stij.exe

[Packard]

Onlangs kwam ik tot de vaststelling dat mijn pc merkelijk trager was geworden en dat de koelingsfan al maar meer moest werken.

In task mgr had ik gezien dat er iets was bijgekomen, met name stij.exe

Het geheugengebruik was enorm, constant tussen de 800.000 en de 1.000.000

Plots kreeg ik van mijn internetsecurity van Norton de melding dat stij.exe de cpu zwaar belastte.

Ik heb dan maar een google gedaan naar stij.exe en wat ik dan te zien kreeg was niet fraais.

De enige manier om dit onding te verwijderen was anti-malware gebruiken.

Als ik dan op een link klikte, kwam ik telkens uit bij "Spyhunter".

Ik heb dan maar ter goede trouw gevolgd wat er op het scherm kwam.

Nu heb ik vernomen dat Spyhunter blijkbaar zinloos is, maar ik ben wel jaarlijks een goede 37,00 Euro lichter.

Op aangeven van een collega ben ik dan hier op dit forum gekomen.

Stij.exe is door Spyhunter ondertussen wel verwijderd.

Ook heeft dit programma rommel en andere niet kosjere zaken aan het licht gebracht die zijn blijven zitten na deïnstallatie van Incredimail.

Blijkbaar was Incredimail gebruiken ook niet de slimste beslissing want als ik het goed begrijp zou dat stij.exe-geval daarmee op mijn pc zijn beland.

Kan iemand mij helpen om het goede anti-malware programma te gebruiken en dan nog liefst free-ware?

Hieronder mijn RSIT-logje

Logfile of random's system information tool 1.09 (written by random/random)

Run by Vincent at 2014-03-15 16:09:02

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 88 GB (43%) free of 205 GB

Total RAM: 3006 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:09:08, on 15/03/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16540)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\iolo\System Mechanic\iologovernor.exe

C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Blue Onion Software\Desk Drive\DeskDrive.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Users\Vincent\Desktop\RSIT.exe

C:\Program Files\trend micro\Vincent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wielertoerist.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)

R3 - URLSearchHook: (no name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\lgdevagt.exe"

O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler

O4 - HKLM\..\Run: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [DeskDriveStartup] C:\Program Files\Blue Onion Software\Desk Drive\DeskDrive.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: SystemExplorerDisabled

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Program Files\LastPass\context.html?cmd=fillforms

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe

O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

O23 - Service: GladFileMonSvc - Gladinet, INC - C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe

O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe

O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe

--

End of file - 9844 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\AdvancedDriverUpdater_UPDATES.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392715913-1583164460-4155244652-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392715913-1583164460-4155244652-1000UA.job

C:\Windows\tasks\ParetoLogic Registration3.job

C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job

C:\Windows\tasks\ParetoLogic Update Version3.job

C:\Windows\tasks\PTAutoUpdate.job

C:\Windows\tasks\RMAutoUpdate.job

C:\Windows\tasks\SmartDefrag.job

C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job

C:\Windows\tasks\XoftSpySE.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default

prefs.js - "browser.startup.homepage" - "www.wielertoerist.be"

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\Web Assistant\Firefox

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"=C:\Program Files\Web Assistant\Firefox

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 12.0.0.77 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@dymo.com/DymoLabelFramework]

"Description"=DYMO Label Framework Plugin

"Path"=C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]

"Description"=Garmin GPS Control for Firefox

"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.40.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]

"Description"=Office Live Update v1.5

"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\plugins\

np-mswmp.dll

nppdf32.dll

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default\extensions\

donottrackplus@abine.com

nl-NL@dictionaries.addons.mozilla.org

support@lastpass.com

{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Norton Identity Protection - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Norton Vulnerability Protection - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL [2013-09-29 388504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-04 462248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-04 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-09-28 642728]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]

"Launch LgDeviceAgent"=c:\program files\logitech\gamepanel software\lgdevagt.exe [2010-08-03 358472]

"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1387288]

"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-07-26 2569616]

"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2011-10-12 2068856]

"Nuance PDF Converter Professional 8-reminder"=C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe [2012-10-11 333712]

"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DeskDriveStartup"=C:\Program Files\Blue Onion Software\Desk Drive\DeskDrive.exe [2009-03-30 65024]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

"HydraVisionDesktopManager"=C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [2010-08-25 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]

C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]

C:\Program Files\Garmin\Express Tray\ExpressTray.exe [2013-08-22 1093464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF8 Registry Controller]

C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe [2012-10-23 178576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFProHook]

C:\Program Files\Nuance\PDF Professional 8\pdfpro8hook.exe [2012-10-23 2013072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gaaiho Collaboration.lnk]

C:\Program Files\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\GaaihoGo3.exe [2012-06-21 4745096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk]

C:\Program Files\Nuance\Nuance Cloud Connector\GladLauncher.exe [2012-07-18 87960]

C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

SystemExplorerDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ioloSystemService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoResolveSearch"=1

"NoResolveTrack"=1

"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"mixer"=wdmaud.drv

"wave1"=wdmaud.drv

"midi"=wdmaud.drv

"mixer1"=wdmaud.drv

"msacm.siren"=sirenacm.dll

"wave3"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux"=wdmaud.drv

"wave4"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux2"=wdmaud.drv

"VIDC.LAGS"=lagarith.dll

"VIDC.X264"=x264vfw.dll

"VIDC.XVID"=xvidvfw.dll

"VIDC.FFDS"=ff_vfw.dll

"msacm.ac3acm"=ac3acm.acm

"msacm.l3codecp"=l3codecp.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - NOTEPAD.EXE "%1"

.reg - open - NOTEPAD.EXE "%1"

.scr - open - NOTEPAD.EXE "%1"

.vbs - open - NOTEPAD.EXE "%1"

======List of files/folders created in the last 1 month======

2014-03-15 15:53:11 ----D---- C:\Program Files\trend micro

2014-03-15 15:53:08 ----D---- C:\rsit

2014-03-12 23:45:46 ----D---- C:\sh4ldr

2014-03-12 23:45:46 ----D---- C:\Program Files\Enigma Software Group

2014-03-12 23:45:18 ----D---- C:\Windows\455F074C814E4520B69B5584BD90400C.TMP

2014-03-11 22:30:54 ----A---- C:\Windows\system32\vbscript.dll

2014-03-11 22:30:54 ----A---- C:\Windows\system32\mshtmled.dll

2014-03-11 22:30:53 ----A---- C:\Windows\system32\jsproxy.dll

2014-03-11 22:30:53 ----A---- C:\Windows\system32\ieUnatt.exe

2014-03-11 22:30:53 ----A---- C:\Windows\system32\ieui.dll

2014-03-11 22:30:52 ----A---- C:\Windows\system32\wininet.dll

2014-03-11 22:30:52 ----A---- C:\Windows\system32\msfeeds.dll

2014-03-11 22:30:51 ----A---- C:\Windows\system32\url.dll

2014-03-11 22:30:51 ----A---- C:\Windows\system32\jscript9.dll

2014-03-11 22:30:51 ----A---- C:\Windows\system32\jscript.dll

2014-03-11 22:30:50 ----A---- C:\Windows\system32\urlmon.dll

2014-03-11 22:30:50 ----A---- C:\Windows\system32\iertutil.dll

2014-03-11 22:30:49 ----A---- C:\Windows\system32\ieframe.dll

2014-03-11 22:30:47 ----A---- C:\Windows\system32\mshtml.dll

2014-03-11 21:06:28 ----A---- C:\Windows\system32\qedit.dll

2014-03-11 21:06:27 ----A---- C:\Windows\system32\wwansvc.dll

2014-03-11 21:06:27 ----A---- C:\Windows\system32\WindowsCodecs.dll

2014-03-11 21:06:27 ----A---- C:\Windows\system32\win32k.sys

2014-03-11 21:06:26 ----A---- C:\Windows\system32\wer.dll

2014-03-09 17:48:17 ----D---- C:\Windows\system32\jmdp

2014-03-06 17:31:28 ----A---- C:\Windows\system32\mstscax.dll

2014-03-05 12:07:13 ----D---- C:\Windows\system32\drivers\en-US

2014-03-05 12:03:46 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll

2014-03-05 12:03:45 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-03-05 12:03:44 ----A---- C:\Windows\system32\wksprtPS.dll

2014-03-05 12:03:44 ----A---- C:\Windows\system32\wksprt.exe

2014-03-05 12:03:44 ----A---- C:\Windows\system32\TSWbPrxy.exe

2014-03-05 12:03:44 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-03-05 12:03:44 ----A---- C:\Windows\system32\tsgqec.dll

2014-03-05 12:03:44 ----A---- C:\Windows\system32\rdvidcrl.dll

2014-03-05 12:03:44 ----A---- C:\Windows\system32\MsRdpWebAccess.dll

2014-03-05 12:03:44 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys

2014-03-05 12:03:43 ----A---- C:\Windows\system32\mstsc.exe

2014-03-05 12:03:30 ----A---- C:\Windows\system32\TSWorkspace.dll

======List of files/folders modified in the last 1 month======

2014-03-15 16:08:47 ----D---- C:\Users\Vincent\AppData\Roaming\Skype

2014-03-15 16:01:41 ----D---- C:\Windows\inf

2014-03-15 15:59:38 ----D---- C:\Windows\temp

2014-03-15 15:53:11 ----D---- C:\Program Files

2014-03-15 14:46:50 ----D---- C:\Windows\system32\config

2014-03-13 01:29:42 ----AD---- C:\Windows\System32

2014-03-13 00:34:19 ----SHD---- C:\System Volume Information

2014-03-13 00:31:03 ----AD---- C:\ProgramData\Temp

2014-03-13 00:30:56 ----D---- C:\Program Files\Registry Mechanic

2014-03-12 23:46:06 ----SHD---- C:\Windows\Installer

2014-03-12 23:45:58 ----D---- C:\Windows\system32\drivers

2014-03-12 23:45:57 ----D---- C:\Windows\system32\Tasks

2014-03-12 23:45:50 ----HD---- C:\Config.Msi

2014-03-12 23:45:18 ----D---- C:\Windows

2014-03-12 23:45:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2014-03-12 19:15:16 ----D---- C:\Program Files\Norton PC Checkup 3.0

2014-03-12 18:56:15 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-03-12 13:05:02 ----D---- C:\Windows\system32\catroot

2014-03-11 23:46:44 ----D---- C:\ProgramData\HP

2014-03-11 23:37:50 ----D---- C:\Users\Vincent\AppData\Roaming\Software Informer

2014-03-11 23:33:50 ----D---- C:\Users\Vincent\AppData\Roaming\Everything

2014-03-11 23:31:37 ----HD---- C:\ProgramData

2014-03-11 23:31:10 ----D---- C:\Windows\system32\DriverStore

2014-03-11 23:25:33 ----D---- C:\Program Files\CCleaner

2014-03-11 22:41:12 ----D---- C:\Windows\winsxs

2014-03-11 22:39:53 ----D---- C:\Program Files\Microsoft Silverlight

2014-03-11 22:37:29 ----D---- C:\Windows\system32\migration

2014-03-11 22:37:28 ----D---- C:\Program Files\Internet Explorer

2014-03-11 22:32:35 ----D---- C:\ProgramData\Microsoft Help

2014-03-11 22:31:11 ----D---- C:\Windows\system32\catroot2

2014-03-11 22:30:50 ----D---- C:\Windows\Prefetch

2014-03-11 22:28:40 ----D---- C:\Windows\system32\MRT

2014-03-11 22:24:34 ----A---- C:\Windows\system32\MRT.exe

2014-03-11 21:07:29 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2014-03-11 20:54:31 ----D---- C:\Users\Vincent\AppData\Roaming\Mozilla

2014-03-09 17:58:34 ----D---- C:\Windows\Microsoft.NET

2014-03-09 17:57:14 ----RSD---- C:\Windows\assembly

2014-03-09 17:19:53 ----D---- C:\Windows\system32\WNLT

2014-03-09 17:19:52 ----D---- C:\Windows\system32\ARFC

2014-03-08 17:08:20 ----D---- C:\Users\Vincent\AppData\Roaming\vlc

2014-03-08 11:36:25 ----D---- C:\Windows\rescache

2014-03-07 10:46:23 ----D---- C:\Windows\system32\nl-NL

2014-03-05 13:35:34 ----D---- C:\ProgramData\YTD Video Downloader

2014-03-05 12:38:47 ----D---- C:\Program Files\Mozilla Thunderbird

2014-03-05 12:38:47 ----D---- C:\Program Files\Mozilla Firefox

2014-03-05 12:07:13 ----D---- C:\Windows\system32\wbem

2014-03-05 12:04:44 ----RD---- C:\Program Files\Skype

2014-03-05 12:04:41 ----D---- C:\ProgramData\Skype

2014-03-04 11:35:56 ----A---- C:\Windows\system32\ImHttpComm.dll

2014-03-04 11:31:10 ----A---- C:\Windows\system32\msvcr80.dll

2014-03-04 11:31:10 ----A---- C:\Windows\system32\msvcr100.dll

2014-03-04 11:31:10 ----A---- C:\Windows\system32\msvcp80.dll

2014-03-04 11:31:10 ----A---- C:\Windows\system32\msvcp100.dll

2014-03-04 11:31:10 ----A---- C:\Windows\system32\msvcm80.dll

2014-02-25 20:53:47 ----D---- C:\Users\Vincent\AppData\Roaming\FileAdvisor

2014-02-22 16:42:44 ----D---- C:\Program Files\Windows Media Player

2014-02-22 16:39:51 ----D---- C:\Program Files\Mozilla Maintenance Service

2014-02-21 16:50:28 ----D---- C:\Program Files\Garmin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R0 Si3531;SiI-3531 SATA Controller; C:\Windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520]

R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys [2009-02-05 17064]

R0 SiRemFil;SATALink External Device Filter; C:\Windows\system32\DRIVERS\SiRemFil.sys [2009-02-05 12200]

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1501000.012\SYMDS.SYS [2013-09-10 367704]

R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1501000.012\SYMEFA.SYS [2013-09-27 935512]

R1 BHDrvx86;BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [2013-12-18 1098968]

R1 ccSet_NIS;NIS Settings Manager; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [2013-09-26 127064]

R1 CLBStor;InstantBurn Storage Helper Driver; C:\Windows\system32\drivers\CLBStor.sys [2009-10-07 15784]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2014-02-20 376920]

R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [2013-05-29 26248]

R1 IDSVix86;IDSVix86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140313.001\IDSvix86.sys [2014-03-06 395992]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [2013-09-10 32344]

R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2013-09-10 63576]

R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [2013-09-27 206936]

R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NIS\1501000.012\SYMNETS.SYS [2013-09-26 446552]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; C:\Windows\system32\drivers\CLBUDF.sys [2009-10-07 163368]

R2 PDFsFilter;PDFsFilter; C:\Windows\system32\DRIVERS\PDFsFilter.sys [2013-05-29 68464]

R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-20 117760]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-09-28 9107968]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-09-28 370176]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]

R3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmudax3.sys [2010-02-09 1872192]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-02-20 108120]

R3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-01-07 15384]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192]

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2011-09-02 30360]

R3 NAVENG;NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140314.016\NAVENG.SYS [2014-02-20 93272]

R3 NAVEX15;NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140314.016\NAVEX15.SYS [2014-02-20 1612376]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2012-06-13 552080]

R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1501000.012\SRTSP.SYS [2013-09-27 651352]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2013-10-24 142936]

S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]

S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2010-01-20 14216]

S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 19984]

S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2010-01-20 8456]

S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]

S3 FETNDIS;Stuurprogrammaservice voor VIA Rhine-Family Fast Ethernet-adapter; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-13 44032]

S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]

S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]

S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248]

S3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248]

S3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]

S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]

S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]

S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]

S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RTS5121.sys []

S3 Rts516xIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-07-09 44032]

S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\Rts5161ccid.sys []

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]

S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 28160]

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-09-28 217600]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 DymoPnpService;DYMO PnP Service; C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe [2014-02-03 33072]

R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-08-22 220504]

R2 GladFileMonSvc;GladFileMonSvc; C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2012-07-18 29592]

R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [2013-12-03 1168960]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-10-08 275696]

R2 NMSAccess;NMSAccess; C:\Windows\system32\NMSAccessU.exe [2009-01-12 71096]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2014-03-12 132504]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872]

R2 PDFProFiltSrv;PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [2012-10-23 135056]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-07-07 247152]

R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe [2014-01-09 770432]

R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-09 136176]

S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11 257928]

S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-09 136176]

S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2012-11-29 552848]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-15 118896]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]

S4 DMDefragService;PC Tools Performance Toolkit Defrag Service; C:\Program Files\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2012-08-24 1147040]

S4 DMRepairService;PC Tools Performance Toolkit Repair Service; C:\Program Files\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2012-08-24 1134240]

S4 GreenPrint;GreenPrint; C:\Program Files\GreenPrint\GPSRHT01.exe [2011-01-07 520744]

S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192]

S4 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]

S4 Web Assistant;Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe []

-----------------EOF-----------------

[kape]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0};c
 {50fafaf0-70a9-419d-a109-fa4b4ffd4e37};c
 C:\Windows\tasks\ParetoLogic Registration3.job;f
 C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job;f
 C:\Windows\tasks\ParetoLogic Update Version3.job;f
 C:\Windows\455F074C814E4520B69B5584BD90400C.TMP;f
 Web Assistant;s
 C:\Program Files\Web Assistant;fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[Packard]

Hierbij mijn logje van zoek.exe

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Vincent on zo 16/03/2014 at 13:42:50,77.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Vincent\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

16/03/2014 13:45:01 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\1-abc deleted successfully

C:\Program Files\Free FLV Converter deleted successfully

C:\Program Files\Moo0 deleted successfully

C:\Program Files\Oracle deleted successfully

C:\Program Files\Symantec deleted successfully

C:\Program Files\System Explorer deleted successfully

C:\PROGRA~2\Easy Driver Pro deleted successfully

C:\PROGRA~2\FilerFrog deleted successfully

C:\PROGRA~2\Gaaiho deleted successfully

C:\PROGRA~2\ioloGovernor deleted successfully

C:\PROGRA~2\Oracle deleted successfully

C:\PROGRA~2\PCSettings deleted successfully

C:\PROGRA~2\WinZipEC deleted successfully

C:\Users\Vincent\AppData\Roaming\FileAdvisor deleted successfully

C:\Users\Vincent\AppData\Roaming\IBKPRO deleted successfully

C:\Users\Vincent\AppData\Roaming\NeroDigital deleted successfully

C:\Users\Vincent\AppData\Roaming\Pegasus Mail deleted successfully

C:\Users\Vincent\AppData\Local\Apps deleted successfully

C:\Users\Vincent\AppData\Local\CrashDumps deleted successfully

C:\Users\Vincent\AppData\Local\CutePDF Writer deleted successfully

C:\Users\Vincent\AppData\Local\DiskBoss deleted successfully

C:\Users\Vincent\AppData\Local\PackageAware deleted successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2392715913-1583164460-4155244652-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96} deleted successfully

HKEY_USERS\S-1-5-21-2392715913-1583164460-4155244652-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2392715913-1583164460-4155244652-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully

HKEY_USERS\S-1-5-21-2392715913-1583164460-4155244652-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully

HKEY_USERS\S-1-5-21-2392715913-1583164460-4155244652-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} deleted successfully

HKEY_USERS\S-1-5-21-2392715913-1583164460-4155244652-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_20141603_1358_.backup

ProfilePath: C:\Users\Vincent\AppData\Roaming\Mozilla\Sunbird\Profiles\oe1koun1.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_20141603_1358_.backup

ProfilePath: C:\Users\Vincent\AppData\Roaming\Thunderbird\Profiles\7ismabp0.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_20141603_1358_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Web Assistant not found

C:\Program Files\Advanced Driver Updater deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Driver Updater deleted

C:\Program Files\Mozilla Firefox\defaults\preferences\autoconfig.js deleted

C:\Program Files\Alawar deleted

C:\Program Files\ParetoLogic deleted

C:\Program Files\Common Files\ParetoLogic deleted

C:\Program Files\Registry Mechanic deleted

C:\Program Files\ConduitEngine deleted

C:\Users\Vincent\AppData\Roaming\shshortcut.ico deleted

C:\Users\Vincent\AppData\Roaming\PCCUStubInstaller deleted

C:\Users\Vincent\AppData\Roaming\ParetoLogic deleted

C:\Users\Vincent\AppData\Roaming\DriverCure deleted

C:\Users\Vincent\AppData\Roaming\Registry Mechanic deleted

C:\Users\Vincent\AppData\Roaming\GetRightToGo deleted

C:\Users\Vincent\AppData\Roaming\Systweak deleted

C:\Users\Vincent\PP_MOTION.TMP deleted

C:\Users\Vincent\PP_ROTATE_SLIDE.TMP deleted

C:\PROGRA~2\AlawarWrapper deleted

C:\PROGRA~2\ParetoLogic deleted

C:\PROGRA~2\YTD Video Downloader deleted

C:\PROGRA~2\Package Cache deleted

C:\Users\Vincent\AppData\Local\eSupport.com deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader deleted

C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic deleted

C:\Users\Vincent\AppData\LocalLow\ConduitEngine deleted

C:\Windows\tasks\ParetoLogic Registration3.job deleted

C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job deleted

C:\Windows\tasks\ParetoLogic Update Version3.job deleted

C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job deleted

C:\Windows\system32\tasks\Wise Registry Cleaner Schedule Task deleted

C:\Windows\system32\tasks\RunAsStdUser Task deleted

C:\Windows\tasks\AdvancedDriverUpdater_UPDATES.job deleted

C:\Windows\system32\tasks\AdvancedDriverUpdater_UPDATES deleted

C:\Windows\system32\ImHttpComm.dll deleted

C:\Windows\System32\jmdp deleted

C:\Windows\System32\ARFC deleted

C:\Windows\System32\WNLT deleted

C:\Users\Public\Documents\AlawarWrapper deleted

C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default\extensions\firefox@ghostery.com.xpi deleted

C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default\GoogleToolbarData deleted

C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default\jetpack deleted

C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default\CT2475029 deleted

C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default\CT2724386 deleted

C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default\conduit deleted

C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default\ConduitEngine deleted

"C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla22.exe" deleted

"C:\Windows\455F074C814E4520B69B5584BD90400C.TMP" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2014-03-16 12:36:00 227DB78225247B1EC33DD611F920A0CE 523271762 ----a-w- C:\Windows\MEMORY.DMP

====== C:\Users\Vincent\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

2014-03-11 21:30:55 22535A5C5F13BBA4F8D8FCA4F2593188 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2014-03-11 21:30:54 9709ECC60A792387BBCD6AE1910B0413 73216 ----a-w- C:\Windows\System32\mshtmled.dll

2014-03-11 21:30:54 487D42D589DA9BEB7B6B3C725AB35343 421376 ----a-w- C:\Windows\System32\vbscript.dll

2014-03-11 21:30:53 FEA5277475F3EFC35C4AA7E95F553D5E 176640 ----a-w- C:\Windows\System32\ieui.dll

2014-03-11 21:30:53 F9DDC41D5B745EBDC673706C0575A260 142848 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-11 21:30:53 B9714A9ED8BAA0106DDE60537B4CE710 65536 ----a-w- C:\Windows\System32\jsproxy.dll

2014-03-11 21:30:52 C6B18D484DE84DCB479F25A393054B1F 607744 ----a-w- C:\Windows\System32\msfeeds.dll

2014-03-11 21:30:52 1E5DF19A5F053345430D7AF87943C47A 1129472 ----a-w- C:\Windows\System32\wininet.dll

2014-03-11 21:30:51 E6BB9F479A08B2588D2704FA288777B7 717824 ----a-w- C:\Windows\System32\jscript.dll

2014-03-11 21:30:51 5A6F0A2EAB066E5E3C578076623FEBF8 231936 ----a-w- C:\Windows\System32\url.dll

2014-03-11 21:30:51 0763D2835B7EF92E1DB630AB1BBA0D0F 1806848 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-11 21:30:50 8232228138E4859F3738DD1E4A8C692C 1105408 ----a-w- C:\Windows\System32\urlmon.dll

2014-03-11 21:30:50 6B6879BE739279EDD2E4E28ED9911DBF 1796096 ----a-w- C:\Windows\System32\iertutil.dll

2014-03-11 21:30:49 D198BE229744F2E87743BB82D4C29A18 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-11 21:30:49 AC7811B550AC49013C9D83D998C8C740 9739264 ----a-w- C:\Windows\System32\ieframe.dll

2014-03-11 21:30:47 4F23BB46E26DC87F01563B8A96526075 12347904 ----a-w- C:\Windows\System32\mshtml.dll

2014-03-11 20:06:28 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 ----a-w- C:\Windows\System32\qedit.dll

2014-03-11 20:06:27 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-03-11 20:06:27 7CC38741B8F68F1E0D5D79DA6123666A 185344 ----a-w- C:\Windows\System32\wwansvc.dll

2014-03-11 20:06:27 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys

2014-03-11 20:06:26 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\System32\wer.dll

2014-03-06 16:31:28 204882085A7D984D455AA4DE7B7074C6 5694464 ----a-w- C:\Windows\System32\mstscax.dll

2014-03-05 11:03:46 F37167FCDB661FD4B54CAD4755ABDD61 32256 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

2014-03-05 11:03:45 D60E27D4BD5A91FCD17D2CB27F86738E 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2014-03-05 11:03:44 AF40D823F3B03C7899AEF2293F84D0D7 76288 ----a-w- C:\Windows\System32\TSWbPrxy.exe

2014-03-05 11:03:44 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\System32\wksprtPS.dll

2014-03-05 11:03:44 A90F47CDCC0898733596B5070039FC15 14336 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2014-03-05 11:03:44 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\System32\tsgqec.dll

2014-03-05 11:03:44 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\System32\rdvidcrl.dll

2014-03-05 11:03:44 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll

2014-03-05 11:03:44 0FC6922517964E9D90DE84DC86F63E40 350208 ----a-w- C:\Windows\System32\wksprt.exe

2014-03-05 11:03:43 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\System32\mstsc.exe

2014-03-05 11:03:30 AAB5D8C5ABE71873DC19ED004EF25009 792576 ----a-w- C:\Windows\System32\TSWorkspace.dll

====== C:\Windows\system32\drivers =====

2014-03-05 11:03:44 C6A5FBD4977305E1FA23E02C042DB463 49152 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-03-15 14:53:11 -------- d-----w- C:\Program Files\trend micro

2014-03-12 22:45:46 -------- d-----w- C:\Program Files\Enigma Software Group

======= C: =====

2014-03-12 23:26:45 D07138915E1B489BA08D2DBDFF441A60 285747 ----a-w- C:\shldr

2014-03-12 23:26:45 025926B83A938B5215F3C1DCC882F21C 8192 ----a-w- C:\shldr.mbr

====== C:\Users\Vincent\AppData\Roaming ======

2014-03-12 22:45:48 -------- d-----w- C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2014-03-12 13:15:37 D4DB493A2D0DA92C3FD699F8BD3BBC97 265216 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat

====== C:\Users\Vincent ======

2014-03-15 14:51:51 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Vincent\Desktop\RSIT.exe

2014-03-12 18:09:44 C4ACBA1923CDD3E13DC82CFCE8B78595 3059176 ----a-w- C:\Users\Vincent\Desktop\NPE.exe

====== C: exe-files ==

2014-03-16 12:08:26 F914FF4B54A8FBD7922269C90C5ACB59 44313051 ----a-w- C:\Users\Vincent\AppData\Roaming\iolo\SafetyNet\Sched\{DBE5D191-1874-4443-A2C9-A0692FE2B347}\{74D6A381-5E8A-4FE0-8CD3-C3F7A75B57C0}.exe

2014-03-15 14:53:13 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Vincent.exe

2014-03-15 14:51:51 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Vincent\Desktop\RSIT.exe

2014-03-12 22:45:48 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Vincent\AppData\Roaming\Microsoft\Installer\{455F074C-814E-4520-B69B-5584BD90400C}\IconF7A21AF7.exe

2014-03-12 22:45:48 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Vincent\AppData\Roaming\Microsoft\Installer\{455F074C-814E-4520-B69B-5584BD90400C}\IconD7F16134.exe

2014-03-12 22:45:48 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Vincent\AppData\Roaming\Microsoft\Installer\{455F074C-814E-4520-B69B-5584BD90400C}\IconCF33A0CE.exe

2014-03-12 18:09:44 C4ACBA1923CDD3E13DC82CFCE8B78595 3059176 ----a-w- C:\Users\Vincent\Desktop\NPE.exe

2014-03-12 11:48:35 4602FBD03DE65F67E17CBCA938F3352B 43583 ----a-w- C:\Users\Vincent\AppData\Roaming\iolo\SafetyNet\Sched\{0EF886BE-9666-48CC-829E-7FED74D52069}\{5FB8D506-31D3-4FB4-8F7E-2270B1CC22E7}.exe

2014-03-12 11:48:32 7344BEEB2CA68A83035CBD4F30172002 392923 ----a-w- C:\Users\Vincent\AppData\Roaming\iolo\SafetyNet\Sched\{0EF886BE-9666-48CC-829E-7FED74D52069}\{27E29B7C-4EAC-4C13-A082-EB1343DB5B60}.exe

2014-03-12 11:48:32 222E8DF343D59AC7C01258C69B3D4EB1 121301 ----a-w- C:\Users\Vincent\AppData\Roaming\iolo\SafetyNet\Sched\{0EF886BE-9666-48CC-829E-7FED74D52069}\{E3C10712-14E1-4FD2-B60F-D998771BA814}.exe

2014-03-12 11:48:30 2F26CF617A5B2DADD11416D8CE395C35 2006473 ----a-w- C:\Users\Vincent\AppData\Roaming\iolo\SafetyNet\Sched\{0EF886BE-9666-48CC-829E-7FED74D52069}\{1B02D54F-D930-40A9-882F-81D8C466DDF2}.exe

2014-03-11 21:30:53 F9DDC41D5B745EBDC673706C0575A260 142848 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-11 21:30:53 5FCF80E143622A45ED09423A4EB31EA0 468480 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2014-03-11 21:30:51 10EB5C0E376727E21198B14E2F1637F7 757488 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2014-03-09 16:21:33 A815AD425AB45A90CBBE8B86BBC4BA4A 3614624 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AF23QE9\SkywalkerSetup[3].exe

2014-03-09 16:18:37 6F713369B7879A7D666B427CD11CE02F 4156208 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51QKGINM\WSSetup[1].exe

=== C: other files ==

2014-03-16 12:08:25 07829EA3F389F68F5C89BCB901981B0D 55340 ----a-w- C:\Users\Vincent\AppData\Roaming\iolo\SafetyNet\Sched\{DBE5D191-1874-4443-A2C9-A0692FE2B347}\{C7EF4E48-D591-44F2-B121-4D2A20A3976A}.xpi

2014-03-12 22:46:04 FE2223105C443BE7FD931EE34C0B2264 6434176 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SH4.com

2014-03-11 20:06:27 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2392715913-1583164460-4155244652-1000\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe"

"Google Update"="C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-21-2392715913-1583164460-4155244652-1000\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"Everything"="C:\Program Files\Everything\Everything.exe -startup"

"SSDMonitor"="C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe"

[HKEY_USERS\S-1-5-21-2392715913-1583164460-4155244652-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"DeskDriveStartup"="C:\Program Files\Blue Onion Software\Desk Drive\DeskDrive.exe"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"RtHDVCpl"="RtHDVCpl.exe"

"Launch LgDeviceAgent"="c:\program files\logitech\gamepanel software\lgdevagt.exe"

"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler"

"Nuance PDF Converter Professional 8-reminder"="C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DeskDriveStartup"="C:\Program Files\Blue Onion Software\Desk Drive\DeskDrive.exe"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATICustomerCare]

"command"="\"C:\\Program Files\\ATI\\ATICustomerCare\\ATICustomerCare.exe\""

"hkey"="HKLM"

"item"="ATICustomerCare"

"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Garmin Lifetime Updater]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Garmin Lifetime Updater"

"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]

"command"="\"C:\\Program Files\\Garmin\\Express Tray\\ExpressTray.exe\""

"hkey"="HKCU"

"item"="GarminExpressTrayApp"

"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF8 Registry Controller]

"command"="\"C:\\Program Files\\Nuance\\PDF Professional 8\\RegistryController.exe\""

"hkey"="HKLM"

"item"="PDF8 Registry Controller"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDFProHook]

"command"="\"C:\\Program Files\\Nuance\\PDF Professional 8\\pdfpro8hook.exe\""

"hkey"="HKLM"

"item"="PDFProHook"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDVD8LanguageShortcut]

"command"="\"C:\\Program Files\\CyberLink\\PowerDVD8\\Language\\Language.exe\""

"hkey"="HKLM"

"item"="PDVD8LanguageShortcut"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gaaiho Collaboration.lnk]

"backup"="C:\\Windows\\pss\\Gaaiho Collaboration.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\Program Files\\Zeon\\Gaaiho\\Gaaiho Go Lite 3\\bin\\GaaihoGo3.exe"

"item"="Gaaiho Collaboration"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk]

"backup"="C:\\Windows\\pss\\Nuance Cloud Connector.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\Program Files\\Nuance\\Nuance Cloud Connector\\GladLauncher.exe"

"item"="Nuance Cloud Connector"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/03/2014 21:07]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/05/2010 15:22]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/05/2010 15:22]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392715913-1583164460-4155244652-1000Core.job --a------ C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe [20/10/2011 10:43]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392715913-1583164460-4155244652-1000UA.job --a------ C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe [20/10/2011 10:43]

C:\Windows\tasks\PTAutoUpdate.job --a------ C:\Program Files\PC Tools\PC Tools Utilities\SULauncher.exe [24/08/2012 10:21]

C:\Windows\tasks\RMAutoUpdate.job --a------ C:\Program Files\Registry Mechanic\SULauncher.exe []

C:\Windows\tasks\SmartDefrag.job --a------ C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe []

C:\Windows\tasks\XoftSpySE.job --a------ C:\Program Files\XoftSpySE6\XoftSpySELauncher.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2392715913-1583164460-4155244652-1000Core" [C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2392715913-1583164460-4155244652-1000UA" [C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\iolo Process Governor" [C:\Program Files\iolo\System Mechanic\iologovernor.exe]

"C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe"]

"C:\Windows\system32\tasks\PTAutoUpdate" [C:\Program Files\PC Tools\PC Tools Utilities\SULauncher.exe]

"C:\Windows\system32\tasks\RMAutoUpdate" [C:\Program Files\Registry Mechanic\SULauncher.exe]

"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\system32\tasks\SmartDefrag" [C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe]

"C:\Windows\system32\tasks\XoftSpySE" [C:\Program Files\XoftSpySE6\XoftSpySELauncher.exe]

"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\system32\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe]

"C:\Windows\system32\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe]

"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF" [24/10/2013 17:42]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default

- PDF Converter - C:\Program Files\Nuance\PDF Professional 8\FireFox

- Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF

- Undetermined - %ProfilePath%\extensions\b17471193c893bfe6084dc424bcc35ddf289a6ab9ee46c2f5aef85901071b94a_lp.key

- Undetermined - %ProfilePath%\extensions\b17471193c893bfe6084dc424bcc35ddf289a6ab9ee46c2f5aef85901071b94a_lp.key

- PDF Converter - %ProfilePath%\extensions\nuance@pdf8

- DoNotTrackMe: Online Privacy Protection - %ProfilePath%\extensions\donottrackplus@abine.com

- Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org

- LastPass - %ProfilePath%\extensions\support@lastpass.com

- Forecastfox - %ProfilePath%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

- Memory Fox - %ProfilePath%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi

- NewIPNow.com Proxy Switcher - %ProfilePath%\extensions\extension@newipnow.com.xpi

- Google Shortcuts - %ProfilePath%\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi

- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

- Googlebar Lite - %ProfilePath%\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

- Download Statusbar - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

ProfilePath: C:\Users\Vincent\AppData\Roaming\Mozilla\Sunbird\Profiles\oe1koun1.default

- Undetermined - C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

- Undetermined - C:\Program Files\Mozilla Sunbird\extensions\calendar-timezones@mozilla.org

- Noia eXtreme - %ProfilePath%\extensions\noia3_full@gd.noia

- Gantt View - %ProfilePath%\extensions\{1510928E-A4FA-43C2-A9AF-99E521B90BC5}

- Chromatasks - %ProfilePath%\extensions\{25cf5f06-b211-4df3-9d5a-c0ab253a5561}

ProfilePath: C:\Users\Vincent\AppData\Roaming\Thunderbird\Profiles\7ismabp0.default

- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

- Mail Merge - %ProfilePath%\extensions\mailmerge@example.net.xpi

- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default

95812430959AE88CDD0301AB3A71913B - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash

3C18D738E6935A725C6E0B67753EB436 - C:\Users\Vincent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator

2F3587B0A091498F3891168D186FDF48 - C:\Users\Vincent\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer

1B55013836401FBA5CF7A1C5B0BAA7CA - C:\Users\Vincent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin

A9C86900D2A61728C8326FE7147617C5 - C:\Users\Vincent\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update

01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In

A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update

C5F131D52952D1CF4B68DEFC532F19C6 - C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll - DYMO Label Framework

AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U40

AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43

D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

0C0C5C207121C7A78414A8250E8E099A - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director

C1680C34DE8A405C8829AB93236576FD - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

584D2AC33EE1467572F9C8A1A36AB781 - C:\Program Files\Nuance\PDF Professional 8\Bin\nppdf.dll - Gaaiho Doc

209FE38A622E3A30CE01B5D95E1D6241 - C:\Program Files\Garmin GPS Plugin\npGarmin.dll - Garmin Communicator Plug-In

24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox

28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dlnembnfbcpjnepmfjmngjenhhajpdfd - No path found[]

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx[19/01/2014 18:42]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.wielertoerist.be/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.wielertoerist.be/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Driver Updater_is1 deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Vincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Vincent\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Vincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Vincent\AppData\Local\Mozilla\Firefox\Profiles\fs4ktcg0.default\Cache emptied successfully

C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default\forecastfox\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Vincent\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Vincent\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Vincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on zo 16/03/2014 at 14:51:01,73 ======================

[kape]

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.
  

[Packard]

Ziehier mijn log na uitvoering van AdwCleaner.

# AdwCleaner v3.022 - Report created 17/03/2014 at 19:08:38

# Updated 13/03/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : Vincent - VINCENT-PC

# Running from : C:\Users\Vincent\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41651524-E5BA-4721-8200-C4173741328D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_google-earth-plugin_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_google-earth-plugin_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1303707-CFAE-4C4C-85C0-361F6E1A2A8D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAC6FB9D-C6A4-410D-BA9D-D42A98747D56}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\wnlt

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2

Key Deleted : HKLM\Software\conduitEngine

Key Deleted : HKLM\Software\ParetoLogic

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\Uniblue

Key Deleted : HKLM\Software\Web Assistant

Key Deleted : HKLM\Software\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16540

-\\ Mozilla Firefox v27.0.1 (nl)

[ File : C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\fs4ktcg0.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [3767 octets] - [17/03/2014 19:06:40]

AdwCleaner[s0].txt - [3514 octets] - [17/03/2014 19:08:38]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3574 octets] ##########

[kape]

Hiermee is ook weer flink wat rotzooi van de PC gehaald. Heb je nu nog merkbare problemen ?

[Packard]

Ok.

Ik heb zo direct geen merkbare problemen.

Wat doe ik nu met Spyhunter en hoe geraak ik af van de automatische abonementsverlenging van Spyhunter?

Moet ik buiten mijn Norton IS nog iets installeren om zo'n problemen niet meer te krijgen?

[kape]

Nu je Spyhunter hebt gedownload en betaald, zal je er verder geen problemen meer door hebben. Maar bij het aanbieden van een verlenging, zou ik alvast niet ingaan op dit aanbod en het programma op dat moment verwijderen.

Met Norton IS zit je goed wat de bescherming betreft. Als extra zou je nog de gratis versie van Malwarebytes kunnen toevoegen.

De gebruikte tools en nog wat overbodige restjes mag je nu verwijderen:

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”.

Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'.

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”.

Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”.

Dan krijg je de vraag om een back-up te maken. Klik op “JA”.

Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

[Packard]

https://www.malwarebytes.org/

Vraagje, is dit de juiste url voor malwarebytes?

[kape]

Beter nog is HIER te downloaden. Dan krijg je (na het tweede scherm) een onmiddellijke download aangeboden.