Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Ann on do 20-03-2014 at 21:02:35,30. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ann\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-03-18-102157.log 48750 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe C:\Program Files\CrashPlan\CrashPlanTray.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE C:\Users\Ann\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\ufkjpzpn.default\extensions\support@lastpass.com deleted C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted C:\Users\jos2\AppData\Roaming\Mozilla\Firefox\Profiles\dt61hscp.default\jetpack deleted "C:\WINDOWS\tasks\View Password Update.job" deleted "C:\WINDOWS\tasks\View Password_wd.job" deleted "C:\WINDOWS\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8137 MB CPU Info: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz CPU Speed: 3287,4 MHz Sound Card: Luidsprekers (5- High Definitio | Display Adapters: NVIDIA GeForce GT 640 | NVIDIA GeForce GT 640 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family-controller CD / DVD Drives: 1x (G: | ) G: TSSTcorpCDDVDW SH-216BB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 1800,9GB | D: 60,1GB Hard Disks - Free: C: 1249,6GB | D: 45,9GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | MEDION - 11112011 Time Zone: West-Europa (standaardtijd) Motherboard *: MEDION MS-7797 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Norton Internet Security disabled (Outdated) Firewall: Norton Internet Security disabled Default Browser: Google Chrome 33.0.1750.154 Internet Explorer Version: 11.0.9600.16521 Mozilla Firefox version: 28.0 (x86 nl) Google Chrome version: 33.0.1750.154 Shockwave Player version: 12.0.9r149 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Ann\AppData\Local\Temp ==== 2014-03-20 20:00:52 F328627D8057AA7157A8209FCDAB47A6 43008 ----a-w- C:\Users\Ann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5xjubm.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2014-03-18 22:55:54 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2014-03-18 22:55:53 D292652F380DFC23897CB31B1940E56C 588800 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2014-03-18 22:55:48 3104FCDE0470E5D89C9991FC0EDDE57E 18643560 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2014-03-18 22:55:46 9929F71938D9FCE4550BEB935071F0C8 13949440 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-03-18 22:55:43 A00970DBAD7034523CF9D2C395A944B8 103936 ----a-w- C:\WINDOWS\SysWOW64\OEMLicense.dll 2014-03-18 22:55:42 A863A4DEF854D579C36EAA9DECF21C80 336896 ----a-w- C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-03-18 22:55:42 716046CF7941B176C18AA58785899A2D 174592 ----a-w- C:\WINDOWS\SysWOW64\WSClient.dll 2014-03-18 22:55:40 65ACE54B8EDA937EE7706733D27F40A8 802816 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-03-18 22:55:39 DBB6B2FA462A5E7029766B09ED9CDA73 381168 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll 2014-03-18 22:55:39 CF8746715C1AA00C29F789825E321C7C 770560 ----a-w- C:\WINDOWS\SysWOW64\ReAgent.dll 2014-03-18 22:55:38 EC308077E9BEEDF523AE3D6BA042E016 630272 ----a-w- C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2014-03-18 22:55:38 986ABF43F76F5B0E3557363FB4925C78 1472048 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll 2014-03-18 22:55:37 E2C1E49EBFB8EFA1AFF6966533BAD12B 140800 ----a-w- C:\WINDOWS\SysWOW64\easwrt.dll 2014-03-18 22:55:37 A7DE6E0B69826D5B6F5FF68AABCF7035 218112 ----a-w- C:\WINDOWS\SysWOW64\sti.dll 2014-03-14 06:58:17 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2014-03-14 06:58:09 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2014-03-14 06:58:07 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2014-03-14 06:58:06 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2014-03-14 06:58:05 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2014-03-14 06:58:05 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2014-03-14 06:58:05 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-03-14 06:58:05 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2014-03-14 06:57:59 D34CE666D9BA3D5232609D3C15075B70 5770752 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll 2014-03-14 06:57:58 ECEBFCEF5799B57BFF242D24B27E4FE4 2143960 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2014-03-14 06:57:51 2A3626E0B7F5A5317902EBDAF2B4CCE0 1371824 ----a-w- C:\WINDOWS\SysWOW64\combase.dll 2014-03-14 06:57:50 6C8AC5035C39C818624EFA962B24AB3D 1036288 ----a-w- C:\WINDOWS\SysWOW64\kernel32.dll 2014-03-14 06:57:49 34823DAA381423CAE81FEE7C2EEE52F4 669352 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-03-14 06:57:49 17500825FE6C7094ACC6E7DC6B578399 369280 ----a-w- C:\WINDOWS\SysWOW64\Faultrep.dll 2014-03-14 06:57:48 FCD51A3EB7E47FBCE17382A95FD3AB35 2873344 ----a-w- C:\WINDOWS\SysWOW64\dbgeng.dll 2014-03-14 06:57:48 878B3C936C3C2850A57C24C6F104EBC5 208896 ----a-w- C:\WINDOWS\SysWOW64\rdpencom.dll 2014-03-14 06:57:48 249DE8C6F690646CC8EC53D49ABC6BE9 408480 ----a-w- C:\WINDOWS\SysWOW64\WerFault.exe 2014-03-14 06:57:47 F5033F3C6F8E706D78ACB9351EBF7B3E 1238016 ----a-w- C:\WINDOWS\SysWOW64\dbghelp.dll 2014-03-14 06:57:46 D4A17A8DEB194D77AD9651F0EE0C76EB 138752 ----a-w- C:\WINDOWS\SysWOW64\DWWIN.EXE 2014-03-14 06:57:46 D0B6EB329D696A5C2122352EAE722290 855552 ----a-w- C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-03-14 06:57:46 3DA5CD1E3B9BDAF79731CB6CB1029CB3 53248 ----a-w- C:\WINDOWS\SysWOW64\tsgqec.dll 2014-03-14 06:57:37 F80E8CF9E4A051C2CC338C85088A046C 488448 ----a-w- C:\WINDOWS\SysWOW64\qedit.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-03-18 22:55:53 968FB3BA8E7DF0933A1CF593BD503F4A 461312 ----a-w- C:\WINDOWS\Sysnative\XpsGdiConverter.dll 2014-03-18 22:55:53 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe 2014-03-18 22:55:51 1D8F8BE07D2B06C32ADB4B08F0F2A357 749056 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll 2014-03-18 22:55:49 FF73B88BA206966BD228320F664D4D92 21199256 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2014-03-18 22:55:44 04B5ADB034D17585D3BCFC6DE5CADFF8 18576384 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2014-03-18 22:55:42 B88A70259DF2927787C0B766DD4CFB5C 206336 ----a-w- C:\WINDOWS\Sysnative\WSClient.dll 2014-03-18 22:55:42 68085A085DE8E3540EE8E02CAE575B2E 138240 ----a-w- C:\WINDOWS\Sysnative\OEMLicense.dll 2014-03-18 22:55:41 E069B63DAD920D231FA8A141DFF43A8C 960512 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2014-03-18 22:55:40 E80700EB046D0B82B694C98CF7231C08 481944 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll 2014-03-18 22:55:40 D03BF756457B6A1EB305B26046BB9B4D 914944 ----a-w- C:\WINDOWS\Sysnative\ReAgent.dll 2014-03-18 22:55:40 A95838FFFAEAA7500263D491575F7E0C 1214976 ----a-w- C:\WINDOWS\Sysnative\schedsvc.dll 2014-03-18 22:55:39 E287F157F7A0011D93179C64EF8ADCF2 376320 ----a-w- C:\WINDOWS\Sysnative\pnrpsvc.dll 2014-03-18 22:55:39 847CFF96ACB575CE73C0E2E86C6BA993 842752 ----a-w- C:\WINDOWS\Sysnative\MsSpellCheckingFacility.dll 2014-03-18 22:55:39 1FCA4E287F0ED13BF037A484AA2FE3B1 419160 ----a-w- C:\WINDOWS\Sysnative\hal.dll 2014-03-18 22:55:38 C8ACFF60C553E63949A79DC370B516E4 947712 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll 2014-03-18 22:55:38 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\WINDOWS\Sysnative\easinvoker.exe 2014-03-18 22:55:38 66F214C9E446407D78048681394820A6 178176 ----a-w- C:\WINDOWS\Sysnative\easwrt.dll 2014-03-18 22:55:38 3D136E8D4C0407D9C40FD8BDD649B587 1720560 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll 2014-03-18 22:55:38 0B9FBEC5714523FF76DDFEB320FE2DF2 303616 ----a-w- C:\WINDOWS\Sysnative\sti.dll 2014-03-14 06:58:22 1A1DDFD4BA6523979C76BE188984C3AC 1643584 ----a-w- C:\WINDOWS\Sysnative\winload.efi 2014-03-14 06:58:21 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\WINDOWS\Sysnative\winload.exe 2014-03-14 06:58:19 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2014-03-14 06:58:12 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2014-03-14 06:58:08 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2014-03-14 06:58:06 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2014-03-14 06:58:06 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2014-03-14 06:58:06 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2014-03-14 06:58:06 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2014-03-14 06:58:05 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2014-03-14 06:58:05 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2014-03-14 06:58:01 C993A0B97BECD3AAF5158E3869878465 6353960 ----a-w- C:\WINDOWS\Sysnative\sppsvc.exe 2014-03-14 06:57:59 BAAD43360A7DF630ECC414671AEFA28C 6640640 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll 2014-03-14 06:57:58 977F77CE98456F6B115E5360A1160449 2133208 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2014-03-14 06:57:57 C039246195C736A602F581D29F18A43D 1928144 ----a-w- C:\WINDOWS\Sysnative\combase.dll 2014-03-14 06:57:51 C7B69F90B823182CE6BE7C5374832DE5 764864 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll 2014-03-14 06:57:50 CFADC50692A845BAC30940E203393219 1287064 ----a-w- C:\WINDOWS\Sysnative\kernel32.dll 2014-03-14 06:57:49 C7DFBE21051D5E44B479CBF74B968335 1486848 ----a-w- C:\WINDOWS\Sysnative\dbghelp.dll 2014-03-14 06:57:49 B5D2EBAD81739185A91D210F5F01824B 407024 ----a-w- C:\WINDOWS\Sysnative\Faultrep.dll 2014-03-14 06:57:49 819A1E0F89B6AC222E9D95CA000A40B1 4175360 ----a-w- C:\WINDOWS\Sysnative\dbgeng.dll 2014-03-14 06:57:48 C83AFB0B285F293EDECF5EBDEC074A94 458616 ----a-w- C:\WINDOWS\Sysnative\WerFault.exe 2014-03-14 06:57:48 99453C649DC4B0BE6D062B701CD2917F 716288 ----a-w- C:\WINDOWS\Sysnative\swprv.dll 2014-03-14 06:57:48 735CB57F806D292FB7ABE8BDFD3B5853 233920 ----a-w- C:\WINDOWS\Sysnative\mfps.dll 2014-03-14 06:57:48 2684605E822359CBD1ED2BD2C8E76397 249856 ----a-w- C:\WINDOWS\Sysnative\rdpencom.dll 2014-03-14 06:57:46 AFCAB4DC692CCE37E283B00E2D7B438F 447488 ----a-w- C:\WINDOWS\Sysnative\sppcomapi.dll 2014-03-14 06:57:46 94D79382FB796B0A8C90270654A70563 1057280 ----a-w- C:\WINDOWS\Sysnative\rdvidcrl.dll 2014-03-14 06:57:46 724ADFEE7743C26C550ABFE04271DCFD 160256 ----a-w- C:\WINDOWS\Sysnative\DWWIN.EXE 2014-03-14 06:57:46 3FFEC6927D4017829A82ECDB277BB23E 64512 ----a-w- C:\WINDOWS\Sysnative\tsgqec.dll 2014-03-14 06:57:46 110BE5198A63D3FF3CE9C30F1DC12EC3 386722 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml 2014-03-14 06:57:37 1A69D165DDA78A4329B854D4FEDAD132 4189184 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2014-03-14 06:57:37 05894DFC52A78C3B1DD5EF6F30FAD28C 586240 ----a-w- C:\WINDOWS\Sysnative\qedit.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2014-03-20 19:39:24 F24BD06AE917F57408999F79E91FD6BC 119000 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2014-03-20 19:38:37 CD51E1D0D638F1E07A6EDC98CD7F5DDA 91352 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys 2014-03-18 22:55:40 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2014-03-18 22:55:39 D22EB844EB57D016CC34178AC86456DF 325464 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2014-03-18 22:55:39 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2014-03-18 22:55:38 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\WINDOWS\Sysnative\drivers\rdbss.sys 2014-03-18 13:05:38 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2014-03-14 06:57:57 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-03-14 06:57:46 C85C075DE5B6D0FE116043054DE8EE02 311640 ----a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys 2014-03-14 06:57:40 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys 2014-03-14 06:57:39 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys 2014-03-14 06:57:39 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys ====== C:\WINDOWS\Tasks ====== 2014-02-22 18:54:59 4DB78FD1F375934970337ADD6A70956A 3958 ----a-w- C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{AC8F9A65-F441-4B14-9E2A-876CF579B06D} 2014-02-19 18:54:06 9F78C1B173578219C76D428AAD67F4C9 3596 ----a-w- C:\WINDOWS\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1301636691-605401379-4022305799-1008 ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-03-19 16:39:25 -------- d-----w- C:\Program Files\Microsoft.NET 2014-03-17 10:49:45 -------- d-----w- C:\Program Files\trend micro 2014-03-12 18:54:01 -------- d-----w- C:\Program Files\Common Files\DESIGNER 2014-03-12 18:52:55 -------- d-----w- C:\Program Files\Microsoft SQL Server 2014-03-12 18:49:52 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2014-03-12 18:49:44 -------- d-----w- C:\Program Files\Microsoft Office 2014-02-23 16:33:33 -------- d-----w- C:\Program Files\Common Files\Bullzip 2014-02-23 16:33:29 -------- d-----w- C:\Program Files\Bullzip ======= C:\PROGRA~2 ===== 2014-03-18 19:03:35 -------- d-----w- C:\PROGRA~2\ESET 2014-03-17 07:40:28 -------- d-----w- C:\PROGRA~2\View-Password-soft 2014-03-12 18:53:31 -------- d-----w- C:\PROGRA~2\Microsoft SQL Server 2014-03-12 18:49:52 -------- d-----w- C:\PROGRA~2\Microsoft Analysis Services 2014-03-12 18:49:47 -------- d-----w- C:\PROGRA~2\Microsoft Office 2014-02-27 19:11:38 -------- d-----w- C:\PROGRA~2\Citrix 2014-02-24 13:04:11 -------- d-----w- C:\PROGRA~2\Fitbit Connect 2014-02-23 18:19:34 -------- d-----w- C:\PROGRA~2\Scrivener 2014-02-23 18:15:13 -------- d-----w- C:\PROGRA~2\Scapple 2014-02-23 17:26:25 -------- d-----w- C:\PROGRA~2\Clover ======= C: ===== ====== C:\Users\Ann\AppData\Roaming ====== 2014-03-18 23:12:48 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\CrashDumps 2014-03-18 21:18:10 -------- d-----w- C:\Users\Ann\AppData\Local\calibre-cache 2014-03-18 17:24:27 -------- d-----w- C:\Users\jos2\AppData\Local\VirtualStore 2014-03-18 10:18:15 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp 2014-03-18 10:18:15 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp 2014-03-18 10:18:15 -------- d-----w- C:\Users\jos2\AppData\Local\Temp 2014-03-18 10:18:15 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-03-18 10:18:15 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-03-18 10:18:14 -------- d-----w- C:\Users\Ann\AppData\Local\Temp 2014-03-17 09:33:44 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\CrashDumps 2014-03-15 18:52:01 35055BA613302E06B3082E82D25E6CC4 26171 ----a-w- C:\Users\Ann\AppData\Local\recently-used.xbel 2014-03-14 07:41:05 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help 2014-03-14 07:41:05 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help 2014-03-12 18:49:48 -------- d-----w- C:\Users\Ann\AppData\Local\Microsoft Help 2014-03-12 18:40:01 -------- d-----w- C:\Users\Ann\AppData\Local\e-academy Inc 2014-03-12 18:40:00 -------- d-----w- C:\Users\Ann\AppData\Roaming\e-academy Inc 2014-03-12 13:38:52 -------- d-----w- C:\Users\jos2\AppData\Local\Apple 2014-03-02 18:20:12 -------- d-----w- C:\Users\jos2\AppData\Roaming\Identities 2014-03-01 11:18:52 -------- d-----w- C:\Users\Ann\AppData\Local\gtk-2.0 2014-02-27 19:12:13 -------- d-s---w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Locallow\Microsoft 2014-02-23 18:20:49 -------- d-----w- C:\Users\Ann\AppData\Local\LiteratureAndLatte 2014-02-23 17:27:40 -------- d-----w- C:\Users\jos2\AppData\Local\Clover 2014-02-23 17:26:31 -------- d-----w- C:\Users\Ann\AppData\Local\Clover 2014-02-23 16:35:43 -------- d-----w- C:\Users\Ann\AppData\Local\PDF Writer 2014-02-23 16:33:35 -------- d-----w- C:\Users\Ann\AppData\Roaming\PDF Writer 2014-02-23 06:02:30 -------- d-----w- C:\Users\jos2\AppData\Roaming\OpenOffice 2014-02-19 21:19:13 -------- d-----w- C:\Users\Ann\AppData\Roaming\DropboxMaster 2014-02-19 21:19:03 -------- d-----w- C:\Users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-02-19 19:02:54 -------- d-----w- C:\Users\jos2\AppData\Roaming\Tracker Software 2014-02-19 19:02:53 -------- d-----w- C:\Users\jos2\AppData\Roaming\Mozilla 2014-02-19 19:02:52 -------- d-----w- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-02-19 19:02:52 -------- d-----w- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-02-19 19:02:45 -------- d-----w- C:\Users\jos2\AppData\Roaming\LibreOffice 2014-02-19 19:02:45 -------- d-----w- C:\Users\jos2\AppData\Roaming\Lenovo 2014-02-19 19:02:45 -------- d-----w- C:\Users\jos2\AppData\Roaming\KeePass 2014-02-19 19:02:45 -------- d-----w- C:\Users\jos2\AppData\Roaming\Intel Corporation 2014-02-19 19:02:45 -------- d-----w- C:\Users\jos2\AppData\Roaming\ICAClient 2014-02-19 19:02:40 -------- d-----w- C:\Users\jos2\AppData\Roaming\Dropbox 2014-02-19 19:02:40 -------- d-----w- C:\Users\jos2\AppData\Locallow\Sun 2014-02-19 19:02:39 -------- d-----w- C:\Users\jos2\AppData\Locallow\Apple Computer 2014-02-19 19:02:39 -------- d-----w- C:\Users\jos2\AppData\Local\Windows Live 2014-02-19 19:02:38 -------- d-----w- C:\Users\jos2\AppData\Local\Programs 2014-02-19 19:02:38 -------- d-----w- C:\Users\jos2\AppData\Local\Power2Go8 2014-02-19 19:02:13 -------- d-----w- C:\Users\jos2\AppData\Local\Mozilla 2014-02-19 19:00:37 -------- d-----w- C:\Users\jos2\AppData\Local\gegl-0.2 2014-02-19 19:00:37 -------- d-----w- C:\Users\jos2\AppData\Local\fontconfig 2014-02-19 19:00:36 7B4EB4E6B0396307A204DB56A55C7077 1493 ----a-w- C:\Users\jos2\AppData\Local\recently-used.xbel 2014-02-19 19:00:36 -------- d-----w- C:\Users\jos2\AppData\Local\CrashDumps 2014-02-19 19:00:36 -------- d-----w- C:\Users\jos2\AppData\Local\Citrix 2014-02-19 18:53:31 -------- d-----w- C:\Users\jos2\AppData\Local\Google 2014-02-19 18:49:20 -------- d-----w- C:\Users\jos2\AppData\Roaming\Apple Computer 2014-02-19 18:49:19 -------- d-----w- C:\Users\jos2\AppData\Roaming\Epson 2014-02-19 18:48:54 -------- d-----r- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-19 18:48:54 -------- d-----r- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-19 18:48:46 -------- d-----w- C:\Users\jos2\AppData\Roaming\Adobe 2014-02-19 18:48:46 -------- d-----w- C:\Users\jos2\AppData\Local\Packages 2014-02-19 18:48:43 -------- d-s---w- C:\Users\jos2\AppData\Locallow\Microsoft 2014-02-19 18:48:40 -------- d-s---w- C:\Users\jos2\AppData\Roaming\Microsoft 2014-02-19 18:48:40 -------- d-----w- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-19 18:48:40 -------- d-----w- C:\Users\jos2\AppData\Local\Microsoft 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-02-19 07:17:23 -------- d-s---w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Locallow\Microsoft ====== C:\Users\Ann ====== 2014-03-20 19:32:19 4ABD34FBA47FD1449E051804092785DC 282936 ----a-w- C:\Users\jos2\Downloads\Firefox Setup Stub 28.0.exe 2014-03-18 19:02:46 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\Ann\Desktop\esetsmartinstaller_enu.exe 2014-03-18 13:04:31 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Ann\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-17 10:48:02 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Ann\Desktop\RSITx64.exe 2014-03-17 07:46:00 -------- d-----w- C:\ProgramData\TEMP 2014-03-12 18:54:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-03-12 18:49:43 -------- d-----w- C:\ProgramData\Microsoft Help 2014-02-27 19:12:11 -------- d-----w- C:\ProgramData\Citrix 2014-02-27 19:11:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix 2014-02-24 13:04:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect 2014-02-24 13:04:11 -------- d-----w- C:\ProgramData\FitbitConnect 2014-02-23 18:19:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener 2014-02-23 18:15:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scapple 2014-02-23 17:26:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover 2014-02-23 16:33:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip 2014-02-23 16:33:35 -------- d-----w- C:\ProgramData\PDF Writer 2014-02-19 21:20:01 -------- d-----r- C:\Users\Ann\Dropbox 2014-02-19 20:33:15 -------- d--h--r- C:\Users\Public\AccountPictures 2014-02-19 20:27:26 -------- d-----r- C:\Users\jos2\Google Drive 2014-02-19 20:25:08 -------- d-----r- C:\Users\jos2\Dropbox 2014-02-19 19:02:54 -------- d-----w- C:\Users\jos2\Backup 2014-02-19 18:57:16 -------- d-----w- C:\Users\jos2\.gimp-2.8 2014-02-19 18:48:54 -------- d-----r- C:\Users\jos2\Searches 2014-02-19 18:48:53 -------- d-----r- C:\Users\jos2\Contacts 2014-02-19 18:48:40 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\jos2\ntuser.ini 2014-02-19 18:48:40 -------- d--h--w- C:\Users\jos2\AppData 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Videos 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Saved Games 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Pictures 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Music 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Links 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Favorites 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Downloads 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Documents 2014-02-19 18:48:40 -------- d-----r- C:\Users\jos2\Desktop 2014-02-19 09:33:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive ====== C: exe-files == 2014-03-20 19:38:35 BA63FE28CD27A9B3501883689EBE4D5C 821560 ----a-w- C:\Users\Public\Documents\mbar\Plugins\fixdamage.exe 2014-03-20 19:38:35 7C3400A4EAE86C697F74756F783B9DA3 1180472 ----a-w- C:\Users\Public\Documents\mbar\mbar.exe 2014-03-20 19:37:28 99D69C3E87FE1556B76886F778480E2D 12589848 ----a-w- C:\Users\jos2\AppData\Local\Microsoft\Windows\INetCache\IE\CM3TUGQE\mbar-1.07.0.1009.exe 2014-03-20 19:33:05 AEE4E9CC59CDEB55B1ECB0E596E796BE 119408 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe 2014-03-20 19:32:19 4ABD34FBA47FD1449E051804092785DC 282936 ----a-w- C:\Users\jos2\Downloads\Firefox Setup Stub 28.0.exe 2014-03-18 22:55:54 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe 2014-03-18 22:55:53 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\Windows\System32\SettingSyncHost.exe 2014-03-18 22:55:38 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\Windows\System32\easinvoker.exe 2014-03-18 19:04:12 CE0D0B11986FD2C0247AE88A59B36A6E 579904 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 2014-03-18 19:04:12 BDB7D97012F9B3102DB72AA76A24942A 546944 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe 2014-03-18 19:04:12 7C9EEC809FB9CDA26EFC245C001EA980 2347384 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe 2014-03-18 19:04:12 7ABF8849E76732C357F419B1AF5668F2 546944 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe 2014-03-18 19:04:12 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 2014-03-18 19:02:46 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\Ann\Desktop\esetsmartinstaller_enu.exe 2014-03-18 13:04:31 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Ann\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-17 10:49:46 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ann.exe 2014-03-17 10:48:02 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Ann\Desktop\RSITx64.exe 2014-03-17 07:40:27 E50800471EEBFA5579CEA557DB286008 171246 ----a-w- C:\Program Files (x86)\View-Password-soft\Uninstall.exe 2014-03-17 07:40:27 CC7BD61A0EAD7C82B43B06DE111FF4AA 195072 ----a-w- C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe 2014-03-17 07:40:27 A77B533CB4EF9A10A1659CCE2A7D56AC 303104 ----a-w- C:\Program Files (x86)\View-Password-soft\View-.exe 2014-03-17 07:40:27 49CE20112C2165EBB862BA949B154629 93696 ----a-w- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe 2014-03-15 14:15:44 E677174AA15D1B9D9E0B0F1C8DB8CC56 892120 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe 2014-03-14 06:58:21 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\Windows\System32\winload.exe 2014-03-14 06:58:21 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\Windows\System32\Boot\winload.exe 2014-03-14 06:58:06 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-03-14 06:58:01 C993A0B97BECD3AAF5158E3869878465 6353960 ----a-w- C:\Windows\System32\sppsvc.exe 2014-03-14 06:57:48 C83AFB0B285F293EDECF5EBDEC074A94 458616 ----a-w- C:\Windows\System32\WerFault.exe 2014-03-14 06:57:48 249DE8C6F690646CC8EC53D49ABC6BE9 408480 ----a-w- C:\Windows\SysWOW64\WerFault.exe 2014-03-14 06:57:46 D4A17A8DEB194D77AD9651F0EE0C76EB 138752 ----a-w- C:\Windows\SysWOW64\DWWIN.EXE 2014-03-14 06:57:46 724ADFEE7743C26C550ABFE04271DCFD 160256 ----a-w- C:\Windows\System32\DWWIN.EXE 2014-03-14 01:02:42 DE24315BA357F0014EF71831837611A7 245384 ----a-w- C:\Users\Ann\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 2014-03-14 01:00:30 179E7D197B8BFEFDB49C82D0C26D5EE3 143688 ----a-w- C:\Users\Ann\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe 2014-03-14 01:00:28 08AC98F458D37083BB914E660E0EBD8E 33189664 ----a-w- C:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe === C: other files == 2014-03-20 19:39:24 F24BD06AE917F57408999F79E91FD6BC 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-03-20 19:38:37 CD51E1D0D638F1E07A6EDC98CD7F5DDA 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-03-19 15:57:04 F718A57D946EAC76EFCB351D74E269F4 875736 ----a-w- C:\Windows\System32\drivers\NISx64\1502000.026\srtsp64.sys 2014-03-19 15:57:04 B18CE01B9C09C59422BA7C7064248B35 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\srtspx64.sys 2014-03-19 15:57:04 9F31630D7FC2DD9D5DA1CE359AAD1F46 1148120 ----a-w- C:\Windows\System32\drivers\NISx64\1502000.026\symefa64.sys 2014-03-19 15:57:04 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\symds64.sys 2014-03-19 15:57:04 5570A74FF9B1EFBC5154DD1E2F05C517 593112 ----a-w- C:\Windows\System32\drivers\NISx64\1502000.026\symnets.sys 2014-03-19 15:57:04 48C2934683CBD06F662B088EEF49EF6A 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\ironx64.sys 2014-03-19 15:57:04 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\symelam.sys 2014-03-19 15:57:04 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\ccsetx64.sys 2014-03-18 22:55:40 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-03-18 22:55:39 D22EB844EB57D016CC34178AC86456DF 325464 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2014-03-18 22:55:39 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2014-03-18 22:55:38 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\System32\drivers\rdbss.sys 2014-03-18 21:32:16 7E1C072961BE0D108C81AB91BD89D687 957290 ----a-w- C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\ufkjpzpn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi 2014-03-18 21:32:12 7E1C072961BE0D108C81AB91BD89D687 957290 ----a-w- C:\Users\Ann\AppData\Local\Temp\tmp-ds7.xpi 2014-03-18 13:05:38 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-03-17 07:40:28 9A087007AE9EBD0CE2940670B0060F0D 11575 ----a-w- C:\Program Files (x86)\View-Password-soft\157.xpi 2014-03-14 06:57:57 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-03-14 06:57:46 C85C075DE5B6D0FE116043054DE8EE02 311640 ----a-w- C:\Windows\System32\drivers\volsnap.sys 2014-03-14 06:57:40 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\Windows\System32\drivers\WdFilter.sys 2014-03-14 06:57:39 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\Windows\System32\drivers\WdNisDrv.sys 2014-03-14 06:57:39 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys 2014-03-14 06:57:37 1A69D165DDA78A4329B854D4FEDAD132 4189184 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1301636691-605401379-4022305799-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "KeePass 2 PreLoad"="C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload" "Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Folders ====================== 2014-02-19 21:19:24 1102 ----a-w- C:\Users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-02-19 19:02:52 1052 ----a-w- C:\Users\jos2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-02-12 15:17:39 1845 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk 2014-02-27 19:11:54 2849 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12-02-2014 16:10] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12-02-2014 16:10] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{9E691279-3579-43ED-ADFE-6F2BA9CF279E}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{AC8F9A65-F441-4B14-9E2A-876CF579B06D}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{B0A21456-AB7E-427C-A431-F436EE744136}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [23-02-2014 18:41] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{dfe9a019-6233-471f-b90c-756ac2c13a22}"="C:\Program Files (x86)\View-Password-soft\157.xpi" [17-03-2014 08:40] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ann\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\0s9rvdsa.default - CSS Stylesheet Editor - %ProfilePath%\extensions\csseditor@bluegriffon.com.xpi - EyeDropper - %ProfilePath%\extensions\eyedropper@bluegriffon.com.xpi - FontSquirrel Manager - %ProfilePath%\extensions\fs@bluegriffon.com.xpi - Fullscreen - %ProfilePath%\extensions\fullscreen@bluegriffon.com.xpi - Google Font Directory Manager - %ProfilePath%\extensions\gfd@bluegriffon.com.xpi - Czech CZ Language Pack - %ProfilePath%\extensions\langpack-cs@bluegriffon.org.xpi - Deutsch DE Language Pack - %ProfilePath%\extensions\langpack-de@bluegriffon.org.xpi - English US Language Pack - %ProfilePath%\extensions\langpack-en-US@bluegriffon.org.xpi - Espaol Espaa Language Pack - %ProfilePath%\extensions\langpack-es-ES@bluegriffon.org.xpi - Suomenkielinen FI Language Pack - %ProfilePath%\extensions\langpack-fi@bluegriffon.org.xpi - Franais Language Pack - %ProfilePath%\extensions\langpack-fr@bluegriffon.org.xpi - Galego Espaa Language Pack - %ProfilePath%\extensions\langpack-gl@bluegriffon.org.xpi - Hebrew IL Language Pack - %ProfilePath%\extensions\langpack-he@bluegriffon.org.xpi - Magyar HU Language Pack - %ProfilePath%\extensions\langpack-hu@bluegriffon.org.xpi - Italiano IT Language Pack - %ProfilePath%\extensions\langpack-it@bluegriffon.org.xpi - Japanese Language Pack - %ProfilePath%\extensions\langpack-ja@bluegriffon.org.xpi - Korean KR Language Pack - %ProfilePath%\extensions\langpack-ko@bluegriffon.org.xpi - Nederlands NL Language Pack - %ProfilePath%\extensions\langpack-nl@bluegriffon.org.xpi - Polski Language Pack - %ProfilePath%\extensions\langpack-pl@bluegriffon.org.xpi - Slovenski jezik Language Pack - %ProfilePath%\extensions\langpack-sl@bluegriffon.org.xpi - sr Language Pack - %ProfilePath%\extensions\langpack-sr@bluegriffon.org.xpi - Svenska SE Language Pack - %ProfilePath%\extensions\langpack-sv-SE@bluegriffon.org.xpi - Chinese Simplified zh-CN Language Pack - %ProfilePath%\extensions\langpack-zh-CN@bluegriffon.org.xpi - Traditional Chinese zh-TW Language Pack - %ProfilePath%\extensions\langpack-zh-TW@bluegriffon.org.xpi - MathML - %ProfilePath%\extensions\mathml@bluegriffon.com.xpi - Opquast Accessibility First Step - %ProfilePath%\extensions\op1@bluegriffon.com.xpi - Snippets - %ProfilePath%\extensions\snippets@bluegriffon.com.xpi - SVG-edit - %ProfilePath%\extensions\svg-edit@googlegroups.com.xpi - Table Layouts - %ProfilePath%\extensions\tablelayout@bluegriffon.com.xpi - One-click Templates - %ProfilePath%\extensions\templatesManager@bluegriffon.com.xpi - Thumbnailer - %ProfilePath%\extensions\thumbnailer@bluegriffon.com.xpi - Tip of the Day - %ProfilePath%\extensions\tipoftheday@bluegriffon.com.xpi ProfilePath: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\ufkjpzpn.default - E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on - United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org - feedly - %ProfilePath%\extensions\feedly@devhd.xpi - Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi - Readability - %ProfilePath%\extensions\readability@readability.com.xpi - Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Right Inbox - %ProfilePath%\extensions\{eb692b9a-0dce-45fa-b0e6-765d83e386bd}.xpi ProfilePath: C:\Users\Ann\AppData\Roaming\Songbird2\Profiles\t42m592n.default - Undetermined - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\concerts@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com - Undetermined - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com - Last.fm - %ProfilePath%\extensions\audioscrobbler@songbirdnest.com - Suporte cpia de CDs - %ProfilePath%\extensions\cd-rip@songbirdnest.com - Philips GoGear Device Manager - %ProfilePath%\extensions\gogear@songbirdnest.com - Fornecedor da pesquisa de metadados Gracenote - %ProfilePath%\extensions\gracenote@songbirdnest.com - mashTape - %ProfilePath%\extensions\mashTape@songbirdnest.com - MSC Device Support - %ProfilePath%\extensions\msc@songbirdnest.com - MTP Device Support - %ProfilePath%\extensions\mtp@songbirdnest.com - QuickTime Playback - %ProfilePath%\extensions\quicktime@songbirdnest.com - SHOUTcast Radio - %ProfilePath%\extensions\shoutcast-radio@songbirdnest.com - Windows Media Playback - %ProfilePath%\extensions\windowsmedia@songbirdnest.com ProfilePath: C:\Users\Ann\AppData\Roaming\Thunderbird\Profiles\svh3a9al.default - Undetermined - C:\Program Files (x86)\Eudora OSE\extensions\{D1D37B8A-4F3C-11DB-8373-B622A1EF5492} ProfilePath: C:\Users\jos2\AppData\Roaming\Mozilla\Firefox\Profiles\dt61hscp.default - E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on - Clickamp;Clean - %ProfilePath%\extensions\clickclean@hotcleaner.com - Lightbeam - %ProfilePath%\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\ufkjpzpn.default 5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director 7A0EABE3C33D6F01214F3DFEA9DAA402 - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll - PDF-XChange Editor 97C4FF8417CAE7FF46BA0C7E55A1C1AC - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll - PDF-XChange Editor ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx[19-01-2014 18:42] Duolingo - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl Google Docs - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Toodledo Tasks - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ballhmoamkbbfadiealjmgmhbbnellbc MindMeister - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm WOT - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp YouTube - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Category Tabs for Google Keep™ - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlahcjmefibiedeecoegjilekaebchhl KeyRocket for Gmail\u2122 - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp DoNotTrackMe Online Privacy Protection - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd OrganizeMe - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepmgenffldpcaolcmmjnmdjeaabajlg AFAS Personal Bijwerk Assistent - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhdjnejhhklnclpkbnfmfimijnlmghfk Stylish - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe Name of new folder - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk AdBlock - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Calendar by Google - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich LastPass - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd The Old Reader - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhdpibondcndkgpoobpnndbbelpidhpk Google Keep - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki Password must be between 6 and 64 characters long. - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj Right Inbox for Gmail - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb Google Dictionary (by Google) - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja Norton Identity Protection - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Feedly - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja Pocket (formerly Read It Later) - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj RSS Subscription Extension by Google - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd Google Wallet - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Docs PDFPowerPoint Viewer by Google - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn AFAS Personal - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohcndkndhdiknpkkmeplfhajcilbnkd Readability - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi dotEPUB - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm ShareMeNot - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\peeecebkcdlibcfllbpmmkhggflcppem Evernote Web Clipper - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc Gmail - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Norton Identity Protection - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Booking.com - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pficdecjkdlnacnnbkociacmdbpmhdoc Gmail - jos2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{37939C00-1195-4E13-9974-CBECBFB0E2B8}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {37939C00-1195-4E13-9974-CBECBFB0E2B8} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:13828" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - Startup: Dropbox.lnk = Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: original1.desktop.ini O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe O4 - Global Startup: Online plug-in.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: CrashPlan Backup Service (CrashPlanService) - CrashPlan - C:\Program Files\CrashPlan\CrashPlanService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: View Password (ViewPassword) - Unknown owner - C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\jos2\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\jos2\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Ann\AppData\Local\Mozilla\Firefox\Profiles\ufkjpzpn.default\Cache emptied successfully C:\Users\jos2\AppData\Local\Mozilla\Firefox\Profiles\dt61hscp.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\jos2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=71 folders=32 60714918 bytes) ==== Empty Temp Folders ====================== C:\Users\Ann\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\jos2\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Ann\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 20-03-2014 at 21:23:21,48 ======================