/20 21:14:23 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] – C:\Program Files (x86)\Common Files\Steam\SteamService.exe – (Steam Client Service)
SRV - [2012/05/19 13:08:15 | 000,008,192 | ---- | M] () [Auto | Stopped] – C:\Windows\SysWOW64\srvany.exe – (KMService)
SRV - [2012/04/15 10:08:57 | 000,107,520 | ---- | M] (TODO: ) [Auto | Running] – C:\Users\dani\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe – (DefaultTabUpdate)
SRV - [2011/09/22 20:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] – C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe – (vpnagent)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] – C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL – (HPSLPSVC)
SRV - [2010/07/13 13:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] – C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)
SRV - [2010/06/29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] – C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe – (NTI IScheduleSvc)
SRV - [2010/06/22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] – C:\Program Files (x86)\Launch Manager\dsiwmis.exe – (DsiWMIService)
SRV - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] – C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe – (MWLService)
SRV - [2010/04/13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] – C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe – (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe – (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe – (UNS)
SRV - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe – (LMS)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] – C:\Program Files (x86)\Acer\Registration\GREGsvc.exe – (GREGService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32)
litle trouble placing the file is to big
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5742g&r=273605118065l0404z125v47k2260n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5742g&r=273605118065l0404z125v47k2260n
IE:64bit: - HKLM..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM..\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5742g&r=273605118065l0404z125v47k2260n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5742g&r=273605118065l0404z125v47k2260n
IE - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM..\SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: “URL” = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM..\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU.DEFAULT..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” =
IE - HKU\S-1-5-18..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” =
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5742g&r=273605118065l0404z125v47k2260n
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?sourceid=navclient&hl=nl&ie=UTF-8
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001..\URLSearchHook: {87775fdb-6972-41f9-ae51-8326e38cb206} - No CLSID value found
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001..\SearchScopes{53A916DF-EE01-44B1-BAEC-AB506137A896}: “URL” = http://nl.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110937,17273,0,8,0
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001..\SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: “URL” = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlNL432NL434
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001..\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001..\SearchScopes{8CD6FCD3-A6AA-4922-8062-65D1D7FE9804}: “URL” = http://nl.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local;
========== FireFox ==========
FF - prefs.js…browser.search.defaultenginename: “Yahoo”
FF - prefs.js…browser.search.order.1: “Yahoo”
FF - prefs.js…browser.search.order.2: “”
FF - prefs.js…browser.search.param.yahoo-fr: “w3i&type=W3i_DS,157,0_0,Search,20111249,17275,0,24,0”
FF - prefs.js…browser.search.selectedEngine: “Google”
FF - prefs.js…browser.search.suggest.enabled: false
FF - prefs.js…browser.search.useDBForOrder: true
FF - prefs.js…browser.startup.homepage: “www.google.nl”
FF - prefs.js…extensions.enabledAddons: info@bflix.info:5.0
FF - prefs.js…extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js…extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - prefs.js…extensions.netassistant.keyword.url: “http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={3126041E-B6FC-4ABD-9160-C350E13A676A}&Version=3.6.5&Vintage=20111249&Defaultbrowserid=24&Productid=2684&Vendorid=5767&Offerid=17291&searchterm=”
FF - prefs.js…network.proxy.no_proxies_on: “*.local”
FF - prefs.js…network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins@talk.google.com/GoogleTalkPlugin: C:\Users\dani\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins@talk.google.com/O3DPlugin: C:\Users\dani\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Users\dani\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Users\dani\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/11 23:24:49 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/28 21:21:05 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/14 17:12:33 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/11 23:24:49 | 000,000,000 | —D | M]
[2011/08/29 19:47:48 | 000,000,000 | —D | M] (No name found) – C:\Users\dani\AppData\Roaming\mozilla\Extensions
[2012/09/17 22:53:09 | 000,000,000 | —D | M] (No name found) – C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\k0ekp7sk.default\extensions
[2012/03/29 14:01:08 | 000,000,000 | —D | M] (TheBflix) – C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\k0ekp7sk.default\extensions\info@bflix.info
[2012/09/01 22:49:54 | 000,000,000 | —D | M] (No name found) – C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/08 21:54:50 | 000,000,000 | —D | M] (Java Console) – C:\Program Files (x86)\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/01 22:49:54 | 000,000,000 | —D | M] (Java Console) – C:\Program Files (x86)\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/08/28 21:21:05 | 000,000,000 | —D | M] (avast! WebRep) – C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/14 17:12:32 | 000,266,720 | ---- | M] (Mozilla Foundation) – C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/14 17:12:28 | 000,002,465 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/30 19:42:02 | 000,001,892 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/07/30 19:42:02 | 000,004,558 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/07/30 19:42:02 | 000,001,049 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml
O1 HOSTS File: ([2012/01/14 00:24:10 | 000,000,726 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 novirusthanks.org
O1 - Hosts: 127.0.0.1 www.virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virus-trap.org
O1 - Hosts: 127.0.0.1 www.virus-trap.org
O1 - Hosts: 127.0.0.1 filterbit.com
O1 - Hosts: 127.0.0.1 www.filterbit.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\dani\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001..\Toolbar\WebBrowser: (no name) - {87775FDB-6972-41F9-AE51-8326E38CB206} - No CLSID value found.
O4:64bit: - HKLM…\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM…\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM…\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM…\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM…\Run: File not found
O4 - HKLM…\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM…\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM…\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM…\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM…\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM…\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM…\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM…\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19…\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20…\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001…\Run: [Akamai NetSession Interface] C:\Users\dani\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001…\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001…\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe (Avanquest Software)
O4 - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001…\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{7E860A60-CFE3-481B-94E3-802FF83AFAD3}: DhcpNameServer = 212.54.40.25 212.54.35.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2{13b70df7-07bb-11e1-8fe8-88ae1da678bd}\Shell - “” = AutoRun
O33 - MountPoints2{13b70df7-07bb-11e1-8fe8-88ae1da678bd}\Shell\AutoRun\command - “” = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk )
O35:64bit: - HKLM..comfile [open] – “%1” %
O35:64bit: - HKLM..exefile [open] – “%1” %*
O35 - HKLM..comfile [open] – “%1” %*
O35 - HKLM..exefile [open] – “%1” %*
O37:64bit: - HKLM.…com [@ = comfile] – “%1” %*
O37:64bit: - HKLM.…exe [@ = exefile] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*
O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Create
It would be easier to attach the logs ;D
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
FF - prefs.js..extensions.enabledAddons: info@bflix.info:5.0
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={3126041E-B6FC-4ABD-9160-C350E13A676A}&Version=3.6.5&Vintage=20111249&Defaultbrowserid=24&Productid=2684&Vendorid=5767&Offerid=17291&searchterm="
[2012/03/29 14:01:08 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\k0ekp7sk.default\extensions\info@bflix.info
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3335078103-2495448366-3861529267-1001\..\Toolbar\WebBrowser: (no name) - {87775FDB-6972-41F9-AE51-8326E38CB206} - No CLSID value found.
:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
It is gone THANKS a lot Essexboy 8)
When you are happy run OTL and press the Cleanup button