Hijackthis logje

Heb last van reclamepop-ups en onderlijnde woorden :/

als iemand zo vriendelijk zou willen zijn om mijn logje na te kijken!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:00:40 AM, on 2/19/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe

C:\Windows\SysWOW64\rundll32.exe

D:\wirelesscm.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

D:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe

D:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe

C:\Users\Kevin\AppData\Local\GamersFirst\LIVE!\Live.exe

D:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe

C:\Users\Kevin\AppData\Roaming\Yontoo\YontooDesktop.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost #[iPv6]

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll

O2 - BHO: Hotspot Shield - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler

O4 - HKLM\..\Run: [CPMonitor] "D:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"

O4 - HKLM\..\Run: [Desktop Disc Tool] "D:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon

O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [EADM] "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\Daemon tools\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [steam] "D:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [steelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Kevin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: GamersFirst LIVE!.lnk = Kevin\AppData\Local\GamersFirst\LIVE!\Live.exe

O4 - Startup: Samsung Magician.lnk = D:\Samsung SSD Magician\Samsung Magician.exe

O4 - Global Startup: Wireless Connection Manager.lnk = ?

O8 - Extra context menu item: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1358191722211

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxMediaDB13 - Rovi Corporation - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe

O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Rovi Corporation - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WlanWpsSvc - Unknown owner - D:\WlanWpsSvc.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14677 bytes

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll

O4 - HKCU\..\Run: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Kevin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

O8 - Extra context menu item: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

dankje voor je snelle reactie, RSIT-log:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Kevin at 2014-02-19 11:43:28

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 7 GB (6%) free of 114 GB

Total RAM: 8078 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:43:29 AM, on 2/19/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe

D:\wirelesscm.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

D:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe

D:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe

C:\Users\Kevin\AppData\Local\GamersFirst\LIVE!\Live.exe

D:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe

C:\Users\Kevin\AppData\Roaming\Yontoo\YontooDesktop.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\Kevin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost #[iPv6]

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Hotspot Shield - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler

O4 - HKLM\..\Run: [CPMonitor] "D:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"

O4 - HKLM\..\Run: [Desktop Disc Tool] "D:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon

O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [EADM] "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\Daemon tools\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [steam] "D:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [steelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: GamersFirst LIVE!.lnk = Kevin\AppData\Local\GamersFirst\LIVE!\Live.exe

O4 - Startup: Samsung Magician.lnk = D:\Samsung SSD Magician\Samsung Magician.exe

O4 - Global Startup: Wireless Connection Manager.lnk = ?

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1358191722211

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxMediaDB13 - Rovi Corporation - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe

O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Rovi Corporation - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WlanWpsSvc - Unknown owner - D:\WlanWpsSvc.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13740 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

"C:\Windows\system32\nvvsvc.exe"

"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"

C:\Windows\system32\svchost.exe -k RPCSS

"C:\Program Files\Microsoft Security Client\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"

C:\Windows\system32\nvvsvc.exe -session -first

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

"C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe"

"C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe"

"C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe"

"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"

"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"taskhost.exe"

taskeng.exe {6A03F123-3BCB-44A1-9B96-90B40D67BBEF}

"D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"

"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"

D:\WlanWpsSvc.exe

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Kevin\AppData\Roaming\Yontoo\YontooDesktop.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp

\??\C:\Windows\system32\conhost.exe "-1497997933-1326760821-1287065954-18913637631339321364-310950238-11854003831608150903

"C:\Program Files\Microsoft Security Client\NisSrv.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

WLIDSvcM.exe 2440

"C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe"

"C:\Windows\System32\StikyNot.exe"

"C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1

"D:\wirelesscm.exe"

"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"D:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"

"D:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"

"C:\Users\Kevin\AppData\Local\GamersFirst\LIVE!\Live.exe" /silent

"D:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files\iPod\bin\iPodService.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

-nolaunchurl

C:\Users\Kevin\AppData\Roaming\Yontoo\YontooDesktop.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\sppsvc.exe

"C:\Windows\system32\wuauclt.exe"

wmiadap.exe /F /T /R

taskhost.exe $(Arg0)

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4828.0.1861434800\2105229249" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23,28 --gpu-vendor-id=0x10de --gpu-device-id=0x1189 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3489 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group6 pct:10f stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4828.1.1564790786\60927414" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group6 pct:10f stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4828.2.1054520887\1978375620" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group6 pct:10f stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4828.4.612946118\113073143" /prefetch:673131151

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

"C:\Users\Kevin\Downloads\RSITx64.exe"

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\Digital Sites.job

C:\Windows\tasks\DSite.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

Hotspot Shield Class - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [2013-06-21 287048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]

DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]

Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14 175776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-17 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

Hotspot Shield Toolbar - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll [2013-07-16 231712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-17 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

Hotspot Shield Class - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll [2013-06-21 233288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll [2013-07-16 231712]

{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14 4372120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-10-10 171040]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-10-10 399392]

"Persistence"=C:\Windows\system32\igfxpers.exe [2012-10-10 441888]

"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe -f C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat []

"MSC"=C:\Program Files\Microsoft Security Client\mssecex.exe -hide -runkey []

"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2013-02-28 7468784]

"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-01-31 12446824]

"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-01-21 2234144]

"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-01-21 1179576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"EADM"=D:\Program Files (x86)\Origin\Origin.exe [2013-06-04 3456080]

"DAEMON Tools Lite"=D:\Program Files\Daemon tools\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]

"Steam"=D:\Program Files\Steam\Steam.exe [2014-02-11 1824000]

"SteelSeries Engine"=C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [2013-06-12 241152]

"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe []

"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]

"uTorrent"=C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe [2013-11-15 900440]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

""= []

"RoxWatchTray"=C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [2011-07-13 293360]

"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2010-05-21 324976]

"CPMonitor"=D:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe [2011-07-08 84464]

"Desktop Disc Tool"=D:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe [2011-06-12 506352]

"beid"=C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup []

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]

"iTunesHelper"=D:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-09-17 152392]

"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]

"IJNetworkScannerSelectorEX"=C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2012-03-26 449168]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Wireless Connection Manager.lnk - D:\wirelesscm.exe

C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

GamersFirst LIVE!.lnk - C:\Users\Kevin\AppData\Local\GamersFirst\LIVE!\Live.exe

Samsung Magician.lnk - D:\Samsung SSD Magician\Samsung Magician.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2012-10-10 441856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"VIDC.I420"=lvcod64.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"MSVideo"=vfwwdm32.dll

"MSVideo8"=VfWWDM32.dll

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux2"=wdmaud.drv

"wave5"=wdmaud.drv

"midi5"=wdmaud.drv

"mixer5"=wdmaud.drv

"aux4"=wdmaud.drv

"VIDC.FPS1"=frapsv64.dll

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave6"=wdmaud.drv

"midi6"=wdmaud.drv

"mixer6"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-02-18 23:10:54 ----D---- C:\Program Files (x86)\AGEIA Technologies

2014-02-18 23:10:13 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvopencl.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvinit.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\NvIFR.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\NvFBC.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvcuda.dll

2014-02-18 23:08:12 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\nvopencl.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\nvoglshim64.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\NvIFROpenGL.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\NvIFR64.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\NvFBC64.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\nvEncodeAPI64.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\nvdispgenco6433489.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\nvdispco6433489.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\nvcuvid.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\nvcuvenc.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\nvcuda.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\nvcompiler.dll

2014-02-18 23:08:12 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys

2014-02-15 19:40:46 ----D---- C:\Program Files (x86)\Soul's Software

2014-02-15 14:42:38 ----D---- C:\Program Files\trend micro

2014-02-15 14:42:37 ----D---- C:\rsit

2014-02-15 14:38:22 ----D---- C:\ProgramData\Razer

2014-02-15 14:38:22 ----D---- C:\Program Files (x86)\Razer

2014-02-12 15:35:59 ----D---- C:\Users\Kevin\AppData\Roaming\DigitalSites

2014-02-05 01:45:49 ----D---- C:\Users\Kevin\AppData\Roaming\Ventrilo

2014-02-05 01:45:33 ----D---- C:\Program Files\Ventrilo

2014-02-05 01:45:33 ----A---- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

2014-01-27 16:13:26 ----A---- C:\Windows\system32\nvhdap64.dll

2014-01-27 16:13:26 ----A---- C:\Windows\system32\nvdispgenco6433221.dll

2014-01-27 16:13:26 ----A---- C:\Windows\system32\nvdispco6433221.dll

2014-01-27 16:13:26 ----A---- C:\Windows\system32\drivers\nvhda64v.sys

2014-01-23 01:37:35 ----A---- C:\Windows\SYSWOW64\nvspcap.dll

2014-01-23 01:37:35 ----A---- C:\Windows\system32\nvspcap64.dll

2014-01-23 01:37:11 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll

2014-01-23 01:37:11 ----A---- C:\Windows\system32\nvaudcap64v.dll

2014-01-23 01:37:11 ----A---- C:\Windows\system32\drivers\nvvad64v.sys

======List of files/folders modified in the last 1 month======

2014-02-19 11:42:57 ----D---- C:\Users\Kevin\AppData\Roaming\uTorrent

2014-02-19 11:39:50 ----D---- C:\Windows\Temp

2014-02-19 11:38:50 ----D---- C:\Users\Kevin\AppData\Roaming\Yontoo

2014-02-19 11:38:24 ----D---- C:\Users\Kevin\AppData\Roaming\TS3Client

2014-02-19 11:37:51 ----D---- C:\Windows\system32\Tasks

2014-02-19 11:37:45 ----D---- C:\ProgramData\NVIDIA

2014-02-19 00:42:09 ----D---- C:\Windows\system32\config

2014-02-19 00:26:40 ----D---- C:\Windows\System32

2014-02-19 00:26:40 ----D---- C:\Windows\inf

2014-02-19 00:26:40 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-02-19 00:19:58 ----D---- C:\Users\Kevin\AppData\Roaming\Skype

2014-02-18 23:38:55 ----D---- C:\Windows

2014-02-18 23:38:16 ----D---- C:\Windows\SysWOW64

2014-02-18 23:10:56 ----SHD---- C:\Windows\Installer

2014-02-18 23:10:54 ----RD---- C:\Program Files (x86)

2014-02-18 23:10:54 ----D---- C:\Program Files (x86)\NVIDIA Corporation

2014-02-18 23:10:12 ----D---- C:\Temp

2014-02-18 23:10:10 ----D---- C:\Windows\system32\DriverStore

2014-02-18 23:10:10 ----D---- C:\Windows\system32\catroot

2014-02-18 23:09:06 ----D---- C:\Windows\system32\drivers

2014-02-18 11:45:03 ----D---- C:\Windows\system32\catroot2

2014-02-16 12:24:29 ----SHD---- C:\System Volume Information

2014-02-15 14:42:38 ----RD---- C:\Program Files

2014-02-15 14:38:22 ----D---- C:\ProgramData

2014-02-13 17:30:14 ----D---- C:\Users\Kevin\AppData\Roaming\vlc

2014-02-12 15:35:59 ----D---- C:\Windows\Tasks

2014-02-12 06:17:46 ----D---- C:\ProgramData\CanonIJPLM

2014-02-08 19:34:51 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll

2014-02-08 19:34:51 ----A---- C:\Windows\SYSWOW64\nvapi.dll

2014-02-08 19:34:51 ----A---- C:\Windows\system32\nvwgf2umx.dll

2014-02-08 19:34:51 ----A---- C:\Windows\system32\nvumdshimx.dll

2014-02-08 19:34:51 ----A---- C:\Windows\system32\nvoglv64.dll

2014-02-08 19:34:51 ----A---- C:\Windows\system32\nvinitx.dll

2014-02-08 19:34:51 ----A---- C:\Windows\system32\nvd3dumx.dll

2014-02-08 19:34:51 ----A---- C:\Windows\system32\nvapi64.dll

2014-02-08 18:42:36 ----A---- C:\Windows\system32\nvsvc64.dll

2014-02-08 18:42:36 ----A---- C:\Windows\system32\nvcpl.dll

2014-02-08 18:42:33 ----A---- C:\Windows\system32\nvvsvc.exe

2014-02-08 18:42:32 ----A---- C:\Windows\system32\nvshext.dll

2014-02-08 18:42:32 ----A---- C:\Windows\system32\nvmctray.dll

2014-02-05 12:24:11 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2014-02-05 01:45:24 ----D---- C:\Program Files (x86)\Common Files

2014-01-27 16:15:00 ----D---- C:\ProgramData\NVIDIA Corporation

2014-01-23 01:37:35 ----D---- C:\Program Files\NVIDIA Corporation

2014-01-23 01:37:31 ----D---- C:\Windows\Microsoft.NET

2014-01-23 01:37:12 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-05-24 55952]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 Sahdad64;HDD Filter Driver; C:\Windows\System32\Drivers\Sahdad64.sys [2011-02-09 27120]

R0 Saibad64;Volume Filter Driver; C:\Windows\System32\Drivers\Saibad64.sys [2011-02-09 19952]

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-01-11 564824]

R0 SysCow;SysCow; C:\Windows\system32\drivers\syscowad64v.sys [2010-05-23 164848]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-11 283200]

R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [2013-06-21 46792]

R1 SaibVdAd64;Virtual Disk Driver; C:\Windows\System32\Drivers\SaibVdAd64.sys [2011-02-09 27632]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 busenum;SteelBusSvc; C:\Windows\system32\DRIVERS\SteelBus64.sys [2013-04-26 134656]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-10-10 5343584]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-01-31 4739304]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [2013-01-17 66800]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys [2007-10-12 50072]

R3 LVUVC64;Logitech HD Webcam C270(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]

R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]

R3 MEIx64;Intel® Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-27 39200]

R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-06-21 42184]

S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2012-10-03 45056]

S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561V64.SYS [2007-10-12 582680]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192su.sys [2009-08-20 664576]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2011-02-09 457200]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 BOT4Service;BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2011-07-15 21488]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R2 hshld;Hotspot Shield Service; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-06-21 831272]

R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-06-21 548136]

R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2012-03-28 140456]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]

R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-01-21 1593632]

R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-01-21 16939296]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-02-08 923936]

R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-06-02 76888]

R2 RzKLService;RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-11-22 105448]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-02-08 411936]

R2 TeamViewer8;TeamViewer 8; D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-07-08 4153184]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-07-02 93072]

R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

R2 WlanWpsSvc;WlanWpsSvc; D:\WlanWpsSvc.exe [2008-06-26 167936]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-09-17 641352]

R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07 116648]

S2 RoxWatch12;Roxio Hard Drive Watcher 12; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-07-13 340976]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]

S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-05-26 49152]

S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-10-10 277024]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-01-21 654848]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07 116648]

S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [2013-06-21 78512]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 RoxMediaDB13;RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-07-13 1095664]

S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-01-27 571816]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-12 1255736]

S4 BOTService;BOTService; C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2011-07-14 211440]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

-----------------EOF-----------------

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {c95a4e8e-816d-4655-8c79-d736da1adb6d};c
 C:\Program Files (x86)\Hotspot_Shield;fs
 {F9E4A054-E9B1-4BC3-83A3-76A1AE736170};c
 Hshld;s
 HssTrayService;s
 HssWd;s
 C:\Program Files (x86)\Yontoo;fs
 C:\Windows\tasks\Digital Sites.job;f
 C:\Windows\tasks\DSite.job;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}];r64
 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
 ""=-;r64
 C:\Users\Kevin\AppData\Roaming\DigitalSites;fs
 C:\Users\Kevin\AppData\Roaming\Yontoo;fs
C:\Users\Kevin\AppData\Roaming\TS3Client;fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

Zoek logje:

Zoek.exe v5.0.0.0 Updated 19-February-2014

Tool run by Kevin on Wed 02/19/2014 at 22:38:08.66.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Kevin\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

2/19/2014 10:39:09 PM Zoek.exe System Restore Point Created Succesfully.

==== Possible Rootkit Infection ======================

C:\Windows\installer\{2921c6a8-baf2-b926-bc15-42e6a729d82f}\L

C:\Windows\installer\{2921c6a8-baf2-b926-bc15-42e6a729d82f}\U

C:\Windows\installer\{2921c6a8-baf2-b926-bc15-42e6a729d82f}\L\00000004.@

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully

C:\Program Files\log deleted successfully

C:\PROGRA~3\Babylon deleted successfully

C:\PROGRA~3\Canon IJ Network Tool deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\Kevin\AppData\Roaming\9A7C5E deleted successfully

C:\Users\Kevin\AppData\Roaming\DigitalSites deleted successfully

C:\Users\Kevin\AppData\Roaming\Nico Mak Computing deleted successfully

C:\Users\Kevin\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully

HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully

HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully

HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully

HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Internet Explorer\SearchScopes\{068887F4-6BF1-4480-845B-730C51CDFFEC} deleted successfully

HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully

HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Hshld deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hshld deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Hshld deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Hshld deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssTrayService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssTrayService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HssWd deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssWd deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Yontoo Desktop Updater deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

""=-

==== Deleting Files \ Folders ======================

C:\Users\Kevin\AppData\Roaming\DigitalSites not found

C:\Program Files (x86)\Hotspot_Shield deleted

C:\Program Files (x86)\Yontoo deleted

C:\Windows\syswow64\appdata deleted

C:\PROGRA~3\eSellerate deleted

C:\PROGRA~2\Delta deleted

C:\PROGRA~2\TorrentB deleted

C:\PROGRA~2\Conduit deleted

C:\Users\Kevin\AppData\Roaming\BreakingPoint_Options.ini deleted

C:\Users\Kevin\AppData\Roaming\Hotspot Shield deleted

C:\Users\Kevin\AppData\Roaming\BabSolution deleted

C:\Users\Kevin\AppData\Roaming\Babylon deleted

C:\Users\Kevin\AppData\Roaming\DSite deleted

C:\PROGRA~3\BrowserProtect deleted

C:\PROGRA~3\APN deleted

C:\PROGRA~3\Adobe\1B67B01.vbe deleted

C:\PROGRA~3\Adobe\25065DF.vbe deleted

C:\PROGRA~3\Tarma Installer deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Kevin\AppData\Local\newhb2.crx deleted

C:\Users\Kevin\AppData\Local\Conduit deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted

C:\Windows\SysNative\roboot64.exe deleted

C:\windows\SysNative\Tasks\BackgroundContainer Startup Task deleted

C:\windows\SysNative\Tasks\DSite deleted

C:\Users\Kevin\AppData\LocalLow\Hotspot_Shield deleted

C:\Users\Kevin\AppData\LocalLow\Delta deleted

C:\Users\Kevin\AppData\LocalLow\Conduit deleted

C:\windows\SysNative\Tasks\BrowserProtect deleted

C:\windows\SysNative\tasks\Digital Sites deleted

C:\Windows\tasks\Digital Sites.job deleted

C:\Windows\tasks\DSite.job deleted

C:\END deleted

C:\Windows\Syswow64\RegistryHelperLM.ocx deleted

C:\Windows\Syswow64\Hotspot Shield deleted

C:\Windows\SysWow64\searchplugins deleted

C:\Windows\SysWow64\Extensions deleted

"C:\Users\Kevin\AppData\Roaming\Yontoo\YontooDesktop.exe" deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\settings.db" not deleted

"C:\Users\Kevin\AppData\Roaming\Yontoo\YontooDesktop.exe" deleted

"C:\Users\Kevin\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll" deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\logs\ts3client_2014-02-19__22_36_35.723829.log" not deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\cache\remote\i.imgur.com\unq3D.jpg" not deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\chats\VnYzUnpjaUFPa1l2WFR4TW1jb0NnZXlFY3djPQ==\channel.html" not deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\chats\VnYzUnpjaUFPa1l2WFR4TW1jb0NnZXlFY3djPQ==\server.html" not deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\chats\VnYzUnpjaUFPa1l2WFR4TW1jb0NnZXlFY3djPQ==\server.txt" not deleted

"C:\PROGRA~2\Hotspot Shield\bin\af_proxy.dll" deleted

"C:\PROGRA~2\Hotspot Shield\bin\cmw_srv.exe" deleted

"C:\PROGRA~2\Hotspot Shield\bin\HSSCP.exe" deleted

"C:\PROGRA~2\Hotspot Shield\bin\HssSrvlib.dll" deleted

"C:\PROGRA~2\Hotspot Shield\bin\zlib1.dll" deleted

"C:\PROGRA~2\Hotspot Shield\bin\lang\gui-eng.dll" deleted

"C:\Users\Kevin\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll" deleted

"C:\Users\Kevin\AppData\Roaming\Yontoo" deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client" not deleted

"C:\PROGRA~2\Hotspot Shield" not deleted

"C:\Users\Kevin\AppData\Roaming\Yontoo" deleted

"C:\PROGRA~3\Hotspot Shield" deleted

"C:\Users\Kevin\AppData\Roaming\Yontoo\dat" deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\cache" not deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\chats" not deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\logs" not deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\cache\remote" not deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\cache\remote\i.imgur.com" not deleted

"C:\Users\Kevin\AppData\Roaming\TS3Client\chats\VnYzUnpjaUFPa1l2WFR4TW1jb0NnZXlFY3djPQ==" not deleted

"C:\PROGRA~2\Hotspot Shield\bin" not deleted

"C:\PROGRA~2\Hotspot Shield\bin\lang" deleted

"C:\Users\Kevin\AppData\Roaming\Yontoo\dat" deleted

"C:\PROGRA~3\Hotspot Shield\config" deleted

"C:\PROGRA~3\Hotspot Shield\config\hsspx" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2014-02-05 00:45:33 01A4FEEB9CB3E8C739CE62EB050D363D 262 ----a-w- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

====== C:\Users\Kevin\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2014-02-18 22:10:13 53DD53A3325EBD857E64CD3721590A49 599840 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe

2014-02-18 22:08:12 EB43435428983B765F84E7AEFD8F53D3 863520 ----a-w- C:\Windows\SysWOW64\NvIFR.dll

2014-02-18 22:08:12 DDED1206C0F67CCA99E451C445229BA1 408352 ----a-w- C:\Windows\SysWOW64\nvEncodeAPI.dll

2014-02-18 22:08:12 DBFAFBCFCE0724CFDF305C093407CD65 148528 ----a-w- C:\Windows\SysWOW64\nvinit.dll

2014-02-18 22:08:12 AF56825148F85742F3867BE7B1D36AB3 2956576 ----a-w- C:\Windows\SysWOW64\nvcuvid.dll

2014-02-18 22:08:12 A09D95925DB75AF8E0EB9CCF9C64E1EA 17560352 ----a-w- C:\Windows\SysWOW64\nvcompiler.dll

2014-02-18 22:08:12 9FC52654FE92A915556170B6143D9495 2410784 ----a-w- C:\Windows\SysWOW64\nvcuvenc.dll

2014-02-18 22:08:12 9169E49ED45608F58DA4A6842F79A6FC 832424 ----a-w- C:\Windows\SysWOW64\nvumdshim.dll

2014-02-18 22:08:12 7DC5F85DE8E0F2CC0812400CEBBE9284 15740232 ----a-w- C:\Windows\SysWOW64\nvwgf2um.dll

2014-02-18 22:08:12 78E17F87A9C027B60F638A3EAEE11924 23683360 ----a-w- C:\Windows\SysWOW64\nvoglv32.dll

2014-02-18 22:08:12 774C51EE5FC8DB1E7CEB84212AE3F3C6 305600 ----a-w- C:\Windows\SysWOW64\nvoglshim32.dll

2014-02-18 22:08:12 6625501E3A3B35737B31B281A151585B 9728064 ----a-w- C:\Windows\SysWOW64\nvcuda.dll

2014-02-18 22:08:12 5477F6C607976A15E2E70599C647612C 844576 ----a-w- C:\Windows\SysWOW64\NvFBC.dll

2014-02-18 22:08:12 4748606583AC023E87FD50656802CF73 333600 ----a-w- C:\Windows\SysWOW64\NvIFROpenGL.dll

2014-02-18 22:08:12 3482778F0F0ED7497602BF490A813886 9690424 ----a-w- C:\Windows\SysWOW64\nvopencl.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-02-18 22:08:12 FA777A854BA2C8DFA5FE48CF6190FB7B 875296 ----a-w- C:\Windows\Sysnative\NvFBC64.dll

2014-02-18 22:08:12 F75741DA002D660107AFBADD1DC6257E 353504 ----a-w- C:\Windows\Sysnative\nvoglshim64.dll

2014-02-18 22:08:12 EE45DE08249907C6A60E6A26FC1C19DD 2782496 ----a-w- C:\Windows\Sysnative\nvcuvenc.dll

2014-02-18 22:08:12 E16A03F0F19D9FFC141EC8BEAF8D1BB5 1885472 ----a-w- C:\Windows\Sysnative\nvdispco6433489.dll

2014-02-18 22:08:12 C959A65F734FD6BF549A2B40A97D0032 11636176 ----a-w- C:\Windows\Sysnative\nvcuda.dll

2014-02-18 22:08:12 859816390C1E2ED105D6E1E0BEFA4E8B 25256224 ----a-w- C:\Windows\Sysnative\nvcompiler.dll

2014-02-18 22:08:12 66DB72CC7E8D2DE53EF28204B07531A2 3142432 ----a-w- C:\Windows\Sysnative\nvcuvid.dll

2014-02-18 22:08:12 5D09FA65DB21CCA31D30AFB51F9A63AF 11589272 ----a-w- C:\Windows\Sysnative\nvopencl.dll

2014-02-18 22:08:12 5C06001B0688F59BD6BAB0BBCCA871C0 892192 ----a-w- C:\Windows\Sysnative\NvIFR64.dll

2014-02-18 22:08:12 53B1A6B1A88AE290BFCA62EA97D98B45 378656 ----a-w- C:\Windows\Sysnative\NvIFROpenGL.dll

2014-02-18 22:08:12 2913EC6B84DC8698ACCE19F9B1976936 483104 ----a-w- C:\Windows\Sysnative\nvEncodeAPI64.dll

2014-02-18 22:08:12 1BAAA2BAE54265A8B3D1EF1341CB28F7 1515296 ----a-w- C:\Windows\Sysnative\nvdispgenco6433489.dll

====== C:\Windows\Sysnative\drivers =====

2014-02-18 22:08:12 52B33E12FF8C9E219CAEC1BB4A5F5E4C 12324640 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys

2014-01-27 15:13:26 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Windows\Sysnative\drivers\nvhda64v.sys

2014-01-23 00:37:11 939C0FAE9CC0CDD69E6508BDE4C11FE5 39200 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-02-15 13:42:38 -------- d-----w- C:\Program Files\trend micro

2014-02-05 00:45:33 -------- d-----w- C:\Program Files\Ventrilo

======= C:\PROGRA~2 =====

2014-02-15 18:40:46 -------- d-----w- C:\PROGRA~2\Soul's Software

2014-02-15 13:38:22 -------- d-----w- C:\PROGRA~2\Razer

2014-02-05 00:45:24 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard

======= C: =====

====== C:\Users\Kevin\AppData\Roaming ======

2014-02-15 13:38:34 -------- d-----w- C:\Users\Kevin\AppData\Local\Razer

2014-02-05 00:45:49 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Ventrilo

2014-02-05 00:45:33 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo

2014-01-23 00:37:55 -------- d-----w- C:\Users\Kevin\AppData\Local\NVIDIA Corporation

====== C:\Users\Kevin ======

2014-02-16 18:09:40 4E4D3567955C124829B4096A7B426EA2 4149856 ----a-w- C:\Users\Kevin\Downloads\Nexus Mod Manager-0.47.3.exe

2014-02-15 18:40:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soul's Software

2014-02-15 13:42:10 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Kevin\Downloads\RSITx64.exe

2014-02-15 13:38:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

2014-02-15 13:38:22 -------- d-----w- C:\ProgramData\Razer

2014-02-15 13:37:49 BAD8ECC0BA7C02BE719A303A335D5388 41363400 ----a-w- C:\Users\Kevin\Downloads\RazerGameBoosterSetup_4.1.59.0_1.exe

====== C: exe-files ==

2014-02-19 21:41:12 AE27CA4454D2B0DC278A369D0399ED21 302184 ----a-w- C:\Users\Kevin\AppData\Local\NVIDIA\NvBackend\Packages\00005711\drsupdate.17681648_RUNASUSER.exe

2014-02-18 22:10:14 581766A01C183189932D0D1D35F2EF52 8342304 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NVStWiz.exe

2014-02-18 22:10:13 AE8922CFD4D7BDB8DFB573F5C19CE3D5 1091360 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe

2014-02-18 22:10:13 9D8681918A448254BA538B6071FE8094 897312 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStereoUtilityOGL.exe

2014-02-18 22:10:13 97817724E974748CE92D0195E39F00EF 1892128 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe

2014-02-18 22:10:13 89B053626586E1DD8A8731BF5944F767 2603296 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvsttest.exe

2014-02-18 22:10:13 53DD53A3325EBD857E64CD3721590A49 599840 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe

2014-02-18 22:10:13 520E20D45DA1CA709AB74D1A1B131D8E 817952 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe

2014-02-18 22:10:13 22B5EC30D5F834A7DDA16091517A4322 438560 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstreg.exe

2014-02-18 22:10:12 B5D2F4BF587FD60AF75B09EFC1AD0E0A 411936 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

2014-02-18 22:09:41 CEF4BE9ABE7F6346DC425CD0221AD260 63264 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{11EA1CEA-3E6A-4508-A648-315ED1709460}\nvSmartMaxapp64.exe

2014-02-18 22:09:41 BDA6857D08E2E74FB9C19AEB2EA9C079 63264 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{11EA1CEA-3E6A-4508-A648-315ED1709460}\nvSmartMaxapp.exe

2014-02-18 22:09:41 734D6058A77CE70EE554F3DC3861C3EB 1203488 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{11EA1CEA-3E6A-4508-A648-315ED1709460}\nvxdsync.exe

2014-02-18 22:09:41 63CFF01EC86EC446B29D5CA958720E0B 412960 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{11EA1CEA-3E6A-4508-A648-315ED1709460}\setup.exe

2014-02-18 22:09:41 33FF7ECD3BA2A9259FBFB7E8937505BA 2448160 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{11EA1CEA-3E6A-4508-A648-315ED1709460}\NvTray.exe

2014-02-18 22:09:41 2B47EDD27365F9F5D8E87648BECF52C4 923936 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{11EA1CEA-3E6A-4508-A648-315ED1709460}\nvvsvc.exe

2014-02-18 22:09:41 0E2120E0C294CFA5894C9941EC76E921 6867232 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.{11EA1CEA-3E6A-4508-A648-315ED1709460}\nvcplui.exe

2014-02-18 22:09:33 63CFF01EC86EC446B29D5CA958720E0B 412960 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{9932DA19-E7C7-4A8D-9757-B4C4B19FCAA6}\setup.exe

2014-02-18 22:08:13 AAF0FA0DC0AD5B536B7826026355F355 18687232 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.3DVision.{600390CD-E87A-432F-BA3B-C1234F61D3B2}\3DVision_334.89.exe

2014-02-18 22:08:12 BB784DA9F5158763109ADCC4750BFB75 441120 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{27A1C261-169C-4B61-82E2-AD3935BB349A}\dbInstaller.exe

2014-02-18 22:08:12 BB784DA9F5158763109ADCC4750BFB75 441120 ----a-w- C:\Program Files\NVIDIA Corporation\Drs\dbInstaller.exe

2014-02-18 22:08:12 B967F05D5A8319679A521877F120B378 32592752 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{27A1C261-169C-4B61-82E2-AD3935BB349A}\nvcplsetupeng.exe

2014-02-18 22:07:31 FC98D37EF375B83BB1506B1FE26C039D 413472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{3F0E3AD8-1CA4-4D3F-8997-DA92C74A05F5}\setup.exe

2014-02-18 22:07:24 FC98D37EF375B83BB1506B1FE26C039D 413472 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\setup.exe

2014-02-18 22:07:24 D8034ECA85CC95AAC3E884F33A7421E3 2728736 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\Display.NView\nwiz.exe

2014-02-18 22:07:24 99842AD5AF3AADC7D30BD18E3D228F54 479520 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\Display.NView\nvTaskBar.exe

2014-02-18 22:07:24 5F1370051C50BA8FE24553388FF82590 197408 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\Update.Core\WLMerger.exe

2014-02-18 22:07:23 DA09A1DAEBD38226C0CB22BA8D967F63 15904544 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\GFExperience.NvStreamSrv\x86\server\nvstreamsvc.exe

2014-02-18 22:07:22 FB362290F6601E04A16AB972417FE89A 638752 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe

2014-02-18 22:07:22 D2FE0376285A783693469422678E878B 1593632 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\Network.Service\NVNetworkService.exe

2014-02-18 22:07:22 C2576A06D7BA0ED0CB6F6A62D311A0EF 4277536 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe

2014-02-18 22:07:22 C022B05EBD190802B540FFE1DA7AD0DA 127264 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\LEDVisualizer\NvLedVisualizer.exe

2014-02-18 22:07:22 BE6FCD1CCBE6D63B106B3DD25F308890 87328 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\LEDVisualizer\NvLedServiceHost.exe

2014-02-18 22:07:22 92F7D33128AF3F00C6AE74C15EC90DF0 1499936 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\ShadowPlay\nvspcaps.exe

2014-02-18 22:07:22 80F7E00C80C66949779C5E3967F6E795 3323680 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe

2014-02-18 22:07:22 4F0E2990DB12849D428DE7B0AC5D92B9 16941856 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\GFExperience.NvStreamSrv\amd64\server\nvstreamsvc.exe

2014-02-18 22:07:22 011E9C480CAAA228D2712116F2653B99 1823008 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\ShadowPlay\nvspcaps64.exe

2014-02-18 22:07:19 F6C8952A33B0052DEE6330AC5B96BF00 540448 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\ShadowPlay\DXSETUP.exe

2014-02-18 22:07:19 EE73B56ED71EB6383F25FA5468923BB2 2234144 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\Update.Core\NvBackend.exe

2014-02-18 22:07:19 E724C530E08C1AC2ABC6D14FBFA1C3CD 744736 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\Display.NView\nvAppBar.exe

2014-02-18 22:07:19 BB784DA9F5158763109ADCC4750BFB75 441120 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\Display.Driver\dbInstaller.exe

2014-02-18 22:07:19 B967F05D5A8319679A521877F120B378 32592752 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\Display.Driver\nvcplsetupeng.exe

2014-02-18 22:07:19 53406E9988306CBD4537677C5336ABA4 889416 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\MS.NET\dotNetFx40_Full_setup.exe

2014-02-18 22:07:19 39F106593F6D20498C21F0E695D8E116 596768 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\GFExperience\7z.exe

2014-02-18 22:07:19 2A36A4B4462540D8CF8F522C73C37E25 1015584 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\GFExperience\GFExperience.exe

2014-02-18 22:07:17 AAF0FA0DC0AD5B536B7826026355F355 18687232 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\NV3DVision\3DVision_334.89.exe

2014-02-18 21:40:40 88EA223EB49E4A63A6FB593970D3079A 232660160 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\334.89-desktop-win8-win7-winvista-64bit-english-whql-g.exe

2014-02-18 21:40:28 EB63BEF2EFC3884C288AE5F1454A2D32 3278528 ----a-w- C:\Users\Kevin\AppData\Local\NVIDIA\NvBackend\Packages\00005825\DAO.17882696.exe

2014-02-16 21:31:29 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe

2014-02-16 21:31:29 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateBroker.exe

2014-02-16 21:31:28 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateSetup.exe

2014-02-16 21:31:18 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe

2014-02-16 21:31:18 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe

2014-02-16 21:31:18 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdate.exe

2014-02-16 21:31:16 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe

2014-02-16 18:09:40 4E4D3567955C124829B4096A7B426EA2 4149856 ----a-w- C:\Users\Kevin\Downloads\Nexus Mod Manager-0.47.3.exe

2014-02-15 13:42:38 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kevin.exe

2014-02-15 13:42:10 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Kevin\Downloads\RSITx64.exe

2014-02-15 13:38:25 FD30BD50CCA1CE094986A4EB8DC3B569 23552 ----a-w- C:\Program Files (x86)\Razer\Razer Game Booster\SetupSystemStart.exe

2014-02-15 13:38:25 BC2CE9027C7F98B3365A64AB413D2845 61152 ----a-w- C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe

2014-02-15 13:38:25 962503AA7DFFB1D00D8664CD3A1FC40B 105448 ----a-w- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe

2014-02-15 13:38:25 4C0A23925B7E4535B958E16B54BE060A 17352 ----a-w- C:\Program Files (x86)\Razer\Razer Game Booster\UninstallPowerPlans.exe

2014-02-15 13:38:24 FA7C15A9C87A3BFB654C83850B91F228 127072 ----a-w- C:\Program Files (x86)\Razer\Razer Game Booster\ProcessCapturer.exe

2014-02-15 13:38:24 54218B2F19E0B84AD34A612AC5063C17 364272 ----a-w- C:\Program Files (x86)\Razer\Razer Game Booster\RzUpdateManager.exe

2014-02-15 13:38:24 3FA014715A3F5A48D88B452853F423F5 1484624 ----a-w- C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

2014-02-15 13:38:22 F0A7FDCC3EE8C30A31B7407E9AA3026C 1306464 ----a-w- C:\Program Files (x86)\Razer\Razer Game Booster\unins000.exe

2014-02-15 13:37:49 BAD8ECC0BA7C02BE719A303A335D5388 41363400 ----a-w- C:\Users\Kevin\Downloads\RazerGameBoosterSetup_4.1.59.0_1.exe

2014-02-14 19:36:03 A937F2D5A6AF690047D2DB8C34F94981 33792 ----a-w- C:\SteamLibrary\SteamApps\common\ARMA 2 Operation Arrowhead\@I44\invasion 44.exe

2014-02-14 19:36:03 5E6E252E236F2FC90484206399D6104F 33792 ----a-w- C:\SteamLibrary\SteamApps\common\ARMA 2 Operation Arrowhead\@I44\invasion 44 (beta).exe

2014-02-13 20:29:46 B0AB350E3E98C7FB1E4930F762D0477B 3273016 ----a-w- C:\Users\Kevin\AppData\Local\NVIDIA\NvBackend\Packages\000057eb\DAO.17845377.exe

=== C: other files ==

2014-02-18 22:08:12 F4992A26D629288ADBBDC3A715629FA1 163104 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{4CA874A7-B56E-4557-9E58-24631DD60537}\nvhda64.sys

2014-02-18 22:08:12 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{4CA874A7-B56E-4557-9E58-24631DD60537}\nvhda64v.sys

2014-02-18 22:08:12 9F8EE4948B7ADD9D12F778F61A2758A4 162592 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{4CA874A7-B56E-4557-9E58-24631DD60537}\nvhda32v.sys

2014-02-18 22:08:12 52B33E12FF8C9E219CAEC1BB4A5F5E4C 12324640 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys

2014-02-18 22:08:12 47FEB587AAE06F6717FCABF8BCF184FD 129312 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{4CA874A7-B56E-4557-9E58-24631DD60537}\nvhda32.sys

2014-02-18 22:08:12 0D24482F9513F2AA5A961EB9F1BA0CFA 435232 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{8A84D9E4-F13F-46AC-9326-C9A794AACD37}\nvstusb32.sys

2014-02-18 22:08:12 063BD34A095C88CC2E69CF0B93C0ECA6 451872 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{8A84D9E4-F13F-46AC-9326-C9A794AACD37}\nvstusb64.sys

2014-02-18 22:07:29 F4992A26D629288ADBBDC3A715629FA1 163104 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\HDAudio\nvhda64.sys

2014-02-18 22:07:29 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\HDAudio\nvhda64v.sys

2014-02-18 22:07:29 D230D757C084FB8D7BC4936E3D6334B8 34080 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\NvVAD\nvvad32v.sys

2014-02-18 22:07:29 9F8EE4948B7ADD9D12F778F61A2758A4 162592 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\HDAudio\nvhda32v.sys

2014-02-18 22:07:29 939C0FAE9CC0CDD69E6508BDE4C11FE5 39200 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\NvVAD\nvvad64v.sys

2014-02-18 22:07:29 47FEB587AAE06F6717FCABF8BCF184FD 129312 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\HDAudio\nvhda32.sys

2014-02-18 22:07:29 0D24482F9513F2AA5A961EB9F1BA0CFA 435232 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\NV3DVisionUSB.Driver\nvstusb32.sys

2014-02-18 22:07:29 063BD34A095C88CC2E69CF0B93C0ECA6 451872 ----a-w- C:\NVIDIA\DisplayDriver\GeForce334.89Driver\NV3DVisionUSB.Driver\nvstusb64.sys

2014-02-15 18:40:26 84EA7982D700D1F95CD68D787364E290 628174 ----a-w- C:\Users\Kevin\Downloads\SSTQDefilerNETSetup.zip

2014-02-15 13:37:05 3EE381632B1D1AD1557B3BC409BF80F9 15350450 ----a-w- C:\ProgramData\Samsung\SSD Magician\Site Link\Samsung_Magician_v43.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"EADM"="D:\Program Files (x86)\Origin\Origin.exe -AutoStart"

"DAEMON Tools Lite"="D:\Program Files\Daemon tools\DAEMON Tools Lite\DTLite.exe -autorun"

"Steam"="D:\Program Files\Steam\Steam.exe -silent"

"SteelSeries Engine"="C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe"

"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

"uTorrent"="C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"

"BackgroundContainer"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\Kevin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll,DllRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"

"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"

"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler"

"CPMonitor"="D:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"

"Desktop Disc Tool"="D:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"

"beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"iTunesHelper"="D:\Program Files (x86)\iTunes\iTunesHelper.exe"

"CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon"

"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"EADM"="D:\Program Files (x86)\Origin\Origin.exe -AutoStart"

"DAEMON Tools Lite"="D:\Program Files\Daemon tools\DAEMON Tools Lite\DTLite.exe -autorun"

"Steam"="D:\Program Files\Steam\Steam.exe -silent"

"SteelSeries Engine"="C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe"

"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

"uTorrent"="C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"

"BackgroundContainer"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\Kevin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll,DllRun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe -f C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"

"MSC"="C:\Program Files\Microsoft Security Client\mssecex.exe -hide -runkey"

"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized"

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"

==== Startup Folders ======================

2013-06-08 22:52:04 654 ----a-w- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk

2013-01-11 01:07:48 279 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/05/2014 12:24 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/07/2013 09:41 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Kevin\AppData\Roaming\TomTom\HOME\Profiles\soz6r5po.default

- Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com

- Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bakijjialdiiboeaknfpmflphhmljfkd - C:\Users\Kevin\AppData\Local\newhb2.crx[]

niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[]

nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[05/23/2011 07:24 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

bakijjialdiiboeaknfpmflphhmljfkd - C:\Users\Kevin\AppData\Local\newhb2.crx[]

Google Docs - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

Fun Dial - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd

YouTube - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

DivX Plus Web Player HTML5 \u003Cvideo\u003E - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm

Gmail - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully

C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage deleted successfully

C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage-journal deleted successfully

C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{068887F4-6BF1-4480-845B-730C51CDFFEC}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{068887F4-6BF1-4480-845B-730C51CDFFEC}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Kevin\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1055 folders=198 103044876 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\fbwuser\AppData\Local\Temp emptied successfully

C:\Users\Kevin\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Kevin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Kevin\AppData\Roaming\TS3Client\settings.db" not found

"C:\Users\Kevin\AppData\Roaming\TS3Client\logs\ts3client_2014-02-19__22_36_35.723829.log" not found

"C:\Users\Kevin\AppData\Roaming\TS3Client\cache\remote\i.imgur.com\unq3D.jpg" not found

"C:\Users\Kevin\AppData\Roaming\TS3Client\chats\VnYzUnpjaUFPa1l2WFR4TW1jb0NnZXlFY3djPQ==\channel.html" not found

"C:\Users\Kevin\AppData\Roaming\TS3Client\chats\VnYzUnpjaUFPa1l2WFR4TW1jb0NnZXlFY3djPQ==\server.html" not found

"C:\Users\Kevin\AppData\Roaming\TS3Client\chats\VnYzUnpjaUFPa1l2WFR4TW1jb0NnZXlFY3djPQ==\server.txt" not found

"C:\Users\Kevin\AppData\Roaming\TS3Client" not found

"C:\PROGRA~2\Hotspot Shield" not found

==== EOF on Wed 02/19/2014 at 22:48:58.32 ======================

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  [HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Windows\CurrentVersion\Run];r64
 "BackgroundContainer"=-;r64
 C:\Users\Kevin\AppData\Local\Conduit\BackgroundContainer;fs
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r64
 "BackgroundContainer"=-;r64
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r64
 "ShadowPlay"=-;r64
 C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart;fs

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

Zoek.exe v5.0.0.0 Updated 19-February-2014

Tool run by Kevin on Thu 02/20/2014 at 10:51:08.48.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Kevin\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-02-19-214858.log 41200 bytes

==== Possible Rootkit Infection ======================

C:\Windows\installer\{2921c6a8-baf2-b926-bc15-42e6a729d82f}\L

C:\Windows\installer\{2921c6a8-baf2-b926-bc15-42e6a729d82f}\U

C:\Windows\installer\{2921c6a8-baf2-b926-bc15-42e6a729d82f}\L\00000004.@

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"BackgroundContainer"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BackgroundContainer"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShadowPlay"=-

==== Deleting Files \ Folders ======================

C:\Users\Kevin\AppData\Local\Conduit\BackgroundContainer not found

C:\windows\SysNative\nvspcap64.dll,ShadowPlayOnSystemStart not found

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1055 folders=198 103044876 bytes)

==== EOF on Thu 02/20/2014 at 10:52:09.35 ======================

Dit ziet er netjes uit. Hoe staat het nu met ongewenste pop-ups en onderlijnde links ?

alles is weg!

Had ook problemen met een foutmelding "Display driver has stopped responding but has recovered"

Heb ik voorlopig ook geen last meer van!

Vriendelijk bedankt

Kevin

Uitstekend ... dan mag je nu nog de gebruikte tools en nog wat overbodige restjes verwijderen:

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”.

Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'.

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”.

Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”.

Dan krijg je de vraag om een back-up te maken. Klik op “JA”.

Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.