Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Ann on di 18-03-2014 at 11:01:11,09. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ann\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 18-3-2014 11:04:16 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\office.tmp deleted successfully C:\Users\jos2\AppData\Roaming\CrashPlan deleted successfully C:\Users\Ann\AppData\Local\Adobe deleted successfully C:\Users\Ann\AppData\Local\calibre-cache deleted successfully C:\Users\Ann\AppData\Local\Jaksta_Technologies_Pty_L deleted successfully C:\Users\Ann\AppData\Local\LogMeIn Rescue Applet deleted successfully C:\Users\Ann\AppData\Local\Lollipop deleted successfully C:\Users\jos2\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Ann\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\0s9rvdsa.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_18-03-2014_1111_.backup ProfilePath: C:\Users\Ann\AppData\Roaming\Flickr\Flickr Uploadr\Profiles\mjir8sp5.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_18-03-2014_1111_.backup ProfilePath: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\ufkjpzpn.default ---- Lines conduit removed from prefs.js ---- user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"http://freecorder.com/fc7/ui/buttons/menu ---- Lines y2layers removed from prefs.js ---- user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers"); user_pref("extentions.y2layers.installId", "b3ce87d2-9d12-4f8f-8c63-225cbb8a5654"); ---- Lines y2layers removed from user.js ---- user_pref("extentions.y2layers.installId", "b3ce87d2-9d12-4f8f-8c63-225cbb8a5654"); user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers"); ---- Lines yontoo modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- user_18-03-2014_1111_.backup prefs_18-03-2014_1111_.backup ProfilePath: C:\Users\Ann\AppData\Roaming\Songbird2\Profiles\t42m592n.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_18-03-2014_1111_.backup ProfilePath: C:\Users\Ann\AppData\Roaming\Thunderbird\Profiles\svh3a9al.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_18-03-2014_1111_.backup ProfilePath: C:\Users\jos2\AppData\Roaming\Mozilla\Firefox\Profiles\dt61hscp.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_18-03-2014_1111_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Users\Ann\AppData\Roaming\2YourFace deleted C:\Users\Ann\AppData\Roaming\pdfforge deleted C:\PROGRA~3\Package Cache deleted C:\Users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk deleted C:\Users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop deleted C:\Users\Ann\Downloads\SoftonicDownloader_voor_k-lite-codec-pack.exe deleted C:\Users\Ann\Documents\Optimizer Pro deleted C:\Users\Ann\AppData\Roaming\Songbird2\Profiles\t42m592n.default\.autoreg deleted C:\Users\jos2\AppData\Roaming\Mozilla\Firefox\Profiles\dt61hscp.default\jetpack deleted "C:\Users\Ann\AppData\Roaming\Booms" deleted "C:\Users\Ann\AppData\Roaming\Breath Pad" deleted "C:\Users\Ann\AppData\Roaming\Brother" deleted "C:\Users\Ann\AppData\Roaming\Classic Thick" deleted "C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\ufkjpzpn.default\extensions\plugin@yontoo.com.xpi" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Ann\AppData\Local\Temp ==== 2014-03-18 09:58:19 F328627D8057AA7157A8209FCDAB47A6 43008 ----a-w- C:\Users\Ann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5zfey_.dll 2014-03-17 07:41:23 5BEDBCA9B50F0374B405EB0C79EC0195 275456 ----atw- C:\Users\Ann\AppData\Local\Temp\n6512\s6512.exe 2014-03-17 07:40:41 E6BB491A120A0668A551A8C2ED2FEE4F 6602128 ----a-w- C:\Users\Ann\AppData\Local\Temp\{AAB08BF3-940B-4F14-8EF2-C8D1AF203387}\setup.exe 2014-03-17 07:40:33 DA4BFBD389F1FD5BB0C7394230BB6641 6967304 ----a-w- C:\Users\Ann\AppData\Local\Temp\n6160\OptimizerPro.exe 2014-03-17 07:40:25 FB255E1BCF8A6B67C60335473896F4F9 1256394 ----a-w- C:\Users\Ann\AppData\Local\Temp\n6160\ViewPassword_1030-8002.exe 2014-03-17 07:40:23 EB5915E612A72CE1979D494FA1D9ACBF 706560 ----a-w- C:\Users\Ann\AppData\Local\Temp\n6160\Lollipop_1003-7f5a9c1b.exe 2014-03-17 07:39:35 5BEDBCA9B50F0374B405EB0C79EC0195 275456 ----atw- C:\Users\Ann\AppData\Local\Temp\n6160\s6160.exe ====== Java Cache ===== 2014-02-19 19:02:40 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\jos2\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-5c0d4666 ====== C:\WINDOWS\SysWOW64 ===== 2014-03-14 06:58:17 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2014-03-14 06:58:09 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2014-03-14 06:58:07 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2014-03-14 06:58:06 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2014-03-14 06:58:05 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2014-03-14 06:58:05 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2014-03-14 06:58:05 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-03-14 06:58:05 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2014-03-14 06:57:59 D34CE666D9BA3D5232609D3C15075B70 5770752 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll 2014-03-14 06:57:58 ECEBFCEF5799B57BFF242D24B27E4FE4 2143960 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2014-03-14 06:57:51 2A3626E0B7F5A5317902EBDAF2B4CCE0 1371824 ----a-w- C:\WINDOWS\SysWOW64\combase.dll 2014-03-14 06:57:50 6C8AC5035C39C818624EFA962B24AB3D 1036288 ----a-w- C:\WINDOWS\SysWOW64\kernel32.dll 2014-03-14 06:57:49 34823DAA381423CAE81FEE7C2EEE52F4 669352 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-03-14 06:57:49 17500825FE6C7094ACC6E7DC6B578399 369280 ----a-w- C:\WINDOWS\SysWOW64\Faultrep.dll 2014-03-14 06:57:48 FCD51A3EB7E47FBCE17382A95FD3AB35 2873344 ----a-w- C:\WINDOWS\SysWOW64\dbgeng.dll 2014-03-14 06:57:48 878B3C936C3C2850A57C24C6F104EBC5 208896 ----a-w- C:\WINDOWS\SysWOW64\rdpencom.dll 2014-03-14 06:57:48 249DE8C6F690646CC8EC53D49ABC6BE9 408480 ----a-w- C:\WINDOWS\SysWOW64\WerFault.exe 2014-03-14 06:57:47 F5033F3C6F8E706D78ACB9351EBF7B3E 1238016 ----a-w- C:\WINDOWS\SysWOW64\dbghelp.dll 2014-03-14 06:57:46 D4A17A8DEB194D77AD9651F0EE0C76EB 138752 ----a-w- C:\WINDOWS\SysWOW64\DWWIN.EXE 2014-03-14 06:57:46 D0B6EB329D696A5C2122352EAE722290 855552 ----a-w- C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-03-14 06:57:46 3DA5CD1E3B9BDAF79731CB6CB1029CB3 53248 ----a-w- C:\WINDOWS\SysWOW64\tsgqec.dll 2014-03-14 06:57:37 F80E8CF9E4A051C2CC338C85088A046C 488448 ----a-w- C:\WINDOWS\SysWOW64\qedit.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-03-14 06:58:22 1A1DDFD4BA6523979C76BE188984C3AC 1643584 ----a-w- C:\WINDOWS\Sysnative\winload.efi 2014-03-14 06:58:21 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\WINDOWS\Sysnative\winload.exe 2014-03-14 06:58:19 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2014-03-14 06:58:12 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2014-03-14 06:58:08 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2014-03-14 06:58:06 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2014-03-14 06:58:06 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2014-03-14 06:58:06 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2014-03-14 06:58:06 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2014-03-14 06:58:05 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2014-03-14 06:58:05 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2014-03-14 06:58:01 C993A0B97BECD3AAF5158E3869878465 6353960 ----a-w- C:\WINDOWS\Sysnative\sppsvc.exe 2014-03-14 06:57:59 BAAD43360A7DF630ECC414671AEFA28C 6640640 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll 2014-03-14 06:57:58 977F77CE98456F6B115E5360A1160449 2133208 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2014-03-14 06:57:57 C039246195C736A602F581D29F18A43D 1928144 ----a-w- C:\WINDOWS\Sysnative\combase.dll 2014-03-14 06:57:51 C7B69F90B823182CE6BE7C5374832DE5 764864 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll 2014-03-14 06:57:50 CFADC50692A845BAC30940E203393219 1287064 ----a-w- C:\WINDOWS\Sysnative\kernel32.dll 2014-03-14 06:57:49 C7DFBE21051D5E44B479CBF74B968335 1486848 ----a-w- C:\WINDOWS\Sysnative\dbghelp.dll 2014-03-14 06:57:49 B5D2EBAD81739185A91D210F5F01824B 407024 ----a-w- C:\WINDOWS\Sysnative\Faultrep.dll 2014-03-14 06:57:49 819A1E0F89B6AC222E9D95CA000A40B1 4175360 ----a-w- C:\WINDOWS\Sysnative\dbgeng.dll 2014-03-14 06:57:48 C83AFB0B285F293EDECF5EBDEC074A94 458616 ----a-w- C:\WINDOWS\Sysnative\WerFault.exe 2014-03-14 06:57:48 99453C649DC4B0BE6D062B701CD2917F 716288 ----a-w- C:\WINDOWS\Sysnative\swprv.dll 2014-03-14 06:57:48 735CB57F806D292FB7ABE8BDFD3B5853 233920 ----a-w- C:\WINDOWS\Sysnative\mfps.dll 2014-03-14 06:57:48 2684605E822359CBD1ED2BD2C8E76397 249856 ----a-w- C:\WINDOWS\Sysnative\rdpencom.dll 2014-03-14 06:57:46 AFCAB4DC692CCE37E283B00E2D7B438F 447488 ----a-w- C:\WINDOWS\Sysnative\sppcomapi.dll 2014-03-14 06:57:46 94D79382FB796B0A8C90270654A70563 1057280 ----a-w- C:\WINDOWS\Sysnative\rdvidcrl.dll 2014-03-14 06:57:46 724ADFEE7743C26C550ABFE04271DCFD 160256 ----a-w- C:\WINDOWS\Sysnative\DWWIN.EXE 2014-03-14 06:57:46 3FFEC6927D4017829A82ECDB277BB23E 64512 ----a-w- C:\WINDOWS\Sysnative\tsgqec.dll 2014-03-14 06:57:46 110BE5198A63D3FF3CE9C30F1DC12EC3 386722 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml 2014-03-14 06:57:37 1A69D165DDA78A4329B854D4FEDAD132 4189184 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2014-03-14 06:57:37 05894DFC52A78C3B1DD5EF6F30FAD28C 586240 ----a-w- C:\WINDOWS\Sysnative\qedit.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2014-03-14 06:57:57 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-03-14 06:57:46 C85C075DE5B6D0FE116043054DE8EE02 311640 ----a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys 2014-03-14 06:57:40 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys 2014-03-14 06:57:39 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys 2014-03-14 06:57:39 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys ====== C:\WINDOWS\Tasks ====== 2014-03-17 07:40:31 E746BE0A097D44F645D89FDE182E33ED 424 ----a-w- C:\WINDOWS\Tasks\View Password Update.job 2014-03-17 07:40:31 C9BB7796B0684506B517CAB88DC360A0 3060 ----a-w- C:\WINDOWS\Sysnative\Tasks\View Password Update 2014-03-17 07:40:30 DFE8667B69C226DB5DA61E6DE16FF3EC 3004 ----a-w- C:\WINDOWS\Sysnative\Tasks\View Password_wd 2014-03-17 07:40:29 73EFDC4F622E88D6888C3B41A0B915B1 428 ----a-w- C:\WINDOWS\Tasks\View Password_wd.job 2014-02-22 18:54:59 D3688F89683E0A40159257BB81D5E48A 3958 ----a-w- C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{AC8F9A65-F441-4B14-9E2A-876CF579B06D} 2014-02-19 18:54:06 9F78C1B173578219C76D428AAD67F4C9 3596 ----a-w- C:\WINDOWS\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1301636691-605401379-4022305799-1008 2014-02-17 19:42:21 05287DCE1623AEC3C3B147DB085B9A63 3954 ----a-w- C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{9E691279-3579-43ED-ADFE-6F2BA9CF279E} 2014-02-17 13:25:10 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Apple ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-03-17 10:49:45 -------- d-----w- C:\Program Files\trend micro 2014-03-12 18:54:01 -------- d-----w- C:\Program Files\Common Files\DESIGNER 2014-03-12 18:53:31 -------- d-----w- C:\Program Files\Microsoft.NET 2014-03-12 18:52:55 -------- d-----w- C:\Program Files\Microsoft SQL Server 2014-03-12 18:49:52 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2014-03-12 18:49:44 -------- d-----w- C:\Program Files\Microsoft Office 2014-02-23 16:33:33 -------- d-----w- C:\Program Files\Common Files\Bullzip 2014-02-23 16:33:29 -------- d-----w- C:\Program Files\Bullzip 2014-02-17 13:22:02 -------- d-----w- C:\Program Files\Lightworks ======= C:\PROGRA~2 ===== 2014-03-17 07:40:28 -------- d-----w- C:\PROGRA~2\View-Password-soft 2014-03-12 18:53:31 -------- d-----w- C:\PROGRA~2\Microsoft SQL Server 2014-03-12 18:49:52 -------- d-----w- C:\PROGRA~2\Microsoft Analysis Services 2014-03-12 18:49:47 -------- d-----w- C:\PROGRA~2\Microsoft Office 2014-02-27 19:11:38 -------- d-----w- C:\PROGRA~2\Citrix 2014-02-24 13:04:11 -------- d-----w- C:\PROGRA~2\Fitbit Connect 2014-02-23 18:19:34 -------- d-----w- C:\PROGRA~2\Scrivener 2014-02-23 18:15:13 -------- d-----w- C:\PROGRA~2\Scapple 2014-02-23 17:26:25 -------- d-----w- C:\PROGRA~2\Clover 2014-02-17 21:10:28 -------- d-----w- C:\PROGRA~2\HerraizSoto 2014-02-17 21:06:06 -------- d-----w- C:\PROGRA~2\ZenWriter 2014-02-17 19:56:54 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2014-02-17 19:17:13 -------- d-----w- C:\PROGRA~2\KeePass Password Safe 2 2014-02-17 13:25:30 -------- d-----w- C:\PROGRA~2\QuickTime 2014-02-17 13:25:13 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple 2014-02-17 13:25:08 -------- d-----w- C:\PROGRA~2\Apple Software Update 2014-02-16 20:59:22 -------- d-----w- C:\PROGRA~2\OpenOffice 4 ======= C: ===== ====== C:\Users\Ann\AppData\Roaming ====== 2014-03-17 09:33:44 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\CrashDumps 2014-03-15 18:52:01 35055BA613302E06B3082E82D25E6CC4 26171 ----a-w- C:\Users\Ann\AppData\Local\recently-used.xbel 2014-03-14 07:41:05 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help 2014-03-14 07:41:05 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help 2014-03-12 18:49:48 -------- d-----w- C:\Users\Ann\AppData\Local\Microsoft Help 2014-03-12 18:40:01 -------- d-----w- C:\Users\Ann\AppData\Local\e-academy Inc 2014-03-12 18:40:00 -------- d-----w- C:\Users\Ann\AppData\Roaming\e-academy Inc 2014-03-12 13:38:52 -------- d-----w- C:\Users\jos2\AppData\Local\Apple 2014-03-02 18:20:12 -------- d-----w- C:\Users\jos2\AppData\Roaming\Identities 2014-03-01 11:18:52 -------- d-----w- C:\Users\Ann\AppData\Local\gtk-2.0 2014-02-27 19:12:13 -------- d-s---w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Locallow\Microsoft 2014-02-23 18:20:49 -------- d-----w- C:\Users\Ann\AppData\Local\LiteratureAndLatte 2014-02-23 17:27:40 -------- d-----w- C:\Users\jos2\AppData\Local\Clover 2014-02-23 17:26:31 -------- d-----w- C:\Users\Ann\AppData\Local\Clover 2014-02-23 16:35:43 -------- d-----w- C:\Users\Ann\AppData\Local\PDF Writer 2014-02-23 16:33:35 -------- d-----w- C:\Users\Ann\AppData\Roaming\PDF Writer 2014-02-23 06:02:30 -------- d-----w- C:\Users\jos2\AppData\Roaming\OpenOffice 2014-02-19 21:19:13 -------- d-----w- C:\Users\Ann\AppData\Roaming\DropboxMaster 2014-02-19 21:19:03 -------- d-----w- C:\Users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-02-19 19:02:54 -------- d-----w- C:\Users\jos2\AppData\Roaming\Tracker Software 2014-02-19 19:02:53 -------- d-----w- C:\Users\jos2\AppData\Roaming\Mozilla 2014-02-19 19:02:52 -------- d-----w- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-02-19 19:02:52 -------- d-----w- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-02-19 19:02:45 -------- d-----w- C:\Users\jos2\AppData\Roaming\LibreOffice 2014-02-19 19:02:45 -------- d-----w- C:\Users\jos2\AppData\Roaming\Lenovo 2014-02-19 19:02:45 -------- d-----w- C:\Users\jos2\AppData\Roaming\KeePass 2014-02-19 19:02:45 -------- d-----w- C:\Users\jos2\AppData\Roaming\Intel Corporation 2014-02-19 19:02:45 -------- d-----w- C:\Users\jos2\AppData\Roaming\ICAClient 2014-02-19 19:02:40 -------- d-----w- C:\Users\jos2\AppData\Roaming\Dropbox 2014-02-19 19:02:40 -------- d-----w- C:\Users\jos2\AppData\Locallow\Sun 2014-02-19 19:02:39 -------- d-----w- C:\Users\jos2\AppData\Locallow\Apple Computer 2014-02-19 19:02:39 -------- d-----w- C:\Users\jos2\AppData\Local\Windows Live 2014-02-19 19:02:38 -------- d-----w- C:\Users\jos2\AppData\Local\Programs 2014-02-19 19:02:38 -------- d-----w- C:\Users\jos2\AppData\Local\Power2Go8 2014-02-19 19:02:13 -------- d-----w- C:\Users\jos2\AppData\Local\Mozilla 2014-02-19 19:00:37 -------- d-----w- C:\Users\jos2\AppData\Local\gegl-0.2 2014-02-19 19:00:37 -------- d-----w- C:\Users\jos2\AppData\Local\fontconfig 2014-02-19 19:00:36 7B4EB4E6B0396307A204DB56A55C7077 1493 ----a-w- C:\Users\jos2\AppData\Local\recently-used.xbel 2014-02-19 19:00:36 -------- d-----w- C:\Users\jos2\AppData\Local\CrashDumps 2014-02-19 19:00:36 -------- d-----w- C:\Users\jos2\AppData\Local\Citrix 2014-02-19 18:53:31 -------- d-----w- C:\Users\jos2\AppData\Local\Google 2014-02-19 18:49:20 -------- d-----w- C:\Users\jos2\AppData\Roaming\Apple Computer 2014-02-19 18:49:19 -------- d-----w- C:\Users\jos2\AppData\Roaming\Epson 2014-02-19 18:48:54 -------- d-----r- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-19 18:48:54 -------- d-----r- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-19 18:48:46 -------- d-----w- C:\Users\jos2\AppData\Roaming\Adobe 2014-02-19 18:48:46 -------- d-----w- C:\Users\jos2\AppData\Local\Packages 2014-02-19 18:48:43 -------- d-s---w- C:\Users\jos2\AppData\Locallow\Microsoft 2014-02-19 18:48:40 -------- d-s---w- C:\Users\jos2\AppData\Roaming\Microsoft 2014-02-19 18:48:40 -------- d-----w- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-19 18:48:40 -------- d-----w- C:\Users\jos2\AppData\Local\Temp 2014-02-19 18:48:40 -------- d-----w- C:\Users\jos2\AppData\Local\Microsoft 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-02-19 07:17:23 -------- d-s---w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Locallow\Microsoft 2014-02-17 19:57:57 -------- d-----w- C:\Users\Ann\AppData\Locallow\LastPass 2014-02-17 14:27:35 -------- d-----w- C:\Users\Ann\AppData\Local\Apple Computer 2014-02-17 13:24:43 -------- d-----w- C:\Users\Ann\AppData\Locallow\Apple Computer 2014-02-16 21:00:22 -------- d-----w- C:\Users\Ann\AppData\Roaming\OpenOffice 2014-02-16 10:12:16 850021DC81134043F4BBF28C8D219DC1 441800 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat ====== C:\Users\Ann ====== 2014-03-17 10:48:02 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Ann\Desktop\RSITx64.exe 2014-03-17 09:57:59 34BC83B0BDB5CA54BB9E4467EA92D614 4763560 ----a-w- C:\Users\Ann\Downloads\ccsetup411pro.exe 2014-03-17 07:46:00 -------- d-----w- C:\ProgramData\TEMP 2014-03-17 07:39:24 6D650A5289CD7D2CB53E18A6A3CB091F 300432 ----a-w- C:\Users\jos2\Downloads\Gadwin PrintScreen.exe 2014-03-12 18:54:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-03-12 18:49:43 -------- d-----w- C:\ProgramData\Microsoft Help 2014-02-27 19:12:11 -------- d-----w- C:\ProgramData\Citrix 2014-02-27 19:11:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix 2014-02-24 13:04:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect 2014-02-24 13:04:11 -------- d-----w- C:\ProgramData\FitbitConnect 2014-02-23 18:19:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener 2014-02-23 18:15:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scapple 2014-02-23 17:26:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover 2014-02-23 16:33:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip 2014-02-23 16:33:35 -------- d-----w- C:\ProgramData\PDF Writer 2014-02-19 21:20:01 -------- d-----r- C:\Users\Ann\Dropbox 2014-02-19 20:33:15 -------- d--h--r- C:\Users\Public\AccountPictures 2014-02-19 20:27:26 -------- d-----r- C:\Users\jos2\Google Drive 2014-02-19 20:25:08 -------- d-----r- C:\Users\jos2\Dropbox 2014-02-19 19:02:54 -------- d-----w- C:\Users\jos2\Backup 2014-02-19 18:57:16 -------- d-----w- C:\Users\jos2\.gimp-2.8 2014-02-19 18:48:54 -------- d-----r- C:\Users\jos2\Searches 2014-02-19 18:48:53 -------- d-----r- C:\Users\jos2\Contacts 2014-02-19 18:48:40 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\jos2\ntuser.ini 2014-02-19 18:48:40 -------- d--h--w- C:\Users\jos2\AppData 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Videos 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Saved Games 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Pictures 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Music 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Links 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Favorites 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Downloads 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Documents 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Desktop 2014-02-19 09:33:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-02-17 19:56:54 -------- d-----w- C:\ProgramData\Mozilla 2014-02-17 13:26:09 -------- d-----w- C:\Users\Ann\.MCTranscodingSDK 2014-02-17 13:25:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-02-17 13:25:30 -------- d-----w- C:\ProgramData\Apple Computer 2014-02-17 13:25:08 -------- d-----w- C:\ProgramData\Apple 2014-02-17 13:23:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks 2014-02-17 13:23:28 -------- d-----w- C:\ProgramData\Geevs 2014-02-17 08:48:42 -------- d-----w- C:\ProgramData\Microsoft SkyDrive 2014-02-16 20:59:46 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1 ====== C: exe-files == 2014-03-17 10:49:46 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ann.exe 2014-03-17 10:48:02 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Ann\Desktop\RSITx64.exe 2014-03-17 09:57:59 34BC83B0BDB5CA54BB9E4467EA92D614 4763560 ----a-w- C:\Users\Ann\Downloads\ccsetup411pro.exe 2014-03-17 07:41:23 5BEDBCA9B50F0374B405EB0C79EC0195 275456 ----atw- C:\Users\Ann\AppData\Local\Temp\n6512\s6512.exe 2014-03-17 07:40:41 E6BB491A120A0668A551A8C2ED2FEE4F 6602128 ----a-w- C:\Users\Ann\AppData\Local\Temp\{AAB08BF3-940B-4F14-8EF2-C8D1AF203387}\setup.exe 2014-03-17 07:40:33 DA4BFBD389F1FD5BB0C7394230BB6641 6967304 ----a-w- C:\Users\Ann\AppData\Local\Temp\n6160\OptimizerPro.exe 2014-03-17 07:40:27 E50800471EEBFA5579CEA557DB286008 171246 ----a-w- C:\Program Files (x86)\View-Password-soft\Uninstall.exe 2014-03-17 07:40:27 CC7BD61A0EAD7C82B43B06DE111FF4AA 195072 ----a-w- C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe 2014-03-17 07:40:27 A77B533CB4EF9A10A1659CCE2A7D56AC 303104 ----a-w- C:\Program Files (x86)\View-Password-soft\View-.exe 2014-03-17 07:40:27 49CE20112C2165EBB862BA949B154629 93696 ----a-w- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe 2014-03-17 07:40:25 FB255E1BCF8A6B67C60335473896F4F9 1256394 ----a-w- C:\Users\Ann\AppData\Local\Temp\n6160\ViewPassword_1030-8002.exe 2014-03-17 07:40:23 EB5915E612A72CE1979D494FA1D9ACBF 706560 ----a-w- C:\Users\Ann\AppData\Local\Temp\n6160\Lollipop_1003-7f5a9c1b.exe 2014-03-17 07:39:35 5BEDBCA9B50F0374B405EB0C79EC0195 275456 ----atw- C:\Users\Ann\AppData\Local\Temp\n6160\s6160.exe 2014-03-17 07:39:24 6D650A5289CD7D2CB53E18A6A3CB091F 300432 ----a-w- C:\Users\jos2\Downloads\Gadwin PrintScreen.exe 2014-03-15 14:15:44 E677174AA15D1B9D9E0B0F1C8DB8CC56 892120 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe 2014-03-14 06:58:21 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\Windows\System32\winload.exe 2014-03-14 06:58:21 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\Windows\System32\Boot\winload.exe 2014-03-14 06:58:06 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-03-14 06:58:01 C993A0B97BECD3AAF5158E3869878465 6353960 ----a-w- C:\Windows\System32\sppsvc.exe 2014-03-14 06:57:48 C83AFB0B285F293EDECF5EBDEC074A94 458616 ----a-w- C:\Windows\System32\WerFault.exe 2014-03-14 06:57:48 249DE8C6F690646CC8EC53D49ABC6BE9 408480 ----a-w- C:\Windows\SysWOW64\WerFault.exe 2014-03-14 06:57:46 D4A17A8DEB194D77AD9651F0EE0C76EB 138752 ----a-w- C:\Windows\SysWOW64\DWWIN.EXE 2014-03-14 06:57:46 724ADFEE7743C26C550ABFE04271DCFD 160256 ----a-w- C:\Windows\System32\DWWIN.EXE 2014-03-14 01:02:42 DE24315BA357F0014EF71831837611A7 245384 ----a-w- C:\Users\Ann\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 2014-03-14 01:00:30 179E7D197B8BFEFDB49C82D0C26D5EE3 143688 ----a-w- C:\Users\Ann\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe 2014-03-14 01:00:28 08AC98F458D37083BB914E660E0EBD8E 33189664 ----a-w- C:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe 2014-03-12 18:40:01 2E8714C7BABFBACAEC0FFB25DDFC01A4 9662 ----a-r- C:\Users\Ann\AppData\Roaming\Microsoft\Installer\{E040B65B-8683-4228-8C33-D44A141E40EA}\_853F67D554F05449430E7E.exe 2014-03-12 18:40:01 2E8714C7BABFBACAEC0FFB25DDFC01A4 9662 ----a-r- C:\Users\Ann\AppData\Roaming\Microsoft\Installer\{E040B65B-8683-4228-8C33-D44A141E40EA}\_80D807FC3A72E5B428F1ED.exe 2014-03-12 18:40:01 2E8714C7BABFBACAEC0FFB25DDFC01A4 9662 ----a-r- C:\Users\Ann\AppData\Roaming\Microsoft\Installer\{E040B65B-8683-4228-8C33-D44A141E40EA}\_112D608FD02CD87FDC7735.exe === C: other files == 2014-03-17 07:40:28 9A087007AE9EBD0CE2940670B0060F0D 11575 ----a-w- C:\Program Files (x86)\View-Password-soft\157.xpi 2014-03-14 06:57:57 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-03-14 06:57:46 C85C075DE5B6D0FE116043054DE8EE02 311640 ----a-w- C:\Windows\System32\drivers\volsnap.sys 2014-03-14 06:57:40 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\Windows\System32\drivers\WdFilter.sys 2014-03-14 06:57:39 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\Windows\System32\drivers\WdNisDrv.sys 2014-03-14 06:57:39 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys 2014-03-14 06:57:37 1A69D165DDA78A4329B854D4FEDAD132 4189184 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1301636691-605401379-4022305799-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "KeePass 2 PreLoad"="C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload" "Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Folders ====================== 2014-02-19 21:19:24 1102 ----a-w- C:\Users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-02-19 19:02:52 1052 ----a-w- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-02-12 15:17:39 1845 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk 2014-02-27 19:11:54 2849 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12-02-2014 16:10] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12-02-2014 16:10] C:\WINDOWS\tasks\View Password Update.job --a-------- C:\Program Files (x86)\View-Password-soft\View-.exe [17-03-2014 08:40] C:\WINDOWS\tasks\View Password_wd.job --a-------- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe [17-03-2014 08:40] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{9E691279-3579-43ED-ADFE-6F2BA9CF279E}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{AC8F9A65-F441-4B14-9E2A-876CF579B06D}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{B0A21456-AB7E-427C-A431-F436EE744136}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\View Password Update" [C:\Program Files (x86)\View-Password-soft\View-.exe] "C:\WINDOWS\SysNative\tasks\View Password_wd" [C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [23-02-2014 18:41] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{dfe9a019-6233-471f-b90c-756ac2c13a22}"="C:\Program Files (x86)\View-Password-soft\157.xpi" [17-03-2014 08:40] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ann\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\0s9rvdsa.default - CSS Stylesheet Editor - %ProfilePath%\extensions\csseditor@bluegriffon.com.xpi - EyeDropper - %ProfilePath%\extensions\eyedropper@bluegriffon.com.xpi - FontSquirrel Manager - %ProfilePath%\extensions\fs@bluegriffon.com.xpi - Fullscreen - %ProfilePath%\extensions\fullscreen@bluegriffon.com.xpi - Google Font Directory Manager - %ProfilePath%\extensions\gfd@bluegriffon.com.xpi - Czech CZ Language Pack - %ProfilePath%\extensions\langpack-cs@bluegriffon.org.xpi - Deutsch DE Language Pack - %ProfilePath%\extensions\langpack-de@bluegriffon.org.xpi - English US Language Pack - %ProfilePath%\extensions\langpack-en-US@bluegriffon.org.xpi - Espaol Espaa Language Pack - %ProfilePath%\extensions\langpack-es-ES@bluegriffon.org.xpi - Suomenkielinen FI Language Pack - %ProfilePath%\extensions\langpack-fi@bluegriffon.org.xpi - Franais Language Pack - %ProfilePath%\extensions\langpack-fr@bluegriffon.org.xpi - Galego Espaa Language Pack - %ProfilePath%\extensions\langpack-gl@bluegriffon.org.xpi - Hebrew IL Language Pack - %ProfilePath%\extensions\langpack-he@bluegriffon.org.xpi - Magyar HU Language Pack - %ProfilePath%\extensions\langpack-hu@bluegriffon.org.xpi - Italiano IT Language Pack - %ProfilePath%\extensions\langpack-it@bluegriffon.org.xpi - Japanese Language Pack - %ProfilePath%\extensions\langpack-ja@bluegriffon.org.xpi - Korean KR Language Pack - %ProfilePath%\extensions\langpack-ko@bluegriffon.org.xpi - Nederlands NL Language Pack - %ProfilePath%\extensions\langpack-nl@bluegriffon.org.xpi - Polski Language Pack - %ProfilePath%\extensions\langpack-pl@bluegriffon.org.xpi - Slovenski jezik Language Pack - %ProfilePath%\extensions\langpack-sl@bluegriffon.org.xpi - sr Language Pack - %ProfilePath%\extensions\langpack-sr@bluegriffon.org.xpi - Svenska SE Language Pack - %ProfilePath%\extensions\langpack-sv-SE@bluegriffon.org.xpi - Chinese Simplified zh-CN Language Pack - %ProfilePath%\extensions\langpack-zh-CN@bluegriffon.org.xpi - Traditional Chinese zh-TW Language Pack - %ProfilePath%\extensions\langpack-zh-TW@bluegriffon.org.xpi - MathML - %ProfilePath%\extensions\mathml@bluegriffon.com.xpi - Opquast Accessibility First Step - %ProfilePath%\extensions\op1@bluegriffon.com.xpi - Snippets - %ProfilePath%\extensions\snippets@bluegriffon.com.xpi - SVG-edit - %ProfilePath%\extensions\svg-edit@googlegroups.com.xpi - Table Layouts - %ProfilePath%\extensions\tablelayout@bluegriffon.com.xpi - One-click Templates - %ProfilePath%\extensions\templatesManager@bluegriffon.com.xpi - Thumbnailer - %ProfilePath%\extensions\thumbnailer@bluegriffon.com.xpi - Tip of the Day - %ProfilePath%\extensions\tipoftheday@bluegriffon.com.xpi ProfilePath: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\ufkjpzpn.default - E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on - United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org - LastPass - %ProfilePath%\extensions\support@lastpass.com - feedly - %ProfilePath%\extensions\feedly@devhd.xpi - Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi - Readability - %ProfilePath%\extensions\readability@readability.com.xpi - Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi - Right Inbox - %ProfilePath%\extensions\{eb692b9a-0dce-45fa-b0e6-765d83e386bd}.xpi ProfilePath: C:\Users\Ann\AppData\Roaming\Songbird2\Profiles\t42m592n.default - Undetermined - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\concerts@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com - Last.fm - %ProfilePath%\extensions\audioscrobbler@songbirdnest.com - Suporte cpia de CDs - %ProfilePath%\extensions\cd-rip@songbirdnest.com - Philips GoGear Device Manager - %ProfilePath%\extensions\gogear@songbirdnest.com - Fornecedor da pesquisa de metadados Gracenote - %ProfilePath%\extensions\gracenote@songbirdnest.com - mashTape - %ProfilePath%\extensions\mashTape@songbirdnest.com - MSC Device Support - %ProfilePath%\extensions\msc@songbirdnest.com - MTP Device Support - %ProfilePath%\extensions\mtp@songbirdnest.com - QuickTime Playback - %ProfilePath%\extensions\quicktime@songbirdnest.com - SHOUTcast Radio - %ProfilePath%\extensions\shoutcast-radio@songbirdnest.com - Windows Media Playback - %ProfilePath%\extensions\windowsmedia@songbirdnest.com ProfilePath: C:\Users\Ann\AppData\Roaming\Thunderbird\Profiles\svh3a9al.default - Undetermined - C:\Program Files (x86)\Eudora OSE\extensions\{D1D37B8A-4F3C-11DB-8373-B622A1EF5492} ProfilePath: C:\Users\jos2\AppData\Roaming\Mozilla\Firefox\Profiles\dt61hscp.default - Undetermined - C:\Users\Jos\AppData\Roaming\Mozilla\Firefox\Profiles\dt61hscp.default\extensions\clickclean@hotcleaner.com - Clickamp;Clean - %ProfilePath%\extensions\clickclean@hotcleaner.com - Lightbeam - %ProfilePath%\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\ufkjpzpn.default 5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director 7A0EABE3C33D6F01214F3DFEA9DAA402 - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll - PDF-XChange Editor 97C4FF8417CAE7FF46BA0C7E55A1C1AC - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll - PDF-XChange Editor ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx[19-01-2014 18:42] Duolingo - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl Google Docs - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Toodledo Tasks - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ballhmoamkbbfadiealjmgmhbbnellbc MindMeister - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm WOT - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp YouTube - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Email this page (by Google) - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai Category Tabs for Google Keep™ - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlahcjmefibiedeecoegjilekaebchhl KeyRocket for Gmail\u2122 - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp DoNotTrackMe Online Privacy Protection - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd OrganizeMe - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepmgenffldpcaolcmmjnmdjeaabajlg AFAS Personal Bijwerk Assistent - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhdjnejhhklnclpkbnfmfimijnlmghfk Stylish - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe Name of new folder - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk AdBlock - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Calendar by Google - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich LastPass - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd The Old Reader - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhdpibondcndkgpoobpnndbbelpidhpk Google Keep - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki Password must be between 6 and 64 characters long. - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj Right Inbox for Gmail - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb Google Dictionary (by Google) - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja Norton Identity Protection - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Feedly - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja Pocket (formerly Read It Later) - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj RSS Subscription Extension by Google - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd Google Wallet - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Docs PDFPowerPoint Viewer by Google - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn AFAS Personal - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohcndkndhdiknpkkmeplfhajcilbnkd Readability - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi dotEPUB - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm ShareMeNot - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\peeecebkcdlibcfllbpmmkhggflcppem Evernote Web Clipper - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc Gmail - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Norton Identity Protection - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Booking.com - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pficdecjkdlnacnnbkociacmdbpmhdoc Gmail - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{37939C00-1195-4E13-9974-CBECBFB0E2B8}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {37939C00-1195-4E13-9974-CBECBFB0E2B8} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:13828" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\jos2\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\jos2\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\jos2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=54 folders=21 60341566 bytes) ==== Empty Temp Folders ====================== C:\Users\Ann\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\jos2\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Ann\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 18-03-2014 at 11:21:57,33 ======================