Zoek.exe v5.0.0.1 Updated 30-09-2015 Tool run by Catlyne Nix on zo 04/10/2015 at 12:36:51,84. Microsoft Windows 10 Home 10.0.10240 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Catlyne Nix\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 4/10/2015 12:43:57 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Origin Games deleted successfully C:\PROGRA~2\Smart Driver Updater deleted successfully C:\PROGRA~2\Wisdom-soft ScreenHunter 6.0 Free deleted successfully C:\PROGRA~2\Wisdom-soft ScreenHunter 6.0 Pro deleted successfully C:\Program Files\log deleted successfully C:\Program Files\Common Files\AV deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\Evernote deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully C:\Users\Catlyne Nix\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Catlyne Nix\AppData\Local\EmieSiteList deleted successfully C:\Users\Catlyne Nix\AppData\Local\EmieUserList deleted successfully C:\Users\Catlyne Nix\AppData\Local\NetworkTiles deleted successfully C:\Users\Catlyne Nix\AppData\Local\NokiaAccount deleted successfully C:\Users\Catlyne Nix\AppData\Local\PackageStaging deleted successfully C:\Users\Catlyne Nix\AppData\Local\Wisdom-soft deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{26e67fb2-111e-417f-966e-547ac43968cf} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{26e67fb2-111e-417f-966e-547ac43968cf} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011341191} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{26e67fb2-111e-417f-966e-547ac43968cf} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26e67fb2-111e-417f-966e-547ac43968cf} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater40.1.6 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26e67fb2-111e-417f-966e-547ac43968cf}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AVG-Secure-Search-Update_0915tb"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- "vProt"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Origin Games not found C:\PROGRA~2\Smart Driver Updater not found C:\PROGRA~2\Wisdom-soft ScreenHunter 6.0 Free not found C:\PROGRA~2\Wisdom-soft ScreenHunter 6.0 Pro not found C:\ProgramData\Avg_Update_0915tb not found C:\ProgramData\Avg_Update_0915tb not found C:\Users\Catlyne Nix\AppData\Roaming\SupTab deleted C:\Users\Catlyne Nix\AppData\LocalLow\uTorrentBar_NL deleted C:\Program Files (x86)\Vid-Saver deleted C:\Program Files (x86)\Zebar deleted C:\Program Files (x86)\BabylonToolbar deleted C:\ProgramData\IePluginService deleted C:\ProgramData\AVG Security Toolbar deleted C:\ProgramData\AVG Web TuneUp deleted C:\Program Files\AVG Web TuneUp deleted C:\PROGRA~3\Premium deleted C:\Users\Catlyne Nix\AppData\LocalLow\Conduit deleted C:\PROGRA~2\Mozilla Firefox\user.js deleted C:\PROGRA~2\DealPly deleted C:\PROGRA~2\uTorrentBar_NL deleted C:\PROGRA~2\SupTab deleted C:\PROGRA~2\Conduit deleted C:\user.js deleted C:\PROGRA~3\Uniblue\DriverScanner deleted C:\PROGRA~3\WPM deleted C:\PROGRA~3\Uniblue deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted C:\PROGRA~3\Package Cache deleted C:\Users\Catlyne Nix\AppData\Local\CRE deleted C:\Users\Catlyne Nix\AppData\Local\APN deleted C:\Users\Catlyne Nix\AppData\Local\SmartWeb deleted C:\Users\Catlyne Nix\AppData\Local\Vid-Saver deleted C:\Users\Catlyne Nix\AppData\Local\Conduit deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2 deleted C:\Users\Catlyne Nix\AppData\LocalLow\BabylonToolbar deleted C:\Users\Catlyne Nix\AppData\LocalLow\PriceGong deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\Syswow64\Hotspot Shield deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted C:\Users\Catlyne Nix\Adobe Photoshop CS5 PORTABLE.exe deleted C:\Users\Catlyne Nix\Downloads\DownloadSetup.exe deleted "C:\Windows\Installer\1cc25970.msi" deleted "C:\Windows\Installer\1cc25970.msi" deleted "C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe" deleted "C:\Program Files (x86)\AVG Web TuneUp\icudt.dll" deleted "C:\Program Files (x86)\AVG Web TuneUp\libcef.dll" deleted "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" deleted "C:\PROGRA~2\SecureW2\sw2_tray.exe" deleted "C:\PROGRA~2\AVG Web TuneUp\avgcefrend.exe" deleted "C:\PROGRA~2\AVG Web TuneUp\icudt.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\libcef.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted "C:\Program Files (x86)\AVG Web TuneUp\locales\en-US.pak" deleted "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE" deleted "C:\PROGRA~2\AVG Web TuneUp\locales\en-US.pak" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\40.1.6\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\40.1.6\log4cplusU.dll" deleted "C:\Program Files (x86)\AVG Web TuneUp" deleted "C:\Program Files (x86)\Microsoft\BingBar" not deleted "C:\Users\Catlyne Nix\AppData\Local\AVG Web TuneUp" deleted "C:\PROGRA~2\SecureW2" not deleted "C:\PROGRA~2\AVG Web TuneUp" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\Program Files (x86)\AVG Web TuneUp\locales" deleted "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0" not deleted "C:\PROGRA~2\AVG Web TuneUp\locales" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\40.1.6" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\40.1.6" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\CATLYN~1\AppData\Local\Temp ==== ====== Java Cache ===== 2015-10-03 11:41:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Catlyne Nix\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-12e8350e ====== C:\WINDOWS\SysWOW64 ===== 2015-10-03 14:57:36 D5B3690D367EC7EF2AC7FC48B854D1CC 178152 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-03 14:57:35 5BACD68B116CAA67B71F4F9DB500A47B 812008 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-10-03 12:08:06 5780FAC582AF72AF39D461336E23D39C 18806272 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2015-10-03 12:08:03 96CC96E8D16E315148047DFEB31EEEE9 13027840 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-10-03 12:07:57 00A63F21DCEF7D6D58BB73C594C6C75F 19325440 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2015-10-03 12:07:41 3277E503E6EA72D19CDC16501FD151BA 5120056 ----a-w- C:\WINDOWS\SysWOW64\windows.storage.dll 2015-10-03 12:07:37 2DA15A53E965A27A3D5CF99E3CCC430A 6101504 ----a-w- C:\WINDOWS\SysWOW64\mos.dll 2015-10-03 12:07:34 08D6065A1D6D007C77A688271D915B00 5079552 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll 2015-10-03 12:07:26 8E2D23AB73A5276FC7CDE134B06F0C03 5454848 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll 2015-10-03 12:07:23 19DFBB25AB67A2F4D23F08A7D765E802 2154808 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2015-10-03 12:07:18 A66B5D22B883373A44764C003078A828 2646528 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-10-03 12:07:16 EB7E8B15015C784D8852292206EF1461 1918464 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-10-03 12:07:10 BCCB55B18CE7054BA288FFEB27BA6F54 1766952 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-10-03 12:07:08 73FC0143E518D8DB7AFE9675F4AF8063 2207232 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2015-10-03 12:07:07 F28E047EF8A68C586F177A3DD625831C 3579904 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2015-10-03 12:07:02 2570B5FA73B119C16E0E721265126C3A 2446648 ----a-w- C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2015-10-03 12:06:58 47F3B89782076037F328AEC18245D4B1 962400 ----a-w- C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-10-03 12:06:55 DFAE92F5EF58FF29E81D951B2BDF45B8 1104384 ----a-w- C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-10-03 12:06:54 C637D94084069A10759E53F79D5DC4C5 899584 ----a-w- C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2015-10-03 12:06:53 EE8FDC90138DD93AA6B1ECA831D9D3CE 1162240 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2015-10-03 12:06:53 776339B81E632F579AB1EC6EE503A9C0 58368 ----a-w- C:\WINDOWS\SysWOW64\usoapi.dll 2015-10-03 12:06:49 DAFFF5B7F43F88907A21996E71812D0C 764416 ----a-w- C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-10-03 12:06:49 BE36E4024EABE75FEF529553E023AEF8 646672 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll 2015-10-03 12:06:48 F69835A120E9627327ECE984D2AC87EA 828928 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2015-10-03 12:06:46 001D3D691DD268165A3EE49C69078054 658528 ----a-w- C:\WINDOWS\SysWOW64\mfds.dll 2015-10-03 12:06:43 807178C85CF6375FAB2FE42395FE94D7 677888 ----a-w- C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-10-03 12:06:40 4B5286A021D8CA64BABB07D7B9739AF4 512000 ----a-w- C:\WINDOWS\SysWOW64\CoreMessaging.dll 2015-10-03 12:06:39 F65307E09D4807EDE95D1016CAF42DAD 587264 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-10-03 12:06:38 F38B52333E0C93A1C55323719103783B 1357888 ----a-w- C:\WINDOWS\SysWOW64\winmde.dll 2015-10-03 12:06:38 E0F11A1D1C7482BBD76448E6FD3AA327 454512 ----a-w- C:\WINDOWS\SysWOW64\directmanipulation.dll 2015-10-03 12:06:38 A5F48E7E55B076996B67F8F32C9D6D33 2639872 ----a-w- C:\WINDOWS\SysWOW64\esent.dll 2015-10-03 12:06:37 78FBC37D02A39402B685B7E95A83EFE8 428128 ----a-w- C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-10-03 12:06:35 60242DBD3FCFA6D4163B6C29D76295B7 336384 ----a-w- C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2015-10-03 12:06:34 00682184457B97EDA4C0C157331A7495 454656 ----a-w- C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-10-03 12:06:33 6740B4C8B8B3474F086B8AEBDE4861D8 217088 ----a-w- C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2015-10-03 12:06:32 D124F89BBDCFC24A04F159D913852DDC 701952 ----a-w- C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-10-03 12:06:32 258A4F9A2C91C6C6E36775CDCCB4AFE1 441168 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2015-10-03 12:06:31 1BFDE0B4AC3E0EB180FBC32A22B8A8B4 464896 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-10-03 12:06:31 1B102F53BD7209D712BBE96E9FAA32CA 313856 ----a-w- C:\WINDOWS\SysWOW64\LockAppBroker.dll 2015-10-03 12:06:30 F4E25F21AC509AEE3617E9DBA086318E 434376 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2015-10-03 12:06:30 53FC0EFBE44591CA16BE1A4309F689DC 253440 ----a-w- C:\WINDOWS\SysWOW64\SensorsApi.dll 2015-10-03 12:06:29 6FA73C45D51E7909C68FE5A113D5585F 928256 ----a-w- C:\WINDOWS\SysWOW64\Unistore.dll 2015-10-03 12:06:26 DC7C56F01B96CA5FDB99D241D4E067FC 311808 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2015-10-03 12:06:26 99CEBD54809E76C9CD1839B0492CCF5E 1895568 ----a-w- C:\WINDOWS\SysWOW64\hevcdecoder.dll 2015-10-03 12:06:25 63900F897A025DDFE83737A260C250A5 371712 ----a-w- C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2015-10-03 12:06:25 037908D9C8C689490978BFF72532A361 195072 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2015-10-03 12:06:22 1253135EC3029F79601EDCFF55ADC9FC 508248 ----a-w- C:\WINDOWS\SysWOW64\mf.dll 2015-10-03 12:06:20 535DCD92E0C7D52A0F1237AF3DCFAAA9 613376 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll 2015-10-03 12:06:18 E03EC1BA7B6061620367F19249705D1F 625152 ----a-w- C:\WINDOWS\SysWOW64\ContactApis.dll 2015-10-03 12:06:17 3C9FDBB0963B18C9D60B54F8AF81DF11 268800 ----a-w- C:\WINDOWS\SysWOW64\ncryptprov.dll 2015-10-03 12:06:16 E856065895D1133F5457BCDB4452A8D3 74880 ----a-w- C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-10-03 12:06:15 DBAAA86B138D2F8B7EDF7A3ED7ADF8B3 557568 ----a-w- C:\WINDOWS\SysWOW64\ChatApis.dll 2015-10-03 12:06:15 399BED6CD8A3AA7C7CF48A8E55FB4463 579584 ----a-w- C:\WINDOWS\SysWOW64\AppointmentApis.dll 2015-10-03 12:06:14 FFCE532A61DD7518BE997267940D7AE4 466432 ----a-w- C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2015-10-03 12:06:14 1A917EA73F9B46F31F8E0BA3B44FDD8F 525312 ----a-w- C:\WINDOWS\SysWOW64\EmailApis.dll 2015-10-03 12:06:13 F2BCE0CF75943E18852148B2875F632B 41472 ----a-w- C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll 2015-10-03 12:06:08 80D2AE15F53154CEE71C9E3C131FBB9B 407608 ----a-w- C:\WINDOWS\SysWOW64\AudioSes.dll 2015-10-03 12:06:07 C5FBD8DDCD35F7F1242F3587681A2654 193024 ----a-w- C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2015-10-03 12:06:07 8B4E59B0B71ECE3CF6234DFAAE0A05DF 172032 ----a-w- C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2015-10-03 12:06:07 6C8012BEB3FF973020E9429CBB6C1696 195584 ----a-w- C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2015-10-03 12:06:05 C45DE57A004A5BD637923BB2EF410E19 131072 ----a-w- C:\WINDOWS\SysWOW64\CallHistoryClient.dll 2015-10-03 12:06:05 54DB5459A808BB03FDEA98325530B946 145920 ----a-w- C:\WINDOWS\SysWOW64\mdmregistration.dll 2015-10-03 12:06:04 FB3B46B0FFCEDEED7BB5E74D82895118 1171456 ----a-w- C:\WINDOWS\SysWOW64\netcenter.dll 2015-10-03 12:06:04 D0A5D8270FF8606D2B445C4359A8FCEB 328704 ----a-w- C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-10-03 12:06:04 9E8E29389AD2E2C31E65400C5BBC06EC 574464 ----a-w- C:\WINDOWS\SysWOW64\Chakradiag.dll 2015-10-03 12:06:04 638747E5050BEB4F5DF9DDE8AC418296 473088 ----a-w- C:\WINDOWS\SysWOW64\wpnapps.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-10-04 10:30:52 54B65B15F76E94F114DFE3BC2D609B15 16148 ----a-w- C:\WINDOWS\Sysnative\CATLYNENIX-PC_Catlyne Nix_HistoryPrediction.bin 2015-10-03 12:08:15 CD8169F2DE6AFF7CC56A596BCC2326E8 24595456 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2015-10-03 12:08:13 35DAE99CA54E05DE5EE404EC20DD073F 16708608 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2015-10-03 12:08:10 B91D329CB2EF570B6A7CEB409625DD32 21875712 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2015-10-03 12:07:40 7ED8EF17B3A6C69DA6A0EC90CFBB4ABB 7055872 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll 2015-10-03 12:07:39 DE82BD1C35547D04241DB1DB3D4808E0 6487248 ----a-w- C:\WINDOWS\Sysnative\windows.storage.dll 2015-10-03 12:07:38 537826436B921256BA9055F65A97ED91 7569408 ----a-w- C:\WINDOWS\Sysnative\mos.dll 2015-10-03 12:07:32 E130DF660C8E4C6ED1255F2276CC2802 7523328 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll 2015-10-03 12:07:31 9D4A09AB97C2F0EC6BFA6B54AA2BA239 3781120 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll 2015-10-03 12:07:27 78ECC7FEDA1790706A8ED7D864F754FC 2464216 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2015-10-03 12:07:25 C9C6D1C3171A866F10C7D58777E9638A 2417664 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2015-10-03 12:07:25 6D6E7210CBD7C0AA2130F3F3F14D32A5 2824248 ----a-w- C:\WINDOWS\Sysnative\msmpeg2vdec.dll 2015-10-03 12:07:24 6FA4BB1AA0C18F5CFB96F228376BD249 2494712 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll 2015-10-03 12:07:23 33F308FD702D507A7BB28BF2E80C2717 3248640 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll 2015-10-03 12:07:18 E5D86250453B33900666D92ED1A92ABE 2740224 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2015-10-03 12:07:05 3C096082A9232B7CEE4653B9C9031769 2228736 ----a-w- C:\WINDOWS\Sysnative\wlansvc.dll 2015-10-03 12:07:04 11AE1E4065376FCD89C0A37C5953164E 4791296 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2015-10-03 12:07:03 68DE1997977CD3A86D5F8D0FD23056EA 1563392 ----a-w- C:\WINDOWS\Sysnative\winmde.dll 2015-10-03 12:07:03 223A5048FE554992D8E7D0195D57AA19 1397088 ----a-w- C:\WINDOWS\Sysnative\LicenseManager.dll 2015-10-03 12:07:01 5252CE15DB06AB5A796EBC361EAC1528 8020816 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2015-10-03 12:07:00 390EAAB81E5C1DB0FD4920796C74AB48 1290240 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll 2015-10-03 12:06:59 52C3440B5098BFB99D91E869A26ECB30 1213440 ----a-w- C:\WINDOWS\Sysnative\RemoteNaturalLanguage.dll 2015-10-03 12:06:59 0968D575D9108497A6DC37749D4A6C4F 2093056 ----a-w- C:\WINDOWS\Sysnative\wlidsvc.dll 2015-10-03 12:06:57 031080A610C302B0279A267411EDB7E3 2226688 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll 2015-10-03 12:06:56 85AC4CA67BECC08CBC655A8D8919B23B 1331200 ----a-w- C:\WINDOWS\Sysnative\UIAutomationCore.dll 2015-10-03 12:06:55 D23F211E1AA0787EFEC373D172D4A1C2 1181696 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll 2015-10-03 12:06:55 8AFDD74F2DC5BAD9B2215FB19DB65240 809352 ----a-w- C:\WINDOWS\Sysnative\CoreMessaging.dll 2015-10-03 12:06:54 C5E2FBB19641860794CEE2B580192732 966416 ----a-w- C:\WINDOWS\Sysnative\twinapi.appcore.dll 2015-10-03 12:06:53 AF34122A1B595218036B4049D802B470 1203712 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.Bluetooth.dll 2015-10-03 12:06:52 444016D88142B82366EC516C3CF714E0 2178560 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll 2015-10-03 12:06:52 36E46F26B5291A7D324466602A88947B 784136 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll 2015-10-03 12:06:51 B70FF53144AC4B3C7D98BFB7D7C239BD 2236416 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2015-10-03 12:06:50 A51AC21B1F31FD7F4EC2811E33572AFC 859136 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll 2015-10-03 12:06:50 891C83BE8BA62B7547B9A6576A360C71 1010176 ----a-w- C:\WINDOWS\Sysnative\RDXService.dll 2015-10-03 12:06:50 405BD80834094E297664CE0A7EE70EF9 2987520 ----a-w- C:\WINDOWS\Sysnative\esent.dll 2015-10-03 12:06:49 DE8B9EE2E86532686497FE5A1E44E90D 467968 ----a-w- C:\WINDOWS\Sysnative\MBMediaManager.dll 2015-10-03 12:06:49 7505ACFD9362DA74FEB623F21FE3B391 1601536 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Speech.dll 2015-10-03 12:06:48 DDCBE4B09287CF224B63015F9C6BD31F 1295712 ----a-w- C:\WINDOWS\Sysnative\wpx.dll 2015-10-03 12:06:46 B82363129E8554D58B95A6935B83891D 781976 ----a-w- C:\WINDOWS\Sysnative\mfds.dll 2015-10-03 12:06:46 3478670E8646CC536E1EF21F077F4DD6 2156400 ----a-w- C:\WINDOWS\Sysnative\hevcdecoder.dll 2015-10-03 12:06:45 B7927A1D40BD17BC963E9353DBB36CD7 869376 ----a-w- C:\WINDOWS\Sysnative\MapControlCore.dll 2015-10-03 12:06:45 2C82D9E55432915A68A609008BDEF41A 1563472 ----a-w- C:\WINDOWS\Sysnative\wmpmde.dll 2015-10-03 12:06:44 974C92640A3DAA475E15E3C79299B690 1795072 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll 2015-10-03 12:06:44 3A4A543F135DE9A06ABA9DF982D79DD7 526336 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll 2015-10-03 12:06:43 87E5D206DCDD7E8DB7A597DA59FB9A07 1423872 ----a-w- C:\WINDOWS\Sysnative\UserDataService.dll 2015-10-03 12:06:43 311F4D131C28DA12595132A35124E955 910848 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll 2015-10-03 12:06:42 C8C5DFF028EA28D7846E95D8E5461794 570880 ----a-w- C:\WINDOWS\Sysnative\MbaeApi.dll 2015-10-03 12:06:41 F9BD360A4799BB54A01692940C46CA2B 537080 ----a-w- C:\WINDOWS\Sysnative\WWanAPI.dll 2015-10-03 12:06:41 D4E92C0C0F9C5054B03D67A3C0B41961 555768 ----a-w- C:\WINDOWS\Sysnative\directmanipulation.dll 2015-10-03 12:06:40 754BC3E56FF301B9EE8A764932D02124 513536 ----a-w- C:\WINDOWS\Sysnative\ngcsvc.dll 2015-10-03 12:06:40 33FF0B7585F54C0F33C38F5DCAB1DA01 3586560 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys 2015-10-03 12:06:39 B3CD8B2CBC6E48B194116B28F72CDA67 408064 ----a-w- C:\WINDOWS\Sysnative\CredProvDataModel.dll 2015-10-03 12:06:39 9C2B0E3A21CECD14E20A848F0DE94B24 517632 ----a-w- C:\WINDOWS\Sysnative\NotificationController.dll 2015-10-03 12:06:39 684F1E1B5D07451B600EA3C3D728A534 281600 ----a-w- C:\WINDOWS\Sysnative\VEEventDispatcher.dll 2015-10-03 12:06:38 D5AAA188C70146977CFEE8D128599F3F 378368 ----a-w- C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll 2015-10-03 12:06:38 5E010B486F7FB28D9B79AAC471FE484F 476760 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll 2015-10-03 12:06:37 913E47FCD3B43EC27215F90884915CAF 780288 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.Store.dll 2015-10-03 12:06:36 A40484AC27EE08DBE7F8DA5E1F6651ED 591360 ----a-w- C:\WINDOWS\Sysnative\wcmsvc.dll 2015-10-03 12:06:36 5424E49F79EB68E5F10439405101A09B 627712 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll 2015-10-03 12:06:35 8D23F0819A00C547814409B734DD3747 503808 ----a-w- C:\WINDOWS\Sysnative\tileobjserver.dll 2015-10-03 12:06:34 7614E6E6B53E8FE6E6B8A6D6D3CC2018 1067520 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll 2015-10-03 12:06:33 363F3F99863C2BB8612C9133E45BF3E6 387584 ----a-w- C:\WINDOWS\Sysnative\LockAppBroker.dll 2015-10-03 12:06:33 10FC981B716CCC25CDD5D306EBBC022D 1276416 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll 2015-10-03 12:06:32 E41C778D6208A51F57557523E2B479B5 1205248 ----a-w- C:\WINDOWS\Sysnative\Unistore.dll 2015-10-03 12:06:32 AE8B34FB5B54025E9C6895A45947A515 796160 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll 2015-10-03 12:06:31 D907DFF972354542D5B0B4414B308B75 312832 ----a-w- C:\WINDOWS\Sysnative\SensorsApi.dll 2015-10-03 12:06:30 509FF13E5C4FD63846FCA01A5ED912DB 521728 ----a-w- C:\WINDOWS\Sysnative\PsmServiceExtHost.dll 2015-10-03 12:06:30 37B5ECB8C390D9FD5A5BB2FFB7294B9E 553808 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe 2015-10-03 12:06:29 B9FC9E9B55C74557FEC004BF8B1184F4 359936 ----a-w- C:\WINDOWS\Sysnative\ncsi.dll 2015-10-03 12:06:28 09247D43F19CAFEEFEBF6A32F3A1225F 118272 ----a-w- C:\WINDOWS\Sysnative\KnobsCsp.dll 2015-10-03 12:06:27 EA8B28FFF774F7C7862C8746E1FDECF6 273920 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.LockScreen.dll 2015-10-03 12:06:27 D1AA97B30A9ED6F89DC3848C8BF53513 224256 ----a-w- C:\WINDOWS\Sysnative\KnobsCore.dll 2015-10-03 12:06:27 506F9F526D42BB4C0A579CB78F923A48 483328 ----a-w- C:\WINDOWS\Sysnative\OneDriveSettingSyncProvider.dll 2015-10-03 12:06:26 C7503A49364DB2AF7A7DE177B233081F 1844736 ----a-w- C:\WINDOWS\Sysnative\workfolderssvc.dll 2015-10-03 12:06:26 86C0DEE6940878A1496CBBA856FF4E5B 584656 ----a-w- C:\WINDOWS\Sysnative\mf.dll 2015-10-03 12:06:26 49B00A59043431804A5BCB5E48F735B3 414208 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll 2015-10-03 12:06:26 157B1CABAF5201237EECA4FB0F34D822 403456 ----a-w- C:\WINDOWS\Sysnative\dmenrollengine.dll 2015-10-03 12:06:25 194239DA484C7DB62E6773ABB5DD4463 269312 ----a-w- C:\WINDOWS\Sysnative\provengine.dll 2015-10-03 12:06:24 DAFEABE69E915A2374E13C6B24EF331F 690688 ----a-w- C:\WINDOWS\Sysnative\CellularAPI.dll 2015-10-03 12:06:24 B31569B0E7A467D4050FA49CFCBFCEFA 204800 ----a-w- C:\WINDOWS\Sysnative\wcmcsp.dll 2015-10-03 12:06:24 887065722784FD70B880B0D900E4884D 185344 ----a-w- C:\WINDOWS\Sysnative\psmsrv.dll 2015-10-03 12:06:24 7910232E31799A576F2509DA92CB8813 928256 ----a-w- C:\WINDOWS\Sysnative\JpMapControl.dll 2015-10-03 12:06:24 2C144777278ECD6DFF4B5A90F742C1AA 346112 ----a-w- C:\WINDOWS\Sysnative\ngccredprov.dll 2015-10-03 12:06:23 41C0EC5B11375F9CA045AFEF1EB75D5F 366592 ----a-w- C:\WINDOWS\Sysnative\wuuhext.dll 2015-10-03 12:06:22 D7B28BF9E08128C5A8B89FFD5BEB6B88 465920 ----a-w- C:\WINDOWS\Sysnative\wwanconn.dll 2015-10-03 12:06:22 65A0B3477231CE37B09A719DBBB9FCF1 671232 ----a-w- C:\WINDOWS\Sysnative\WUDFx02000.dll 2015-10-03 12:06:21 CF2B0ADDBA61B3B9FA339118FC742032 1812480 ----a-w- C:\WINDOWS\Sysnative\pnidui.dll 2015-10-03 12:06:21 88E6A429944544346EC3AE1FD7D24BCC 149504 ----a-w- C:\WINDOWS\Sysnative\tetheringservice.dll 2015-10-03 12:06:21 7BCC113B00736AA930DAA49CA7858808 856576 ----a-w- C:\WINDOWS\Sysnative\ContactApis.dll 2015-10-03 12:06:21 1CD8BB41436524A2748A77005E5DEB8A 579072 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe 2015-10-03 12:06:20 D37063C5B492B7B4F26D24C62167C8BE 137728 ----a-w- C:\WINDOWS\Sysnative\VEStoreEventHandlers.dll 2015-10-03 12:06:20 95EC1A9A6926F5091957F6CA52A34F21 162304 ----a-w- C:\WINDOWS\Sysnative\SubscriptionMgr.dll 2015-10-03 12:06:20 85146ABCB1EF298D1FF6EE4D5541788C 832512 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll 2015-10-03 12:06:19 99E14B1011FC214DA89D9559AD816B3A 243760 ----a-w- C:\WINDOWS\Sysnative\mfps.dll 2015-10-03 12:06:19 7D2165B4B27E11B3E557DB26CAA2BAFF 1382400 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys 2015-10-03 12:06:19 65F1F4DBB4A6FA971BF9F00129F452A0 494592 ----a-w- C:\WINDOWS\Sysnative\StoreAgent.dll 2015-10-03 12:06:19 38F08B82ADEEA1003B4A5177BB5366B3 347136 ----a-w- C:\WINDOWS\Sysnative\ncryptprov.dll 2015-10-03 12:06:19 327DA4A4DE4E9BECF2C16967366C74E2 186880 ----a-w- C:\WINDOWS\Sysnative\cloudAP.dll 2015-10-03 12:06:18 D61C3ED7C5F0D1B5BD9B351FEC381D57 120832 ----a-w- C:\WINDOWS\Sysnative\omadmclient.exe 2015-10-03 12:06:18 9BD143B8F803AC81F701BA0B8486212D 752640 ----a-w- C:\WINDOWS\Sysnative\ChatApis.dll 2015-10-03 12:06:17 B8401703E619E7BD7B5A659306A9BFE6 84480 ----a-w- C:\WINDOWS\Sysnative\MDMAppInstaller.exe 2015-10-03 12:06:17 888513B8C53C7574A9CC14195F5BFCA3 81488 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll 2015-10-03 12:06:17 7DDB731AD3E9F9F91D62E991BD52814F 79872 ----a-w- C:\WINDOWS\Sysnative\HttpsDataSource.dll 2015-10-03 12:06:17 2481E9E8858AD0A223FA3110916EF0C1 6572032 ----a-w- C:\WINDOWS\Sysnative\wwanmm.dll 2015-10-03 12:06:17 02077F66F8CF2F1FD58403D371482B01 106496 ----a-w- C:\WINDOWS\Sysnative\KeywordDetectorMsftSidAdapter.dll 2015-10-03 12:06:16 C1E6FBEBD285CABA0985533A56144F5F 288256 ----a-w- C:\WINDOWS\Sysnative\PimIndexMaintenance.dll 2015-10-03 12:06:16 B171608F20705895726DE86B34D1FBAC 95744 ----a-w- C:\WINDOWS\Sysnative\LocationWiFiAdapter.dll 2015-10-03 12:06:16 71107775BE0E612150F032CE21DD9C7C 88384 ----a-w- C:\WINDOWS\Sysnative\remoteaudioendpoint.dll 2015-10-03 12:06:15 4A54273338073939384A14BF0D7AFC14 88064 ----a-w- C:\WINDOWS\Sysnative\ngckeyenum.dll 2015-10-03 12:06:15 334206DD8DA94B0AEBC46A3196888031 83968 ----a-w- C:\WINDOWS\Sysnative\DeviceEnroller.exe 2015-10-03 12:06:15 02707CF32272B726BB410E6717BBB7E8 446976 ----a-w- C:\WINDOWS\Sysnative\MapConfiguration.dll 2015-10-03 12:06:14 F1A6A22A63F380DFF28C55B11D688B0C 102304 ----a-w- C:\WINDOWS\Sysnative\omadmapi.dll 2015-10-03 12:06:14 EF3BBA8739757B470D0E49C8619A31C0 53760 ----a-w- C:\WINDOWS\Sysnative\Windows.Speech.Pal.dll 2015-10-03 12:06:14 1547E4F51567E522CA96BC367CC9D295 590336 ----a-w- C:\WINDOWS\Sysnative\MessagingDataModel2.dll 2015-10-03 12:06:13 AA38E0578EBAD030D4CB098A9F5E650B 720896 ----a-w- C:\WINDOWS\Sysnative\EmailApis.dll 2015-10-03 12:06:12 EBD5F0FDD3EBB6EE6F6EE524206AD0AE 26624 ----a-w- C:\WINDOWS\Sysnative\LicenseManagerShellext.exe 2015-10-03 12:06:12 C92EBECB1E30E7E6006C0D8B4040C3F6 274944 ----a-w- C:\WINDOWS\Sysnative\syncutil.dll 2015-10-03 12:06:11 D88952BD78157D66A0921B63F5DD0EC5 439296 ----a-w- C:\WINDOWS\Sysnative\LocationWebproxy.dll 2015-10-03 12:06:10 DBA8FE1EAA344106C334E193D3D57B66 73728 ----a-w- C:\WINDOWS\Sysnative\wwancfg.dll 2015-10-03 12:06:10 A5B7CAFA0327BCBC2FC6F1C9F95191CA 342016 ----a-w- C:\WINDOWS\Sysnative\LocationGeofences.dll 2015-10-03 12:06:09 AC180D981BD23443793F7AA71BBE344A 599552 ----a-w- C:\WINDOWS\Sysnative\wpnapps.dll 2015-10-03 12:06:09 77C8CD0AACC1D059EDF6E91920D11550 421888 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Bluetooth.dll 2015-10-03 12:06:09 43A1B8B43CA4E213E0FD920F2FD6BCBA 267776 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Management.dll 2015-10-03 12:06:09 14503C58C1528D83FB2328840784EC78 621056 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll 2015-10-03 12:06:09 109F35CCD84FE9AD1E3B6A2953CF2C9D 685568 ----a-w- C:\WINDOWS\Sysnative\AppointmentApis.dll 2015-10-03 12:06:08 F57FE0BD8BD7E1F8088FE18D0FD7BEE9 501008 ----a-w- C:\WINDOWS\Sysnative\AudioEng.dll 2015-10-03 12:06:08 959695FD137FF0DEFC6152AAB03AA3D6 1216512 ----a-w- C:\WINDOWS\Sysnative\netcenter.dll 2015-10-03 12:06:08 6C9DDD0611379864596D2A8DE7B1870C 504320 ----a-w- C:\WINDOWS\Sysnative\DataSenseHandlers.dll 2015-10-03 12:06:07 07B5710393558DD734647D5F2F020647 215552 ----a-w- C:\WINDOWS\Sysnative\LocationCrowdsource.dll 2015-10-03 12:06:07 02954F6B3389EF56088EF1C99B6105BA 202240 ----a-w- C:\WINDOWS\Sysnative\accountaccessor.dll 2015-10-03 12:06:06 E6337423BD19DD12EB6777934B57E0F4 176640 ----a-w- C:\WINDOWS\Sysnative\LocationPeIP.dll 2015-10-03 12:06:06 3B397ED55AE652520503CCE0996B0D25 160256 ----a-w- C:\WINDOWS\Sysnative\enrollmentapi.dll 2015-10-03 12:06:05 A0DBB9386BEA8DA1A159C2A2E07081A3 856576 ----a-w- C:\WINDOWS\Sysnative\MPSSVC.dll 2015-10-03 12:06:05 9170F95C48D44BABB9546CBDC2D4CEBA 257024 ----a-w- C:\WINDOWS\Sysnative\UserDataAccountApis.dll 2015-10-03 12:06:05 5BA872CD68B18193FC82DFE125A15FC4 163840 ----a-w- C:\WINDOWS\Sysnative\CallHistoryClient.dll 2015-10-03 12:06:05 52E7F6343A99747CE5772B04FFCE00A3 771072 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll 2015-10-03 12:06:05 3AED81953A08DA52C64F3D92D4A21CD8 223232 ----a-w- C:\WINDOWS\Sysnative\PhoneCallHistoryApis.dll 2015-10-03 12:06:04 63D8A023148D8436D6CBA65E2B9ED56A 143360 ----a-w- C:\WINDOWS\Sysnative\provops.dll 2015-10-03 12:06:04 49213BF8E7EEE157F128C58D75043B09 68096 ----a-w- C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll 2015-10-03 12:06:03 EA1C2DAB8A63712B94897A58557B086C 371712 ----a-w- C:\WINDOWS\Sysnative\nlasvc.dll 2015-10-03 12:05:58 ECA28C8F0FF34A2BD8311CBA2D35B143 121856 ----a-w- C:\WINDOWS\Sysnative\dmcsps.dll 2015-10-03 12:05:58 BBA571F40F08F967531573109F7FA95E 169984 ----a-w- C:\WINDOWS\Sysnative\mdmregistration.dll 2015-10-03 12:05:58 98986780B8D494326D28DCAB6D601450 154624 ----a-w- C:\WINDOWS\Sysnative\dmcertinst.exe 2015-10-03 12:05:58 5793FBBB1F120D1815A8348434ED236C 221184 ----a-w- C:\WINDOWS\Sysnative\LocationPeWiFi.dll 2015-10-03 12:05:58 562078FF6ED0C2B1C09078343437D03E 168960 ----a-w- C:\WINDOWS\Sysnative\mdmmigrator.dll 2015-10-03 12:05:57 F0B43C550BD519423FB79A58A860CE0B 204288 ----a-w- C:\WINDOWS\Sysnative\LocationPeCell.dll 2015-10-03 12:05:57 F01743062DA74A24A0E7836289E33731 187904 ----a-w- C:\WINDOWS\Sysnative\provisioningcsp.dll 2015-10-03 12:05:56 E2AE190B76C27430E4E8258D0C44C79B 317440 ----a-w- C:\WINDOWS\Sysnative\configmanager2.dll 2015-10-03 12:05:56 C66E058599A44E0EEA95B3E0547345D2 30208 ----a-w- C:\WINDOWS\Sysnative\syncmlhook.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-10-03 12:07:10 89C9C3745F270EF93988DA57BC6AA62B 1983824 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2015-10-03 12:07:06 7EBD20284AC9BF9F0A020B86769BB074 2432336 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2015-10-03 12:06:43 927AD29D7F91B9A0C5294932374DA15E 894256 ----a-w- C:\WINDOWS\Sysnative\drivers\Wdf01000.sys 2015-10-03 12:06:28 FDB239DBE2A14B572D21ABCEDC7BB5D0 505696 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2015-10-03 12:06:28 C08449092043601887A1743350888635 516448 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2015-10-03 12:06:28 5A1C6AFFF6946C5C21A27AE05084C0D1 332624 ----a-w- C:\WINDOWS\Sysnative\drivers\fastfat.sys 2015-10-03 12:06:23 B6A33DCEBE437F909615E89BA5FB1385 395088 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2015-10-03 12:06:17 854AF190F55E6D70EC65A85798F896E2 36352 ----a-w- C:\WINDOWS\Sysnative\drivers\buttonconverter.sys 2015-10-03 12:06:17 70469C8AC4AD367295E70CFDD81B754C 99664 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys 2015-10-03 12:06:16 FA5C94FB36625787063D04CF2F24E890 320000 ----a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys 2015-10-03 12:06:13 616F40B897DA651221F86A1741E9609B 1168736 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2015-10-03 12:06:09 1434CA8A224655AD096D57DB24D3AA85 406864 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS 2015-10-03 12:06:09 004C66464D8FE76D5DA78BE6777D61AF 278352 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2015-09-08 15:26:07 5252D7BC56E5E0ED715AEA8FE173A455 206080 ----a-w- C:\WINDOWS\Sysnative\drivers\ssudmdm.sys 2015-09-08 15:24:38 73BDD44A6088916964945886F9025409 108800 ----a-w- C:\WINDOWS\Sysnative\drivers\ssudbus.sys ====== C:\WINDOWS\Tasks ====== 2015-09-09 13:54:43 88C4F20FB1233D4DA7A12A1E09498234 4112 ----a-w- C:\WINDOWS\Sysnative\Tasks\DropboxUpdateTaskMachineUA 2015-09-09 13:54:42 F7D2E86C153C7836F3D72B5A9559102D 3880 ----a-w- C:\WINDOWS\Sysnative\Tasks\DropboxUpdateTaskMachineCore 2015-09-09 13:54:42 622CB269AD581612D11EDA01FCC1B9F2 1048 ----a-w- C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2015-09-09 13:54:42 2C44078DAC91D210B82997FC715EDA45 1052 ----a-w- C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-10-03 11:51:10 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-10-03 15:24:43 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2015-10-03 15:24:40 -------- d-----r- C:\PROGRA~2\Skype 2015-09-09 13:54:33 -------- d-----w- C:\PROGRA~2\Dropbox 2015-09-08 15:31:36 -------- d-----w- C:\PROGRA~2\The Bit Studio ======= C: ===== ====== C:\Users\Catlyne Nix\AppData\Roaming ====== 2015-10-01 22:28:37 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Dropbox 2015-09-20 15:16:16 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\ATI 2015-09-20 15:16:15 -------- d-s---r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2015-09-20 15:16:15 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-09-20 15:16:15 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools 2015-09-20 15:16:15 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility 2015-09-20 15:16:15 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2015-09-20 15:16:15 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming 2015-09-20 15:16:15 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Temp 2015-09-20 15:16:15 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Microsoft Help 2015-09-20 15:16:15 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Microsoft 2015-09-20 15:16:15 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-09-17 08:01:18 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Avg 2015-09-08 15:33:18 -------- d-----w- C:\Users\Catlyne Nix\AppData\Local\Bit_Studio ====== C:\Users\Catlyne Nix ====== 2015-10-03 15:24:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-10-03 12:27:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-10-03 11:50:11 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Catlyne Nix\Downloads\RSITx64.exe 2015-10-01 22:28:31 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Desktop 2015-09-29 16:16:59 216914E33B84282280063E7112A302FF 256183 ----a-w- C:\Users\Catlyne Nix\14680777.2011.615636.pdf 2015-09-20 15:16:19 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\DefaultAppPool\ntuser.ini 2015-09-20 15:16:15 -------- d--h--w- C:\Users\DefaultAppPool\AppData 2015-09-20 15:16:15 -------- d-----w- C:\Users\DefaultAppPool\Saved Games 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\Videos 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\Pictures 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\Music 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\Links 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\Favorites 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\Downloads 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\Documents 2015-09-20 15:16:15 -------- d-----r- C:\Users\DefaultAppPool\Desktop 2015-09-16 18:30:44 -------- d-----r- C:\Users\Catlyne Nix\3D Objects 2015-09-08 15:31:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synctunes Desktop ====== C: exe-files == 2015-10-03 11:51:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Catlyne Nix.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Catlyne Nix\AppData\Local\Google\Update\GoogleUpdate.exe /c" "ALLUpdate"="C:\Program Files (x86)\OpenSubtitlesPlayer\ALLUpdate.exe sleep" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "Facebook Update"="C:\Users\Catlyne Nix\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Spotify Web Helper"="C:\Users\Catlyne Nix\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "BackgroundContainerV2"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\Catlyne Nix\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll,DllRun" "Spotify"="C:\Users\Catlyne Nix\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" "OneDrive"="C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" "Uninstall C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Cisco AnyConnect Secure Mobility Agent for Windows"="C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe -minimized" "SecureW2 Tray"="C:\Program Files (x86)\SecureW2\sw2_tray.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Catlyne Nix\AppData\Local\Google\Update\GoogleUpdate.exe /c" "ALLUpdate"="C:\Program Files (x86)\OpenSubtitlesPlayer\ALLUpdate.exe sleep" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "Facebook Update"="C:\Users\Catlyne Nix\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Spotify Web Helper"="C:\Users\Catlyne Nix\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "BackgroundContainerV2"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\Catlyne Nix\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll,DllRun" "Spotify"="C:\Users\Catlyne Nix\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" "OneDrive"="C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" "Uninstall C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1461940035-2626244505-742007032-1001Core.job --a-------- C:\Users\Catlyne Nix\AppData\Local\Facebook\Update\FacebookUpdate.exe [19/10/2013 23:31] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1461940035-2626244505-742007032-1001UA.job --a-------- C:\Users\Catlyne Nix\AppData\Local\Facebook\Update\FacebookUpdate.exe [19/10/2013 23:31] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1461940035-2626244505-742007032-1001Core.job --a-------- C:\Users\Catlyne Nix\AppData\Local\Google\Update\GoogleUpdate.exe [30/08/2015 02:36] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1461940035-2626244505-742007032-1001UA.job --a-------- C:\Users\Catlyne Nix\AppData\Local\Google\Update\GoogleUpdate.exe [30/08/2015 02:36] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\WINDOWS\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\WINDOWS\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\WINDOWS\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1461940035-2626244505-742007032-1001Core" [C:\Users\Catlyne Nix\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1461940035-2626244505-742007032-1001UA" [C:\Users\Catlyne Nix\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1461940035-2626244505-742007032-1001Core" [C:\Users\Catlyne Nix\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1461940035-2626244505-742007032-1001UA" [C:\Users\Catlyne Nix\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"] "C:\WINDOWS\SysNative\tasks\SecureW2 Task" [C:\Program Files (x86)\SecureW2\sw2_tray.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{5B16965E-BA6E-486D-89A6-69578E0D059C}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\{6C991049-3338-4C1B-8B34-CD4958BEDF28}" [C:\Program Files (x86)\Adobe Photoshop CS5\Photoshop.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-04-19 22:48:55 -------- d-----w- C:\PROGRA~3\MFAData 2015-04-19 22:48:55 -------- d--h--w- C:\PROGRA~3\Common Files 2015-04-19 23:00:37 -------- d-----w- C:\PROGRA~3\AVG2015 2015-07-05 19:28:57 -------- d-----w- C:\PROGRA~3\Dropbox 2015-07-10 11:04:22 -------- d-----w- C:\PROGRA~3\regid.1991-06.com.microsoft 2015-07-10 11:04:22 -------- d-----w- C:\PROGRA~3\SoftwareDistribution 2015-07-10 11:04:22 -------- d-----w- C:\PROGRA~3\USOPrivate 2015-07-10 11:04:22 -------- d-s---w- C:\PROGRA~3\Microsoft 2015-07-10 12:21:38 -------- d-sh--we C:\PROGRA~3\Application Data 2015-07-10 12:21:38 -------- d-sh--we C:\PROGRA~3\Desktop 2015-07-10 12:21:38 -------- d-sh--we C:\PROGRA~3\Documents 2015-07-10 12:21:38 -------- d-sh--we C:\PROGRA~3\Start Menu 2015-07-10 12:21:38 -------- d-sh--we C:\PROGRA~3\Templates 2015-07-10 12:22:45 -------- d-----w- C:\PROGRA~3\USOShared 2015-08-04 16:19:21 -------- d-----w- C:\PROGRA~3\AMD 2015-08-04 17:17:43 -------- d-sh--we C:\PROGRA~3\Bureaublad 2015-08-04 17:17:43 -------- d-sh--we C:\PROGRA~3\Documenten 2015-08-04 17:17:43 -------- d-sh--we C:\PROGRA~3\Favorieten 2015-08-04 17:17:43 -------- d-sh--we C:\PROGRA~3\Menu Start 2015-08-04 17:17:43 -------- d-sh--we C:\PROGRA~3\Sjablonen 2015-08-29 09:23:54 -------- d-----w- C:\PROGRA~3\ATI ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [27/10/2013 18:20] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [27/10/2013 18:20] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Catlyne Nix\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\Catlyne Nix\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[27/06/2012 16:01] gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 15:13] pgmfkblbflahhponhjmkcnpjinenhlnc - C:\Users\Catlyne Nix\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Catlyne Nix\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[] Fast save - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlbhdackkgnmappbphgjpocngmiklhl Angry Birds - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj Missing e - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid YouTube - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo AVG Web TuneUp - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn Google Search - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Flash Video Downloader - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh AdBlock - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Notifier for Twitter - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn Chrome Web Store Payments - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo\u003E - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Tumblr Savior - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip Vid-Saver - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc Gmail - Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Catlyne Nix\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.directlyrics.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.directlyrics.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vacatures.trovit.be_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vacatures.trovit.be_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.groupon.be_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.groupon.be_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.scrabblefinder.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.scrabblefinder.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d26qa89x3cppxu.cloudfront.net_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d26qa89x3cppxu.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_jobs.kellyservices.be_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_jobs.kellyservices.be_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_free-youtube-to-mp3-converter.nl.softonic.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_free-youtube-to-mp3-converter.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tv-kijken.nl.softonic.com_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tv-kijken.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0 deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ggkfikfcbnpfoicfjammigpnakpogebh_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ggkfikfcbnpfoicfjammigpnakpogebh_0.localstorage-journal deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlbhdackkgnmappbphgjpocngmiklhl deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adlbhdackkgnmappbphgjpocngmiklhl_0.localstorage deleted successfully C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adlbhdackkgnmappbphgjpocngmiklhl_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://mysearch.avg.com/?cid={9DA6692B-139D-4BC0-A72C-CCF8DB4F3B89}&mid=624a76a86cd547cdb87ee929313bc905-0f3fa075aa198932f13973a6bd998ebc4101a7c4&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0915av&pr=fr&d=2015-09-11 11:51:11&v=4.1.6.294&pid=wtu&sg=&sap=hp" "Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1400793315&from=slbnew&uid=WDCXWD5000BPVT-22HXZT3_WD-WXN1A81U0012U0012" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F5F6523-4407-4DC7-9502-735CE8C31432} deleted successfully HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9BE2DE6-0AFE-47E3-8378-54836F4A76F2} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1461940035-2626244505-742007032-1001\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Catlyne Nix\Desktop\Audacity 1.3 Beta (Unicode).lnk - C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\audacity.exe C:\Users\Catlyne Nix\Desktop\DivX Movies.lnk - C:\Users\Catlyne Nix\Videos\DivX Movies C:\Users\Catlyne Nix\Desktop\Documenten.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms C:\Users\Catlyne Nix\Desktop\Dropbox.lnk - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /home C:\Users\Catlyne Nix\Desktop\Google Chrome.lnk - C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1400793315&from=slbnew&uid=WDCXWD5000BPVT-22HXZT3_WD-WXN1A81U0012U0012 C:\Users\Catlyne Nix\Desktop\Gratis woordenboek Van Dale.lnk - C:\Users\Catlyne Nix\Downloads\Gratis woordenboek Van Dale.htm C:\Users\Catlyne Nix\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Catlyne Nix\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Catlyne Nix\Desktop\Oxford Advanced Learner's Dictionary.lnk - C:\Users\Catlyne Nix\Downloads\Oxford Advanced Learner's Dictionary.htm C:\Users\Catlyne Nix\Desktop\Oxford Dictionaries.lnk - C:\Users\Catlyne Nix\Downloads\Oxford Dictionaries.htm C:\Users\Catlyne Nix\Desktop\Spotify.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Spotify\Spotify.exe C:\Users\Catlyne Nix\Desktop\Virtua Tennis 4™.lnk - C:\Users\Catlyne Nix\Desktop\Woordenlijst Nederlandse Taal - Officiële Spelling.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Digital Editions.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions\digitaleditions.exe C:\Users\Public\Desktop\ALLConverter PRO.lnk - C:\Program Files (x86)\ALLConverter PRO\ALLConverterPro.exe C:\Users\Public\Desktop\AVG 2015.lnk - C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe C:\Users\Public\Desktop\Bhaalu.lnk - C:\Program Files (x86)\Right Brain Interface\Bhaalu\Bhaalu.exe --disable-plugins-discovery C:\Users\Public\Desktop\DivX Plus Converter.lnk - C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe SW_SHOWNORMAL C:\Users\Public\Desktop\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe C:\Users\Public\Desktop\eMindMaps.lnk - C:\Program Files (x86)\MindJET\eMindMaps\eMindMaps.exe C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url C:\Users\Public\Desktop\HP Solution Center.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nokia Suite.lnk - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe C:\Users\Public\Desktop\Photobie.lnk - C:\Program Files (x86)\Photobie\Photobie.exe C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files (x86)\PowerISO\PowerISO.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{6A0549A9-1B96-498C-ACBC-3943001FEB19}\SkypeIcon.exe C:\Users\Public\Desktop\Synctunes.lnk - C:\WINDOWS\Installer\{4503D496-8D6B-4FC2-9A66-1CD6E12CD5DA}\_8291C4F9CD138EB5FC8D82.exe C:\Users\Public\Desktop\Teach2000.lnk - C:\Program Files (x86)\Teach2000\Teach2000.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Vuze.lnk - C:\Program Files (x86)\Vuze\Azureus.exe C:\Users\Public\Desktop\Winkel voor HP-benodigheden.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe C:\Users\Public\Desktop\µTorrent.lnk - ==== shortcuts in Users Start Menu ====================== C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Catlyne Nix\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionele onderdelen.lnk - C:\Windows\System32\fodhelper.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1400793315&from=slbnew&uid=WDCXWD5000BPVT-22HXZT3_WD-WXN1A81U0012U0012 C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Catlyne Nix\AppData\Local\Popcorn Time\nw.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Catlyne Nix\AppData\Local\Popcorn Time\Uninstall.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk - C:\WINDOWS\DevicesFlow\DevicesFlow.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk - C:\WINDOWS\System32\Control.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk - C:\WINDOWS\MiracastView\MiracastView.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk - C:\WINDOWS\PrintDialog\PrintDialog.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk - C:\WINDOWS\Speech\Common\sapisvr.exe -SpeechUX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk - C:\WINDOWS\system32\mspaint.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\WINDOWS\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk - C:\WINDOWS\system32\psr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk - C:\WINDOWS\system32\xpsrchvw.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk - C:\WINDOWS\system32\charmap.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk - C:\WINDOWS\system32\comexp.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk - C:\WINDOWS\system32\compmgmt.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk - C:\WINDOWS\system32\dfrgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk - C:\WINDOWS\system32\cleanmgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk - C:\WINDOWS\system32\eventvwr.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk - C:\WINDOWS\system32\iscsicpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk - C:\WINDOWS\syswow64\odbcad32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk - C:\WINDOWS\system32\odbcad32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk - C:\WINDOWS\system32\perfmon.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk - C:\WINDOWS\system32\perfmon.exe /res C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk - C:\WINDOWS\system32\services.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk - C:\WINDOWS\system32\msinfo32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk - C:\WINDOWS\system32\taskschd.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk - C:\WINDOWS\system32\WF.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions\Uninstall.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Help -help C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2015.lnk - C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /home C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart B110 series\Software verwijderen.lnk - C:\Program Files (x86)\HP\Digital Imaging\{59C83C08-63F4-4AEC-81D6-392C5E23B843}\setup\hpzscr40.exe -datfile hposcr47.dat -onestop -forcereboot C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin verwijderen.lnk - C:\Program Files (x86)\Origin\OriginUninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV\PanService\Uninstall Service.lnk - C:\Program Files (x86)\PANDORA.TV\PanService\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photobie\Uninstall.lnk - C:\Program Files (x86)\Photobie\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\Uninstall PowerISO.lnk - C:\Program Files (x86)\PowerISO\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse\Uninstall Remote Mouse.lnk - C:\Program Files (x86)\Remote Mouse\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synctunes Desktop\Synctunes Desktop App.lnk - C:\WINDOWS\Installer\{4503D496-8D6B-4FC2-9A66-1CD6E12CD5DA}\_5417BD9331B5B4ECCC05FE.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk - C:\WINDOWS\system32\control.exe /name Microsoft.DefaultPrograms C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk - C:\WINDOWS\system32\taskmgr.exe /7 ==== shortcuts in Quick Launch ====================== C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions\digitaleditions.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ALLConverter PRO.lnk - C:\Program Files (x86)\ALLConverter PRO\ALLConverterPro.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1400793315&from=slbnew&uid=WDCXWD5000BPVT-22HXZT3_WD-WXN1A81U0012U0012 C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OpenSubtitlesPlayer V4.7.lnk - C:\Program Files (x86)\OpenSubtitlesPlayer\OpenSubtitlesPlayer.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk - C:\Program Files (x86)\Vuze\Azureus.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Media Center.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CS5.lnk - C:\Program Files (x86)\PhotoshopPortable\App\PhotoshopCS5\Photoshop.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== shortcuts After Repair ====================== C:\Users\Catlyne Nix\Desktop\Google Chrome.lnk - C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Catlyne Nix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6CCE0E3-75BB-BEAF-2730-62AC55F3B328} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WPM deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Catlyne Nix\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Catlyne Nix\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Catlyne Nix\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Catlyne Nix\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Catlyne Nix\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7391 folders=2492 386167803 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\CATLYN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Microsoft\BingBar" not found "C:\PROGRA~2\SecureW2" not found ==== EOF on zo 04/10/2015 at 15:19:38,28 ======================