Zoek.exe v5.0.0.1 Updated 09-November-2015
Tool run by DAVID on di 10-11-2015 at 20:35:56,26.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\DAVID\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

10-11-2015 20:39:36 Zoek.exe System Restore Point Created Successfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 


==== Empty Folders Check ======================

C:\PROGRA~2\Virtools deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\PROGRA~3\APN deleted successfully
C:\PROGRA~3\boost_interprocess deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Hitman Pro deleted successfully
C:\PROGRA~3\NtiDvdCopy deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\DAVID\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\DAVID\AppData\Local\EmieSiteList deleted successfully
C:\Users\DAVID\AppData\Local\EmieUserList deleted successfully
C:\Users\DAVID\AppData\Local\eSupport.com deleted successfully
C:\Users\DAVID\AppData\Local\NetworkTiles deleted successfully
C:\Users\DAVID\AppData\Local\PackageAware deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Virtools not found
C:\windows\SysNative\Tasks\0615pitUpdateInfo deleted
C:\PROGRA~2\GUT1101.tmp deleted
C:\PROGRA~2\GUM1100.tmp deleted
C:\PROGRA~2\Alawar.co.nl deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\found.004 deleted
C:\PROGRA~3\Ask deleted
C:\PROGRA~3\AlawarWrapper deleted
C:\PROGRA~3\Avg_Update_0615pit deleted
C:\PROGRA~3\Partner deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\DAVID\AppData\Local\HWVendorDetection.log deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\wininit.ini deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Public\Documents\AlawarWrapper deleted
"C:\Windows\Installer\1cec9.msi" deleted
"C:\Users\DAVID\AppData\Local\{27061B49-18A5-4470-AD3E-6DFCC19B0FF0}" deleted
"C:\Users\DAVID\AppData\Local\{2C51089E-55F3-4B14-946F-0344DFF534CA}" deleted
"C:\Users\DAVID\AppData\Roaming\Ace" deleted
"C:\Users\DAVID\AppData\Roaming\eSobi" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\DAVID\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-11-10 15:48:51	C39FB2F1EB2DF9F3820BD7775F3AFC81	97888	----a-w-	C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-10 13:51:00	570832958FCE670101E3E21407F69556	2029448	----a-w-	C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-11-10 13:29:52	776339B81E632F579AB1EC6EE503A9C0	58368	----a-w-	C:\WINDOWS\SysWOW64\usoapi.dll
2015-11-10 13:29:02	F38B52333E0C93A1C55323719103783B	1357888	----a-w-	C:\WINDOWS\SysWOW64\winmde.dll
2015-11-10 13:29:01	99CEBD54809E76C9CD1839B0492CCF5E	1895568	----a-w-	C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-11-10 13:29:00	2570B5FA73B119C16E0E721265126C3A	2446648	----a-w-	C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-11-10 13:28:57	2C8071B34E18E20101380634260FC8E0	1918976	----a-w-	C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 13:28:57	1D5D2A9485944E464B353506701E8CDC	2647040	----a-w-	C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 13:28:57	19DFBB25AB67A2F4D23F08A7D765E802	2154808	----a-w-	C:\WINDOWS\SysWOW64\mfcore.dll
2015-11-10 13:28:56	F4E25F21AC509AEE3617E9DBA086318E	434376	----a-w-	C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-11-10 13:28:56	BE36E4024EABE75FEF529553E023AEF8	646672	----a-w-	C:\WINDOWS\SysWOW64\mfsvr.dll
2015-11-10 13:28:56	001D3D691DD268165A3EE49C69078054	658528	----a-w-	C:\WINDOWS\SysWOW64\mfds.dll
2015-11-10 13:28:51	E856065895D1133F5457BCDB4452A8D3	74880	----a-w-	C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-11-10 13:28:50	80D2AE15F53154CEE71C9E3C131FBB9B	407608	----a-w-	C:\WINDOWS\SysWOW64\AudioSes.dll
2015-11-10 13:28:40	64A8573F80949FFA9E4EBCA8FB5A57EC	2878512	----a-w-	C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 13:28:39	638747E5050BEB4F5DF9DDE8AC418296	473088	----a-w-	C:\WINDOWS\SysWOW64\wpnapps.dll
2015-11-10 13:28:08	552B5B720AF0C2DB4489CE711216F885	441344	----a-w-	C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 13:28:08	53FC0EFBE44591CA16BE1A4309F689DC	253440	----a-w-	C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-11-10 13:28:06	F053D53DA5B1E51AFCCF129D8F27585C	11262976	----a-w-	C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 13:28:04	48CCDE23CA8D3380D1491EAD0E7A3ECE	3580416	----a-w-	C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 13:27:57	3831B52EDBF77509F54CCD0F8BF0F9E1	18801664	----a-w-	C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 13:27:56	9E590FA5A1BF50F2E7B7005244F8D31D	574464	----a-w-	C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-11-10 13:27:56	441947103FF76ED33BC46E50AFC55D57	5454848	----a-w-	C:\WINDOWS\SysWOW64\Chakra.dll
2015-11-10 13:27:55	45D9695B6EB93F1C3476042BCDBB7393	19326464	----a-w-	C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 13:27:46	FB3B46B0FFCEDEED7BB5E74D82895118	1171456	----a-w-	C:\WINDOWS\SysWOW64\netcenter.dll
2015-11-10 13:27:46	D6BF254925FD35955C99F402F8DF4773	20858360	----a-w-	C:\WINDOWS\SysWOW64\shell32.dll
2015-11-10 13:27:46	78FBC37D02A39402B685B7E95A83EFE8	428128	----a-w-	C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-11-10 13:27:46	60242DBD3FCFA6D4163B6C29D76295B7	336384	----a-w-	C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-11-10 13:27:46	471921FC25E6EC0AA5755C78DD9F7C4E	613376	----a-w-	C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-11-10 13:27:46	1B102F53BD7209D712BBE96E9FAA32CA	313856	----a-w-	C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-11-10 13:27:46	037908D9C8C689490978BFF72532A361	195072	----a-w-	C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-11-10 13:27:45	C5FBD8DDCD35F7F1242F3587681A2654	193024	----a-w-	C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-11-10 13:27:45	54DB5459A808BB03FDEA98325530B946	145920	----a-w-	C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-11-10 13:27:13	6740B4C8B8B3474F086B8AEBDE4861D8	217088	----a-w-	C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-11-10 13:27:12	F65307E09D4807EDE95D1016CAF42DAD	587264	----a-w-	C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-11-10 13:27:12	D055C7AC2514A999D8C636B39457B98B	172032	----a-w-	C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-11-10 13:27:12	CA4303787A36890CE6EE34DC1C993F3E	195584	----a-w-	C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-11-10 13:27:12	C637D94084069A10759E53F79D5DC4C5	899584	----a-w-	C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-11-10 13:27:12	BE8311935A9510E81DCBEC28AE3C5F5B	961376	----a-w-	C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 13:27:12	B81FC272B92CE1A7542EECF1416D17B9	579584	----a-w-	C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-11-10 13:27:12	9157489ABA83D6FEAAAEC8E3F79714E8	928256	----a-w-	C:\WINDOWS\SysWOW64\Unistore.dll
2015-11-10 13:27:12	685105400BCA64E0D19534A516F36454	625152	----a-w-	C:\WINDOWS\SysWOW64\ContactApis.dll
2015-11-10 13:27:12	5F7ADEE18B15B9D629F9875C9604A696	557568	----a-w-	C:\WINDOWS\SysWOW64\ChatApis.dll
2015-11-10 13:27:12	39518661140BE931D676EF657E877048	131072	----a-w-	C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-11-10 13:27:12	1253135EC3029F79601EDCFF55ADC9FC	508248	----a-w-	C:\WINDOWS\SysWOW64\mf.dll
2015-11-10 13:27:12	0C6AA21007BE1389A4D5C3772D7E262D	525312	----a-w-	C:\WINDOWS\SysWOW64\EmailApis.dll
2015-11-10 13:27:12	00682184457B97EDA4C0C157331A7495	454656	----a-w-	C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-11-10 13:27:11	D124F89BBDCFC24A04F159D913852DDC	701952	----a-w-	C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-11-10 13:27:11	D0A5D8270FF8606D2B445C4359A8FCEB	328704	----a-w-	C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-11-10 13:27:11	807178C85CF6375FAB2FE42395FE94D7	677888	----a-w-	C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-11-10 13:27:11	2DA15A53E965A27A3D5CF99E3CCC430A	6101504	----a-w-	C:\WINDOWS\SysWOW64\mos.dll
2015-11-10 13:27:11	08D6065A1D6D007C77A688271D915B00	5079552	----a-w-	C:\WINDOWS\SysWOW64\BingMaps.dll
2015-11-10 13:27:10	DC7C56F01B96CA5FDB99D241D4E067FC	311808	----a-w-	C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-11-10 13:27:10	BCCB55B18CE7054BA288FFEB27BA6F54	1766952	----a-w-	C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-11-10 13:27:10	966EDAEB4B78FA7547D484B21491156E	766976	----a-w-	C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 13:27:10	8F7E1B91CEA633D059EE9968D8F19808	2639872	----a-w-	C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 13:27:10	7CE15ED2080881C4D303BC1A3C7E48BB	2049536	----a-w-	C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 13:27:10	3C9FDBB0963B18C9D60B54F8AF81DF11	268800	----a-w-	C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-11-10 13:27:10	3277E503E6EA72D19CDC16501FD151BA	5120056	----a-w-	C:\WINDOWS\SysWOW64\windows.storage.dll
2015-11-10 13:27:09	DAFFF5B7F43F88907A21996E71812D0C	764416	----a-w-	C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 13:27:09	63900F897A025DDFE83737A260C250A5	371712	----a-w-	C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-11-10 13:27:09	258A4F9A2C91C6C6E36775CDCCB4AFE1	441168	----a-w-	C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-11-10 13:27:08	F69835A120E9627327ECE984D2AC87EA	828928	----a-w-	C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-11-10 13:27:08	F2BCE0CF75943E18852148B2875F632B	41472	----a-w-	C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-11-10 13:27:08	EE8FDC90138DD93AA6B1ECA831D9D3CE	1162240	----a-w-	C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-11-10 13:27:08	E4A4BC49568745BDA44F293E3D29A910	466432	----a-w-	C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-11-10 13:27:08	E2EFED5C9E4BF8EC6F35CF63CA5B589F	1594368	----a-w-	C:\WINDOWS\SysWOW64\msxml3.dll
2015-11-10 13:27:08	E0F11A1D1C7482BBD76448E6FD3AA327	454512	----a-w-	C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-11-10 13:27:08	DFAE92F5EF58FF29E81D951B2BDF45B8	1104384	----a-w-	C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-11-10 13:27:08	A1B94C8C5C9DD2780B83C7435EE18BED	1997336	----a-w-	C:\WINDOWS\SysWOW64\msxml6.dll
2015-11-10 13:27:08	860E5BC4CA5AB3FD20051D09270D1A26	504320	----a-w-	C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 13:27:08	7C2C2F9BA364DFC31B68C288C07B9D5D	464896	----a-w-	C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 13:27:08	77BFF88DF139AEB20BE0F5AB7737A981	13027840	----a-w-	C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-11-10 13:27:08	73FC0143E518D8DB7AFE9675F4AF8063	2207232	----a-w-	C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 13:27:08	73BE590D1D4B42A202FB0CDDB2784E78	650240	----a-w-	C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 13:27:08	5BD7D14A4D8CCC765C9C52167553FA10	311296	----a-w-	C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 13:27:08	4B5286A021D8CA64BABB07D7B9739AF4	512000	----a-w-	C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-11-10 13:27:08	15044A5910E532DBA4D24A46FC6960A8	1380864	----a-w-	C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 13:16:15	3A3009B3AC93CFF43F826B190DA05B70	2629632	----a-w-	C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2015-11-10 13:16:15	07C33E4E451FDD5A19219C1211E9B93F	4847104	----a-w-	C:\WINDOWS\SysWOW64\NlsData0009.dll
2015-11-10 13:09:22	BBAFB371A898A008FE059C963877FE05	35480	----a-w-	C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-11-10 13:09:22	04BEE8994F090D2ED2A761065A30174F	778936	----a-w-	C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-11-10 13:09:17	248647FBD0CE51A64F41A1A78401D35D	102608	----a-w-	C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-11-10 19:08:56	4C68D893D44C460C9B95CFFAA8A6F68B	16148	----a-w-	C:\WINDOWS\Sysnative\DAVID-PC_DAVID_HistoryPrediction.bin
2015-11-10 13:51:13	7255187BFBEC6CE742E165C28F30738C	2126038	----a-w-	C:\WINDOWS\Sysnative\PerfStringBackup.INI
2015-11-10 13:47:28	8EC732A5D39D62D32662243AD6A5A8CB	928336	----a-w-	C:\WINDOWS\Sysnative\oem3.inf
2015-11-10 13:29:01	68DE1997977CD3A86D5F8D0FD23056EA	1563392	----a-w-	C:\WINDOWS\Sysnative\winmde.dll
2015-11-10 13:29:00	6D6E7210CBD7C0AA2130F3F3F14D32A5	2824248	----a-w-	C:\WINDOWS\Sysnative\msmpeg2vdec.dll
2015-11-10 13:28:59	3478670E8646CC536E1EF21F077F4DD6	2156400	----a-w-	C:\WINDOWS\Sysnative\hevcdecoder.dll
2015-11-10 13:28:55	5E010B486F7FB28D9B79AAC471FE484F	476760	----a-w-	C:\WINDOWS\Sysnative\MFCaptureEngine.dll
2015-11-10 13:28:54	36E46F26B5291A7D324466602A88947B	784136	----a-w-	C:\WINDOWS\Sysnative\mfsvr.dll
2015-11-10 13:28:53	99E14B1011FC214DA89D9559AD816B3A	243760	----a-w-	C:\WINDOWS\Sysnative\mfps.dll
2015-11-10 13:28:53	78ECC7FEDA1790706A8ED7D864F754FC	2464216	----a-w-	C:\WINDOWS\Sysnative\mfcore.dll
2015-11-10 13:28:52	E4203AC09D4242C5849A36E4250C1504	3248128	----a-w-	C:\WINDOWS\Sysnative\Windows.Media.dll
2015-11-10 13:28:52	B82363129E8554D58B95A6935B83891D	781976	----a-w-	C:\WINDOWS\Sysnative\mfds.dll
2015-11-10 13:28:51	AF1EF2853B3343CF3EF6E16EE892853B	2418688	----a-w-	C:\WINDOWS\Sysnative\MFMediaEngine.dll
2015-11-10 13:28:50	71107775BE0E612150F032CE21DD9C7C	88384	----a-w-	C:\WINDOWS\Sysnative\remoteaudioendpoint.dll
2015-11-10 13:28:49	F57FE0BD8BD7E1F8088FE18D0FD7BEE9	501008	----a-w-	C:\WINDOWS\Sysnative\AudioEng.dll
2015-11-10 13:28:49	4C86961C71396D2BA39DAD9783437546	1068032	----a-w-	C:\WINDOWS\Sysnative\audiosrv.dll
2015-11-10 13:28:48	2C82D9E55432915A68A609008BDEF41A	1563472	----a-w-	C:\WINDOWS\Sysnative\wmpmde.dll
2015-11-10 13:28:39	64D7B91B7D667A70782D9C76D6292C3C	980832	----a-w-	C:\WINDOWS\Sysnative\SecConfig.efi
2015-11-10 13:28:39	509FF13E5C4FD63846FCA01A5ED912DB	521728	----a-w-	C:\WINDOWS\Sysnative\PsmServiceExtHost.dll
2015-11-10 13:28:38	AC180D981BD23443793F7AA71BBE344A	599552	----a-w-	C:\WINDOWS\Sysnative\wpnapps.dll
2015-11-10 13:28:38	A0DBB9386BEA8DA1A159C2A2E07081A3	856576	----a-w-	C:\WINDOWS\Sysnative\MPSSVC.dll
2015-11-10 13:28:08	D907DFF972354542D5B0B4414B308B75	312832	----a-w-	C:\WINDOWS\Sysnative\SensorsApi.dll
2015-11-10 13:28:08	D107C46DBC705FC63761968965AC4463	826880	----a-w-	C:\WINDOWS\Sysnative\jscript.dll
2015-11-10 13:28:08	4FAA3F23CB419B76B337CC77839FAD73	502272	----a-w-	C:\WINDOWS\Sysnative\dlnashext.dll
2015-11-10 13:28:08	48E6788535E2DCE95C46A6E048C68740	541024	----a-w-	C:\WINDOWS\Sysnative\mcupdate_GenuineIntel.dll
2015-11-10 13:28:05	72DBFBA1F53B9BF41E71EAA8414BBB86	12504064	----a-w-	C:\WINDOWS\Sysnative\ieframe.dll
2015-11-10 13:28:03	BEE5FBF5ECAEE9281023092F07F8E552	4792320	----a-w-	C:\WINDOWS\Sysnative\jscript9.dll
2015-11-10 13:27:58	7FAE452A3926AD368F7535F4F01825EA	21871616	----a-w-	C:\WINDOWS\Sysnative\edgehtml.dll
2015-11-10 13:27:56	872A77BDA3B9967118659E2B195EF23F	7523840	----a-w-	C:\WINDOWS\Sysnative\Chakra.dll
2015-11-10 13:27:56	4A805F2C7EF79017D6F67441439A6B18	771072	----a-w-	C:\WINDOWS\Sysnative\Chakradiag.dll
2015-11-10 13:27:53	FAEF347B0536E0AC61E43DAA40A6673B	24595968	----a-w-	C:\WINDOWS\Sysnative\mshtml.dll
2015-11-10 13:27:52	F0B43C550BD519423FB79A58A860CE0B	204288	----a-w-	C:\WINDOWS\Sysnative\LocationPeCell.dll
2015-11-10 13:27:52	E6337423BD19DD12EB6777934B57E0F4	176640	----a-w-	C:\WINDOWS\Sysnative\LocationPeIP.dll
2015-11-10 13:27:52	D88952BD78157D66A0921B63F5DD0EC5	439296	----a-w-	C:\WINDOWS\Sysnative\LocationWebproxy.dll
2015-11-10 13:27:52	C7503A49364DB2AF7A7DE177B233081F	1844736	----a-w-	C:\WINDOWS\Sysnative\workfolderssvc.dll
2015-11-10 13:27:52	B171608F20705895726DE86B34D1FBAC	95744	----a-w-	C:\WINDOWS\Sysnative\LocationWiFiAdapter.dll
2015-11-10 13:27:52	A5B7CAFA0327BCBC2FC6F1C9F95191CA	342016	----a-w-	C:\WINDOWS\Sysnative\LocationGeofences.dll
2015-11-10 13:27:52	5793FBBB1F120D1815A8348434ED236C	221184	----a-w-	C:\WINDOWS\Sysnative\LocationPeWiFi.dll
2015-11-10 13:27:52	07B5710393558DD734647D5F2F020647	215552	----a-w-	C:\WINDOWS\Sysnative\LocationCrowdsource.dll
2015-11-10 13:27:47	73AF2D8038FCEF4C4EB4B3106B41967A	2573768	----a-w-	C:\WINDOWS\Sysnative\msxml6.dll
2015-11-10 13:27:45	EA8B28FFF774F7C7862C8746E1FDECF6	273920	----a-w-	C:\WINDOWS\Sysnative\Windows.ApplicationModel.LockScreen.dll
2015-11-10 13:27:45	547D2BC05916E97FC8F48CB22DD1CFA1	22322624	----a-w-	C:\WINDOWS\Sysnative\shell32.dll
2015-11-10 13:27:45	504EC8E161E57742C3EA93E6DBCD5097	627712	----a-w-	C:\WINDOWS\Sysnative\Windows.UI.dll
2015-11-10 13:27:45	390EAAB81E5C1DB0FD4920796C74AB48	1290240	----a-w-	C:\WINDOWS\Sysnative\Windows.UI.Shell.dll
2015-11-10 13:27:45	363F3F99863C2BB8612C9133E45BF3E6	387584	----a-w-	C:\WINDOWS\Sysnative\LockAppBroker.dll
2015-11-10 13:27:45	184EA31BE714F3B33A5E96CBE103561C	78528	----a-w-	C:\WINDOWS\Sysnative\acmigration.dll
2015-11-10 13:27:44	B3CD8B2CBC6E48B194116B28F72CDA67	408064	----a-w-	C:\WINDOWS\Sysnative\CredProvDataModel.dll
2015-11-10 13:27:44	9D4A09AB97C2F0EC6BFA6B54AA2BA239	3781120	----a-w-	C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll
2015-11-10 13:27:44	891C83BE8BA62B7547B9A6576A360C71	1010176	----a-w-	C:\WINDOWS\Sysnative\RDXService.dll
2015-11-10 13:27:44	6C9DDD0611379864596D2A8DE7B1870C	504320	----a-w-	C:\WINDOWS\Sysnative\DataSenseHandlers.dll
2015-11-10 13:27:44	311F4D131C28DA12595132A35124E955	910848	----a-w-	C:\WINDOWS\Sysnative\SharedStartModel.dll
2015-11-10 13:27:44	031080A610C302B0279A267411EDB7E3	2226688	----a-w-	C:\WINDOWS\Sysnative\NetworkMobileSettings.dll
2015-11-10 13:27:43	EA1C2DAB8A63712B94897A58557B086C	371712	----a-w-	C:\WINDOWS\Sysnative\nlasvc.dll
2015-11-10 13:27:43	CF2B0ADDBA61B3B9FA339118FC742032	1812480	----a-w-	C:\WINDOWS\Sysnative\pnidui.dll
2015-11-10 13:27:43	B9FC9E9B55C74557FEC004BF8B1184F4	359936	----a-w-	C:\WINDOWS\Sysnative\ncsi.dll
2015-11-10 13:27:43	B31569B0E7A467D4050FA49CFCBFCEFA	204800	----a-w-	C:\WINDOWS\Sysnative\wcmcsp.dll
2015-11-10 13:27:43	A40484AC27EE08DBE7F8DA5E1F6651ED	591360	----a-w-	C:\WINDOWS\Sysnative\wcmsvc.dll
2015-11-10 13:27:43	959695FD137FF0DEFC6152AAB03AA3D6	1216512	----a-w-	C:\WINDOWS\Sysnative\netcenter.dll
2015-11-10 13:27:43	3C096082A9232B7CEE4653B9C9031769	2228736	----a-w-	C:\WINDOWS\Sysnative\wlansvc.dll
2015-11-10 13:27:42	F9BD360A4799BB54A01692940C46CA2B	537080	----a-w-	C:\WINDOWS\Sysnative\WWanAPI.dll
2015-11-10 13:27:42	DBA8FE1EAA344106C334E193D3D57B66	73728	----a-w-	C:\WINDOWS\Sysnative\wwancfg.dll
2015-11-10 13:27:42	DAFEABE69E915A2374E13C6B24EF331F	690688	----a-w-	C:\WINDOWS\Sysnative\CellularAPI.dll
2015-11-10 13:27:42	D7B28BF9E08128C5A8B89FFD5BEB6B88	465920	----a-w-	C:\WINDOWS\Sysnative\wwanconn.dll
2015-11-10 13:27:42	D23F211E1AA0787EFEC373D172D4A1C2	1181696	----a-w-	C:\WINDOWS\Sysnative\wwansvc.dll
2015-11-10 13:27:42	C5890CAD6482B12ECA19E680B779560F	858408	----a-w-	C:\WINDOWS\Sysnative\winresume.exe
2015-11-10 13:27:42	A92AFC8FB13ADC1CB59719B3E519C843	1294352	----a-w-	C:\WINDOWS\Sysnative\winload.efi
2015-11-10 13:27:42	95EC1A9A6926F5091957F6CA52A34F21	162304	----a-w-	C:\WINDOWS\Sysnative\SubscriptionMgr.dll
2015-11-10 13:27:42	863E39BB1F8779B8A6CEEC4BA93401C2	1018568	----a-w-	C:\WINDOWS\Sysnative\winresume.efi
2015-11-10 13:27:42	59BD4C7EC035B59B77A7D9CE71F1B9AE	1276416	----a-w-	C:\WINDOWS\Sysnative\wifinetworkmanager.dll
2015-11-10 13:27:42	2481E9E8858AD0A223FA3110916EF0C1	6572032	----a-w-	C:\WINDOWS\Sysnative\wwanmm.dll
2015-11-10 13:27:42	11648E08564ECFC6CB435990261F1A34	1123400	----a-w-	C:\WINDOWS\Sysnative\winload.exe
2015-11-10 13:27:14	F9042F366B9695FD564E9485112453E2	1871360	----a-w-	C:\WINDOWS\Sysnative\msxml3.dll
2015-11-10 13:27:14	EF3BBA8739757B470D0E49C8619A31C0	53760	----a-w-	C:\WINDOWS\Sysnative\Windows.Speech.Pal.dll
2015-11-10 13:27:14	E5D86250453B33900666D92ED1A92ABE	2740224	----a-w-	C:\WINDOWS\Sysnative\wininet.dll
2015-11-10 13:27:14	AB3B184665305AD0149150DD72DB0238	576000	----a-w-	C:\WINDOWS\Sysnative\vbscript.dll
2015-11-10 13:27:14	A1243182E21EAC015267DBE2728D4BBE	8020320	----a-w-	C:\WINDOWS\Sysnative\ntoskrnl.exe
2015-11-10 13:27:14	65A0B3477231CE37B09A719DBBB9FCF1	671232	----a-w-	C:\WINDOWS\Sysnative\WUDFx02000.dll
2015-11-10 13:27:14	41C0EC5B11375F9CA045AFEF1EB75D5F	366592	----a-w-	C:\WINDOWS\Sysnative\wuuhext.dll
2015-11-10 13:27:14	41529E49F3A2218E9F689F6814114BF6	1602560	----a-w-	C:\WINDOWS\Sysnative\urlmon.dll
2015-11-10 13:27:14	2B9702F8834ADF2EF4AC369876B40424	3621248	----a-w-	C:\WINDOWS\Sysnative\iertutil.dll
2015-11-10 13:27:13	F1A6A22A63F380DFF28C55B11D688B0C	102304	----a-w-	C:\WINDOWS\Sysnative\omadmapi.dll
2015-11-10 13:27:13	F01743062DA74A24A0E7836289E33731	187904	----a-w-	C:\WINDOWS\Sysnative\provisioningcsp.dll
2015-11-10 13:27:13	ECA28C8F0FF34A2BD8311CBA2D35B143	121856	----a-w-	C:\WINDOWS\Sysnative\dmcsps.dll
2015-11-10 13:27:13	E7F64B9E2DBDBA1CCC0CFE242D7BBF5D	1795072	----a-w-	C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll
2015-11-10 13:27:13	E2AE190B76C27430E4E8258D0C44C79B	317440	----a-w-	C:\WINDOWS\Sysnative\configmanager2.dll
2015-11-10 13:27:13	DDCBE4B09287CF224B63015F9C6BD31F	1295712	----a-w-	C:\WINDOWS\Sysnative\wpx.dll
2015-11-10 13:27:13	D76A6C338A81C3B14AD37B22AA422B4B	713216	----a-w-	C:\WINDOWS\Sysnative\usermgr.dll
2015-11-10 13:27:13	D61C3ED7C5F0D1B5BD9B351FEC381D57	120832	----a-w-	C:\WINDOWS\Sysnative\omadmclient.exe
2015-11-10 13:27:13	D5AAA188C70146977CFEE8D128599F3F	378368	----a-w-	C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll
2015-11-10 13:27:13	D1AA97B30A9ED6F89DC3848C8BF53513	224256	----a-w-	C:\WINDOWS\Sysnative\KnobsCore.dll
2015-11-10 13:27:13	C92EBECB1E30E7E6006C0D8B4040C3F6	274944	----a-w-	C:\WINDOWS\Sysnative\syncutil.dll
2015-11-10 13:27:13	C66E058599A44E0EEA95B3E0547345D2	30208	----a-w-	C:\WINDOWS\Sysnative\syncmlhook.dll
2015-11-10 13:27:13	C527C9231D39BF69611F5F8C80C36140	579072	----a-w-	C:\WINDOWS\Sysnative\winlogon.exe
2015-11-10 13:27:13	BBA571F40F08F967531573109F7FA95E	169984	----a-w-	C:\WINDOWS\Sysnative\mdmregistration.dll
2015-11-10 13:27:13	B8401703E619E7BD7B5A659306A9BFE6	84480	----a-w-	C:\WINDOWS\Sysnative\MDMAppInstaller.exe
2015-11-10 13:27:13	98986780B8D494326D28DCAB6D601450	154624	----a-w-	C:\WINDOWS\Sysnative\dmcertinst.exe
2015-11-10 13:27:13	887065722784FD70B880B0D900E4884D	185344	----a-w-	C:\WINDOWS\Sysnative\psmsrv.dll
2015-11-10 13:27:13	684F1E1B5D07451B600EA3C3D728A534	281600	----a-w-	C:\WINDOWS\Sysnative\VEEventDispatcher.dll
2015-11-10 13:27:13	64F32C5DDA316F1091CD7B24826443FA	76800	----a-w-	C:\WINDOWS\Sysnative\browserbroker.dll
2015-11-10 13:27:13	63D8A023148D8436D6CBA65E2B9ED56A	143360	----a-w-	C:\WINDOWS\Sysnative\provops.dll
2015-11-10 13:27:13	562078FF6ED0C2B1C09078343437D03E	168960	----a-w-	C:\WINDOWS\Sysnative\mdmmigrator.dll
2015-11-10 13:27:13	49213BF8E7EEE157F128C58D75043B09	68096	----a-w-	C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll
2015-11-10 13:27:13	43A1B8B43CA4E213E0FD920F2FD6BCBA	267776	----a-w-	C:\WINDOWS\Sysnative\Windows.Internal.Management.dll
2015-11-10 13:27:13	3B397ED55AE652520503CCE0996B0D25	160256	----a-w-	C:\WINDOWS\Sysnative\enrollmentapi.dll
2015-11-10 13:27:13	3A4A543F135DE9A06ABA9DF982D79DD7	526336	----a-w-	C:\WINDOWS\Sysnative\bisrv.dll
2015-11-10 13:27:13	334206DD8DA94B0AEBC46A3196888031	83968	----a-w-	C:\WINDOWS\Sysnative\DeviceEnroller.exe
2015-11-10 13:27:13	2E71E6B389976FD78609A1AB44F7EEB1	2179584	----a-w-	C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2015-11-10 13:27:13	194239DA484C7DB62E6773ABB5DD4463	269312	----a-w-	C:\WINDOWS\Sysnative\provengine.dll
2015-11-10 13:27:13	157B1CABAF5201237EECA4FB0F34D822	403456	----a-w-	C:\WINDOWS\Sysnative\dmenrollengine.dll
2015-11-10 13:27:13	14503C58C1528D83FB2328840784EC78	621056	----a-w-	C:\WINDOWS\Sysnative\enterprisecsps.dll
2015-11-10 13:27:13	09247D43F19CAFEEFEBF6A32F3A1225F	118272	----a-w-	C:\WINDOWS\Sysnative\KnobsCsp.dll
2015-11-10 13:27:13	02954F6B3389EF56088EF1C99B6105BA	202240	----a-w-	C:\WINDOWS\Sysnative\accountaccessor.dll
2015-11-10 13:27:12	DE8B9EE2E86532686497FE5A1E44E90D	467968	----a-w-	C:\WINDOWS\Sysnative\MBMediaManager.dll
2015-11-10 13:27:12	D37063C5B492B7B4F26D24C62167C8BE	137728	----a-w-	C:\WINDOWS\Sysnative\VEStoreEventHandlers.dll
2015-11-10 13:27:12	C8C5DFF028EA28D7846E95D8E5461794	570880	----a-w-	C:\WINDOWS\Sysnative\MbaeApi.dll
2015-11-10 13:27:12	BF77FC08A7D4DC37A659561B29FA23EC	163840	----a-w-	C:\WINDOWS\Sysnative\CallHistoryClient.dll
2015-11-10 13:27:12	B70FF53144AC4B3C7D98BFB7D7C239BD	2236416	----a-w-	C:\WINDOWS\Sysnative\wuaueng.dll
2015-11-10 13:27:12	9C71FA3F776218AD2394833B8DE79031	685568	----a-w-	C:\WINDOWS\Sysnative\AppointmentApis.dll
2015-11-10 13:27:12	913E47FCD3B43EC27215F90884915CAF	780288	----a-w-	C:\WINDOWS\Sysnative\Windows.ApplicationModel.Store.dll
2015-11-10 13:27:12	9045120B390CDA9C0C7DB93745B92554	720896	----a-w-	C:\WINDOWS\Sysnative\EmailApis.dll
2015-11-10 13:27:12	8D23F0819A00C547814409B734DD3747	503808	----a-w-	C:\WINDOWS\Sysnative\tileobjserver.dll
2015-11-10 13:27:12	88E6A429944544346EC3AE1FD7D24BCC	149504	----a-w-	C:\WINDOWS\Sysnative\tetheringservice.dll
2015-11-10 13:27:12	86C0DEE6940878A1496CBBA856FF4E5B	584656	----a-w-	C:\WINDOWS\Sysnative\mf.dll
2015-11-10 13:27:12	839BD56425530973FF3F6F7C0057CD22	288256	----a-w-	C:\WINDOWS\Sysnative\PimIndexMaintenance.dll
2015-11-10 13:27:12	7E8811597D2752736B776F15A1C8FAA6	856576	----a-w-	C:\WINDOWS\Sysnative\ContactApis.dll
2015-11-10 13:27:12	754BC3E56FF301B9EE8A764932D02124	513536	----a-w-	C:\WINDOWS\Sysnative\ngcsvc.dll
2015-11-10 13:27:12	7505ACFD9362DA74FEB623F21FE3B391	1601536	----a-w-	C:\WINDOWS\Sysnative\Windows.Media.Speech.dll
2015-11-10 13:27:12	75051FAAA293FA5414105A2BDA6BAC05	223232	----a-w-	C:\WINDOWS\Sysnative\PhoneCallHistoryApis.dll
2015-11-10 13:27:12	714E84B757FADBAF75BF5CAF2617FA03	333312	----a-w-	C:\WINDOWS\Sysnative\MusUpdateHandlers.dll
2015-11-10 13:27:12	65F1F4DBB4A6FA971BF9F00129F452A0	494592	----a-w-	C:\WINDOWS\Sysnative\StoreAgent.dll
2015-11-10 13:27:12	5A863500AB522EFA6270019D613F15F9	757760	----a-w-	C:\WINDOWS\Sysnative\fveapi.dll
2015-11-10 13:27:12	52C3440B5098BFB99D91E869A26ECB30	1213440	----a-w-	C:\WINDOWS\Sysnative\RemoteNaturalLanguage.dll
2015-11-10 13:27:12	4DA298E26DC2D3DACBD9E3E54E62885E	1392480	----a-w-	C:\WINDOWS\Sysnative\LicenseManager.dll
2015-11-10 13:27:12	4A54273338073939384A14BF0D7AFC14	88064	----a-w-	C:\WINDOWS\Sysnative\ngckeyenum.dll
2015-11-10 13:27:12	3DB512EC071AB5656EECA3611E24C797	752640	----a-w-	C:\WINDOWS\Sysnative\ChatApis.dll
2015-11-10 13:27:12	32212C0FE0556915E763C29DEB6D267E	1423872	----a-w-	C:\WINDOWS\Sysnative\UserDataService.dll
2015-11-10 13:27:12	2C144777278ECD6DFF4B5A90F742C1AA	346112	----a-w-	C:\WINDOWS\Sysnative\ngccredprov.dll
2015-11-10 13:27:12	230C8AEE3C7F4723ABEA09C93DF47AF3	257024	----a-w-	C:\WINDOWS\Sysnative\UserDataAccountApis.dll
2015-11-10 13:27:12	0D5C9E27E93AAEA3E30A1E59A7AC3DFF	1205248	----a-w-	C:\WINDOWS\Sysnative\Unistore.dll
2015-11-10 13:27:12	02077F66F8CF2F1FD58403D371482B01	106496	----a-w-	C:\WINDOWS\Sysnative\KeywordDetectorMsftSidAdapter.dll
2015-11-10 13:27:11	EBD5F0FDD3EBB6EE6F6EE524206AD0AE	26624	----a-w-	C:\WINDOWS\Sysnative\LicenseManagerShellext.exe
2015-11-10 13:27:11	B7927A1D40BD17BC963E9353DBB36CD7	869376	----a-w-	C:\WINDOWS\Sysnative\MapControlCore.dll
2015-11-10 13:27:11	85146ABCB1EF298D1FF6EE4D5541788C	832512	----a-w-	C:\WINDOWS\Sysnative\MapsStore.dll
2015-11-10 13:27:11	7ED8EF17B3A6C69DA6A0EC90CFBB4ABB	7055872	----a-w-	C:\WINDOWS\Sysnative\BingMaps.dll
2015-11-10 13:27:11	7910232E31799A576F2509DA92CB8813	928256	----a-w-	C:\WINDOWS\Sysnative\JpMapControl.dll
2015-11-10 13:27:11	537826436B921256BA9055F65A97ED91	7569408	----a-w-	C:\WINDOWS\Sysnative\mos.dll
2015-11-10 13:27:11	02707CF32272B726BB410E6717BBB7E8	446976	----a-w-	C:\WINDOWS\Sysnative\MapConfiguration.dll
2015-11-10 13:27:10	ED8EAAD25E68C88EE68869805EDD4F29	1382400	----a-w-	C:\WINDOWS\Sysnative\win32kbase.sys
2015-11-10 13:27:10	879E8BFAEA2393B9E057B909A558174F	3586560	----a-w-	C:\WINDOWS\Sysnative\win32kfull.sys
2015-11-10 13:27:10	7DDB731AD3E9F9F91D62E991BD52814F	79872	----a-w-	C:\WINDOWS\Sysnative\HttpsDataSource.dll
2015-11-10 13:27:10	6FA4BB1AA0C18F5CFB96F228376BD249	2494712	----a-w-	C:\WINDOWS\Sysnative\CoreUIComponents.dll
2015-11-10 13:27:10	3A582ABD42FC7C40B944667EDCF5235F	949248	----a-w-	C:\WINDOWS\Sysnative\kerberos.dll
2015-11-10 13:27:10	38F08B82ADEEA1003B4A5177BB5366B3	347136	----a-w-	C:\WINDOWS\Sysnative\ncryptprov.dll
2015-11-10 13:27:09	DE82BD1C35547D04241DB1DB3D4808E0	6487248	----a-w-	C:\WINDOWS\Sysnative\windows.storage.dll
2015-11-10 13:27:09	9893111B27B906ADB596EED84A505177	2987520	----a-w-	C:\WINDOWS\Sysnative\esent.dll
2015-11-10 13:27:09	49B00A59043431804A5BCB5E48F735B3	414208	----a-w-	C:\WINDOWS\Sysnative\AppXDeploymentClient.dll
2015-11-10 13:27:09	0FC4FA53C3F666CD7AFB138A978D3CB8	2675200	----a-w-	C:\WINDOWS\Sysnative\Windows.StateRepository.dll
2015-11-10 13:27:08	F548C34A6FF655F0A716316133B4DD5D	590336	----a-w-	C:\WINDOWS\Sysnative\MessagingDataModel2.dll
2015-11-10 13:27:08	EA354224BAD970CF0F438E6567F26A49	145408	----a-w-	C:\WINDOWS\Sysnative\dssvc.dll
2015-11-10 13:27:08	D4E92C0C0F9C5054B03D67A3C0B41961	555768	----a-w-	C:\WINDOWS\Sysnative\directmanipulation.dll
2015-11-10 13:27:08	C5E2FBB19641860794CEE2B580192732	966416	----a-w-	C:\WINDOWS\Sysnative\twinapi.appcore.dll
2015-11-10 13:27:08	AF34122A1B595218036B4049D802B470	1203712	----a-w-	C:\WINDOWS\Sysnative\Windows.Devices.Bluetooth.dll
2015-11-10 13:27:08	A51AC21B1F31FD7F4EC2811E33572AFC	859136	----a-w-	C:\WINDOWS\Sysnative\modernexecserver.dll
2015-11-10 13:27:08	9C2B0E3A21CECD14E20A848F0DE94B24	517632	----a-w-	C:\WINDOWS\Sysnative\NotificationController.dll
2015-11-10 13:27:08	8AFDD74F2DC5BAD9B2215FB19DB65240	809352	----a-w-	C:\WINDOWS\Sysnative\CoreMessaging.dll
2015-11-10 13:27:08	87BC4E77F2BDCF8D2AF8971095CF60C6	453120	----a-w-	C:\WINDOWS\Sysnative\Windows.Devices.Usb.dll
2015-11-10 13:27:08	85AC4CA67BECC08CBC655A8D8919B23B	1331200	----a-w-	C:\WINDOWS\Sysnative\UIAutomationCore.dll
2015-11-10 13:27:08	77C8CD0AACC1D059EDF6E91920D11550	421888	----a-w-	C:\WINDOWS\Sysnative\Windows.Internal.Bluetooth.dll
2015-11-10 13:27:08	506F9F526D42BB4C0A579CB78F923A48	483328	----a-w-	C:\WINDOWS\Sysnative\OneDriveSettingSyncProvider.dll
2015-11-10 13:27:08	37B5ECB8C390D9FD5A5BB2FFB7294B9E	553808	----a-w-	C:\WINDOWS\Sysnative\SettingSyncHost.exe
2015-11-10 13:27:08	327DA4A4DE4E9BECF2C16967366C74E2	186880	----a-w-	C:\WINDOWS\Sysnative\cloudAP.dll
2015-11-10 13:27:08	212E5C2C279835CBFEBF935EB0E7EC5D	16708608	----a-w-	C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2015-11-10 13:27:08	17159DF4093B2F33B95AB9F703EA8391	796160	----a-w-	C:\WINDOWS\Sysnative\TokenBroker.dll
2015-11-10 13:27:08	0968D575D9108497A6DC37749D4A6C4F	2093056	----a-w-	C:\WINDOWS\Sysnative\wlidsvc.dll
2015-11-10 13:16:15	F2A9EE3B2BAE77AE64F44C96CD4DF8AD	2629632	----a-w-	C:\WINDOWS\Sysnative\NlsLexicons0009.dll
2015-11-10 13:16:15	C123A84507633F49DFB9FC7A0B3D5140	6358016	----a-w-	C:\WINDOWS\Sysnative\NlsData0009.dll
2015-11-10 13:16:15	6F776EC9BC9EEDA2AB1B45C88BD12D77	5739520	----a-w-	C:\WINDOWS\Sysnative\prm0009.dll
2015-11-10 13:08:54	A2C74EF675150C94DA6D2A15B5F92612	1166520	----a-w-	C:\WINDOWS\Sysnative\PresentationNative_v0300.dll
2015-11-10 13:08:54	85BF4619A138A6A8AD31C6E83E795A98	124112	----a-w-	C:\WINDOWS\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2015-11-10 13:08:54	26A67F58D21ECE5650005F43393C19FC	35480	----a-w-	C:\WINDOWS\Sysnative\TsWpfWrp.exe
====== C:\WINDOWS\Sysnative\drivers =====
2015-11-10 13:47:19	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\WINDOWS\Sysnative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2015-11-10 13:47:08	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\WINDOWS\Sysnative\drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-11-10 13:46:20	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\WINDOWS\Sysnative\drivers\Msft_Kernel_SynTP_01009.Wdf
2015-11-10 13:28:38	7EBD20284AC9BF9F0A020B86769BB074	2432336	----a-w-	C:\WINDOWS\Sysnative\drivers\tcpip.sys
2015-11-10 13:28:38	1434CA8A224655AD096D57DB24D3AA85	406864	----a-w-	C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS
2015-11-10 13:27:52	C8CC2A8C528F01869A5EEF211B6A7F9A	459104	----a-w-	C:\WINDOWS\Sysnative\drivers\netio.sys
2015-11-10 13:27:52	927AD29D7F91B9A0C5294932374DA15E	894256	----a-w-	C:\WINDOWS\Sysnative\drivers\Wdf01000.sys
2015-11-10 13:27:52	616F40B897DA651221F86A1741E9609B	1168736	----a-w-	C:\WINDOWS\Sysnative\drivers\ndis.sys
2015-11-10 13:27:11	FDB239DBE2A14B572D21ABCEDC7BB5D0	505696	----a-w-	C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2015-11-10 13:27:11	B6A33DCEBE437F909615E89BA5FB1385	395088	----a-w-	C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2015-11-10 13:27:10	89C9C3745F270EF93988DA57BC6AA62B	1983824	----a-w-	C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2015-11-10 13:27:08	FA5C94FB36625787063D04CF2F24E890	320000	----a-w-	C:\WINDOWS\Sysnative\drivers\portcls.sys
2015-11-10 13:27:08	C08449092043601887A1743350888635	516448	----a-w-	C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2015-11-10 13:27:08	854AF190F55E6D70EC65A85798F896E2	36352	----a-w-	C:\WINDOWS\Sysnative\drivers\buttonconverter.sys
2015-11-10 13:27:08	70469C8AC4AD367295E70CFDD81B754C	99664	----a-w-	C:\WINDOWS\Sysnative\drivers\pdc.sys
2015-11-10 13:27:08	5A1C6AFFF6946C5C21A27AE05084C0D1	332624	----a-w-	C:\WINDOWS\Sysnative\drivers\fastfat.sys
2015-11-10 13:27:08	0A368247A900656CC0678117DFC3A87C	498016	----a-w-	C:\WINDOWS\Sysnative\drivers\usbhub.sys
2015-11-10 13:27:08	004C66464D8FE76D5DA78BE6777D61AF	278352	----a-w-	C:\WINDOWS\Sysnative\drivers\sdbus.sys
====== C:\WINDOWS\Tasks ======
2015-11-10 08:43:59	E1FB97EC59E4ECFC0966F9EBC9D6C8AB	214	----a-w-	C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-11-10 13:58:40	--------	d-----w-	C:\Program Files\Common Files\SpeechEngines
2015-11-10 13:46:27	--------	d-----w-	C:\Program Files\Realtek
2015-11-10 13:46:08	--------	d-----w-	C:\Program Files\Synaptics
2015-11-10 13:11:19	--------	d-----w-	C:\Program Files\Reference Assemblies
2015-11-10 13:11:19	--------	d-----w-	C:\Program Files\MSBuild
2015-11-10 09:55:11	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2015-11-10 13:58:44	--------	d-----w-	C:\PROGRA~2\COMMON~1\SpeechEngines
2015-11-10 13:11:19	--------	d-----w-	C:\PROGRA~2\Reference Assemblies
2015-11-10 13:11:19	--------	d-----w-	C:\PROGRA~2\MSBuild
======= C: =====
====== C:\Users\DAVID\AppData\Roaming ======
2015-11-10 14:26:10	--------	d-----w-	C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Packages
2015-11-10 14:22:36	--------	d-----w-	C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft
2015-11-10 14:10:39	--------	d-----w-	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2015-11-10 14:10:39	--------	d-----w-	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2015-11-10 14:10:39	--------	d-----w-	C:\Users\Default\AppData\Local\Microsoft Help
2015-11-10 14:10:39	--------	d-----w-	C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2015-11-10 14:10:39	--------	d-----w-	C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2015-11-10 14:10:39	--------	d-----w-	C:\Users\Default User\AppData\Local\Microsoft Help
2015-11-10 13:52:51	--------	d-s---r-	C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-11-10 13:52:51	--------	d-----w-	C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-11-10 13:52:51	--------	d-----w-	C:\Users\DAVID\AppData\Roaming
2015-11-10 13:52:51	--------	d-----w-	C:\Users\DAVID\AppData\Local\Temp
2015-11-10 13:52:51	--------	d-----w-	C:\Users\DAVID\AppData\Local\Microsoft
2015-11-10 13:52:51	--------	d-----w-	C:\Users\DAVID\AppData\Local
2015-11-10 13:52:51	--------	d-----r-	C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-11-10 13:52:51	--------	d-----r-	C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-10 13:52:51	--------	d-----r-	C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-11-10 13:52:51	--------	d-----r-	C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2015-11-10 13:52:50	--------	d-s---r-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-11-10 13:52:50	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-11-10 13:52:50	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2015-11-10 13:52:50	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Roaming
2015-11-10 13:52:50	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Local\Temp
2015-11-10 13:52:50	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Local\Microsoft
2015-11-10 13:52:50	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Local
2015-11-10 13:52:50	--------	d-----r-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-11-10 13:52:50	--------	d-----r-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-10 13:52:50	--------	d-----r-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-11-10 09:08:59	--------	d-----w-	C:\Users\DAVID\AppData\Local\Essentware
2015-11-07 23:53:56	--------	d-----w-	C:\Users\DAVID\AppData\Local\CEF
2015-11-07 22:31:58	--------	d-----w-	C:\Users\DAVID\AppData\Local\AvgSetupLog
====== C:\Users\DAVID ======
2015-11-10 15:48:40	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-10 14:37:32	70F3B35C7754B71A347B43660D5C55ED	636	--sha-r-	C:\Users\DAVID\ntuser.pol
2015-11-10 14:37:28	6FC234AD3752E1267B34FB12BCD6718B	20	--sh--w-	C:\Users\DAVID\ntuser.ini
2015-11-10 13:52:51	--------	d--h--w-	C:\Users\DAVID\AppData
2015-11-10 13:52:50	--------	d--h--w-	C:\Users\DefaultAppPool\AppData
2015-11-10 13:51:35	AE32ECE3A4F49116374B3A79C179D74C	4194304	----a-w-	C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bin
2015-11-10 13:51:35	18AF21805CD04B1BA30A5C562B28FEE3	196608	----a-w-	C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bak
2015-11-10 13:47:03	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\ProgramData\DP45977C.lfl
2015-11-10 11:34:36	B43008EE512684977F1C4360869EFFE8	19733696	----a-w-	C:\Users\DAVID\Downloads\MediaCreationToolx64.exe
2015-11-10 09:50:09	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\DAVID\Downloads\RSITx64.exe
2015-11-10 09:07:06	--------	d-----w-	C:\ProgramData\Essentware
2015-11-02 16:24:14	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

====== C: exe-files ==
2015-11-10 18:48:06	C2957606836BEFBBCAAE47F088671818	154	----a-w-	C:\$Recycle.Bin\S-1-5-21-191070189-3428041399-996192118-1001\$IQW0JCS.exe
2015-11-10 15:48:30	6211595DD15306DFD8E07B95E6F2984D	16480	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\tnameserv.exe
2015-11-10 15:48:30	4D2DDC988E4F67E7E07E78954FBEED2D	159328	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\unpack200.exe
2015-11-10 15:48:29	FAE99E011922F5BE4CB2160E316D057B	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\rmiregistry.exe
2015-11-10 15:48:29	FA5E33B54BD044F489BA4281B3D6ED95	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\servertool.exe
2015-11-10 15:48:29	CC0CF93D2BF12A423DA4134FFB9C324D	50784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssvagent.exe
2015-11-10 15:48:29	BBC68E5519B11A74B8208AA7B85F3B80	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\rmid.exe
2015-11-10 15:48:29	B61623580A304714A4E2FE6A5E73327F	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\pack200.exe
2015-11-10 15:48:29	940EE00C074A46D638A756723964D65D	16480	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\orbd.exe
2015-11-10 15:48:29	857117663B1F28ABBA4E1C6110A09282	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\policytool.exe
2015-11-10 15:48:28	AA79E5830F4B6C29A5A976891ED0E86B	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\jjs.exe
2015-11-10 15:48:28	56DCBCE6CF84B5F12185AF6DB7B85EB2	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\keytool.exe
2015-11-10 15:48:28	2AA43B8A44341F90DCCFAE38107BA484	76896	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2launcher.exe
2015-11-10 15:48:28	1A859E08A65ECBA7B687ACAED5EA5080	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\ktab.exe
2015-11-10 15:48:28	1933BBD87F9759CC2D7DC2909C4CA0CD	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\klist.exe
2015-11-10 15:48:28	0AD21325149141252F05B32F7809F441	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\kinit.exe
2015-11-10 15:48:27	B6DBE62611DA178B2CA578BC2B7BBA30	68192	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe
2015-11-10 15:48:27	A53E431775DF91EA016AF5817DF26B41	191584	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\javaw.exe
2015-11-10 15:48:27	50CC4A65F784A51813A169EA33CF319A	278624	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\javaws.exe
2015-11-10 15:48:26	8ED50DA4BAE0046E05BEC0110CF20B17	15968	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\java-rmi.exe
2015-11-10 15:48:26	66B01DCB41FBE8C3CAB13D3F8ED4FA58	30816	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\jabswitch.exe
2015-11-10 15:48:26	4547FB479010206D8BEA10B2694C5C6D	191072	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\bin\java.exe
2015-11-10 12:08:52	BD759B345A1FCF32FC62F4571A99D842	118272	----a-w-	C:\$Windows.~BT\Updates\Critical\afb58a1f-0ce3-4874-b83f-5adf9756bd95\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16439_none_b542b323a998dec7\poqexec.exe
2015-11-10 12:08:49	C04A98CE0017A5F088E5DB01B7AABEC0	233312	----a-w-	C:\$Windows.~BT\Updates\Critical\afb58a1f-0ce3-4874-b83f-5adf9756bd95\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16439_none_b542b323a998dec7\tifilefetcher.exe
2015-11-10 12:08:49	3EA8C021E552FAB2A6E51EF0B235CC5B	197120	----a-w-	C:\$Windows.~BT\Updates\Critical\afb58a1f-0ce3-4874-b83f-5adf9756bd95\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16439_none_b542b323a998dec7\tiworker.exe
2015-11-10 12:05:52	AA50F56027672574830C3DFB162CE6B4	264896	----a-w-	C:\$Windows.~BT\Sources\setup.exe
2015-11-10 12:05:52	7514ACBC8970264B64B6333A5B624B48	95424	----a-w-	C:\$Windows.~BT\Sources\setuperror.exe
2015-11-10 12:05:52	105E376A621BD29D777CB9C0E5B37CFA	127168	----a-w-	C:\$Windows.~BT\Sources\rollback.exe
2015-11-10 12:05:52	00B0A7723CF5129FA111FF173FE22436	10371776	----a-w-	C:\$Windows.~BT\Sources\setupprep.exe
2015-11-10 12:05:31	7B839AE102CC45DDCBFB319DE8FBD87D	279232	----a-w-	C:\$Windows.~BT\Sources\mighost.exe
2015-11-10 12:01:12	B7D7DF923895DE20A6C082729F47A5B3	494080	----a-w-	C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-iasserver-migplugin\iasmigreader.exe
2015-11-10 12:01:08	D69F245E0627D2398EE8E2C50B472F5C	310624	----a-w-	C:\$Windows.~BT\Sources\dism.exe
2015-11-10 12:01:03	A222E66BAC14AC13E2DB33307EA4E49A	780640	----a-w-	C:\$Windows.~BT\Boot\memtest.exe
2015-11-10 12:01:02	01A2E3A5B399F5154250F687A755696C	111968	----a-w-	C:\$Windows.~BT\Boot\bootsect.exe
2015-11-10 12:00:54	38A2CEF98BB9B2FAA1041F5BBEBF88B2	172736	----a-w-	C:\$Windows.~BT\Sources\setupplatform.exe
2015-11-10 12:00:53	EE3D63031BFEE759D8868E3B2E6E1ED5	749248	----a-w-	C:\$Windows.~BT\Sources\SetupHost.exe
2015-11-10 12:00:53	7B35BD9E5386CCEB4B1377055D185898	1024536	----a-w-	C:\$Windows.~BT\Sources\gatherosstate.exe
2015-11-10 12:00:52	8C0312BFFEE0FFD8E8B47E3D0012CE01	77504	----a-w-	C:\$Windows.~BT\Sources\diagtrackrunner.exe
2015-11-10 09:55:11	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\DAVID.exe
=== C: other files ==
2015-11-10 15:48:30	577B724A8DB4380F8B8F0098D1C9A722	14130	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_65\lib\deploy\ffjcext.zip
2015-11-10 13:28:38	7EBD20284AC9BF9F0A020B86769BB074	2432336	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2015-11-10 13:28:38	1434CA8A224655AD096D57DB24D3AA85	406864	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
2015-11-10 13:27:52	C8CC2A8C528F01869A5EEF211B6A7F9A	459104	----a-w-	C:\Windows\System32\drivers\netio.sys
2015-11-10 13:27:52	927AD29D7F91B9A0C5294932374DA15E	894256	----a-w-	C:\Windows\System32\drivers\Wdf01000.sys
2015-11-10 13:27:52	616F40B897DA651221F86A1741E9609B	1168736	----a-w-	C:\Windows\System32\drivers\ndis.sys
2015-11-10 13:27:11	FDB239DBE2A14B572D21ABCEDC7BB5D0	505696	----a-w-	C:\Windows\System32\drivers\dxgmms2.sys
2015-11-10 13:27:11	B6A33DCEBE437F909615E89BA5FB1385	395088	----a-w-	C:\Windows\System32\drivers\dxgmms1.sys
2015-11-10 13:27:10	ED8EAAD25E68C88EE68869805EDD4F29	1382400	----a-w-	C:\Windows\System32\win32kbase.sys
2015-11-10 13:27:10	89C9C3745F270EF93988DA57BC6AA62B	1983824	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2015-11-10 13:27:10	879E8BFAEA2393B9E057B909A558174F	3586560	----a-w-	C:\Windows\System32\win32kfull.sys
2015-11-10 13:27:08	FA5C94FB36625787063D04CF2F24E890	320000	----a-w-	C:\Windows\System32\drivers\portcls.sys
2015-11-10 13:27:08	C08449092043601887A1743350888635	516448	----a-w-	C:\Windows\System32\drivers\USBHUB3.SYS
2015-11-10 13:27:08	854AF190F55E6D70EC65A85798F896E2	36352	----a-w-	C:\Windows\System32\drivers\buttonconverter.sys
2015-11-10 13:27:08	70469C8AC4AD367295E70CFDD81B754C	99664	----a-w-	C:\Windows\System32\drivers\pdc.sys
2015-11-10 13:27:08	5A1C6AFFF6946C5C21A27AE05084C0D1	332624	----a-w-	C:\Windows\System32\drivers\fastfat.sys
2015-11-10 13:27:08	0A368247A900656CC0678117DFC3A87C	498016	----a-w-	C:\Windows\System32\drivers\usbhub.sys
2015-11-10 13:27:08	004C66464D8FE76D5DA78BE6777D61AF	278352	----a-w-	C:\Windows\System32\drivers\sdbus.sys
2015-11-10 12:05:43	9A509CECBE5B4BE44A01FC05B959FE22	22720	----a-w-	C:\$Windows.~BT\Sources\nxquery.sys
2015-11-10 12:01:18	46E876C55F0B4A5EAC1DD6F36B10156D	6868	----a-w-	C:\$Windows.~BT\Sources\etwproviders\etwproviderinstall.vbs
2015-11-10 12:01:02	D4BEFEBF3CEF129AC087422B9E912788	4096	----a-w-	C:\$Windows.~BT\Boot\etfsboot.com

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-191070189-3428041399-996192118-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUtilities"="C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /S"
"Facebook Update"="C:\Users\DAVID\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"OneDrive"="C:\Users\DAVID\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"ArcadeDeluxeAgent"="C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NortonUtilities"="C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /S"
"Facebook Update"="C:\Users\DAVID\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"OneDrive"="C:\Users\DAVID\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"mwlDaemon"="C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"
"PLFSetI"="C:\Windows\PLFSetI.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\XboxStat]
"command"="\"C:\\Program Files\\Microsoft Xbox 360 Accessories\\XboxStat.exe\" silentrun"
"hkey"="HKLM"
"item"="XboxStat"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\Adobe Reader and Acrobat Manager MAGIX PCCT.job --a-------- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [28-10-2015 18:49]
C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [10-09-2015 06:11]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-09-2015 13:58]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-09-2015 13:58]
C:\WINDOWS\tasks\Java(TM) Platform SE Auto Updater 2 0 MAGIX PCCT.job --a-------- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [06-10-2015 18:53]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Reader and Acrobat Manager MAGIX PCCT" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\WINDOWS\SysNative\tasks\Egis technology-online actualiseringsprogramma" [C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-191070189-3428041399-996192118-1001Core" [C:\Users\DAVID\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-191070189-3428041399-996192118-1001UA" [C:\Users\DAVID\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Google Updater and Installer" [C:\Users\DAVID\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Java Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\WINDOWS\SysNative\tasks\Java(TM) Platform SE Auto Updater 2 0 MAGIX PCCT" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{3E665B2E-BC41-4476-B24A-F63F27295DB1}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\{0EB4A4BB-257E-4504-AF9E-52E988082136}" [C:\Program Files (x86)\iSport Games\WorldOfSoccer\WorldOfSoccer.exe]
"C:\WINDOWS\SysNative\tasks\{89B1DE3D-9C30-42DE-BA71-B2841ADC5F8F}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsMain]
"C:\WINDOWS\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Recovery Management\Burn Notification" [C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2015-07-06 19:09:47	--------	d-----w-	C:\PROGRA~3\Media Center Programs
2015-07-30 12:14:34	--------	d-sh--we	C:\PROGRA~3\Bureaublad
2015-07-30 12:14:34	--------	d-sh--we	C:\PROGRA~3\Documenten
2015-07-30 12:14:34	--------	d-sh--we	C:\PROGRA~3\Favorieten
2015-07-30 12:14:34	--------	d-sh--we	C:\PROGRA~3\Menu Start
2015-07-30 12:14:34	--------	d-sh--we	C:\PROGRA~3\Sjablonen
2015-07-30 21:51:49	--------	d-sh--we	C:\PROGRA~3\Application Data
2015-07-30 21:51:49	--------	d-sh--we	C:\PROGRA~3\Desktop
2015-07-30 21:51:49	--------	d-sh--we	C:\PROGRA~3\Documents
2015-07-30 21:51:49	--------	d-sh--we	C:\PROGRA~3\Start Menu
2015-07-30 21:51:49	--------	d-sh--we	C:\PROGRA~3\Templates
2015-07-30 21:53:14	--------	d-----w-	C:\PROGRA~3\USOShared
2015-07-30 22:42:06	--------	d-----w-	C:\PROGRA~3\regid.1991-06.com.microsoft
2015-07-30 22:42:06	--------	d-----w-	C:\PROGRA~3\SoftwareDistribution
2015-07-30 22:42:06	--------	d-----w-	C:\PROGRA~3\USOPrivate
2015-07-30 22:42:06	--------	d-s---w-	C:\PROGRA~3\Microsoft
2015-08-14 17:50:08	--------	d-----w-	C:\PROGRA~3\MFAData
2015-09-10 05:35:38	--------	d-----w-	C:\PROGRA~3\Microsoft OneDrive
2015-11-10 09:07:06	--------	d-----w-	C:\PROGRA~3\Essentware

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.80

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14-07-2014 17:22]

Google Docs - DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Docs Offline - DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Skype Click to Call - DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome Web Store Payments - DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{A6B4857C-2CAE-4CC5-9DFD-14164B4E3C11}"
HKCU\SearchScopes\2B41B2E6AEBC4180B98A11E8EDD0F56B - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE397
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
HKCU\SearchScopes\{1FB19713-F53F-4182-81B7-4059B76E969C} - https://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE397
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes\{A6B4857C-2CAE-4CC5-9DFD-14164B4E3C11} - https://www.google.com/search?q={searchTerms}

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0D100 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1D00} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0D100 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DAVID\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\DAVID\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DAVID\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\DAVID\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FZH8MQLZ will be deleted at reboot
C:\Users\DAVID\AppData\Local\Microsoft\Windows\INetCache\Low\IE\RNH5JGWP will be deleted at reboot
C:\Users\DAVID\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UTSRK0JT will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1556 folders=208 558125411 bytes)

==== Empty Temp Folders ======================

C:\Users\DAVID\AppData\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\DAVID\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\DAVID\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FZH8MQLZ" not found
"C:\Users\DAVID\AppData\Local\Microsoft\Windows\INetCache\Low\IE\RNH5JGWP" not found
"C:\Users\DAVID\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UTSRK0JT" not found

==== EOF on di 10-11-2015 at 21:21:38,28 ======================