Zoek.exe v5.0.0.0 Updated 21-March-2015 Tool run by Qtera69 on zo 22/03/2015 at 1:07:48,46. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Qtera69\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 22/03/2015 1:10:00 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\SectionStasis deleted successfully C:\PROGRA~2\TurboSys deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npggsvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Npggsvc deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\SectionStasis not found C:\PROGRA~2\TurboSys not found C:\PROGRA~2\Windows Live SkyDrive deleted C:\PROGRA~2\Hey Girl deleted C:\PROGRA~2\Share on Tumblr deleted C:\zoek_backup deleted C:\ProgramData\{a001d6a9-cf1e-1a12-a001-1d6a9cf15aa7} deleted C:\ProgramData\{73074b2e-c83e-8406-7307-74b2ec832cbb} deleted C:\ProgramData\{de2184d3-d03c-d886-de21-184d3d03134f} deleted C:\ProgramData\9621959003729763529 deleted C:\ProgramData\{4798ffde-1943-c4d9-4798-8ffde194ff78} deleted C:\Windows\AutoKMS deleted C:\Windows\AutoRearm deleted C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 deleted C:\Users\Qtera69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\Setup.lnk deleted C:\PROGRA~2\Photo-Service deleted C:\Users\Qtera69\AppData\Roaming\DRPSu deleted C:\Windows\SysNative\config\systemprofile\Searches deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-03-20 08:28:24 C4B680AA8A352611D0C70E680A87E367 43112 ----a-w- C:\Windows\avastSS.scr 2015-02-27 15:33:28 E185BDA84E5F03F4E1D8DCA30E209277 1912 ----a-w- C:\Windows\epplauncher.mif 2015-02-21 09:03:19 332FEAB1435662FC6C672E25BEB37BE3 2871808 ----a-w- C:\Windows\explorer.exe 2015-02-21 08:57:36 127AA81343A7C6F665C22CB1293B0A90 67072 ----a-w- C:\Windows\splwow64.exe ====== C:\Users\Qtera69\AppData\Local\Temp ==== 2015-03-16 10:49:48 34BBACBAE5FF498B3F92936FD81E3F02 11313152 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-c5bf0e6b.exe 2015-03-09 10:04:10 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-25f08b7f.exe ====== Java Cache ===== 2015-03-22 00:02:22 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Qtera69\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-5469a484 2015-03-22 00:02:14 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Qtera69\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-1c6f1115 2015-03-22 00:02:14 4D1E11E33B4C6FCF8AD9CC72FFA70775 99 ----a-w- C:\Users\Qtera69\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-03-22 00:02:13 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Qtera69\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-6c832f2e 2015-03-22 00:02:15 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Qtera69\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-447ffd71 ====== C:\Windows\SysWOW64 ===== 2015-03-22 00:01:00 7A76F83B4DCA86B5DB17D43A5820CF40 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-03-18 13:43:51 A964E72690F342A877D3208EB25A94B2 81408 ----a-w- C:\Windows\SysWOW64\devcon_x64.exe 2015-03-11 08:26:55 FDF0B4DC83627A859D18EE439B8E5A26 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 08:26:54 B8445B89D0EA5C2575C98EA7BD180C5C 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-03-11 08:26:54 00F39165D6D14302618C20CDD7BB213A 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 08:26:53 6108ED659B5962DE73DACB3B04D86ED3 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 08:26:51 B35C35C55FED3DD7F995C77F63CBC29B 1311232 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-03-11 08:26:51 29EDBC5C381F1406A5262351E69BC87A 342696 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 08:26:50 AD1BA932AC31D2BC8C9105DA59BEA6BE 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 08:26:50 AD13E719AE506AA0E0BB5D49E0D5B44A 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 08:26:50 8FDE1162C9DCF7B180AA702DD9EB6071 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 08:26:49 95CB6079B3E62D4301958023C2070A48 19720192 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-03-11 08:26:47 BD838E2129623E8311720AA86C5DFBBF 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-03-11 08:26:47 A41C85FDB2275FA9AAA821A118807FDB 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 08:26:47 08B30EB9751858C1C369E8775492D732 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 08:26:46 A34897A1A39316BDECCA3E61986F98F2 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 08:26:45 52B4DECDC70B8758380D37EA2CDD4254 2278400 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-03-11 08:26:44 F5F730ED126DCFBEBDB9BB629BD482C4 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 08:26:44 988AB676FBF4484508BA134CAAB711EB 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 08:26:44 756B4F77945C61ADBE68150D7D2EC7A6 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 08:26:43 BA10D970EB39913357B224F4473D535B 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 08:26:42 AC35DA94A14679E8E515A44A8CF90804 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-03-11 08:26:41 E868396BC5F8957A9E39BD9A28EA814D 12827648 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-03-11 08:26:37 02C0770DA3BE9231EFAF7185EE51020C 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 08:26:36 FC5FE9F2D140435FC95CB3EF6724EF0A 4300288 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-03-11 08:26:36 BC9CE46C3F05CCC40F8F1EFC7E4B41C7 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-03-11 08:26:35 EA6EA6912F27F05C61D8D747517EB47E 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-03-11 08:26:34 B0B83B31853E15C619FDB91B64F8349A 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-03-11 08:26:20 965D6A2B30A95A9F7EF13653988D3D9F 299008 ----a-w- C:\Windows\SysWOW64\atmfd.dll 2015-03-11 08:26:19 ABB358777FDF4AF51B2FE26137D2B8D4 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll 2015-03-11 08:26:19 55273844B66D77A2F1A2213C17A9EA4A 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll 2015-03-11 08:26:19 274F0540FD4C88FC845C94CA1569688A 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll 2015-03-11 08:26:19 01D9C9A70323BC7E5835B92442DD7EC2 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll 2015-03-11 08:26:10 003C51B9FE38287BA4E0E58D3AE080BD 744960 ----a-w- C:\Windows\SysWOW64\blackbox.dll 2015-03-11 08:26:08 DCC148408770F2D55B201F8FC26438A1 988160 ----a-w- C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 08:26:04 833FCABCB5D95B1911BA6E62FC82AC04 617984 ----a-w- C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 08:26:03 5B0C6247027FCF5A2E2F150E298D2FFA 3209728 ----a-w- C:\Windows\SysWOW64\mf.dll 2015-03-11 08:26:02 B378B6A865C28CE5C1E23C35760A1199 11411968 ----a-w- C:\Windows\SysWOW64\wmp.dll 2015-03-11 08:26:00 6C2D4DC5D2E271F4AE4016FD4587B0B2 3973048 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 08:25:59 BB73C907D1BD437B6C30F2C23BB089FC 406016 ----a-w- C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 08:25:58 2CFE69A0A8AFDA8DB9A773D728000BB7 3917760 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 08:25:57 74264B7F57A16D25CB581C07964D324A 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2015-03-11 08:25:54 2D4814D567E5A85C473228BA772A7AFB 489984 ----a-w- C:\Windows\SysWOW64\evr.dll 2015-03-11 08:25:52 B7D2BB84C590F0AE9DA51DBB065A780E 1005056 ----a-w- C:\Windows\SysWOW64\cryptui.dll 2015-03-11 08:25:52 96DB6A923DEDB58FC7CBBF5CFF73314D 1329664 ----a-w- C:\Windows\SysWOW64\quartz.dll 2015-03-11 08:25:51 C5667EE72D7364BE81516C0707FEF724 354816 ----a-w- C:\Windows\SysWOW64\mfplat.dll 2015-03-11 08:25:50 B54FD1991E659FD61EF1D34EC27AAECD 81408 ----a-w- C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 08:25:44 98C1191C862B44567FCF3C18BAEE859E 519680 ----a-w- C:\Windows\SysWOW64\qdvd.dll 2015-03-11 08:25:43 D5EC42139D6A6158CF188975C50B6A60 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2015-03-11 08:25:43 3BAA4BAE71460C5CEB40D5E9339A61BC 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 08:25:43 320A8699369C43CF53B2DB4538D17C52 504320 ----a-w- C:\Windows\SysWOW64\msscp.dll 2015-03-11 08:25:41 70E96EBE87A38857619671FCB9C8EC7B 265216 ----a-w- C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 08:25:41 49474B3E37969AF4B5C076F42B623AFF 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 08:25:37 2D21189858856316D55EAD55DF4964C2 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 08:25:36 08FF727297A97907AADED4BA86CF44E9 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 08:25:35 A56F4029FDCF4F817E78953CDA953E28 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 08:25:34 E0AB9CA912398BE1AAD14FF7AD75C397 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll 2015-03-11 08:25:34 AF47EAA4ADDA9AA221FB7647EE22BF53 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll 2015-03-11 08:25:33 A4A2EFB40015B76467F09E6DC388BC26 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-03-11 08:25:33 50B8937A81360D16A5C772302BD32CFE 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 08:25:32 49F4EE8DF752CFA159B99046CD1FDD2B 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 08:25:27 8B07DBA0D77346545C6359AC67DCB980 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll 2015-03-11 08:25:26 D3916F83AC8F2314262387A2E16C6578 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 08:25:26 D3916F83AC8F2314262387A2E16C6578 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 08:25:25 FCD5137A10C8943B34C9BE891C50159F 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 08:25:22 7C1CADCA0E674212412559B0EAD0919A 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 08:25:18 2F3CE58D8C276570EEB69C99CFBAFD58 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll 2015-03-11 08:24:32 B804EAA9E037580F96C22537C2ECB62A 171520 ----a-w- C:\Windows\SysWOW64\ubpm.dll 2015-03-11 08:24:27 340EECB781E6C06A6171B3068DA208AD 12875264 ----a-w- C:\Windows\SysWOW64\shell32.dll 2015-03-11 08:24:17 D5063B86DC3F85B93D02AF68099F4C9A 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-03-11 08:24:16 69925A266D265DAD96C6FCBB861FA5CD 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-03-11 08:24:15 C7D334A01C66BF07B92D04CD7A981B7F 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 08:24:14 B06A4105DD22E91A1D922D7310803140 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 08:24:14 7A71DA6D6F75AB73475128F787DD8EAD 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 08:24:14 4E15E2D20AE755FDEACD96F359F732DB 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-03-11 08:24:13 5E76C26CAE2810EA71C161ED9A2CF0D1 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-03-11 08:24:12 84974782ED5D108DA2EFAF3C6534A760 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-03-11 08:24:12 30F5B3E28636009A0B194057AAE4392A 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-03-11 08:24:12 04934912B1317F2F8816208067A32B96 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-03-11 08:24:11 0485899A035E02C53014C0545D912405 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-03-11 08:24:10 ACD0CA819E279E1C17BE5C8A077EF448 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-03-11 08:24:09 7407DDA27838C393DE67A0BDCDD044D0 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-03-11 08:24:00 5F3628DCF926C4499BE1DC74431DFBC8 1230848 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 08:23:56 84B460BB65567ED42DD605FA044DB370 828928 ----a-w- C:\Windows\SysWOW64\msctf.dll 2015-03-11 08:23:02 9566C8BBD2271A7962D4432A624762AD 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-03-20 08:28:46 6568873240CDAA472C936B1EB92154E8 364472 ----a-w- C:\Windows\Sysnative\aswBoot.exe 2015-03-11 08:26:54 2CA6A98547E799812489E5ADF2774D97 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-03-11 08:26:54 289581F0FDA6B93A0FAFE979486AD6FA 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-03-11 08:26:53 08892A4ED848386E6B901723C1EF611B 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-03-11 08:26:51 D2BF72C0A9E26BE91C1DEEACF7C430E0 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-03-11 08:26:51 7FA2B43D940DF41E46B8049B59AB6639 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-03-11 08:26:50 D3EA5B5E606EF17804B5BF565BEAD937 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-03-11 08:26:46 585B29EFB4954902FD53C4F8F9A0D39F 389800 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-03-11 08:26:45 501A38B72FA264605123B4FACF53F057 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-03-11 08:26:44 F5E5E96E188934BAB22C0916C91F46B3 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-03-11 08:26:43 132862B0FC4A1B7CB45C274DE169DBB2 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-03-11 08:26:42 80B3AD73027A2CCD42C47EBF5C89124F 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-03-11 08:26:42 5443F21A33DB376734DBE47F7635542C 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-03-11 08:26:40 D0767EA3A59FA70C7ACF59EE0C8CD42A 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-03-11 08:26:40 9E9B757A677927110393A505822D9174 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-03-11 08:26:38 62269DEFF17AB006217330A24EA8577B 2886144 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-03-11 08:26:38 22C4867C690C38B18B2C1A0B072CD0C4 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-03-11 08:26:35 A1264D16AF506125C974775C833A063C 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-03-11 08:26:35 1EC0BF321D3B14D02B9A8BAC134570F4 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-03-11 08:26:33 76B53D2150284E138B46410EA54967FA 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-03-11 08:26:32 FB8C4EE9889790466A0174923410649E 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-03-11 08:26:32 2335F6BF8A127E31EB0E2D9A82F188A0 14398976 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-03-11 08:26:30 D373113A84C12BA7F07CE1E9CAF4747F 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-03-11 08:26:30 A9190899A35431CF8ABBEF5E1BB0C8F9 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-03-11 08:26:30 4870B24EA7D4EEF5E1C4675AC47796B8 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-03-11 08:26:29 40DF85D8B2B0171EF5F23AA1B5CD9A62 6035456 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-03-11 08:26:28 687E11F36832BFF65EF0CD2FA3DB1966 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-03-11 08:26:28 36F99BD8A0F09BDBB7850A138845A014 2358784 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-03-11 08:26:27 1C393E42928BF55B3796E732B678CD5B 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-03-11 08:26:26 667229C8F194D619D12F05943D7F61F0 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-03-11 08:26:23 1193400D8E29A5A010135FB09A4EB1E8 25021440 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-03-11 08:26:20 F351B0E520502552734BE70AA5940784 41984 ----a-w- C:\Windows\Sysnative\lpk.dll 2015-03-11 08:26:20 1307814243F21EB129852D59B5AB37FB 372224 ----a-w- C:\Windows\Sysnative\atmfd.dll 2015-03-11 08:26:19 DB0BD8B8D68D8211CA23FBE52DACE549 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll 2015-03-11 08:26:19 85D3E918658C2766780F7DEE5F8FBE57 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll 2015-03-11 08:26:19 39A108604F51821F6F4E2001E9A1CB60 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll 2015-03-11 08:26:11 A53A63831185FF5339E76221BE45E6B9 842240 ----a-w- C:\Windows\Sysnative\blackbox.dll 2015-03-11 08:26:10 DF6104DCED89E13A78BA5539CEF5100A 1202176 ----a-w- C:\Windows\Sysnative\drmv2clt.dll 2015-03-11 08:26:07 FDA5F186596288F0B9ECE9DC7A5AA868 5554104 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-03-11 08:26:05 BD311BB00DD0D656C091AC8888C2369D 14632960 ----a-w- C:\Windows\Sysnative\wmp.dll 2015-03-11 08:26:04 7F4D59E70DD6E757E96B40570B498D5C 782848 ----a-w- C:\Windows\Sysnative\wmdrmsdk.dll 2015-03-11 08:26:00 B2F02AB28864B6D5B5B9BEDA565D41BB 497664 ----a-w- C:\Windows\Sysnative\drmmgrtn.dll 2015-03-11 08:25:59 3FECBED0EACABD22E024EF4E50CF987B 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll 2015-03-11 08:25:56 8DFDB70E3E56C2F1AE09CB3C03E266E5 1574400 ----a-w- C:\Windows\Sysnative\quartz.dll 2015-03-11 08:25:56 5FFEE6CA63E27CBA1F32002743E58F3C 631808 ----a-w- C:\Windows\Sysnative\evr.dll 2015-03-11 08:25:54 410F6B1BE785F3630B4782F8E3D85A24 1069056 ----a-w- C:\Windows\Sysnative\cryptui.dll 2015-03-11 08:25:53 6AEEC5677AD522786CED371A7BEE620C 616360 ----a-w- C:\Windows\Sysnative\winresume.efi 2015-03-11 08:25:53 0BC72EA80234382701EAFC1BE0ECD7E4 432128 ----a-w- C:\Windows\Sysnative\mfplat.dll 2015-03-11 08:25:52 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\Sysnative\winresume.exe 2015-03-11 08:25:51 DB2D62AA2DF6B1F3D690A9EC9701AA2C 188416 ----a-w- C:\Windows\Sysnative\pcasvc.dll 2015-03-11 08:25:51 94BC902494AFC9F5EBC5FBB61445D73F 82432 ----a-w- C:\Windows\Sysnative\cryptsp.dll 2015-03-11 08:25:50 29143C7827F9F2AC543E792A8C63FBB0 4121600 ----a-w- C:\Windows\Sysnative\mf.dll 2015-03-11 08:25:49 F88B4A9EA1A956F09D5001D08B546228 641024 ----a-w- C:\Windows\Sysnative\msscp.dll 2015-03-11 08:25:48 483221CC1AAC288368292899E32B6B9B 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-03-11 08:25:47 7A4064169FBA91F39DB1FDC094A18DA8 619056 ----a-w- C:\Windows\Sysnative\winload.exe 2015-03-11 08:25:46 B7E752FFD95DC61FCB7A6E70E37175E5 693176 ----a-w- C:\Windows\Sysnative\winload.efi 2015-03-11 08:25:45 AE66D26930CA536706078537CB5AC840 325632 ----a-w- C:\Windows\Sysnative\msnetobj.dll 2015-03-11 08:25:44 999A7FD4D9F8B1656F1167D94743E50A 457400 ----a-w- C:\Windows\Sysnative\ci.dll 2015-03-11 08:25:44 93C7D1C3941086162B433107D9E8BCE3 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-03-11 08:25:44 72D4757510FDA69D729169C00AFC211E 32256 ----a-w- C:\Windows\Sysnative\appidsvc.dll 2015-03-11 08:25:44 6968D02DC38757C3FBE7ED7C2F9670AA 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2015-03-11 08:25:44 1BE9877B199184D7657BC4CFCB7B4A99 140288 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2015-03-11 08:25:43 577D0B947B49DB83E2054FA169B2ECBF 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll 2015-03-11 08:25:42 7BC64DEEFD0E6812E21DE89F0CF50A49 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2015-03-11 08:25:42 6E974F1C384615DEB0710E44F4847351 126464 ----a-w- C:\Windows\Sysnative\audiodg.exe 2015-03-11 08:25:41 C0AE7ABD87254B2789C8CB34AF274A65 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2015-03-11 08:25:40 3029D8E78E4BF18A0551E22CD4CB892C 371712 ----a-w- C:\Windows\Sysnative\qdvd.dll 2015-03-11 08:25:39 1CD76A83B9E8E9A5A3519B39E28354D9 187904 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2015-03-11 08:25:38 27793FE3FF2D0123896D1A01A2D222C7 37376 ----a-w- C:\Windows\Sysnative\pcadm.dll 2015-03-11 08:25:37 CBE684883A45E5B047DA6B4AC46C2112 55808 ----a-w- C:\Windows\Sysnative\rrinstaller.exe 2015-03-11 08:25:37 3A7BC2DC99D3C5B172465E890B3C3B14 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2015-03-11 08:25:36 589852B65C91F574E980ABDB8205080A 146944 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe 2015-03-11 08:25:35 63D3C30B497347495B8EA78A38188969 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-03-11 08:25:34 947938F265D7CB99653CDFF2B3C0468D 206848 ----a-w- C:\Windows\Sysnative\mfps.dll 2015-03-11 08:25:34 84DB8EB3C184BB549ED90A842020F278 58880 ----a-w- C:\Windows\Sysnative\appidapi.dll 2015-03-11 08:25:34 0F79883E27BB1AFE2D9BB4656A1CEFCD 11264 ----a-w- C:\Windows\Sysnative\msmmsp.dll 2015-03-11 08:25:33 ED6BF1E1C4F40F600DFEC0CB101A1789 9728 ----a-w- C:\Windows\Sysnative\pcalua.exe 2015-03-11 08:25:33 A84C94CF795E08BBB99E4E145F9E81A3 11264 ----a-w- C:\Windows\Sysnative\pcawrk.exe 2015-03-11 08:25:33 29088A5723C81BF75AD909AAB6A91610 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-03-11 08:25:32 C4937B9D6EF4D309A60054D4D00EE9DB 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll 2015-03-11 08:25:32 BE7DA70C9F4A97CCA9ED78B70BCFC9AC 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-03-11 08:25:32 56FD1BC602EE0E7949F92EE2EE327B72 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll 2015-03-11 08:25:32 00EE5D3E16D42F25F7813ACFA10EC803 24576 ----a-w- C:\Windows\Sysnative\mfpmp.exe 2015-03-11 08:25:29 EA285B947EE48103697CDA53D76C9EEC 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe 2015-03-11 08:25:27 F43B09E257121ADC501ABE9367FAA850 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll 2015-03-11 08:25:27 D3F1F9C784BCCDF2C880669D69FC1970 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll 2015-03-11 08:25:26 D3F1F9C784BCCDF2C880669D69FC1970 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx 2015-03-11 08:25:25 FE03B35A22C3D2714B494FC2AB32AC5B 8704 ----a-w- C:\Windows\Sysnative\pcaevts.dll 2015-03-11 08:25:25 DBCD54B841F2B216B2F0F86E18205C22 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-03-11 08:25:21 77D49942BD5DC97723ABC8A6D2757B6E 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL 2015-03-11 08:25:18 8364A0F7633414DC5C50A37295B1FAFF 2048 ----a-w- C:\Windows\Sysnative\mferror.dll 2015-03-11 08:24:32 1FB81632476857E8451DDA8A456EF3CE 215552 ----a-w- C:\Windows\Sysnative\ubpm.dll 2015-03-11 08:24:28 01F9FEB7F0C84EA1AC6A9B4D7C6B0435 14177280 ----a-w- C:\Windows\Sysnative\shell32.dll 2015-03-11 08:24:18 3807605BDA83C0DA729A5219CEBB9041 341504 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-03-11 08:24:17 DB2904A4CEBC39DF8892A613BEC71512 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-03-11 08:24:16 1DB278E5834B08F9A184F953F2D31FF7 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-03-11 08:24:15 9B644AC070576AAE701910874C241DBD 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-03-11 08:24:15 6536829F6EA1149527728A210F493B79 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-03-11 08:24:15 28CC69865D5DC458EDDCEA35F01D71DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-03-11 08:24:14 E1404987DCD392AF9D67F6A26CE21175 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-03-11 08:24:14 B6C7729936AAF8E0697F0A7DCA82CED8 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-03-11 08:24:14 7BC39275661EA7DEE54135AA26DF733E 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-03-11 08:24:13 FB95F6E11AAD62F24C2DB01E6E9D7BE7 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-03-11 08:24:13 92F920EE9EAF7306B4AB8124D474AB52 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-03-11 08:24:13 54CD467B3A6DA02E9449DB7FB1830612 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-03-11 08:24:12 473BCBFFC55C9FE33D502035322E759D 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-03-11 08:24:11 65CF54B1D8CB1B085B6D8BC210E2C45F 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-03-11 08:24:10 378B175D0F0A1C38026F280BF6C8D0C6 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-03-11 08:24:09 543553AD3E30CB261C8B436DF644F23E 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-03-11 08:24:02 A0DEE06D68F210CA090FD4D9A33CDC12 3204096 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-03-11 08:24:01 0A4D03A4C0F908B15B8A4C48FB18F197 1424896 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2015-03-11 08:23:56 E88A78273D429554B6B2D2BDA945ED9B 1067520 ----a-w- C:\Windows\Sysnative\msctf.dll 2015-03-11 08:23:04 CBA2694BFC61F371181F2BE2BCD66C40 465920 ----a-w- C:\Windows\Sysnative\WMPhoto.dll ====== C:\Windows\Sysnative\drivers ===== 2015-03-20 08:28:58 8CDA894FA86D03FB43063D5FD85EFCAE 136752 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys 2015-03-20 08:28:57 3A145C94A519E52FE7E99460DD0DF53C 441728 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys 2015-03-20 08:28:57 11644D8399F4AC8BB12C2364DCB87CB4 268640 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys 2015-03-20 08:28:56 713AFFD4E38553AEF04617C985B4030B 65736 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys 2015-03-20 08:28:56 245D3A0670491E1F88759EC45C9F7314 88408 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys 2015-03-20 08:28:55 BC18D5B42B19564BA09156410E1FB9BE 93528 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys 2015-03-20 08:28:55 BA4B999D245287608A79C92CDAE6F3C1 29168 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys 2015-03-20 08:28:53 669F6B37965756E407B447272B5EE39F 1047320 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys 2015-03-20 08:28:52 543D8AD4621A685CECBBE44BD5B71FAE 28144 ----a-w- C:\Windows\Sysnative\drivers\aswKbd.sys 2015-03-20 08:27:25 95AAB2D70A5B8F4BDB1FF131CD726232 449896 ----a-w- C:\Windows\Sysnative\drivers\aswNdisFlt.sys 2015-03-16 14:11:37 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-03-16 14:10:52 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-03-16 14:10:52 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-03-16 14:10:51 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-03-11 08:25:58 ED6E75158D28D33A2E2A020AC5B2B59D 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2015-03-11 08:25:51 87BCD1034CBF33537D4D4C251D39BA26 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys 2015-03-11 08:25:42 90C53BD47979FB8814F465A08B885102 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2015-03-11 08:24:18 8BA90F480705D7153AD0060CCA62222A 155576 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-03-11 08:24:18 27667A788130A7F7A5858DE27572E6D7 459336 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-03-11 08:24:17 56ED3EE5FED6BF2FC1305CF872042868 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-02-22 11:10:12 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\Windows\Sysnative\drivers\GEARAspiWDM.sys 2015-02-21 17:07:26 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2015-02-21 09:01:35 D4121AE6D0C0E7E13AA221AA57EF2D49 107904 ----a-w- C:\Windows\Sysnative\drivers\amdsata.sys 2015-02-21 09:01:35 AAAF44DB3BD0B9D1FB6969B23ECC8366 410496 ----a-w- C:\Windows\Sysnative\drivers\iaStorV.sys 2015-02-21 09:01:35 540DAF1CEA6094886D72126FD7C33048 27008 ----a-w- C:\Windows\Sysnative\drivers\amdxata.sys 2015-02-21 09:01:35 0A92CB65770442ED0DC44834632F66AD 148352 ----a-w- C:\Windows\Sysnative\drivers\nvraid.sys 2015-02-21 09:01:34 DAB0E87525C10052BF65F06152F37E4A 166272 ----a-w- C:\Windows\Sysnative\drivers\nvstor.sys 2015-02-21 09:01:33 FED648B01349A3C8395A5169DB5FB7D6 91648 ----a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS 2015-02-20 23:07:53 DDA4CAF29D8C0A297F886BFE561E6659 198656 ----a-w- C:\Windows\Sysnative\drivers\WUDFRd.sys 2015-02-20 23:07:53 AB886378EEB55C6C75B4F2D14B6C869F 87040 ----a-w- C:\Windows\Sysnative\drivers\WUDFPf.sys 2015-02-20 23:07:48 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\Sysnative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2015-02-20 22:45:57 6BD9295CC032DD3077C671FCCF579A7B 23408 ----a-w- C:\Windows\Sysnative\drivers\fs_rec.sys 2015-02-20 10:52:16 D711B3C1D5F42C0C2415687BE09FC163 288768 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-02-20 10:52:15 A5D9106A73DC88564C825D317CAC68AC 158208 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-02-20 10:52:15 9423E9D355C8D303E76B8CFBD8A5C30C 128000 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-02-20 10:51:03 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2015-02-20 10:51:02 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys 2015-02-20 10:51:02 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2015-02-20 10:49:40 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys 2015-02-20 10:49:40 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys 2015-02-20 10:49:32 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys 2015-02-20 10:49:20 059F00DEF82BF41E433B7ED465847726 155584 ----a-w- C:\Windows\Sysnative\drivers\ataport.sys 2015-02-20 10:48:06 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2015-02-20 10:48:06 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2015-02-20 10:48:05 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys 2015-02-20 10:48:05 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2015-02-20 10:48:05 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2015-02-20 10:48:05 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2015-02-20 10:48:05 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys 2015-02-20 10:48:01 760E38053BF56E501D562B70AD796B88 950128 ----a-w- C:\Windows\Sysnative\drivers\ndis.sys 2015-02-20 10:48:00 0E01641D96889BDEB22DE12D30575B08 41472 ----a-w- C:\Windows\Sysnative\drivers\RNDISMP.sys 2015-02-20 10:47:38 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys 2015-02-20 10:47:15 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2015-02-20 10:47:13 E2C933EDBC389386EBE6D2BA953F43D8 785624 ----a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys 2015-02-20 10:47:13 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\Sysnative\drivers\WdfLdr.sys 2015-02-20 10:47:12 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\Sysnative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2015-02-20 10:47:12 1F775DA4CF1A3A1834207E975A72E9D7 185344 ----a-w- C:\Windows\Sysnative\drivers\usbvideo.sys 2015-02-20 10:47:11 80B0F7D5CCF86CEB5D402EAAF61FEC31 100864 ----a-w- C:\Windows\Sysnative\drivers\usbcir.sys 2015-02-20 10:47:06 1B16D0BD9841794A6E0CDE0CEF744ABC 45568 ----a-w- C:\Windows\Sysnative\drivers\tcpipreg.sys 2015-02-20 10:46:59 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys 2015-02-20 10:46:58 856E76B3641746ABBC2946BED1372098 32896 ----a-w- C:\Windows\Sysnative\drivers\hidparse.sys 2015-02-20 10:46:58 597C3699384E53CC59587ED50CCE5CA2 76800 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys 2015-02-20 10:44:21 B4ADEBBF5E3677CCE9651E0F01F7CC28 410112 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys 2015-02-20 10:44:21 441FBA48BFF01FDB9D5969EBC1838F0B 467456 ----a-w- C:\Windows\Sysnative\drivers\srv.sys 2015-02-20 10:44:21 27E461F0BE5BFF5FC737328F749538C3 168448 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys 2015-02-20 10:44:17 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2015-02-20 10:44:17 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys 2015-02-20 10:42:10 E9766131EEADE40A27DC27D2D68FBA9C 75120 ----a-w- C:\Windows\Sysnative\drivers\partmgr.sys 2015-02-20 09:53:01 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2015-02-20 09:53:00 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys 2015-02-20 09:53:00 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2015-02-20 09:50:07 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2015-02-20 09:50:05 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys 2015-02-20 09:48:40 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys 2015-02-20 09:48:28 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2015-02-20 09:46:32 6C02A83164F5CC0A262F4199F0871CF5 90624 ----a-w- C:\Windows\Sysnative\drivers\bowser.sys 2015-02-20 08:52:42 51C5ECEB1CDEE2468A1748BE550CFBC8 23552 ----a-w- C:\Windows\Sysnative\drivers\tdtcp.sys ====== C:\Windows\Tasks ====== 2015-03-20 08:29:24 601673F4FAE47320DBCDC0CDA0AE0D96 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update 2015-03-18 14:13:37 74155C22AEFE3E6845AE4387A918A392 3258 ----a-w- C:\Windows\Sysnative\Tasks\Trojan Killer ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-03-18 14:53:09 -------- d-----w- C:\Program Files\trend micro 2015-02-22 11:09:13 -------- d-----w- C:\Program Files\iPod 2015-02-22 11:08:56 -------- d-----w- C:\Program Files\iTunes 2015-02-22 11:06:54 -------- d-----w- C:\Program Files\Bonjour 2015-02-22 11:06:22 -------- d-----w- C:\Program Files\Common Files\Apple ======= C:\PROGRA~2 ===== 2015-03-22 00:01:10 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-03-22 00:00:04 -------- d-----w- C:\PROGRA~2\Java 2015-03-20 08:41:06 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2015-03-20 08:41:03 -------- d-----r- C:\PROGRA~2\Skype 2015-03-18 13:43:50 -------- d-----w- C:\PROGRA~2\Driver Checker 2015-02-22 11:09:14 -------- d-----w- C:\PROGRA~2\iTunes 2015-02-22 11:07:34 -------- d-----w- C:\PROGRA~2\Apple Software Update 2015-02-22 11:06:54 -------- d-----w- C:\PROGRA~2\Bonjour 2015-02-22 11:05:45 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple 2015-02-21 11:53:29 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe 2015-02-21 11:53:29 -------- d-----w- C:\PROGRA~2\Adobe ======= C: ===== ====== C:\Users\Qtera69\AppData\Roaming ====== 2015-03-21 23:58:42 -------- d-----w- C:\Users\Qtera69\AppData\Locallow\Sun 2015-03-21 23:52:57 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Sun 2015-03-20 08:41:39 -------- d-----w- C:\Users\Qtera69\AppData\Local\Skype 2015-03-20 08:41:25 -------- d-----w- C:\Users\Qtera69\AppData\Roaming\Skype 2015-03-16 14:10:33 -------- d-----w- C:\Users\Qtera69\AppData\Local\Programs 2015-02-24 09:20:52 -------- d-sh--w- C:\Users\Qtera69\AppData\Local\EmieUserList 2015-02-24 09:20:52 -------- d-sh--w- C:\Users\Qtera69\AppData\Local\EmieSiteList 2015-02-24 09:20:52 -------- d-sh--w- C:\Users\Qtera69\AppData\Local\EmieBrowserModeList 2015-02-23 06:55:50 -------- d-----w- C:\Users\Qtera69\AppData\Locallow\Adobe 2015-02-22 11:10:38 -------- d-----w- C:\Users\Qtera69\AppData\Roaming\Apple Computer 2015-02-22 11:10:38 -------- d-----w- C:\Users\Qtera69\AppData\Local\Apple Computer 2015-02-22 11:07:38 -------- d-----w- C:\Users\Qtera69\AppData\Local\Apple 2015-02-22 11:07:27 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Apple Computer 2015-02-21 11:41:43 -------- d-----w- C:\Users\Qtera69\AppData\Local\Adobe ====== C:\Users\Qtera69 ====== 2015-03-22 00:01:11 -------- d-----w- C:\ProgramData\Sun 2015-03-22 00:00:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-03-22 00:00:10 -------- d-----w- C:\ProgramData\Oracle 2015-03-21 23:51:04 49BF715D225A5D3FE9D2FA75967C1466 561064 ----a-w- C:\Users\Qtera69\Downloads\chromeinstall-8u40.exe 2015-03-20 08:41:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-03-18 15:02:19 95300BA672A14E3AE6740CB3CB41DB7B 2171392 ----a-w- C:\Users\Qtera69\Downloads\adwcleaner_4.112 (1).exe 2015-03-18 14:52:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Qtera69\Downloads\RSITx64.exe 2015-03-18 13:43:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Checker 2015-03-17 15:30:19 -------- d-----w- C:\ProgramData\GridinSoft 2015-03-17 15:27:43 AC3A4C0DDFD75153AA10E6C9D8BDB7A1 66598248 ----a-w- C:\Users\Qtera69\Downloads\gtk-2.2.6.7-setup.exe 2015-03-17 15:16:38 95300BA672A14E3AE6740CB3CB41DB7B 2171392 ----a-w- C:\Users\Qtera69\Downloads\adwcleaner_4.112.exe 2015-03-16 11:36:40 ED6C93EE27B62E28BBD839FCB3D75E6E 5325696 ----a-w- C:\Users\Qtera69\Downloads\ccsetup503.exe 2015-03-11 16:43:29 -------- d-----w- C:\ProgramData\Microsoft Toolkit 2015-02-22 11:10:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-22 11:08:56 -------- d-----w- C:\ProgramData\Apple Computer 2015-02-22 11:05:45 -------- d-----w- C:\ProgramData\Apple 2015-02-22 11:00:51 -------- d-----w- C:\Users\Public\Documents\microsoft 2015-02-21 11:31:25 -------- d--h--w- C:\ProgramData\CanonBJ ====== C: exe-files == 2015-03-22 00:00:36 A07427A93E1133A7F0F4691CC54B9294 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-03-22 00:00:36 94017ABBDE345580542D8301793EFF7A 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-03-22 00:00:36 30E9397C2F0C8FF128219D6A25E172BB 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-03-22 00:00:23 F95C5163F6D8955BEF59A896C7F7112D 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\unpack200.exe 2015-03-22 00:00:23 A29B7A1BAD1A1EB608ACF7684F1F1E37 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\tnameserv.exe 2015-03-22 00:00:22 DFB1F31DD4A08FA5892886DC7117064A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\rmid.exe 2015-03-22 00:00:22 7833052815087E5BF9346AC78FDCED68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssvagent.exe 2015-03-22 00:00:22 751E8649890CC42727D80F8D6DE1F1CB 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\servertool.exe 2015-03-22 00:00:22 7162180C98D1BE5D1315FC05B3C91E9D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\pack200.exe 2015-03-22 00:00:22 689916BDF4F58C7F7AD25F8B3ABB783A 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\rmiregistry.exe 2015-03-22 00:00:22 0A9C7408BADBA5D2C841817C22ACBF07 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\policytool.exe 2015-03-22 00:00:22 08363434BEC1B0AE6420C77820BC12E9 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\orbd.exe 2015-03-22 00:00:21 AF28DAA2B4EB3AD87203202264A2491C 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\klist.exe 2015-03-22 00:00:21 946FD6292EAE3FBB93CC3BB01BA8763D 76712 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2launcher.exe 2015-03-22 00:00:21 32700B34EE49959FAF64EC46D96B3630 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\ktab.exe 2015-03-22 00:00:21 1FA2D0F07730F502A857BFC63DA6C193 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\kinit.exe 2015-03-22 00:00:21 042B789E469D238D5FA9DEC4241CE3FD 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\keytool.exe 2015-03-22 00:00:20 A07427A93E1133A7F0F4691CC54B9294 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\javaws.exe 2015-03-22 00:00:20 94017ABBDE345580542D8301793EFF7A 191400 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\javaw.exe 2015-03-22 00:00:20 3DB4CD42B36FD2C98E9B51E3CBC1670E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\jjs.exe 2015-03-22 00:00:19 79B6403F5BD398BB9880F00FAF7C69DA 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe 2015-03-22 00:00:18 6031BACB59D93E5ECB4ACDE6E12565EA 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\jabswitch.exe 2015-03-22 00:00:18 30E9397C2F0C8FF128219D6A25E172BB 190888 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\java.exe 2015-03-22 00:00:18 2794D464D89260B0316C16A9FE24C660 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\java-rmi.exe 2015-03-21 23:51:04 49BF715D225A5D3FE9D2FA75967C1466 561064 ----a-w- C:\Users\Qtera69\Downloads\chromeinstall-8u40.exe 2015-03-21 17:42:54 A38E9C48F13C11CAB641A0C91F8F12A1 885840 ----a-w- C:\Program Files (x86)\Google\Update\Install\{41EFA74E-092F-4A04-8D40-3AF2CA6204D8}\41.0.2272.101_41.0.2272.89_chrome_updater.exe 2015-03-21 17:42:54 A38E9C48F13C11CAB641A0C91F8F12A1 885840 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.101\41.0.2272.101_41.0.2272.89_chrome_updater.exe 2015-03-20 08:38:46 E41C4B2066CF1B2B07D90D13BB7B193A 54432 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe 2015-03-20 08:38:46 E41C4B2066CF1B2B07D90D13BB7B193A 54432 ----a-w- C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe 2015-03-20 08:38:46 67F3E1CF291FD03D8F7B4E87015A8AB8 59392 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe 2015-03-20 08:38:46 49F3DF5F4DED35ED40DCC8B97018155C 130208 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe 2015-03-20 08:38:46 0F8485C6CF126C41FD8AF1D75FC2DC08 96768 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe 2015-03-20 08:38:40 4F7C743AC5212EBB53528BFC9C557FDC 58693 ----a-w- C:\Program Files (x86)\7-Zip\Uninstall.exe 2015-03-20 08:28:46 6568873240CDAA472C936B1EB92154E8 364472 ----a-w- C:\Windows\System32\aswBoot.exe 2015-03-20 07:25:15 695552E890F458947D60CC24D564147D 561992 ----a-w- C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\SwReporter\2.15.6\software_reporter_tool.exe 2015-03-18 15:02:19 95300BA672A14E3AE6740CB3CB41DB7B 2171392 ----a-w- C:\Users\Qtera69\Downloads\adwcleaner_4.112 (1).exe 2015-03-18 14:53:11 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Qtera69.exe 2015-03-18 14:52:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Qtera69\Downloads\RSITx64.exe 2015-03-18 13:43:51 A964E72690F342A877D3208EB25A94B2 81408 ----a-w- C:\Windows\SysWOW64\devcon_x64.exe 2015-03-18 13:43:50 D8BB48DD655A7A5B8782DD7BB0A2D2C4 700186 ----a-w- C:\Program Files (x86)\Driver Checker\unins000.exe 2015-03-18 13:43:50 7D7B38CC21CF7CC8D4D8AF8EB5A0EF8E 11498920 ----a-w- C:\Program Files (x86)\Driver Checker\DriverChecker.exe 2015-03-18 13:42:46 956A6B98E56272372A20ADC3057F0B05 768512 ----a-w- C:\Users\Qtera69\Downloads\Driver Checker 2.7.5\Driver Checker 2.X KeyGen Tom_Da_Man.exe 2015-03-18 13:42:46 5DF0338FFE9FBADD1868A6DE6E00890A 7012856 ----a-w- C:\Users\Qtera69\Downloads\Driver Checker 2.7.5\DriverChecker_Setup.exe 2015-03-17 15:27:43 AC3A4C0DDFD75153AA10E6C9D8BDB7A1 66598248 ----a-w- C:\Users\Qtera69\Downloads\gtk-2.2.6.7-setup.exe 2015-03-17 15:16:38 95300BA672A14E3AE6740CB3CB41DB7B 2171392 ----a-w- C:\Users\Qtera69\Downloads\adwcleaner_4.112.exe 2015-03-16 11:36:40 ED6C93EE27B62E28BBD839FCB3D75E6E 5325696 ----a-w- C:\Users\Qtera69\Downloads\ccsetup503.exe 2015-03-16 10:49:48 34BBACBAE5FF498B3F92936FD81E3F02 11313152 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-c5bf0e6b.exe === C: other files == 2015-03-22 00:00:23 9DCBFF045A2A43212A4763C3461A50B9 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\lib\deploy\ffjcext.zip 2015-03-20 08:28:58 8CDA894FA86D03FB43063D5FD85EFCAE 136752 ----a-w- C:\Windows\System32\drivers\aswStm.sys 2015-03-20 08:28:57 3A145C94A519E52FE7E99460DD0DF53C 441728 ----a-w- C:\Windows\System32\drivers\aswSP.sys 2015-03-20 08:28:57 11644D8399F4AC8BB12C2364DCB87CB4 268640 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2015-03-20 08:28:56 713AFFD4E38553AEF04617C985B4030B 65736 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2015-03-20 08:28:56 245D3A0670491E1F88759EC45C9F7314 88408 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2015-03-20 08:28:55 BC18D5B42B19564BA09156410E1FB9BE 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2015-03-20 08:28:55 BA4B999D245287608A79C92CDAE6F3C1 29168 ----a-w- C:\Windows\System32\drivers\aswHwid.sys 2015-03-20 08:28:53 669F6B37965756E407B447272B5EE39F 1047320 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2015-03-20 08:28:52 543D8AD4621A685CECBBE44BD5B71FAE 28144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2015-03-20 08:27:25 95AAB2D70A5B8F4BDB1FF131CD726232 449896 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys 2015-03-18 14:12:47 92E4387FECA6D6B9F2A781F5898556E2 363508 ----a-w- C:\ProgramData\GridinSoft\Trojan Killer\storage\420816333729514.zip 2015-03-16 14:11:37 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-03-16 14:10:52 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-03-16 14:10:52 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-03-16 14:10:51 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3587330891-1572245818-3806218168-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP" "NBAgent"="c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe /WinStart" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" "ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "TWebCamera"=""C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3" "TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaReminder.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe " "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" "HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe " "SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe " "00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe " "SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe " "TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" "Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r" "TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe " "TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe " ==== Startup Folders ====================== 2010-04-22 07:24:02 1258 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2010-04-22 07:24:02 1258 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/02/2015 14:37] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/02/2015 14:37] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Trojan Killer" ["C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [20/03/2015 09:28] ==== Chromium Look ====================== Google Chrome Version: 41.0.2272.101 (Latest Stable version: 41.0.2272.101) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20/03/2015 09:28] Google Slides - Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Share on Tumblr - Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkpjkniknhaojcebeaallaglkmhlcno Hey Girl - Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip Google Wallet - Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.be/", "startup_urls": [ "http://www.google.com/" ] ==== Chromium Fix ====================== C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkpjkniknhaojcebeaallaglkmhlcno deleted successfully C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipkpjkniknhaojcebeaallaglkmhlcno_0.localstorage deleted successfully C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipkpjkniknhaojcebeaallaglkmhlcno_0.localstorage-journal deleted successfully C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ipkpjkniknhaojcebeaallaglkmhlcno deleted successfully C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip deleted successfully C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcpmmhaffdebnmkjelaohgjmndeongip_0.localstorage deleted successfully C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcpmmhaffdebnmkjelaohgjmndeongip_0.localstorage-journal deleted successfully C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jcpmmhaffdebnmkjelaohgjmndeongip deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {3123D9EE-2B7A-4090-A2E6-7B888249D2F5} Amazon Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2" {7EAA10DE-34BC-4686-9129-5BCF3947701F} Unknown Url="Not_Found" {CE735D6A-5794-4B4A-A9FB-B3C967E53F3C} eBay Url="http://rover.ebay.com/rover/1/1346-71494-26233-7/4?satitle={searchTerms}" {D46D882C-76F5-4F1E-8B2A-3710EAF0B976} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3587330891-1572245818-3806218168-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7EAA10DE-34BC-4686-9129-5BCF3947701F} deleted successfully HKEY_USERS\S-1-5-21-3587330891-1572245818-3806218168-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D46D882C-76F5-4F1E-8B2A-3710EAF0B976} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Qtera69\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Qtera69\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=27 folders=6 843901 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Qtera69\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Qtera69\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 22/03/2015 at 1:57:58,23 ======================