AnnVR

Vervolg logfile:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VirtualSmartcardReader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wcmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

- - - Updated - - -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"EnableUIADesktopToggle"=0

"EnableCursorSuppression"=1

"ConsentPromptBehaviorUser"=3

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"ForceActiveDesktopOn"=0

"NoActiveDesktopChanges"=1

"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.yuy2"=msyuv.dll

"vidc.i420"=iyuv_32.dll

"msacm.msgsm610"=msgsm32.acm

"msacm.msg711"=msg711.acm

"vidc.yvyu"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"wavemapper"=msacm32.drv

"midimapper"=midimap.dll

"vidc.uyvy"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"vidc.msvc"=msvidc32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-03-17 11:49:45 ----D---- C:\rsit

2014-03-17 11:49:45 ----D---- C:\Program Files\trend micro

2014-03-17 10:59:49 ----D---- C:\Program Files\CCleaner

2014-03-17 08:46:00 ----D---- C:\ProgramData\TEMP

2014-03-17 08:40:28 ----D---- C:\Program Files (x86)\View-Password-soft

2014-03-14 08:38:52 ----SHD---- C:\Config.Msi

2014-03-14 07:58:21 ----A---- C:\WINDOWS\system32\winload.exe

2014-03-14 07:58:19 ----A---- C:\WINDOWS\system32\mshtml.dll

2014-03-14 07:58:17 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll

2014-03-14 07:58:12 ----A---- C:\WINDOWS\system32\ieframe.dll

2014-03-14 07:58:09 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll

2014-03-14 07:58:08 ----A---- C:\WINDOWS\system32\iertutil.dll

2014-03-14 07:58:07 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\wininet.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\urlmon.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\jscript9.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\system32\msfeeds.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\system32\ieapfltr.dll

2014-03-14 07:58:01 ----A---- C:\WINDOWS\system32\sppsvc.exe

2014-03-14 07:57:59 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll

2014-03-14 07:57:59 ----A---- C:\WINDOWS\system32\mstscax.dll

2014-03-14 07:57:58 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll

2014-03-14 07:57:58 ----A---- C:\WINDOWS\system32\mfcore.dll

2014-03-14 07:57:57 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys

2014-03-14 07:57:57 ----A---- C:\WINDOWS\system32\combase.dll

2014-03-14 07:57:51 ----A---- C:\WINDOWS\SYSWOW64\combase.dll

2014-03-14 07:57:51 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2014-03-14 07:57:50 ----A---- C:\WINDOWS\SYSWOW64\kernel32.dll

2014-03-14 07:57:50 ----A---- C:\WINDOWS\system32\kernel32.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\SYSWOW64\Faultrep.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\system32\Faultrep.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\system32\dbghelp.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\system32\dbgeng.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\SYSWOW64\WerFault.exe

2014-03-14 07:57:48 ----A---- C:\WINDOWS\SYSWOW64\rdpencom.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\WerFault.exe

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\swprv.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\rdpencom.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\mfps.dll

2014-03-14 07:57:47 ----A---- C:\WINDOWS\SYSWOW64\dbghelp.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\SYSWOW64\tsgqec.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\SYSWOW64\rdvidcrl.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\SYSWOW64\DWWIN.EXE

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\tsgqec.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\sppcomapi.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\rdvidcrl.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\DWWIN.EXE

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\drivers\volsnap.sys

2014-03-14 07:57:40 ----A---- C:\WINDOWS\system32\drivers\WdFilter.sys

2014-03-14 07:57:39 ----A---- C:\WINDOWS\system32\drivers\WdNisDrv.sys

2014-03-14 07:57:39 ----A---- C:\WINDOWS\system32\drivers\WdBoot.sys

2014-03-14 07:57:37 ----A---- C:\WINDOWS\SYSWOW64\qedit.dll

2014-03-14 07:57:37 ----A---- C:\WINDOWS\system32\win32k.sys

2014-03-14 07:57:37 ----A---- C:\WINDOWS\system32\qedit.dll

2014-03-12 19:54:01 ----D---- C:\Program Files\Common Files\DESIGNER

2014-03-12 19:53:31 ----D---- C:\Program Files\Microsoft.NET

2014-03-12 19:53:31 ----D---- C:\Program Files (x86)\Microsoft SQL Server

2014-03-12 19:52:55 ----D---- C:\WINDOWS\PCHEALTH

2014-03-12 19:52:55 ----D---- C:\Program Files\Microsoft SQL Server

2014-03-12 19:49:52 ----D---- C:\Program Files\Microsoft Analysis Services

2014-03-12 19:49:52 ----D---- C:\Program Files (x86)\Microsoft Analysis Services

2014-03-12 19:49:47 ----D---- C:\Program Files (x86)\Microsoft Office

2014-03-12 19:49:44 ----D---- C:\Program Files\Microsoft Office

2014-03-12 19:49:43 ----D---- C:\ProgramData\Microsoft Help

2014-03-12 19:49:36 ----RHD---- C:\MSOCache

2014-03-12 19:40:00 ----D---- C:\Users\Ann\AppData\Roaming\e-academy Inc

2014-03-12 14:27:49 ----D---- C:\Program Files\office.tmp

2014-02-27 20:12:11 ----D---- C:\ProgramData\Citrix

2014-02-27 20:11:38 ----D---- C:\Program Files (x86)\Citrix

2014-02-24 14:04:11 ----D---- C:\ProgramData\FitbitConnect

2014-02-24 14:04:11 ----D---- C:\Program Files (x86)\Fitbit Connect

2014-02-23 19:19:34 ----D---- C:\Program Files (x86)\Scrivener

2014-02-23 19:15:13 ----D---- C:\Program Files (x86)\Scapple

2014-02-23 18:26:25 ----D---- C:\Program Files (x86)\Clover

2014-02-23 17:33:35 ----D---- C:\Users\Ann\AppData\Roaming\PDF Writer

2014-02-23 17:33:35 ----D---- C:\ProgramData\PDF Writer

2014-02-23 17:33:35 ----A---- C:\WINDOWS\SYSWOW64\bzpdfc.dll

2014-02-23 17:33:35 ----A---- C:\WINDOWS\SYSWOW64\bzFlRdr.dll

2014-02-23 17:33:35 ----A---- C:\WINDOWS\SYSWOW64\bzDCT.dll

2014-02-23 17:33:33 ----D---- C:\Program Files\Common Files\Bullzip

2014-02-23 17:33:29 ----D---- C:\Program Files\Bullzip

2014-02-19 22:19:13 ----D---- C:\Users\Ann\AppData\Roaming\DropboxMaster

======List of files/folders modified in the last 1 month======

- - - Updated - - -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"EnableUIADesktopToggle"=0

"EnableCursorSuppression"=1

"ConsentPromptBehaviorUser"=3

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"ForceActiveDesktopOn"=0

"NoActiveDesktopChanges"=1

"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.yuy2"=msyuv.dll

"vidc.i420"=iyuv_32.dll

"msacm.msgsm610"=msgsm32.acm

"msacm.msg711"=msg711.acm

"vidc.yvyu"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"wavemapper"=msacm32.drv

"midimapper"=midimap.dll

"vidc.uyvy"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"vidc.msvc"=msvidc32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-03-17 11:49:45 ----D---- C:\rsit

2014-03-17 11:49:45 ----D---- C:\Program Files\trend micro

2014-03-17 10:59:49 ----D---- C:\Program Files\CCleaner

2014-03-17 08:46:00 ----D---- C:\ProgramData\TEMP

2014-03-17 08:40:28 ----D---- C:\Program Files (x86)\View-Password-soft

2014-03-14 08:38:52 ----SHD---- C:\Config.Msi

2014-03-14 07:58:21 ----A---- C:\WINDOWS\system32\winload.exe

2014-03-14 07:58:19 ----A---- C:\WINDOWS\system32\mshtml.dll

2014-03-14 07:58:17 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll

2014-03-14 07:58:12 ----A---- C:\WINDOWS\system32\ieframe.dll

2014-03-14 07:58:09 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll

2014-03-14 07:58:08 ----A---- C:\WINDOWS\system32\iertutil.dll

2014-03-14 07:58:07 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\wininet.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\urlmon.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\jscript9.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\system32\msfeeds.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\system32\ieapfltr.dll

2014-03-14 07:58:01 ----A---- C:\WINDOWS\system32\sppsvc.exe

2014-03-14 07:57:59 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll

2014-03-14 07:57:59 ----A---- C:\WINDOWS\system32\mstscax.dll

2014-03-14 07:57:58 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll

2014-03-14 07:57:58 ----A---- C:\WINDOWS\system32\mfcore.dll

2014-03-14 07:57:57 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys

2014-03-14 07:57:57 ----A---- C:\WINDOWS\system32\combase.dll

2014-03-14 07:57:51 ----A---- C:\WINDOWS\SYSWOW64\combase.dll

2014-03-14 07:57:51 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2014-03-14 07:57:50 ----A---- C:\WINDOWS\SYSWOW64\kernel32.dll

2014-03-14 07:57:50 ----A---- C:\WINDOWS\system32\kernel32.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\SYSWOW64\Faultrep.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\system32\Faultrep.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\system32\dbghelp.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\system32\dbgeng.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\SYSWOW64\WerFault.exe

2014-03-14 07:57:48 ----A---- C:\WINDOWS\SYSWOW64\rdpencom.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\WerFault.exe

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\swprv.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\rdpencom.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\mfps.dll

2014-03-14 07:57:47 ----A---- C:\WINDOWS\SYSWOW64\dbghelp.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\SYSWOW64\tsgqec.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\SYSWOW64\rdvidcrl.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\SYSWOW64\DWWIN.EXE

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\tsgqec.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\sppcomapi.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\rdvidcrl.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\DWWIN.EXE

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\drivers\volsnap.sys

2014-03-14 07:57:40 ----A---- C:\WINDOWS\system32\drivers\WdFilter.sys

2014-03-14 07:57:39 ----A---- C:\WINDOWS\system32\drivers\WdNisDrv.sys

2014-03-14 07:57:39 ----A---- C:\WINDOWS\system32\drivers\WdBoot.sys

2014-03-14 07:57:37 ----A---- C:\WINDOWS\SYSWOW64\qedit.dll

2014-03-14 07:57:37 ----A---- C:\WINDOWS\system32\win32k.sys

2014-03-14 07:57:37 ----A---- C:\WINDOWS\system32\qedit.dll

2014-03-12 19:54:01 ----D---- C:\Program Files\Common Files\DESIGNER

2014-03-12 19:53:31 ----D---- C:\Program Files\Microsoft.NET

2014-03-12 19:53:31 ----D---- C:\Program Files (x86)\Microsoft SQL Server

2014-03-12 19:52:55 ----D---- C:\WINDOWS\PCHEALTH

2014-03-12 19:52:55 ----D---- C:\Program Files\Microsoft SQL Server

2014-03-12 19:49:52 ----D---- C:\Program Files\Microsoft Analysis Services

2014-03-12 19:49:52 ----D---- C:\Program Files (x86)\Microsoft Analysis Services

2014-03-12 19:49:47 ----D---- C:\Program Files (x86)\Microsoft Office

2014-03-12 19:49:44 ----D---- C:\Program Files\Microsoft Office

2014-03-12 19:49:43 ----D---- C:\ProgramData\Microsoft Help

2014-03-12 19:49:36 ----RHD---- C:\MSOCache

2014-03-12 19:40:00 ----D---- C:\Users\Ann\AppData\Roaming\e-academy Inc

2014-03-12 14:27:49 ----D---- C:\Program Files\office.tmp

2014-02-27 20:12:11 ----D---- C:\ProgramData\Citrix

2014-02-27 20:11:38 ----D---- C:\Program Files (x86)\Citrix

2014-02-24 14:04:11 ----D---- C:\ProgramData\FitbitConnect

2014-02-24 14:04:11 ----D---- C:\Program Files (x86)\Fitbit Connect

2014-02-23 19:19:34 ----D---- C:\Program Files (x86)\Scrivener

2014-02-23 19:15:13 ----D---- C:\Program Files (x86)\Scapple

2014-02-23 18:26:25 ----D---- C:\Program Files (x86)\Clover

2014-02-23 17:33:35 ----D---- C:\Users\Ann\AppData\Roaming\PDF Writer

2014-02-23 17:33:35 ----D---- C:\ProgramData\PDF Writer

2014-02-23 17:33:35 ----A---- C:\WINDOWS\SYSWOW64\bzpdfc.dll

2014-02-23 17:33:35 ----A---- C:\WINDOWS\SYSWOW64\bzFlRdr.dll

2014-02-23 17:33:35 ----A---- C:\WINDOWS\SYSWOW64\bzDCT.dll

2014-02-23 17:33:33 ----D---- C:\Program Files\Common Files\Bullzip

2014-02-23 17:33:29 ----D---- C:\Program Files\Bullzip

2014-02-19 22:19:13 ----D---- C:\Users\Ann\AppData\Roaming\DropboxMaster

======List of files/folders modified in the last 1 month======

- - - Updated - - -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"EnableUIADesktopToggle"=0

"EnableCursorSuppression"=1

"ConsentPromptBehaviorUser"=3

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"ForceActiveDesktopOn"=0

"NoActiveDesktopChanges"=1

"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.yuy2"=msyuv.dll

"vidc.i420"=iyuv_32.dll

"msacm.msgsm610"=msgsm32.acm

"msacm.msg711"=msg711.acm

"vidc.yvyu"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"wavemapper"=msacm32.drv

"midimapper"=midimap.dll

"vidc.uyvy"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"vidc.msvc"=msvidc32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-03-17 11:49:45 ----D---- C:\rsit

2014-03-17 11:49:45 ----D---- C:\Program Files\trend micro

2014-03-17 10:59:49 ----D---- C:\Program Files\CCleaner

2014-03-17 08:46:00 ----D---- C:\ProgramData\TEMP

2014-03-17 08:40:28 ----D---- C:\Program Files (x86)\View-Password-soft

2014-03-14 08:38:52 ----SHD---- C:\Config.Msi

2014-03-14 07:58:21 ----A---- C:\WINDOWS\system32\winload.exe

2014-03-14 07:58:19 ----A---- C:\WINDOWS\system32\mshtml.dll

2014-03-14 07:58:17 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll

2014-03-14 07:58:12 ----A---- C:\WINDOWS\system32\ieframe.dll

2014-03-14 07:58:09 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll

2014-03-14 07:58:08 ----A---- C:\WINDOWS\system32\iertutil.dll

2014-03-14 07:58:07 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\wininet.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\urlmon.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\jscript9.dll

2014-03-14 07:58:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\system32\msfeeds.dll

2014-03-14 07:58:05 ----A---- C:\WINDOWS\system32\ieapfltr.dll

2014-03-14 07:58:01 ----A---- C:\WINDOWS\system32\sppsvc.exe

2014-03-14 07:57:59 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll

2014-03-14 07:57:59 ----A---- C:\WINDOWS\system32\mstscax.dll

2014-03-14 07:57:58 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll

2014-03-14 07:57:58 ----A---- C:\WINDOWS\system32\mfcore.dll

2014-03-14 07:57:57 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys

2014-03-14 07:57:57 ----A---- C:\WINDOWS\system32\combase.dll

2014-03-14 07:57:51 ----A---- C:\WINDOWS\SYSWOW64\combase.dll

2014-03-14 07:57:51 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2014-03-14 07:57:50 ----A---- C:\WINDOWS\SYSWOW64\kernel32.dll

2014-03-14 07:57:50 ----A---- C:\WINDOWS\system32\kernel32.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\SYSWOW64\Faultrep.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\system32\Faultrep.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\system32\dbghelp.dll

2014-03-14 07:57:49 ----A---- C:\WINDOWS\system32\dbgeng.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\SYSWOW64\WerFault.exe

2014-03-14 07:57:48 ----A---- C:\WINDOWS\SYSWOW64\rdpencom.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\WerFault.exe

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\swprv.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\rdpencom.dll

2014-03-14 07:57:48 ----A---- C:\WINDOWS\system32\mfps.dll

2014-03-14 07:57:47 ----A---- C:\WINDOWS\SYSWOW64\dbghelp.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\SYSWOW64\tsgqec.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\SYSWOW64\rdvidcrl.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\SYSWOW64\DWWIN.EXE

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\tsgqec.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\sppcomapi.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\rdvidcrl.dll

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\DWWIN.EXE

2014-03-14 07:57:46 ----A---- C:\WINDOWS\system32\drivers\volsnap.sys

2014-03-14 07:57:40 ----A---- C:\WINDOWS\system32\drivers\WdFilter.sys

2014-03-14 07:57:39 ----A---- C:\WINDOWS\system32\drivers\WdNisDrv.sys

2014-03-14 07:57:39 ----A---- C:\WINDOWS\system32\drivers\WdBoot.sys

2014-03-14 07:57:37 ----A---- C:\WINDOWS\SYSWOW64\qedit.dll

2014-03-14 07:57:37 ----A---- C:\WINDOWS\system32\win32k.sys

2014-03-14 07:57:37 ----A---- C:\WINDOWS\system32\qedit.dll

2014-03-12 19:54:01 ----D---- C:\Program Files\Common Files\DESIGNER

2014-03-12 19:53:31 ----D---- C:\Program Files\Microsoft.NET

2014-03-12 19:53:31 ----D---- C:\Program Files (x86)\Microsoft SQL Server

2014-03-12 19:52:55 ----D---- C:\WINDOWS\PCHEALTH

2014-03-12 19:52:55 ----D---- C:\Program Files\Microsoft SQL Server

2014-03-12 19:49:52 ----D---- C:\Program Files\Microsoft Analysis Services

2014-03-12 19:49:52 ----D---- C:\Program Files (x86)\Microsoft Analysis Services

2014-03-12 19:49:47 ----D---- C:\Program Files (x86)\Microsoft Office

2014-03-12 19:49:44 ----D---- C:\Program Files\Microsoft Office

2014-03-12 19:49:43 ----D---- C:\ProgramData\Microsoft Help

2014-03-12 19:49:36 ----RHD---- C:\MSOCache

2014-03-12 19:40:00 ----D---- C:\Users\Ann\AppData\Roaming\e-academy Inc

2014-03-12 14:27:49 ----D---- C:\Program Files\office.tmp

2014-02-27 20:12:11 ----D---- C:\ProgramData\Citrix

2014-02-27 20:11:38 ----D---- C:\Program Files (x86)\Citrix

2014-02-24 14:04:11 ----D---- C:\ProgramData\FitbitConnect

2014-02-24 14:04:11 ----D---- C:\Program Files (x86)\Fitbit Connect

2014-02-23 19:19:34 ----D---- C:\Program Files (x86)\Scrivener

2014-02-23 19:15:13 ----D---- C:\Program Files (x86)\Scapple

2014-02-23 18:26:25 ----D---- C:\Program Files (x86)\Clover

2014-02-23 17:33:35 ----D---- C:\Users\Ann\AppData\Roaming\PDF Writer

2014-02-23 17:33:35 ----D---- C:\ProgramData\PDF Writer

2014-02-23 17:33:35 ----A---- C:\WINDOWS\SYSWOW64\bzpdfc.dll

2014-02-23 17:33:35 ----A---- C:\WINDOWS\SYSWOW64\bzFlRdr.dll

2014-02-23 17:33:35 ----A---- C:\WINDOWS\SYSWOW64\bzDCT.dll

2014-02-23 17:33:33 ----D---- C:\Program Files\Common Files\Bullzip

2014-02-23 17:33:29 ----D---- C:\Program Files\Bullzip

2014-02-19 22:19:13 ----D---- C:\Users\Ann\AppData\Roaming\DropboxMaster

======List of files/folders modified in the last 1 month======

- - - Updated - - -

2014-03-17 11:49:45 ----RD---- C:\Program Files

2014-03-17 11:49:30 ----D---- C:\WINDOWS\Prefetch

2014-03-17 11:49:18 ----D---- C:\WINDOWS\Temp

2014-03-17 11:46:55 ----RD---- C:\WINDOWS\System32

2014-03-17 11:46:55 ----D---- C:\WINDOWS\Inf

2014-03-17 11:46:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2014-03-17 11:45:01 ----SHD---- C:\System Volume Information

2014-03-17 11:43:47 ----D---- C:\Users\Ann\AppData\Roaming\Dropbox

2014-03-17 11:41:03 ----D---- C:\Windows

2014-03-17 11:41:01 ----D---- C:\ProgramData\NVIDIA

2014-03-17 11:38:41 ----SHD---- C:\WINDOWS\Installer

2014-03-17 11:02:20 ----DC---- C:\WINDOWS\Panther

2014-03-17 11:02:20 ----D---- C:\WINDOWS\SoftwareDistribution

2014-03-17 11:02:20 ----D---- C:\WINDOWS\Logs

2014-03-17 11:02:20 ----D---- C:\WINDOWS\debug

2014-03-17 11:00:02 ----D---- C:\WINDOWS\system32\sru

2014-03-17 10:59:52 ----D---- C:\WINDOWS\system32\Tasks

2014-03-17 10:56:14 ----RD---- C:\Program Files (x86)

2014-03-17 10:19:41 ----D---- C:\WINDOWS\system32\FxsTmp

2014-03-17 10:13:21 ----D---- C:\WINDOWS\AppReadiness

2014-03-17 08:46:00 ----HD---- C:\ProgramData

2014-03-17 08:40:31 ----D---- C:\WINDOWS\Tasks

2014-03-17 08:39:38 ----RSD---- C:\WINDOWS\assembly

2014-03-17 05:45:01 ----D---- C:\WINDOWS\Microsoft.NET

2014-03-16 12:05:03 ----D---- C:\WINDOWS\rescache

2014-03-16 10:54:05 ----D---- C:\WINDOWS\system32\config

2014-03-16 10:42:21 ----D---- C:\WINDOWS\WinSxS

2014-03-16 10:42:19 ----D---- C:\WINDOWS\SysWOW64

2014-03-16 10:38:41 ----D---- C:\WINDOWS\system32\drivers

2014-03-16 10:38:40 ----D---- C:\Program Files\Windows Defender

2014-03-16 10:38:40 ----D---- C:\Program Files (x86)\Windows Defender

2014-03-16 10:38:35 ----D---- C:\WINDOWS\system32\Boot

2014-03-16 10:38:35 ----D---- C:\Program Files\Internet Explorer

2014-03-16 10:38:35 ----D---- C:\Program Files (x86)\Internet Explorer

2014-03-16 10:38:34 ----D---- C:\WINDOWS\system32\DriverStore

2014-03-15 15:45:23 ----D---- C:\WINDOWS\CbsTemp

2014-03-14 20:25:57 ----HD---- C:\Program Files\WindowsApps

2014-03-14 08:47:54 ----A---- C:\WINDOWS\win.ini

2014-03-12 19:54:14 ----D---- C:\WINDOWS\ShellNew

2014-03-12 19:54:11 ----D---- C:\Program Files\Common Files\microsoft shared

2014-03-12 19:54:01 ----D---- C:\Program Files\Common Files

2014-03-12 19:53:31 ----D---- C:\Program Files (x86)\Microsoft.NET

2014-03-12 19:53:14 ----D---- C:\ProgramData\regid.1991-06.com.microsoft

2014-03-12 19:50:21 ----D---- C:\Program Files\Common Files\System

2014-03-08 13:55:08 ----RD---- C:\Users

2014-03-06 16:36:01 ----D---- C:\Users\Ann\AppData\Roaming\foobar2000

2014-03-06 07:48:31 ----D---- C:\WINDOWS\system32\LogFiles

2014-03-04 23:53:04 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

2014-03-02 08:37:59 ----SD---- C:\Users\Ann\AppData\Roaming\Microsoft

2014-02-27 20:11:40 ----D---- C:\Program Files (x86)\Mozilla Firefox

2014-02-25 17:45:55 ----D---- C:\Program Files\CrashPlan

2014-02-23 19:00:41 ----D---- C:\Program Files (x86)\Epson Software

2014-02-23 17:21:42 ----D---- C:\ProgramData\EPSON

2014-02-19 19:49:33 ----SHD---- C:\$Recycle.Bin

2014-02-19 10:33:34 ----D---- C:\Program Files (x86)\Google

- - - Updated - - -

2014-03-17 11:49:45 ----RD---- C:\Program Files

2014-03-17 11:49:30 ----D---- C:\WINDOWS\Prefetch

2014-03-17 11:49:18 ----D---- C:\WINDOWS\Temp

2014-03-17 11:46:55 ----RD---- C:\WINDOWS\System32

2014-03-17 11:46:55 ----D---- C:\WINDOWS\Inf

2014-03-17 11:46:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2014-03-17 11:45:01 ----SHD---- C:\System Volume Information

2014-03-17 11:43:47 ----D---- C:\Users\Ann\AppData\Roaming\Dropbox

2014-03-17 11:41:03 ----D---- C:\Windows

2014-03-17 11:41:01 ----D---- C:\ProgramData\NVIDIA

2014-03-17 11:38:41 ----SHD---- C:\WINDOWS\Installer

2014-03-17 11:02:20 ----DC---- C:\WINDOWS\Panther

2014-03-17 11:02:20 ----D---- C:\WINDOWS\SoftwareDistribution

2014-03-17 11:02:20 ----D---- C:\WINDOWS\Logs

2014-03-17 11:02:20 ----D---- C:\WINDOWS\debug

2014-03-17 11:00:02 ----D---- C:\WINDOWS\system32\sru

2014-03-17 10:59:52 ----D---- C:\WINDOWS\system32\Tasks

2014-03-17 10:56:14 ----RD---- C:\Program Files (x86)

2014-03-17 10:19:41 ----D---- C:\WINDOWS\system32\FxsTmp

2014-03-17 10:13:21 ----D---- C:\WINDOWS\AppReadiness

2014-03-17 08:46:00 ----HD---- C:\ProgramData

2014-03-17 08:40:31 ----D---- C:\WINDOWS\Tasks

2014-03-17 08:39:38 ----RSD---- C:\WINDOWS\assembly

2014-03-17 05:45:01 ----D---- C:\WINDOWS\Microsoft.NET

2014-03-16 12:05:03 ----D---- C:\WINDOWS\rescache

2014-03-16 10:54:05 ----D---- C:\WINDOWS\system32\config

2014-03-16 10:42:21 ----D---- C:\WINDOWS\WinSxS

2014-03-16 10:42:19 ----D---- C:\WINDOWS\SysWOW64

2014-03-16 10:38:41 ----D---- C:\WINDOWS\system32\drivers

2014-03-16 10:38:40 ----D---- C:\Program Files\Windows Defender

2014-03-16 10:38:40 ----D---- C:\Program Files (x86)\Windows Defender

2014-03-16 10:38:35 ----D---- C:\WINDOWS\system32\Boot

2014-03-16 10:38:35 ----D---- C:\Program Files\Internet Explorer

2014-03-16 10:38:35 ----D---- C:\Program Files (x86)\Internet Explorer

2014-03-16 10:38:34 ----D---- C:\WINDOWS\system32\DriverStore

2014-03-15 15:45:23 ----D---- C:\WINDOWS\CbsTemp

2014-03-14 20:25:57 ----HD---- C:\Program Files\WindowsApps

2014-03-14 08:47:54 ----A---- C:\WINDOWS\win.ini

2014-03-12 19:54:14 ----D---- C:\WINDOWS\ShellNew

2014-03-12 19:54:11 ----D---- C:\Program Files\Common Files\microsoft shared

2014-03-12 19:54:01 ----D---- C:\Program Files\Common Files

2014-03-12 19:53:31 ----D---- C:\Program Files (x86)\Microsoft.NET

2014-03-12 19:53:14 ----D---- C:\ProgramData\regid.1991-06.com.microsoft

2014-03-12 19:50:21 ----D---- C:\Program Files\Common Files\System

2014-03-08 13:55:08 ----RD---- C:\Users

2014-03-06 16:36:01 ----D---- C:\Users\Ann\AppData\Roaming\foobar2000

2014-03-06 07:48:31 ----D---- C:\WINDOWS\system32\LogFiles

2014-03-04 23:53:04 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

2014-03-02 08:37:59 ----SD---- C:\Users\Ann\AppData\Roaming\Microsoft

2014-02-27 20:11:40 ----D---- C:\Program Files (x86)\Mozilla Firefox

2014-02-25 17:45:55 ----D---- C:\Program Files\CrashPlan

2014-02-23 19:00:41 ----D---- C:\Program Files (x86)\Epson Software

2014-02-23 17:21:42 ----D---- C:\ProgramData\EPSON

2014-02-19 19:49:33 ----SHD---- C:\$Recycle.Bin

2014-02-19 10:33:34 ----D---- C:\Program Files (x86)\Google

- - - Updated - - -

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver; C:\WINDOWS\System32\drivers\ACPI.sys [2013-11-14 523096]

R0 acpiex;Microsoft ACPIEx Driver; C:\WINDOWS\System32\Drivers\acpiex.sys [2013-08-22 79712]

R0 CLFS;@%SystemRoot%\system32\drivers\clfs.sys,-100; C:\WINDOWS\System32\drivers\CLFS.sys [2013-08-22 377696]

R0 CNG;CNG; C:\WINDOWS\System32\Drivers\cng.sys [2013-08-22 564520]

R0 disk;@disk.inf,%disk_ServiceDesc%;Disk Driver; C:\WINDOWS\System32\drivers\disk.sys [2013-08-22 100192]

R0 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\WINDOWS\System32\drivers\fileinfo.sys [2013-08-22 79200]

R0 FltMgr;@%SystemRoot%\system32\drivers\fltmgr.sys,-10001; C:\WINDOWS\system32\drivers\fltmgr.sys [2013-08-22 358752]

R0 fvevol;@%SystemRoot%\system32\drivers\fvevol.sys,-100; C:\WINDOWS\System32\DRIVERS\fvevol.sys [2013-11-14 579416]

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-07-09 645952]

R0 intelpep;@intelpep.inf,%INTELPEP.SVCDESC%;Intel® Power Engine Plug-in Driver; C:\WINDOWS\System32\drivers\intelpep.sys [2014-02-14 39768]

R0 KSecDD;KSecDD; C:\WINDOWS\System32\Drivers\ksecdd.sys [2013-11-14 101208]

R0 KSecPkg;KSecPkg; C:\WINDOWS\System32\Drivers\ksecpkg.sys [2013-08-22 192864]

R0 mountmgr;@%SystemRoot%\system32\drivers\mountmgr.sys,-100; C:\WINDOWS\System32\drivers\mountmgr.sys [2013-08-22 101728]

R0 msisadrv;msisadrv; C:\WINDOWS\System32\drivers\msisadrv.sys [2013-08-22 17248]

R0 Mup;@%systemroot%\system32\drivers\mup.sys,-101; C:\WINDOWS\System32\Drivers\mup.sys [2013-08-22 78688]

R0 NDIS;@%SystemRoot%\system32\drivers\ndis.sys,-200; C:\WINDOWS\system32\drivers\ndis.sys [2014-02-14 1119064]

R0 partmgr;@%SystemRoot%\system32\drivers\partmgr.sys,-100; C:\WINDOWS\System32\drivers\partmgr.sys [2013-08-22 88928]

R0 pci;@machine.inf,%pci_svcdesc%;PCI Bus-stuurprogramma; C:\WINDOWS\System32\drivers\pci.sys [2013-08-22 285536]

R0 pcw;Performance Counters for Windows Driver; C:\WINDOWS\System32\drivers\pcw.sys [2013-08-22 50016]

R0 pdc;@%SystemRoot%\system32\drivers\pdc.sys,-100; C:\WINDOWS\system32\drivers\pdc.sys [2014-02-14 86872]

R0 rdyboost;ReadyBoost; C:\WINDOWS\System32\drivers\rdyboost.sys [2013-11-14 258904]

R0 spaceport;@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver; C:\WINDOWS\System32\drivers\spaceport.sys [2014-02-14 372568]

R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NISx64\1501000.012\SYMDS64.SYS [2013-09-10 493656]

R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS [2013-09-27 1147480]

R0 Tcpip;@%SystemRoot%\system32\tcpipcfg.dll,-50003; C:\WINDOWS\System32\drivers\tcpip.sys [2014-01-29 2543960]

R0 vdrvroot;@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator; C:\WINDOWS\System32\drivers\vdrvroot.sys [2013-08-22 37728]

R0 volmgr;@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver; C:\WINDOWS\System32\drivers\volmgr.sys [2013-08-22 73568]

R0 volmgrx;@%SystemRoot%\system32\drivers\volmgrx.sys,-100; C:\WINDOWS\System32\drivers\volmgrx.sys [2013-08-22 377696]

R0 volsnap;@volume.inf,%VolumeClassName%;Storage volumes; C:\WINDOWS\System32\drivers\volsnap.sys [2014-01-31 311640]

R0 Wdf01000;@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000; C:\WINDOWS\system32\drivers\Wdf01000.sys [2013-08-22 839488]

R0 WdFilter;@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330; C:\WINDOWS\system32\drivers\WdFilter.sys [2013-10-31 236888]

R0 WFPLWFS;@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000; C:\WINDOWS\system32\DRIVERS\wfplwfs.sys [2013-11-14 136536]

R1 AFD;@%systemroot%\system32\drivers\afd.sys,-1000; C:\WINDOWS\system32\drivers\afd.sys [2013-08-22 567296]

R1 ahcache;@%systemroot%\system32\drivers\ahcache.sys,-102; C:\WINDOWS\system32\DRIVERS\ahcache.sys [2013-08-22 76800]

R1 BasicDisplay;BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [2013-08-22 50688]

R1 BasicRender;BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [2013-08-22 33792]

R1 Beep;Beep; C:\WINDOWS\system32\drivers\Beep.sys [2013-08-22 7680]

R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2014-01-21 1526488]

R1 ccSet_NIS;NIS Settings Manager; C:\WINDOWS\system32\drivers\NISx64\1501000.012\ccSetx64.sys [2013-09-26 162392]

R1 cdrom;@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver; C:\WINDOWS\System32\drivers\cdrom.sys [2013-08-22 164352]

R1 ctxusbm;Citrix USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\ctxusbm.sys [2012-03-19 89536]

R1 Dfsc;@%systemroot%\system32\wkssvc.dll,-1008; C:\WINDOWS\System32\Drivers\dfsc.sys [2013-08-22 134656]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2014-02-12 484952]

R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140314.001\IDSvia64.sys [2014-03-06 524504]

R1 Msfs;Msfs; C:\WINDOWS\system32\drivers\Msfs.sys [2013-08-22 30208]

R1 mssmbios;@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver; C:\WINDOWS\System32\drivers\mssmbios.sys [2013-08-22 37728]

R1 NetBIOS;@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface; C:\WINDOWS\system32\DRIVERS\netbios.sys [2013-08-22 48128]

R1 NetBT;@%SystemRoot%\system32\drivers\netbt.sys,-2; C:\WINDOWS\System32\DRIVERS\netbt.sys [2013-08-22 282624]

R1 Npfs;Npfs; C:\WINDOWS\system32\drivers\Npfs.sys [2013-08-22 58880]

R1 npsvctrig;@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider; C:\WINDOWS\System32\drivers\npsvctrig.sys [2013-08-22 23040]

R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\WINDOWS\system32\drivers\nsiproxy.sys [2013-08-22 39936]

R1 Null;Null; C:\WINDOWS\system32\drivers\Null.sys [2013-08-22 5632]

R1 Psched;@%SystemRoot%\System32\drivers\pacer.sys,-101; C:\WINDOWS\system32\DRIVERS\pacer.sys [2013-08-22 151552]

R1 rdbss;@%systemroot%\system32\wkssvc.dll,-1000; C:\WINDOWS\system32\DRIVERS\rdbss.sys [2013-08-22 408576]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\WINDOWS\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [2013-09-10 36952]

R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NISx64\1501000.012\Ironx64.SYS [2013-09-27 264280]

R1 SymNetS;Symantec Network Security WFP Driver; C:\WINDOWS\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [2013-09-26 590936]

R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\WINDOWS\system32\DRIVERS\tdx.sys [2013-08-22 107520]

R2 lltdio;@%SystemRoot%\system32\lltdres.dll,-6; C:\WINDOWS\system32\DRIVERS\lltdio.sys [2013-08-22 59392]

R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\WINDOWS\system32\drivers\luafv.sys [2013-08-22 123904]

R2 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys [2013-08-22 283648]

R2 Ndu;@%SystemRoot%\system32\drivers\Ndu.sys,-10001; C:\WINDOWS\system32\drivers\Ndu.sys [2013-08-22 103424]

R2 PEAUTH;PEAUTH; C:\WINDOWS\system32\drivers\peauth.sys [2013-08-22 663040]

R2 rspndr;@%SystemRoot%\system32\lltdres.dll,-5; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2013-08-22 80384]

R2 secdrv;Security Driver; C:\WINDOWS\system32\drivers\secdrv.sys [2013-08-22 23040]

R2 srv;@%systemroot%\system32\srvsvc.dll,-102; C:\WINDOWS\System32\DRIVERS\srv.sys [2013-11-14 454656]

R2 tcpipreg;TCP/IP Registry Compatibility; C:\WINDOWS\System32\drivers\tcpipreg.sys [2013-08-22 48640]

R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\WINDOWS\system32\DRIVERS\bowser.sys [2013-08-22 102912]

R3 CompositeBus;@CompositeBus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver; C:\WINDOWS\System32\drivers\CompositeBus.sys [2013-08-22 36352]

R3 condrv;Console Driver; C:\WINDOWS\System32\drivers\condrv.sys [2013-08-22 43008]

R3 DXGKrnl;LDDM Graphics Subsystem; C:\WINDOWS\System32\drivers\dxgkrnl.sys [2014-02-14 1530200]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-02-12 137648]

R3 fastfat;FAT12/16/32 File System Driver; C:\WINDOWS\system32\drivers\fastfat.sys [2013-08-22 217952]

R3 HdAudAddService;@hdaudio.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\WINDOWS\system32\drivers\HdAudio.sys [2013-08-22 395776]

R3 HDAudBus;@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\drivers\HDAudBus.sys [2013-08-22 78336]

R3 HidUsb;@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver; C:\WINDOWS\System32\drivers\hidusb.sys [2013-08-22 33792]

R3 HTTP;@%SystemRoot%\system32\drivers\http.sys,-1; C:\WINDOWS\system32\drivers\HTTP.sys [2013-08-22 994144]

R3 intelppm;@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver; C:\WINDOWS\System32\drivers\intelppm.sys [2013-08-22 98816]

R3 kbdclass;@keyboard.inf,%kbdclass.SvcDesc%;Stuurprogramma voor verschillende toetsenbordtypen; C:\WINDOWS\System32\drivers\kbdclass.sys [2013-08-22 58208]

R3 kbdhid;@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver; C:\WINDOWS\System32\drivers\kbdhid.sys [2013-08-22 32256]

R3 kdnic;@kdnic.inf,%KdNic.Service.DispName%;Microsoft-netwerkminipoort voor kernelfoutopsporing (NDIS 6.20); C:\WINDOWS\system32\DRIVERS\kdnic.sys [2013-08-22 19456]

R3 ksthunk;Kernel Streaming Thunks; C:\WINDOWS\system32\drivers\ksthunk.sys [2013-08-22 21248]

R3 monitor;@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service; C:\WINDOWS\System32\drivers\monitor.sys [2013-08-22 30208]

R3 mouclass;@msmouse.inf,%mouclass.SvcDesc%;Stuurprogramma voor muistypen; C:\WINDOWS\System32\drivers\mouclass.sys [2013-08-22 51040]

R3 mouhid;@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver; C:\WINDOWS\System32\drivers\mouhid.sys [2013-08-22 30208]

R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\WINDOWS\System32\drivers\mpsdrv.sys [2013-08-22 74240]

R3 mrxsmb;@%systemroot%\system32\wkssvc.dll,-1002; C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [2014-02-14 403456]

R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys [2013-11-14 207360]

R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140316.022\ENG64.SYS [2014-02-12 126040]

R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140316.022\EX64.SYS [2014-02-12 2099288]

R3 NdisVirtualBus;@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-08-22 16384]

R3 Ntfs;Ntfs; C:\WINDOWS\system32\drivers\Ntfs.sys [2013-08-22 2011488]

R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2013-10-28 12572960]

R3 rdpbus;@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver; C:\WINDOWS\System32\drivers\rdpbus.sys [2013-08-22 22528]

R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT-stuurprogramma; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]

R3 SRTSP;Symantec Real Time Storage Protection x64; C:\WINDOWS\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [2013-09-27 858200]

R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\WINDOWS\System32\DRIVERS\srv2.sys [2013-11-14 675328]

R3 srvnet;srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [2013-11-14 244224]

R3 swenum;@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver; C:\WINDOWS\System32\drivers\swenum.sys [2013-08-22 14176]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2014-02-12 177752]

R3 tunnel;@nettun.inf,%TUNNEL.Service.DisplayName%;Stuurprogramma voor Microsoft IPv6 Tunnel-minipoortadapter; C:\WINDOWS\system32\DRIVERS\tunnel.sys [2013-08-22 154112]

R3 UCX01000;USB Controller Extension; C:\WINDOWS\System32\drivers\ucx01000.sys [2013-08-22 189792]

R3 umbus;@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver; C:\WINDOWS\System32\drivers\umbus.sys [2013-08-22 46080]

R3 UmPass;@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass-stuurprogramma; C:\WINDOWS\System32\drivers\umpass.sys [2013-08-22 11776]

R3 usbccgp;@usb.inf,%GenericParent.SvcDesc%;Microsoft algemeen hoofd-USB-stuurprogramma; C:\WINDOWS\System32\drivers\usbccgp.sys [2013-11-14 155480]

R3 usbehci;@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\drivers\usbehci.sys [2013-08-22 89952]

R3 usbhub;@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\drivers\usbhub.sys [2013-08-22 422240]

R3 USBHUB3;@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub; C:\WINDOWS\System32\drivers\UsbHub3.sys [2013-11-14 467800]

R3 USBSTOR;@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver; C:\WINDOWS\System32\drivers\USBSTOR.SYS [2014-02-14 142680]

R3 USBXHCI;@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller; C:\WINDOWS\System32\drivers\USBXHCI.SYS [2014-02-14 325464]

R3 WpdUpFltr;@%systemroot%\System32\drivers\WpdUpFltr.sys,-100; C:\WINDOWS\System32\drivers\WpdUpFltr.sys [2013-08-22 26976]

R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\WINDOWS\system32\drivers\WudfPf.sys [2013-08-22 117760]

R3 WUDFRd;@hidbthle.inf,%WudfRdDisplayName%;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\System32\drivers\WUDFRd.sys [2013-08-22 230912]

R3 WUDFWpdFs;WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2013-08-22 230912]

S0 3ware;3ware; C:\WINDOWS\System32\drivers\3ware.sys [2013-08-22 108896]

S0 ADP80XX;ADP80XX; C:\WINDOWS\System32\drivers\ADP80XX.SYS [2013-08-22 782176]

S0 agp440;@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter; C:\WINDOWS\System32\drivers\agp440.sys [2013-08-22 62304]

S0 amdsata;amdsata; C:\WINDOWS\System32\drivers\amdsata.sys [2013-08-22 79200]

S0 amdsbs;amdsbs; C:\WINDOWS\System32\drivers\amdsbs.sys [2013-08-22 259424]

S0 amdxata;amdxata; C:\WINDOWS\System32\drivers\amdxata.sys [2013-08-22 25952]

S0 arcsas;@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver; C:\WINDOWS\System32\drivers\arcsas.sys [2013-08-22 114016]

Manlief wilde vanmorgen snelsnel even een nieuw programma installeren, en lette niet goed op waar hij het vandaan haalde. Er kwam allerlei rommel mee, en het programma dat geïnstalleerd moest worden is er nog steeds niet.

Ondergetekende mocht dus proberen het op te lossen, maar deed dat waarschijnlijk niet op een slimme manier.

Ik heb de programma's in kwestie 'gewoon' gedesinstalleerd (lollipop en nog iets anders), en vervolgens ccleaner de registry laten schoonmaken, maar dat was niet de goede, of in elk geval niet de volledige oplossing.

Hieronder het logje van RSIT:

Alvast bedankt voor de hulp...

Logfile of random's system information tool 1.09 (written by random/random)

Run by Ann at 2014-03-17 11:49:45

Microsoft Windows 8.1

System drive C: has 1191 GB (65%) free of 1844 GB

Total RAM: 8136 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:50:02, on 17-3-2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.16518)

Boot mode: Normal

- - - Updated - - -

Ik probeer de log in stukjes te posten, want ik krijg volgende foutmelding als ik ze in één keer verstuur:

Fatal error: Maximum execution time of 30 seconds exceeded in /home/pchelpfor/domains/pc-helpforum.be/public_html/includes/functions.php on line 2351

Running processes:

C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe

C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe

C:\Program Files\CrashPlan\CrashPlanTray.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\Ann.exe

- - - Updated - - -

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13828

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - Startup: 2YourFace_Updater.lnk = C:\Users\Ann\AppData\Roaming\2YourFace\Updater.exe

O4 - Startup: Dropbox.lnk = Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: original1.desktop.ini

O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe

O4 - Global Startup: Online plug-in.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O20 - AppInit_DLLs:

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: CrashPlan Backup Service (CrashPlanService) - CrashPlan - C:\Program Files\CrashPlan\CrashPlanService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: View Password (ViewPassword) - Unknown owner - C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13270 bytes

- - - Updated - - -

======Listing Processes======

wininit.exe

winlogon.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

"dwm.exe"

"C:\WINDOWS\system32\nvvsvc.exe"

"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"

C:\WINDOWS\system32\nvvsvc.exe -session -first

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

"C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe"

"C:\Program Files (x86)\Stardock\Start8\Start8_64.exe" START

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe"

C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe /HTC:356

"C:\Program Files\CrashPlan\CrashPlanService.exe"

dashost.exe {ca4c8111-93ba-41ae-b19f589c5880835b}

"C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe"

"C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll" /prefetch:1

taskhostex.exe

taskeng.exe {BB806A5A-6FCC-48AF-A369-5AB3F4F53D47}

C:\WINDOWS\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe"

"C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe"

"C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe"

"C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe" /c /a /s UserSession2

"C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe"

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\EscSvc64.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-8962d090-b2b7-458d-95c3-1aded5cb8da5 -SystemEventPortName:HostProcess-c79dfc65-738c-4803-9a07-1fecfa754dac -IoCancelEventPortName:HostProcess-14444212-c55b-47f9-97e0-b59075ddf025 -NonStateChangingEventPortName:HostProcess-43d35fd2-0d6a-4953-a111-58efc156ebfc -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2bcb2c74-1820-48f6-9080-99000848e8ce -DeviceGroupId:WpdFsGroup

"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

C:\WINDOWS\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group9 pct:10i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-pinch --extension-process --renderer-print-preview --disable-pepper-3d --disable-accelerated-compositing --disable-accelerated-video-decode --disable-webrtc-hw-encoding --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="3480.1.752428235\462129094" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group9 pct:10i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-pinch --extension-process --renderer-print-preview --disable-pepper-3d --disable-accelerated-compositing --disable-accelerated-video-decode --disable-webrtc-hw-encoding --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="3480.2.338531788\1749314081" /prefetch:673131151

- - - Updated - - -

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group9 pct:10i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-pinch --extension-process --renderer-print-preview --disable-pepper-3d --disable-accelerated-compositing --disable-accelerated-video-decode --disable-webrtc-hw-encoding --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="3480.3.362325315\1605579064" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group9 pct:10i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-pinch --extension-process --renderer-print-preview --disable-pepper-3d --disable-accelerated-compositing --disable-accelerated-video-decode --disable-webrtc-hw-encoding --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="3480.4.1359220\884784959" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group9 pct:10i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-pinch --extension-process --renderer-print-preview --disable-pepper-3d --disable-accelerated-compositing --disable-accelerated-video-decode --disable-webrtc-hw-encoding --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="3480.6.758366730\1540402258" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group9 pct:10i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-pinch --extension-process --renderer-print-preview --disable-pepper-3d --disable-accelerated-compositing --disable-accelerated-video-decode --disable-webrtc-hw-encoding --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="3480.7.830485182\1790063303" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3480.9.1525592424\789315528" --ppapi-flash-args --lang=nl --ignored=" --type=renderer " /prefetch:-632637702

"C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun

"C:\Program Files\CrashPlan\CrashPlanTray.exe"

"C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\vssvc.exe

"C:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup

C:\WINDOWS\System32\svchost.exe -k swprv

C:\WINDOWS\system32\wbem\wmiprvse.exe

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group9 pct:10i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-pinch --renderer-print-preview --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="3480.12.1655838775\1880277863" /prefetch:673131151

- - - Updated - - -

C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac

C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group9 pct:10i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-pinch --renderer-print-preview --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="3480.14.1998705144\376853127" /prefetch:673131151

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group9 pct:10i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-pinch --renderer-print-preview --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="3480.17.1393537921\1658597407" /prefetch:673131151

"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3480.18.400100629\1220865163" --use-gl=swiftshader --supports-dual-gpus=false --swiftshader-path="C:\Users\Ann\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0" --gpu-driver-bug-workarounds=0,1,14,27,33 --gpu-vendor-id=0x10de --gpu-device-id=0x124b --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3165 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group9 pct:10i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-pinch --renderer-print-preview --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="3480.19.300251988\1918663575" /prefetch:673131151

"C:\Users\Ann\Desktop\RSITx64.exe"

- - - Updated - - -

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\View Password Update.job

C:\WINDOWS\tasks\View Password_wd.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\ufkjpzpn.default

prefs.js - "browser.startup.homepage" - "about:home"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1209149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]

"Description"=Microsoft Lync Plug-in for Firefox

"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]

"Description"=NVIDIA stereo images plugin for Mozilla browsers

"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]

"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers

"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf]

"Description"=Handles PDF files in place in the browser

"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf]

"Description"=Handles PDF files in place in the browser

"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll

C:\Program Files (x86)\Mozilla Firefox\components\

IICAClient.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

CCMSDK.dll

cgpcfg.dll

CgpCore.dll

confmgr.dll

ctxlogging.dll

ctxmui.dll

ICAClObj.class

icafile.dll

icalogon.dll

npicaN.dll

npMeetingJoinPluginOC.dll

sslsdk_b.dll

TcpPServ.dll

C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\ufkjpzpn.default\extensions\

en-US@dictionaries.addons.mozilla.org

support@lastpass.com

======Registry dump======

- - - Updated - - -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]

Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-11-15 218784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll [2013-10-06 769360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]

Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2013-11-02 2331336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}]

ExplorerWatcher Class - C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23 201216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}]

E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28 238656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]

Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-11-15 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL [2013-09-29 388504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]

Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2013-11-02 1727176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll [2013-10-06 769360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672]

{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28 238656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Fitbit Connect"=C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [2014-01-10 3362336]

"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-02-20 6161176]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"EEventManager"=C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2012-04-02 1058912]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]

"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2014-02-03 2092032]

"Fitbit Connect"=C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [2014-01-10 3362336]

"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2012-03-28 309184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

CrashPlan Tray.lnk - C:\Program Files\CrashPlan\CrashPlanTray.exe

Online plug-in.lnk - C:\WINDOWS\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

- - - Updated - - -

C:\Users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2YourFace_Updater.lnk - C:\Users\Ann\AppData\Roaming\2YourFace\Updater.exe

Dropbox.lnk - C:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe

original1.desktop.ini

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

- - - Updated - - -

C:\Users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2YourFace_Updater.lnk - C:\Users\Ann\AppData\Roaming\2YourFace\Updater.exe

Dropbox.lnk - C:\Users\Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe

original1.desktop.ini

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

- - - Updated - - -

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

- - - Updated - - -

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]