Zoek.exe v5.0.0.1 Updated 18-December-2015 Tool run by User on za 19-12-2015 at 17:33:07,53. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 19-12-2015 17:35:51 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Belkin deleted successfully C:\PROGRA~2\Cisco deleted successfully C:\PROGRA~2\Right Brain Interface deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\Freemake deleted successfully C:\PROGRA~3\GlarySoft deleted successfully C:\PROGRA~3\Nokia deleted successfully C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully C:\Users\User\AppData\Local\ActiveSync deleted successfully C:\Users\User\AppData\Local\CrashDumps deleted successfully C:\Users\User\AppData\Local\LogMeIn Rescue Applet deleted successfully C:\Users\User\AppData\Local\NetworkTiles deleted successfully C:\Users\User\AppData\Local\WarThunder deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C21B4DB-4461-40C1-9D28-71FFC6356D5B} deleted successfully HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56BF1788-C7DA-4B6E-935F-7FC6C304F} deleted successfully HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A81696F-ED95-4FFE-AF29-47F59381618} deleted successfully HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{905247F2-B3D1-45A9-A06E-8A294910D473} deleted successfully HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{935D41-BD8B-4738-848D-F474C72725C6} deleted successfully HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2B66917-5A72-414D-A3E5-64E8621B18E4} deleted successfully HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D65D2664-B3BD-4D98-A759-8491C6EAA532} deleted successfully HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB9B7A32-7B3F-4664-89D8-B237C0AA40A9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- "mbot_be_86"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Batch Command(s) Run By Tool====================== C:\WINDOWS\system32\appdata deleted ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Belkin not found C:\PROGRA~2\Cisco not found C:\PROGRA~2\Right Brain Interface not found C:\Users\User\AppData\Roaming\sxadsbbm deleted C:\Users\User\AppData\Roaming\tacsdvjr deleted C:\WINDOWS\syswow64\appdata deleted C:\Users\User\.android deleted C:\PROGRA~2\Paradox Interactive deleted C:\found.000 deleted C:\Users\User\update.bat deleted C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-978257931-2792700483-2985541856-1000 deleted C:\Users\User\Maple1702WindowsX86_64Upgrade.exe deleted "C:\Users\User\AppData\Roaming\Nokia" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-12-08 12:48:45 60CB2336DD3707A61E637FC97A4A58DD 1425408 ----a-w- C:\WINDOWS\sttray64.exe 2015-12-08 12:44:17 2878C1C314D295EB2431AD2F679B2286 67584 --s-a-w- C:\WINDOWS\bootstat.dat 2015-12-08 12:09:03 C62F64A3417811BF551694907C0BBB3C 10449 ----a-w- C:\WINDOWS\diagerr.xml 2015-12-08 12:09:03 692CA5EBC9E0CEF0A8D0BE4DF7400CEE 9528 ----a-w- C:\WINDOWS\diagwrn.xml 2015-11-30 06:36:45 08CFBE8D43EE0451FCC31EC50319A0BE 43112 ----a-w- C:\WINDOWS\avastSS.scr ====== C:\Users\User\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-12-18 09:17:16 083A4C6C21371B011771A350942DEB8F 19339264 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-18 09:17:11 7E0CB4ADF324AD6552C36181EB0CBC4D 1118208 ----a-w- C:\WINDOWS\SysWOW64\mfnetsrc.dll 2015-12-18 09:17:10 9D97A95801784A94F3DC76E0E49B885C 13017600 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-12-18 09:17:08 5E8F545EA2A3BE324D800FD926E5010A 2180136 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2015-12-18 09:17:07 D8E958F0E5929BFEC15238E0E1F94C64 983464 ----a-w- C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2015-12-18 09:17:06 600A12A37D8F0B98E3497C59505338D1 716928 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2015-12-18 09:17:05 D80737E0C4AFE5D4714D14F27A9E6CFB 1706496 ----a-w- C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2015-12-18 09:17:05 2029AAF923CE131E5157F6175DE66881 2919320 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-18 09:17:04 674333934AEF201C56419742CD86782B 973664 ----a-w- C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-12-18 09:17:03 32BF0F999279961833888317C3FE45D9 2061824 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-12-18 09:17:00 D262A3DA660F5312D059DADB9034392B 2796032 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-12-18 09:16:59 F8C66D9D6AEC233715C8B32DB203EF6D 502112 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2015-12-18 09:16:59 8310F69B59EFA4EC47B6B3F535BFC3CB 898184 ----a-w- C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2015-12-18 09:16:59 6D151B11358362786C45F1A4A21576FA 925064 ----a-w- C:\WINDOWS\SysWOW64\mfplat.dll 2015-12-18 09:16:59 110A45F765495043CB8ED918FEFD8D90 572928 ----a-w- C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2015-12-18 09:16:58 FD6EE242ACD2E05AFE920139D12C3053 670928 ----a-w- C:\WINDOWS\SysWOW64\mfds.dll 2015-12-18 09:16:58 76B00BE575C4D8CF3D7334240C8DAF90 683008 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2015-12-18 09:16:57 B934E18B1A20A26768F57EDBD6882A38 884256 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2015-12-18 09:16:56 C85501FE7EFD33E06A877B8786F396B6 462760 ----a-w- C:\WINDOWS\SysWOW64\mfreadwrite.dll 2015-12-18 09:16:56 A9B375A65A92C45D9723B1BAD8F87D1E 1105920 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2015-12-18 09:16:56 775C32A6DE7E9702CB04B10C69D80457 450904 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2015-12-18 09:16:56 0FA8D61A4D4F56063113F9DA4E18848B 289248 ----a-w- C:\WINDOWS\SysWOW64\MFPlay.dll 2015-12-18 09:16:54 D9EF9F5DA78CD085FD23C8EBB6108662 409088 ----a-w- C:\WINDOWS\SysWOW64\StoreAgent.dll 2015-12-18 09:16:54 337E7D5B768ABDBEA9F17823F76D5F1B 381952 ----a-w- C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2015-12-18 09:16:53 F2061A1835E8844637168800292309BF 84832 ----a-w- C:\WINDOWS\SysWOW64\NetSetupApi.dll 2015-12-18 09:16:53 4237413A7EDD61589081B9450D657036 116720 ----a-w- C:\WINDOWS\SysWOW64\mfps.dll 2015-12-18 09:16:53 3A24E199AA5A30D6E7C30D01E2BF4C7E 161280 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe 2015-12-18 09:16:53 1F48933EFAB68EDD3B456C78E17B89CE 871936 ----a-w- C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL 2015-12-18 09:16:53 184F89725539803B64E718BD0F779DC9 569856 ----a-w- C:\WINDOWS\SysWOW64\qdvd.dll 2015-12-18 09:16:52 4CE9BF384DAAE2BF9E49C5B7E2F106F0 270848 ----a-w- C:\WINDOWS\SysWOW64\MSFlacDecoder.dll 2015-12-18 09:16:49 FDEEA5397A0D079E1EF8F1B765BC7D04 6297088 ----a-w- C:\WINDOWS\SysWOW64\mos.dll 2015-12-18 09:16:49 2DE2DAF437341AECB280DBFE88CBB581 346112 ----a-w- C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-12-18 09:16:47 F60E1993D8D8FD2E23516C1278B209C1 34304 ----a-w- C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe 2015-12-08 18:33:54 EDC75B4FF6A66B0AC1A360476D9CBCC9 12125184 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-08 18:33:48 819363A483BB829C443D94CC77119DC9 18678272 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-08 18:33:43 EB6BAC2C67F848F2C0EFE82AEAC5C67A 1540768 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-08 18:33:42 C4C80541BDE649F44EA1F81F7D4C510A 503296 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-08 18:33:40 B8C4EFAA6AAED98E6B5AB57CAFA489B9 1337240 ----a-w- C:\WINDOWS\SysWOW64\user32.dll 2015-12-08 18:33:38 5B64BFE61393D22D908BB5E2A17B6147 1328128 ----a-w- C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-08 18:33:38 532AC1D121972B17BE523A9988A3A0E5 2155008 ----a-w- C:\WINDOWS\SysWOW64\authui.dll 2015-12-08 18:33:36 302A0BE9FA2874A3E99C0E25C992E7C7 1467392 ----a-w- C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-08 18:33:35 4C421E34FF4A836590401A3E9A5B5DE8 415744 ----a-w- C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-08 18:33:34 192B579E14C116D2B742FEBE85A4D3C1 2756096 ----a-w- C:\WINDOWS\SysWOW64\mshtml.tlb 2015-12-08 12:54:09 2F0C6FC51A29DBB3CD3E1A99BBE546A0 2038392 ----a-w- C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-12-08 12:45:57 42DE22BB4E675AE8DADD9038B26F8EFE 2718208 ----a-w- C:\WINDOWS\SysWOW64\PrintConfig.dll 2015-12-08 12:41:37 79422D76818752C6D935A97C8FFC4EEA 44147 ----a-w- C:\WINDOWS\SysWOW64\license.rtf 2015-12-08 12:36:07 EF22B84131DB17D40D523F649CAD31D2 366224 ----a-w- C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-12-08 12:36:07 EBB01B0223DBB9660E4FFB35854D69BF 400896 ----a-w- C:\WINDOWS\SysWOW64\winspool.drv 2015-12-08 12:36:07 D0693220928997E1DD513B261AF86308 454056 ----a-w- C:\WINDOWS\SysWOW64\AudioEng.dll 2015-12-08 12:36:07 B13BE7A31C732B5773FDF51FB140B614 334336 ----a-w- C:\WINDOWS\SysWOW64\bcastdvr.exe 2015-12-08 12:36:07 AD2E3CC2771EADB0605CC0FAE73EAA45 405048 ----a-w- C:\WINDOWS\SysWOW64\AudioSes.dll 2015-12-08 12:36:07 A4CC1E8330E839AA619978E61AEEEAC4 73360 ----a-w- C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-12-08 12:36:07 9ACCC0C1786391EF1FD1FAF12AE22801 340480 ----a-w- C:\WINDOWS\SysWOW64\PlayToDevice.dll 2015-12-08 12:36:07 86A2DFAAE917E8852363BD716BD8D5CF 334848 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-08 12:36:07 75F7D82383D8CF10D5999874993A2EF5 27136 ----a-w- C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll 2015-12-08 12:36:07 4F04FB02D215667B505A060EEE02B5DF 686592 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-08 12:36:07 2EECE39CDFFF244B2489FD8ACDC14D7A 517632 ----a-w- C:\WINDOWS\SysWOW64\PlayToManager.dll 2015-12-08 12:36:07 2DA46210CBE5B92C4E79FDD70A6C0ADE 2049024 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-08 12:36:07 2AF0E5217FE677C29669E0243F28D64F 70656 ----a-w- C:\WINDOWS\SysWOW64\AppCapture.dll 2015-12-08 12:36:01 F7F009E10E52C760EF48D2AD7E4D892E 29696 ----a-w- C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2015-12-08 12:36:01 F2D9AB28744983980E6BCE08DA077528 21125408 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2015-12-08 12:36:01 D6DF0F68136C6148989E927572319F21 431232 ----a-w- C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-12-08 12:36:01 D213E29D66D7182AF58CB525EFC2F409 421888 ----a-w- C:\WINDOWS\SysWOW64\LogonController.dll 2015-12-08 12:36:01 AA220069ABA44FEB2FEA92FF463E89BC 166912 ----a-w- C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2015-12-08 12:36:01 9E57FF10D37B672B8781BAF92DB00A8B 9918976 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll 2015-12-08 12:36:01 5467DAD0BDB397D84052FCCF8686FB9C 60928 ----a-w- C:\WINDOWS\SysWOW64\mssign32.dll 2015-12-08 12:36:01 31DE6A034E8BBA043CB2F4612033C12A 296488 ----a-w- C:\WINDOWS\SysWOW64\policymanager.dll 2015-12-08 12:36:01 1E7B13CDBA9D57D2BF54A7501FB17376 586080 ----a-w- C:\WINDOWS\SysWOW64\wimgapi.dll 2015-12-08 12:36:01 102F3BB5D63225A25817C8E44B85533F 63528 ----a-w- C:\WINDOWS\SysWOW64\wwapi.dll 2015-12-08 12:35:55 FAE7DA27029FDDA27375722B4DC387D7 138240 ----a-w- C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll 2015-12-08 12:35:55 F32770E19F1CB817274BC85824730E48 470528 ----a-w- C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-12-08 12:35:55 F2D2E8091D0929884E6A86AFD9981E2F 2001408 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll 2015-12-08 12:35:55 F0ED21F9D39229B305C363B6ED023170 11776 ----a-w- C:\WINDOWS\SysWOW64\dciman32.dll 2015-12-08 12:35:55 EBD19D0E20C113468631504BFE56FB3F 2185840 ----a-w- C:\WINDOWS\SysWOW64\d3d11.dll 2015-12-08 12:35:55 D707B12965D5E8DFBD7C5BF7FB12AF02 24064 ----a-w- C:\WINDOWS\SysWOW64\WordBreakers.dll 2015-12-08 12:35:55 D51618B0CB2B51F7D9B8DEB38A454126 36352 ----a-w- C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll 2015-12-08 12:35:55 CA260C1A4CFC95D49DBE4DAEDCD65585 58368 ----a-w- C:\WINDOWS\SysWOW64\MosStorage.dll 2015-12-08 12:35:55 C132402FABE387126B5CB0D2D3426671 133632 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2015-12-08 12:35:55 C11AFEBFFDD62BA366D2F146212B415E 110592 ----a-w- C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2015-12-08 12:35:55 BEFAC095C4E511243E91B1F916C243A7 704352 ----a-w- C:\WINDOWS\SysWOW64\WWAHost.exe 2015-12-08 12:35:55 BEDE63EB0B3B100A1FBD2996FE3AF0EF 1505280 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-08 12:35:55 BC6B60847CDEFFB3DE3AA394366881DF 490496 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-12-08 12:35:55 B0DB58B85CF68C61AFBEFC107807FECF 784896 ----a-w- C:\WINDOWS\SysWOW64\NMAA.dll 2015-12-08 12:35:55 ADAF3873B0A29C4AFC0D8B89C3485A94 227840 ----a-w- C:\WINDOWS\SysWOW64\deviceaccess.dll 2015-12-08 12:35:55 AC742BB0B79CD4C535E6A317FD4A18A8 315904 ----a-w- C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2015-12-08 12:35:55 AA0644D24DD488B1E1517189DD3DC00B 48640 ----a-w- C:\WINDOWS\SysWOW64\MosHostClient.dll 2015-12-08 12:35:55 A971D150CD168A1F7BD775674896F02C 711680 ----a-w- C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-12-08 12:35:55 A95DDF60D6EC95625C4987750619C5DB 93696 ----a-w- C:\WINDOWS\SysWOW64\fontsub.dll 2015-12-08 12:35:55 A820BD54E6B4A68C6E4490EA23FA5650 1860096 ----a-w- C:\WINDOWS\SysWOW64\cdp.dll 2015-12-08 12:35:55 9FE071ED2AAE48A691D234E757297CF3 49152 ----a-w- C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll 2015-12-08 12:35:55 9FA5093D91ED3CB6B4CE67A040C5E40A 65536 ----a-w- C:\WINDOWS\SysWOW64\wininetlui.dll 2015-12-08 12:35:55 97097223B24F49F5934188FA24D74B46 1944576 ----a-w- C:\WINDOWS\SysWOW64\InputService.dll 2015-12-08 12:35:55 93050CE746C09F2F6F49A4893FB060ED 647168 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll 2015-12-08 12:35:55 92F331E360CB8DC73FA1158934CA9491 86528 ----a-w- C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2015-12-08 12:35:55 92551AFCC476CBEBBB66B6420C60AB20 5202944 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll 2015-12-08 12:35:55 90F7CF0E4FFD720EBAC601CABE25D880 2121216 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2015-12-08 12:35:55 8E93F5481D1A608D90104F24DD610B76 540752 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-12-08 12:35:55 8E2CB7E297C2631CB063319377ED7AD0 303104 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll 2015-12-08 12:35:55 8BAD6657817E0960C7CB6026323828A1 511320 ----a-w- C:\WINDOWS\SysWOW64\mf.dll 2015-12-08 12:35:55 89F3F69C9996D5BCC879C664BF74A4E2 675064 ----a-w- C:\WINDOWS\SysWOW64\dcomp.dll 2015-12-08 12:35:55 847B31F89A3009D5D851479224B7579A 2680320 ----a-w- C:\WINDOWS\SysWOW64\msftedit.dll 2015-12-08 12:35:55 7F64C196D3FA41C0F437A158FDEF7F50 800768 ----a-w- C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-12-08 12:35:55 7CDF1630DCF7C9167E551874D18C3CE0 709120 ----a-w- C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2015-12-08 12:35:55 761E6E736B47DA42D74227A26F658108 100864 ----a-w- C:\WINDOWS\SysWOW64\offlinelsa.dll 2015-12-08 12:35:55 6BBB4172DDF348821C3C4B7FE844077B 1443328 ----a-w- C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-08 12:35:55 6AE2C3CFEA73E2D01CB1E00DBD1EC4A5 205824 ----a-w- C:\WINDOWS\SysWOW64\NmaDirect.dll 2015-12-08 12:35:55 65E98344070A6C0B66ED476F735B14D3 59904 ----a-w- C:\WINDOWS\SysWOW64\EditBufferTestHook.dll 2015-12-08 12:35:55 588E4109C8A78BC211AC1D5756652A67 1139200 ----a-w- C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-12-08 12:35:55 57A2AAE6BD896F54767284BAB7C2D183 1859448 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-12-08 12:35:55 54F47C0CD2DE99A7B8C7583CF6C22D92 3072 ----a-w- C:\WINDOWS\SysWOW64\lpk.dll 2015-12-08 12:35:55 53E2029302DA056DE856D4C662663B2B 10240 ----a-w- C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2015-12-08 12:35:55 52838DDB3B20C7330A30D89509A93B55 1268736 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2015-12-08 12:35:55 4C85D9A9FD26D3F00BBF5D3F469F1800 241664 ----a-w- C:\WINDOWS\SysWOW64\cryptngc.dll 2015-12-08 12:35:55 451356B814B46BB6582F307E24AA0863 9728 ----a-w- C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2015-12-08 12:35:55 3FCEAC0D175851962F9CF797A370A14F 3072 ----a-w- C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2015-12-08 12:35:55 3B7DA8EC6FC4F16F85934D944A2149CD 791552 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll 2015-12-08 12:35:55 3B1D8CE3E56BA82EF02C126226B7C357 948224 ----a-w- C:\WINDOWS\SysWOW64\Unistore.dll 2015-12-08 12:35:55 382AA3E205808FBF0458A143B0F4ACFF 45568 ----a-w- C:\WINDOWS\SysWOW64\jsproxy.dll 2015-12-08 12:35:55 35383CA7169E12D885B9B553F59E3154 41984 ----a-w- C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll 2015-12-08 12:35:55 2C5A8D334EFB14914B1618247CD0DAAF 37376 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll 2015-12-08 12:35:55 262D880248233D3A96C15F7C7E1BAD21 58368 ----a-w- C:\WINDOWS\SysWOW64\MosResource.dll 2015-12-08 12:35:55 23A968565D51FEC30EADFBC70BE35117 793600 ----a-w- C:\WINDOWS\SysWOW64\SRH.dll 2015-12-08 12:35:55 1973BD62F29F443E9BC467FAA9F27159 83456 ----a-w- C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2015-12-08 12:35:55 123BD3D4504BB548A823152EAC57DE00 32040 ----a-w- C:\WINDOWS\SysWOW64\mfpmp.exe 2015-12-08 12:26:59 F432E0E5B0958F4982D40EB622FBD7FC 35480 ----a-w- C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-12-08 12:26:59 BF9CAA33ADD4C21C118148B5CFC5494B 778936 ----a-w- C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-12-08 12:26:59 6F391E9286733CC6B34FC0FAB23B8DF3 103120 ----a-w- C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-12-07 19:12:24 9B8701A380CEE1B05D651B4ED4048C8F 645120 ----a-w- C:\WINDOWS\SysWOW64\jsIntl.dll 2015-12-07 19:12:13 85E21CCF38166E0D6DE2E42D9D3823BD 1155072 ----a-w- C:\WINDOWS\SysWOW64\mshtmlmedia.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-12-18 09:17:25 E761095ADFC48739CA54A3B58242AF0D 24601600 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2015-12-18 09:17:17 35A6E2624696F77A8660529E9C5B7B9A 16984064 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2015-12-18 09:17:12 FAD9326ED152667E57B5B2EDBD9973F8 2544256 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2015-12-18 09:17:12 9DA2D5EB73F6F61BB32B63B59DF2BB0C 1299504 ----a-w- C:\WINDOWS\Sysnative\mfnetsrc.dll 2015-12-18 09:17:11 A44FB85192EE0DD3F7D6518B63044F4E 2598400 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll 2015-12-18 09:17:09 95F53D812EF80A2819E9C1539A629B5F 823264 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll 2015-12-18 09:17:09 45B88D0BBAB3EAA10883097C14C33678 1281376 ----a-w- C:\WINDOWS\Sysnative\LicenseManager.dll 2015-12-18 09:17:08 8F6118120D9A11A1CFD8822850826064 1155944 ----a-w- C:\WINDOWS\Sysnative\mfasfsrcsnk.dll 2015-12-18 09:17:08 184F5C80753CD7F6400AAA4087288B97 2582016 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2015-12-18 09:17:07 63976F057A5A9FD426DC84FB97CF3446 3671888 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2015-12-18 09:17:05 549A1696E594E6939C210972B4AD9747 824320 ----a-w- C:\WINDOWS\Sysnative\WpcWebFilter.dll 2015-12-18 09:17:04 43091BCAB6446E01AEB9DFFB2538B2F9 1995776 ----a-w- C:\WINDOWS\Sysnative\ActiveSyncProvider.dll 2015-12-18 09:17:03 93D891995D253D4B6BCFABEE5C73454B 3428864 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll 2015-12-18 09:17:02 C4DF460B84DB6A0D4C18375DE1117DD0 696160 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll 2015-12-18 09:17:02 686E73A0F24F56A25A78D8EFE8E4B937 1318912 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll 2015-12-18 09:17:00 C08AA0383BCEE881C319F23A5189AB8D 794888 ----a-w- C:\WINDOWS\Sysnative\mfds.dll 2015-12-18 09:17:00 9D9A25E3E658EAC6FA9BC1BC23168516 1092456 ----a-w- C:\WINDOWS\Sysnative\mfplat.dll 2015-12-18 09:17:00 4588022BF3C34392C0C2AFDC3634C0CF 1065080 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll 2015-12-18 09:17:00 0F09B99EF80BB0D914538FC17A305A4F 1131520 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Audio.dll 2015-12-18 09:16:59 CCB125BB7072FEAFC68A56749FD2DFD7 1020096 ----a-w- C:\WINDOWS\Sysnative\mfsrcsnk.dll 2015-12-18 09:16:59 01AE64981A7C7AE4F84799931D8DAAD1 900608 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.BackgroundTransfer.dll 2015-12-18 09:16:58 C8AEE94042CFDF6383C153AFD284AEF1 497152 ----a-w- C:\WINDOWS\Sysnative\mfmkvsrcsnk.dll 2015-12-18 09:16:58 39E07EE74F50C39C1EB315152F03199C 607232 ----a-w- C:\WINDOWS\Sysnative\wcmsvc.dll 2015-12-18 09:16:58 18CE63A5B5EB84FF7F9F575C8FE53F44 931328 ----a-w- C:\WINDOWS\Sysnative\MSMPEG2ENC.DLL 2015-12-18 09:16:57 F3B1BFB19C6A47DE7706A9CF1A177028 526856 ----a-w- C:\WINDOWS\Sysnative\mfreadwrite.dll 2015-12-18 09:16:57 7DD3B4B77A787E06A6B3DC9AE7B451E0 292352 ----a-w- C:\WINDOWS\Sysnative\provengine.dll 2015-12-18 09:16:57 7014B74B0F62698EC891A19A781689D5 337840 ----a-w- C:\WINDOWS\Sysnative\MFPlay.dll 2015-12-18 09:16:57 69E727F94BEA64E66C284F3C482F33E6 1035776 ----a-w- C:\WINDOWS\Sysnative\XboxNetApiSvc.dll 2015-12-18 09:16:57 2AE2C153D33AB0D2B89E0920EC2ACF69 498448 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll 2015-12-18 09:16:56 A2A0FD3DA492A903E6AEC6C2B946F26F 245848 ----a-w- C:\WINDOWS\Sysnative\mfps.dll 2015-12-18 09:16:56 32D57C79EA65D0D6A923BF1C26A0EC0A 558080 ----a-w- C:\WINDOWS\Sysnative\MBMediaManager.dll 2015-12-18 09:16:55 63A71E0B8BEF5FC3A5C9669B5C771A1C 286208 ----a-w- C:\WINDOWS\Sysnative\provhandlers.dll 2015-12-18 09:16:55 6100515B0A4A9DE9EB83E632F873D1F7 323072 ----a-w- C:\WINDOWS\Sysnative\MSFlacDecoder.dll 2015-12-18 09:16:55 57C2033773055CEE5963EBCB999337F8 210432 ----a-w- C:\WINDOWS\Sysnative\wcmcsp.dll 2015-12-18 09:16:55 3B36AFC1B127B13A82752A3F02CE9D8C 543232 ----a-w- C:\WINDOWS\Sysnative\StoreAgent.dll 2015-12-18 09:16:55 0A9C90159378EAF0F45AF2275156EF0D 264544 ----a-w- C:\WINDOWS\Sysnative\ContentDeliveryManager.Utilities.dll 2015-12-18 09:16:54 95B9A9F4D41A54FD421CF6F7323B87FF 126464 ----a-w- C:\WINDOWS\Sysnative\dialserver.dll 2015-12-18 09:16:53 BFFC187B1FFA022F59D652A6A4CA130F 199168 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe 2015-12-18 09:16:53 8F53FEB251B01D2582931B8AC642C28A 387072 ----a-w- C:\WINDOWS\Sysnative\qdvd.dll 2015-12-18 09:16:53 6D0F04544716C90220B58008B4422B97 459776 ----a-w- C:\WINDOWS\Sysnative\MapConfiguration.dll 2015-12-18 09:16:53 38F068BA3D5CE3C53A025E1F9381CC54 115040 ----a-w- C:\WINDOWS\Sysnative\NetSetupApi.dll 2015-12-18 09:16:52 D6B9D1A83BDDF6912309A9C7C4024E10 133120 ----a-w- C:\WINDOWS\Sysnative\flvprophandler.dll 2015-12-18 09:16:52 D1BB4122E41E04E2D8D57702396AE031 412512 ----a-w- C:\WINDOWS\Sysnative\wifitask.exe 2015-12-18 09:16:52 54051585F9E1A644C3ED024B639C0E32 231936 ----a-w- C:\WINDOWS\Sysnative\KnobsCore.dll 2015-12-18 09:16:52 156963089DF9C18AF330E08BFE41884D 165376 ----a-w- C:\WINDOWS\Sysnative\provdatastore.dll 2015-12-18 09:16:52 14CE7BCE9C6A442BD4B93AB3CB8765BF 375296 ----a-w- C:\WINDOWS\Sysnative\MDEServer.exe 2015-12-18 09:16:51 B1305CDD98D5FC49863279D4B51DB510 618496 ----a-w- C:\WINDOWS\Sysnative\StorSvc.dll 2015-12-18 09:16:51 78065D08A6D5886ACF9B6BA7E34A554C 3593216 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys 2015-12-18 09:16:51 55A629331D5EB924A1926C18E5028243 764928 ----a-w- C:\WINDOWS\Sysnative\fveapi.dll 2015-12-18 09:16:51 1C671129864880F66678D3B80316074E 56320 ----a-w- C:\WINDOWS\Sysnative\provtool.exe 2015-12-18 09:16:51 01C759FD50DFD46E30CC56B2B672B1A7 203776 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll 2015-12-18 09:16:50 E853D5823793FE6E5FB0351F256DC1F2 223232 ----a-w- C:\WINDOWS\Sysnative\fveapibase.dll 2015-12-18 09:16:50 A0C330AAF06A36A13171A28FE4B582A2 92160 ----a-w- C:\WINDOWS\Sysnative\policymanagerprecheck.dll 2015-12-18 09:16:50 88B38A7435DFA9B7E8F94F5D5FE999D2 66560 ----a-w- C:\WINDOWS\Sysnative\moshost.dll 2015-12-18 09:16:50 7A9FF15EF71DAC09420C4997D3FA7E48 850432 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll 2015-12-18 09:16:50 67C1D042FA62E2294973FD0CD1F1BC36 192000 ----a-w- C:\WINDOWS\Sysnative\provisioningcsp.dll 2015-12-18 09:16:50 25DA92A03FFF1A620A950ED6209CDC8F 77312 ----a-w- C:\WINDOWS\Sysnative\ProvPluginEng.dll 2015-12-18 09:16:50 0053C878CDBA8F8D55339547EC2E99E8 269824 ----a-w- C:\WINDOWS\Sysnative\moshostcore.dll 2015-12-18 09:16:49 735C408ADE2017B8D2F6A8D2C2DB7016 7979008 ----a-w- C:\WINDOWS\Sysnative\mos.dll 2015-12-18 09:16:48 9E55D606C3CE9A37FB2FE5A419AE9CE6 30208 ----a-w- C:\WINDOWS\Sysnative\StorageUsage.dll 2015-12-18 09:16:48 9AEEB769F72EF13134BC21BA1465CCE3 134656 ----a-w- C:\WINDOWS\Sysnative\wificonnapi.dll 2015-12-18 09:16:48 8C86CB7C7725B196773451DE66602199 75776 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.XboxLive.ProxyStub.dll 2015-12-18 09:16:47 1CC123FE215B7FFBA4B7889FD13B32D5 36864 ----a-w- C:\WINDOWS\Sysnative\BackgroundTransferHost.exe 2015-12-08 18:34:06 78CF1420E5E88B1664F92F07386D19A8 22393856 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2015-12-08 18:33:50 EE5BD4F67199E1C5142F3C731035D18C 13381120 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2015-12-08 18:33:43 E81DF157F4F225928EAE2B1E82863BF6 1817160 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll 2015-12-08 18:33:42 A2469A19FC330A400E2BED8003331BB8 604672 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2015-12-08 18:33:41 DD97EF0AE9224B8C1161736E033C03F1 1399224 ----a-w- C:\WINDOWS\Sysnative\user32.dll 2015-12-08 18:33:41 CD2CC65DDF46F065BCC975C2BC89DD11 1648640 ----a-w- C:\WINDOWS\Sysnative\comsvcs.dll 2015-12-08 18:33:40 69B4974176206D7276B733B30BCE442E 1717248 ----a-w- C:\WINDOWS\Sysnative\GdiPlus.dll 2015-12-08 18:33:40 42B6285314851A693F68F7A7B79FD1B9 1393664 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys 2015-12-08 18:33:39 486C22DD70BE538B1C164AE38E130009 2352128 ----a-w- C:\WINDOWS\Sysnative\authui.dll 2015-12-08 18:33:35 FDB262D0B2C0790385B894AA4B2C0A6C 182784 ----a-w- C:\WINDOWS\Sysnative\shutdownux.dll 2015-12-08 18:33:35 2B91178DE30EF92DD383486485B0C97D 523776 ----a-w- C:\WINDOWS\Sysnative\catsrvut.dll 2015-12-08 18:33:34 EFA47480BEB0968E3A18479593B2E60C 18944 ----a-w- C:\WINDOWS\Sysnative\wshrm.dll 2015-12-08 18:33:34 7950D23F5542F6F8A9D41F046C01067F 2756096 ----a-w- C:\WINDOWS\Sysnative\mshtml.tlb 2015-12-08 18:33:34 5B7B6AF7E94E972DCE4BF892ABD466B6 115200 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2015-12-08 18:33:33 C6F9333F6C5F326B075CBC062E33793D 7680 ----a-w- C:\WINDOWS\Sysnative\readingviewresources.dll 2015-12-08 13:24:06 88689095AFECD6B9210C224BC3CFB4AB 22980 ----a-w- C:\WINDOWS\Sysnative\emptyregdb.dat 2015-12-08 12:54:15 27C668850E9E763F34D1F8E1A66CD233 2134982 ----a-w- C:\WINDOWS\Sysnative\PerfStringBackup.INI 2015-12-08 12:48:45 E571EABD1753F1A1474C1EA8C2AD0B36 442368 ----a-w- C:\WINDOWS\Sysnative\AESTEC64.dll 2015-12-08 12:48:45 E3F76DF0119A00413579025C0CB319B6 69462 ----a-w- C:\WINDOWS\Sysnative\hpbeats.ico 2015-12-08 12:48:45 E22F870F2B6908590685DBB345B189EB 1819136 ----a-w- C:\WINDOWS\Sysnative\IDTNC64.cpl 2015-12-08 12:48:45 CD25DF44F7CBB29D1B070B686397914A 5298688 ----a-w- C:\WINDOWS\Sysnative\IDTNHP.dll 2015-12-08 12:48:45 C469893743E18BA547DB3C7ED98B32F5 68608 ----a-w- C:\WINDOWS\Sysnative\AESTAR64.dll 2015-12-08 12:48:45 B70E9B120CE9454687998C3D95633B42 223744 ----a-w- C:\WINDOWS\Sysnative\HPToneCtrls64.dll 2015-12-08 12:48:45 954DEA1D677C665B65B3811D23DD8948 249344 ----a-w- C:\WINDOWS\Sysnative\IDTNJ.exe 2015-12-08 12:48:45 937CF6954D64AF5811EC1BE4ECBF60E8 13942 ----a-w- C:\WINDOWS\Sysnative\nbspkrsbeats.ico 2015-12-08 12:48:45 8DE4BC17F687EAA5F0827296403AE0F5 4444672 ----a-w- C:\WINDOWS\Sysnative\stlang64.dll 2015-12-08 12:48:45 5F9479B2BD3575E789F06F4DEB86C9E0 90624 ----a-w- C:\WINDOWS\Sysnative\AESTCo64.dll 2015-12-08 12:48:45 5E65E90DA3A478C377F7332A9386B023 162304 ----a-w- C:\WINDOWS\Sysnative\AESTAC64.dll 2015-12-08 12:48:45 4DB832701EA2D47F325ED11F012F7338 3774 ----a-w- C:\WINDOWS\Sysnative\bltinmic.ico 2015-12-08 12:48:45 2F3F4AFDA4184FAE9668F63266464AA5 6344704 ----a-w- C:\WINDOWS\Sysnative\IDTNGUI.exe 2015-12-08 12:48:45 1E0E72406835CDBF8E275B5590B42820 1085440 ----a-w- C:\WINDOWS\Sysnative\IDTNX.dll 2015-12-08 12:42:45 7E5C99B250FCDF60DDF510E284381B4E 5078896 ----a-w- C:\WINDOWS\Sysnative\FNTCACHE.DAT 2015-12-08 12:41:37 79422D76818752C6D935A97C8FFC4EEA 44147 ----a-w- C:\WINDOWS\Sysnative\license.rtf 2015-12-08 12:36:07 FAC1E762CB49992381691B00D2069B3E 1063424 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll 2015-12-08 12:36:07 F5DC166DC9D533651B83B83CD70FD14C 88392 ----a-w- C:\WINDOWS\Sysnative\remoteaudioendpoint.dll 2015-12-08 12:36:07 EF94C4BB5DDCEB9F0A092122582CF4E5 516544 ----a-w- C:\WINDOWS\Sysnative\AudioEng.dll 2015-12-08 12:36:07 BBEC134DA91F61E6D91CDB47D8724E86 382464 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll 2015-12-08 12:36:07 BB2DD53E90A958FDB1254839F30329D5 803840 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2015-12-08 12:36:07 B9A74283BD46350F2A32962C1B16225A 369912 ----a-w- C:\WINDOWS\Sysnative\audiodg.exe 2015-12-08 12:36:07 B83CCF1BEECF4BCDE71FC431BAB9A790 34304 ----a-w- C:\WINDOWS\Sysnative\iernonce.dll 2015-12-08 12:36:07 89E74EC4422905377D45D58FD2832D02 408128 ----a-w- C:\WINDOWS\Sysnative\AUDIOKSE.dll 2015-12-08 12:36:07 890BF20BDF500E4E84720EA84448EDDF 275456 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll 2015-12-08 12:36:07 81785D31BEB7C741BB23BE0CB98E691F 536768 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll 2015-12-08 12:36:07 5F8178A9C45D9C69819C63AFC5988C33 66560 ----a-w- C:\WINDOWS\Sysnative\iesetup.dll 2015-12-08 12:36:07 4EB351CB5A23E0F7AB2B7137374EFB85 870400 ----a-w- C:\WINDOWS\Sysnative\wpncore.dll 2015-12-08 12:36:07 4A657E5F9D4BE53028B643889E786296 2126848 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl 2015-12-08 12:36:07 36208F250EE9B93B87AD6384237373A9 110032 ----a-w- C:\WINDOWS\Sysnative\EncDump.dll 2015-12-08 12:36:07 2D1682BEC4615A154079383E25BB0DF2 220672 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2015-12-08 12:36:07 04EDF539ED97A3BFBD7464CED7ADBB7A 783360 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2015-12-08 12:36:01 FE808DE33D79F2ACB8757EE544615626 414720 ----a-w- C:\WINDOWS\Sysnative\bcastdvr.exe 2015-12-08 12:36:01 FCB7D0215CA010400777A2144432FBDC 630632 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe 2015-12-08 12:36:01 FBEFDA259F6254B6590956753421D387 89600 ----a-w- C:\WINDOWS\Sysnative\NFCProvisioningPlugin.dll 2015-12-08 12:36:01 F7AE2EB8D2FA095AD9DED30CCE10BC13 957440 ----a-w- C:\WINDOWS\Sysnative\SRH.dll 2015-12-08 12:36:01 F40D409308162E071561049ACADF753C 80600 ----a-w- C:\WINDOWS\Sysnative\wwapi.dll 2015-12-08 12:36:01 EACD8F5C17AC39E43E1FCD85674F4B0D 1713664 ----a-w- C:\WINDOWS\Sysnative\SRHInproc.dll 2015-12-08 12:36:01 E8C7F673B75210D3F35142361923C945 157184 ----a-w- C:\WINDOWS\Sysnative\dmcertinst.exe 2015-12-08 12:36:01 E104F46B2E0C4F760382CF95E248E0AD 43520 ----a-w- C:\WINDOWS\Sysnative\bcastdvr.proxy.dll 2015-12-08 12:36:01 DD723E3E44BBD7A1B94D8914B7E72549 623616 ----a-w- C:\WINDOWS\Sysnative\PhoneProviders.dll 2015-12-08 12:36:01 DA81241A3493CD3B7EEF3AFD6BBE38B6 92352 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll 2015-12-08 12:36:01 D7ED1ADDC1D19A9D6A1C583A938F4AF4 465920 ----a-w- C:\WINDOWS\Sysnative\wwanconn.dll 2015-12-08 12:36:01 D33E93BE685C6B9C72E063EA41F9BAEF 538632 ----a-w- C:\WINDOWS\Sysnative\WWanAPI.dll 2015-12-08 12:36:01 D0E812616609B1E6E3317FF46B9177C8 44032 ----a-w- C:\WINDOWS\Sysnative\wsplib.dll 2015-12-08 12:36:01 CA902510DAF327CCFA59BCBFC00B3BAE 912384 ----a-w- C:\WINDOWS\Sysnative\usermgr.dll 2015-12-08 12:36:01 B8F17AB618578B9024D949DE8308B95A 14336 ----a-w- C:\WINDOWS\Sysnative\dciman32.dll 2015-12-08 12:36:01 B46D8BBF27B186B0AE7C57C88A1A6D93 6572032 ----a-w- C:\WINDOWS\Sysnative\wwanmm.dll 2015-12-08 12:36:01 AB4C1A9F37C0B8467AC923ED4AD727D6 2647552 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2015-12-08 12:36:01 A6E666BC673DD38C3ECDB53FD83138E7 3993600 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll 2015-12-08 12:36:01 9FCC3D4817CCA5BCEF1FB4B14E523EBC 78336 ----a-w- C:\WINDOWS\Sysnative\BarcodeProvisioningPlugin.dll 2015-12-08 12:36:01 9BF34692BC6933BAB7627EC173EB1E8A 45568 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll 2015-12-08 12:36:01 9976E10E1FC313755C9F8632F96072F7 52224 ----a-w- C:\WINDOWS\Sysnative\jsproxy.dll 2015-12-08 12:36:01 95AF774B7D20C3006DC0AC9AEDF48655 674816 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll 2015-12-08 12:36:01 8A0BAD6F9EEFB0FCD1629F6366394380 1814528 ----a-w- C:\WINDOWS\Sysnative\pnidui.dll 2015-12-08 12:36:01 8938F957903BBA18ED242AE4DBF419FD 73728 ----a-w- C:\WINDOWS\Sysnative\wwancfg.dll 2015-12-08 12:36:01 87A8DD15B7DEAC51916358250E5BC7C5 122368 ----a-w- C:\WINDOWS\Sysnative\KnobsCsp.dll 2015-12-08 12:36:01 877512145CB9B3F6EBD5424DE15C14F8 365568 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll 2015-12-08 12:36:01 83365A5A2632275C7B005B7A4995DCE1 416768 ----a-w- C:\WINDOWS\Sysnative\dmenrollengine.dll 2015-12-08 12:36:01 7CDB2034A13C7009CFF479C170E21C90 55808 ----a-w- C:\WINDOWS\Sysnative\rilproxy.dll 2015-12-08 12:36:01 7B106C453D6EF1A32F8669AD503E21BB 517632 ----a-w- C:\WINDOWS\Sysnative\winspool.drv 2015-12-08 12:36:01 781EFD88C2BD9A95CA6961E16AFF7332 168960 ----a-w- C:\WINDOWS\Sysnative\mdmmigrator.dll 2015-12-08 12:36:01 71B94A84934AA3DA61378C4121523FEA 86528 ----a-w- C:\WINDOWS\Sysnative\AppCapture.dll 2015-12-08 12:36:01 716E299C1058C9F2030F31BC7270A210 52224 ----a-w- C:\WINDOWS\Sysnative\Wwanpref.dll 2015-12-08 12:36:01 6F5EB489BC3368DC11CF3AA605D943BB 638464 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll 2015-12-08 12:36:01 6D7BC576DEC9750D5F8AED361E687384 704000 ----a-w- C:\WINDOWS\Sysnative\CellularAPI.dll 2015-12-08 12:36:01 6D64E74EF63AD36912C89EA80449A299 118272 ----a-w- C:\WINDOWS\Sysnative\fontsub.dll 2015-12-08 12:36:01 6D04648D2E3F42A295B6D080A948E9BA 163328 ----a-w- C:\WINDOWS\Sysnative\provops.dll 2015-12-08 12:36:01 6ABAC83AD594B0390C470F9C1C017382 3072 ----a-w- C:\WINDOWS\Sysnative\lpk.dll 2015-12-08 12:36:01 65267BF5DDCC86AB6DE29AFF488497AA 248832 ----a-w- C:\WINDOWS\Sysnative\UserMgrProxy.dll 2015-12-08 12:36:01 623DAEC255FDCF586F161CF6BF788627 795840 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll 2015-12-08 12:36:01 559E4E19F481FBB9AF622E23772533CC 52736 ----a-w- C:\WINDOWS\Sysnative\RemovableMediaProvisioningPlugin.dll 2015-12-08 12:36:01 4C1138686002741A423AF26AC247490D 7476576 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2015-12-08 12:36:01 46BF56CC45F3EBE9DCF04EA702F79FF7 64000 ----a-w- C:\WINDOWS\Sysnative\ihvrilproxy.dll 2015-12-08 12:36:01 447413C46C687CF730051DD8B4EA12F6 75264 ----a-w- C:\WINDOWS\Sysnative\wwanprotdim.dll 2015-12-08 12:36:01 44699ED0B4D39D109D1BAEEF0DB66A9E 22572632 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2015-12-08 12:36:01 445E792DB399A2DA611B1F3C9DC6070D 11545088 ----a-w- C:\WINDOWS\Sysnative\twinui.dll 2015-12-08 12:36:01 3690FAA19C6D3C68C033D0E5CB3BDB03 28160 ----a-w- C:\WINDOWS\Sysnative\Windows.Management.Provisioning.ProxyStub.dll 2015-12-08 12:36:01 334A9D347CC52E7581DC21FA7CDBB261 515584 ----a-w- C:\WINDOWS\Sysnative\LogonController.dll 2015-12-08 12:36:01 301A917544D10E9F28A946BA0E84C407 160768 ----a-w- C:\WINDOWS\Sysnative\enrollmentapi.dll 2015-12-08 12:36:01 2DA8708EB1FCB83375A450D401A1ED09 74240 ----a-w- C:\WINDOWS\Sysnative\mssign32.dll 2015-12-08 12:36:01 2D7E3C2913AAE063774795E6790BCC48 1212928 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll 2015-12-08 12:36:01 2AB2C72D88CE2BC73E6F708D0B1A9657 440160 ----a-w- C:\WINDOWS\Sysnative\services.exe 2015-12-08 12:36:01 28B52034DB907EA14BF8DFB399BC1A94 1734656 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2015-12-08 12:36:01 24206CBE7165E296D598FF98590C4D59 69632 ----a-w- C:\WINDOWS\Sysnative\wininetlui.dll 2015-12-08 12:36:01 233BA5B1A277D0A42E432E9A9F43EF7A 37376 ----a-w- C:\WINDOWS\Sysnative\LaunchWinApp.exe 2015-12-08 12:36:01 1083375C70D529AA1C8224E13D9E6F40 334736 ----a-w- C:\WINDOWS\Sysnative\policymanager.dll 2015-12-08 12:35:55 F5AF729AD65041D74FED75E02DA4A4DC 138240 ----a-w- C:\WINDOWS\Sysnative\ETWCoreUIComponentsResources.dll 2015-12-08 12:35:55 F0B772D90082371CE0DDE4286EF0AE16 7199232 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll 2015-12-08 12:35:55 EBDDBFCAA0E8BF346F5DC13BC364B39E 110592 ----a-w- C:\WINDOWS\Sysnative\Microsoft-Windows-MapControls.dll 2015-12-08 12:35:55 E0FBBE85A7DC215F97F7B81236CE2674 60928 ----a-w- C:\WINDOWS\Sysnative\XblAuthTokenBrokerExt.dll 2015-12-08 12:35:55 DC59D9253F50A2D329945CBDBE3B8B7A 32256 ----a-w- C:\WINDOWS\Sysnative\wups2.dll 2015-12-08 12:35:55 D0C4A5B386F585B2BE7620D3CEFD7CE8 119808 ----a-w- C:\WINDOWS\Sysnative\MapsBtSvc.dll 2015-12-08 12:35:55 C46FC25D2742C6426F6581A4C59331D9 35656 ----a-w- C:\WINDOWS\Sysnative\mfpmp.exe 2015-12-08 12:35:55 C2D78B6667E0341802C4F38E9C02F93D 2280448 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2015-12-08 12:35:55 BF1A001A4EBD005CB412E322F20DB0D7 75264 ----a-w- C:\WINDOWS\Sysnative\EditBufferTestHook.dll 2015-12-08 12:35:55 BA45A9F29AB13A0E66BAABF9D7C30B70 523616 ----a-w- C:\WINDOWS\Sysnative\wimserv.exe 2015-12-08 12:35:55 B7D367ABFC188C1AC27C6C961694B5B4 1056256 ----a-w- C:\WINDOWS\Sysnative\JpMapControl.dll 2015-12-08 12:35:55 AD37B56D53795944240011FF4EEBBD30 911648 ----a-w- C:\WINDOWS\Sysnative\dcomp.dll 2015-12-08 12:35:55 ABC346A1CD915DEE6231BB4A7F0B96EC 204800 ----a-w- C:\WINDOWS\Sysnative\Microsoft-Windows-AppModelExecEvents.dll 2015-12-08 12:35:55 A74C62AE99A015CD6275F0D8D8843886 342016 ----a-w- C:\WINDOWS\Sysnative\SensorService.dll 2015-12-08 12:35:55 9F171CF4EDEB38DB4CA906ABD535DC44 13312 ----a-w- C:\WINDOWS\Sysnative\MapsBtSvcProxy.dll 2015-12-08 12:35:55 9C6D0A1464410A25389C9D004DE48D36 175616 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Core.TextInput.dll 2015-12-08 12:35:55 9920C9AD4528A4396D19BC03AA2D0882 58408 ----a-w- C:\WINDOWS\Sysnative\SensorsNativeApi.dll 2015-12-08 12:35:55 960E3DB158FC9D262EE33D928AEDA3F5 320000 ----a-w- C:\WINDOWS\Sysnative\cryptngc.dll 2015-12-08 12:35:55 8C8161E40F42E437161972E8866025D5 3355136 ----a-w- C:\WINDOWS\Sysnative\msftedit.dll 2015-12-08 12:35:55 8BACF65C95DA69173FA80F644502F9BC 26408 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2015-12-08 12:35:55 8AA095B5A4826840B348D0A94969CE1A 1268736 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.Resources.dll 2015-12-08 12:35:55 87E291D9CC3ECE9AA56ABFD8063C4050 1223168 ----a-w- C:\WINDOWS\Sysnative\Unistore.dll 2015-12-08 12:35:55 85031015C1F1B9A7DAA002DAAEE341AA 2444288 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll 2015-12-08 12:35:55 849275D7BF36660743973B8E28542E45 51680 ----a-w- C:\WINDOWS\Sysnative\SensorsUtilsV2.dll 2015-12-08 12:35:55 8456D2DBEAC8F06712FE8AC2AB5A1AE2 969728 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll 2015-12-08 12:35:55 839F7EC52C8E6888C4E9120E68652438 589312 ----a-w- C:\WINDOWS\Sysnative\MbaeApi.dll 2015-12-08 12:35:55 836DC2848B800FC890E8FCF96F5E639B 458752 ----a-w- C:\WINDOWS\Sysnative\PlayToDevice.dll 2015-12-08 12:35:55 82EDCF9C603F3FA09AAAACA82D34E74E 450560 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Bluetooth.dll 2015-12-08 12:35:55 8109C3D1CFDC7AE78605D8F3EA4EAA20 586208 ----a-w- C:\WINDOWS\Sysnative\mf.dll 2015-12-08 12:35:55 80EEB2E91EE933EFB1384D9866BD997F 64000 ----a-w- C:\WINDOWS\Sysnative\MosHostClient.dll 2015-12-08 12:35:55 80BF2990E01E774D64F6E13F30661942 162304 ----a-w- C:\WINDOWS\Sysnative\tetheringservice.dll 2015-12-08 12:35:55 7DC5115A32BA087DCED8CF76352A79DC 108544 ----a-w- C:\WINDOWS\Sysnative\InputLocaleManager.dll 2015-12-08 12:35:55 79EE5C9F9DF073C315D035A1785B502F 3072 ----a-w- C:\WINDOWS\Sysnative\MapControlStringsRes.dll 2015-12-08 12:35:55 79BD0E63A9E54ED8AFFD19F43B5B83F2 264192 ----a-w- C:\WINDOWS\Sysnative\NmaDirect.dll 2015-12-08 12:35:55 7538F05A7C07DB69F6E82B67CAA67286 92160 ----a-w- C:\WINDOWS\Sysnative\SensorsNativeApi.V2.dll 2015-12-08 12:35:55 7443938BC4B8DCE1D8E6C51BC3F9DBFE 948224 ----a-w- C:\WINDOWS\Sysnative\XblAuthManager.dll 2015-12-08 12:35:55 6D7B4647F5FB25CE88E2555A9DFF1D2E 70656 ----a-w- C:\WINDOWS\Sysnative\XblAuthManagerProxy.dll 2015-12-08 12:35:55 66312F4AFEFB1AE0B80051F8A5E5B26B 698208 ----a-w- C:\WINDOWS\Sysnative\wimgapi.dll 2015-12-08 12:35:55 5E7C875662B05B28E899F0C59B549645 286720 ----a-w- C:\WINDOWS\Sysnative\deviceaccess.dll 2015-12-08 12:35:55 589A33EE394273A4F1338EBF705A1CEF 1387008 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2015-12-08 12:35:55 5358F9A3A5C55ED1395BBFFCFA65F551 28672 ----a-w- C:\WINDOWS\Sysnative\mapsupdatetask.dll 2015-12-08 12:35:55 4E5B496EBD95AEE005F54EA49EECAAC6 72704 ----a-w- C:\WINDOWS\Sysnative\MosStorage.dll 2015-12-08 12:35:55 4B4970CB5FF1D25B444F95A18ED8AF22 114688 ----a-w- C:\WINDOWS\Sysnative\offlinelsa.dll 2015-12-08 12:35:55 4AAD96366A51B26F50113A6393CB5587 42496 ----a-w- C:\WINDOWS\Sysnative\mapstoasttask.dll 2015-12-08 12:35:55 48A7AEF3554919C0CBDFECBB25DF1B09 162304 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe 2015-12-08 12:35:55 46668562A5BDD2D2F383CAD6D35DCB15 89088 ----a-w- C:\WINDOWS\Sysnative\MapsCSP.dll 2015-12-08 12:35:55 43B6BF7F95CF7D60599740EF2BF0DDD8 938496 ----a-w- C:\WINDOWS\Sysnative\MapControlCore.dll 2015-12-08 12:35:55 3DF7BD7E0E0CFCF8D8856B639FD46C3C 30720 ----a-w- C:\WINDOWS\Sysnative\tetheringconfigsp.dll 2015-12-08 12:35:55 3C9066503DE3E45CB98C8584DE19C186 28160 ----a-w- C:\WINDOWS\Sysnative\nativemap.dll 2015-12-08 12:35:55 3A1FCBE9103770CF17F81EBD9809FE1B 697856 ----a-w- C:\WINDOWS\Sysnative\PlayToManager.dll 2015-12-08 12:35:55 35F9920E5B9757E2047C024063C9A279 988160 ----a-w- C:\WINDOWS\Sysnative\NMAA.dll 2015-12-08 12:35:55 340B841A05087B581B3F321853996960 2624512 ----a-w- C:\WINDOWS\Sysnative\InputService.dll 2015-12-08 12:35:55 33F4AE1E913D7F865D0CFA716BDC9032 10240 ----a-w- C:\WINDOWS\Sysnative\Microsoft-Windows-MosTrace.dll 2015-12-08 12:35:55 294BD6D65CE93F7B709DBB38F96759DA 2653816 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll 2015-12-08 12:35:55 25C9F417FA6FE9073392BD34630A89B4 17408 ----a-w- C:\WINDOWS\Sysnative\IcsEntitlementHost.exe 2015-12-08 12:35:55 25086E02B6C3F34BC4646C134C3E1769 1042432 ----a-w- C:\WINDOWS\Sysnative\BingOnlineServices.dll 2015-12-08 12:35:55 23B32FD7B58007D0407B8A4191AB76BB 28672 ----a-w- C:\WINDOWS\Sysnative\WordBreakers.dll 2015-12-08 12:35:55 2031A1DA09AFF8A8BADFFF73511AF306 58368 ----a-w- C:\WINDOWS\Sysnative\MosResource.dll 2015-12-08 12:35:55 1A9A77ACDAC29C39F50D2A492FD0DB16 87040 ----a-w- C:\WINDOWS\Sysnative\tzautoupdate.dll 2015-12-08 12:35:55 183B210A411E23AC9C5374AEE5645312 36352 ----a-w- C:\WINDOWS\Sysnative\UIAutomationCoreRes.dll 2015-12-08 12:35:55 121C4B3ED671715017C8A37A8F816F06 809312 ----a-w- C:\WINDOWS\Sysnative\WWAHost.exe 2015-12-08 12:35:55 10B6962619F3965030395019E352B7B4 870400 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll 2015-12-08 12:35:55 10020730E0E51555A58C20D361F233A9 2772584 ----a-w- C:\WINDOWS\Sysnative\d3d11.dll 2015-12-08 12:35:55 0DC4BEB16161362B4E46D117204D8566 2843136 ----a-w- C:\WINDOWS\Sysnative\cdp.dll 2015-12-08 12:35:55 08F0E6B466F44EA24CA1601F3196E43E 9728 ----a-w- C:\WINDOWS\Sysnative\Microsoft-Windows-MosHost.dll 2015-12-08 12:35:55 03EB1EBAB72BB8322C30D070C346EA33 1395200 ----a-w- C:\WINDOWS\Sysnative\UIAutomationCore.dll 2015-12-08 12:35:55 0161DABC5CDB2BE6D0B91BEB5386B47D 52736 ----a-w- C:\WINDOWS\Sysnative\tetheringclient.dll 2015-12-08 12:26:54 E91942A0D00C6AA014B2EA33EE0ED0A3 35480 ----a-w- C:\WINDOWS\Sysnative\TsWpfWrp.exe 2015-12-08 12:26:54 E2296A6174894682DF8F0FF29FDDCC82 1166520 ----a-w- C:\WINDOWS\Sysnative\PresentationNative_v0300.dll 2015-12-08 12:26:54 C5FEF4B4A7FB961ECDB0AB07DBCF379E 124624 ----a-w- C:\WINDOWS\Sysnative\PresentationCFFRasterizerNative_v0300.dll 2015-12-07 19:12:47 344DA9D196C0D98A738289BB09CE4CF6 940032 ----a-w- C:\WINDOWS\Sysnative\MsSpellCheckingFacility.exe 2015-12-07 19:12:02 6F1AF8E1206E92256459E3012C20472A 942592 ----a-w- C:\WINDOWS\Sysnative\jsIntl.dll 2015-12-07 19:11:51 4A5A84B457C72E79A64AE4036EC6BB0E 1359360 ----a-w- C:\WINDOWS\Sysnative\mshtmlmedia.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-12-18 12:54:17 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf 2015-12-12 12:47:14 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-12-08 18:33:42 EFEFC245B884B1BE0401931398DCD707 2152800 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys 2015-12-08 18:33:35 DBBACE77DDE8CCFD85B37B114965C385 147968 ----a-w- C:\WINDOWS\Sysnative\drivers\rmcast.sys 2015-12-08 12:50:14 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf 2015-12-08 12:49:29 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_SynTP_01011.Wdf 2015-12-08 12:48:31 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-12-08 12:36:07 91D3F2A6253EF83EFBD7903028F58C4D 118624 ----a-w- C:\WINDOWS\Sysnative\drivers\tdx.sys 2015-12-08 12:36:07 70148EFA9A562E7185B75BBE7D376BF7 578912 ----a-w- C:\WINDOWS\Sysnative\drivers\afd.sys 2015-12-08 12:35:55 EF536C54AB9281FDC4E83B07279FCFC4 35680 ----a-w- C:\WINDOWS\Sysnative\drivers\wimmount.sys 2015-12-08 12:35:55 DE6D7DC78D956928F59F7415A0F41E13 95072 ----a-w- C:\WINDOWS\Sysnative\drivers\sdstor.sys 2015-12-08 12:35:55 C24C27FDF93B85A4EFCF25F830253AA2 117248 ----a-w- C:\WINDOWS\Sysnative\drivers\capimg.sys 2015-12-08 12:35:55 80977779A19947939D680A4899E829EC 604928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2015-12-08 12:35:55 7D8B9214692C4D0F1646215D9984E19A 161632 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2015-11-29 21:15:50 4E022E46B992BD598D571F922A65F9D1 296648 ----a-w- C:\WINDOWS\Sysnative\drivers\amdacpksd.sys 2015-11-29 20:17:38 93D646382E99A9456C8CDA267462D13C 43520 ----a-w- C:\WINDOWS\Sysnative\drivers\ati2erec.dll ====== C:\WINDOWS\Tasks ====== 2015-12-08 14:12:40 581C1A87C6544BACF57804ABD39725AD 4296 ----a-w- C:\WINDOWS\Sysnative\Tasks\AMD Updater ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-12-19 13:57:24 -------- d-----w- C:\Program Files\7-Zip 2015-12-18 15:58:34 -------- d-----w- C:\Program Files\Speccy 2015-12-18 12:54:16 -------- d-----w- C:\Program Files\Synaptics 2015-12-08 12:59:16 -------- d-----w- C:\Program Files\Common Files\SpeechEngines 2015-12-08 12:49:58 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2015-12-08 12:49:52 -------- d---a-w- C:\Program Files\AMD 2015-12-08 12:48:39 -------- d---a-w- C:\Program Files\IDT 2015-12-08 12:27:54 -------- d-----w- C:\Program Files\Reference Assemblies 2015-12-08 12:27:54 -------- d-----w- C:\Program Files\MSBuild 2015-12-06 09:55:28 -------- d-----w- C:\Program Files\Common Files\AV ======= C:\PROGRA~2 ===== 2015-12-17 13:14:40 -------- d-----w- C:\PROGRA~2\Adobe 2015-12-08 15:26:22 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2015-12-08 12:59:25 -------- d-----w- C:\PROGRA~2\COMMON~1\SpeechEngines 2015-12-08 12:50:35 -------- d---a-w- C:\PROGRA~2\ATI Technologies 2015-12-08 12:27:54 -------- d-----w- C:\PROGRA~2\Reference Assemblies 2015-12-08 12:27:54 -------- d-----w- C:\PROGRA~2\MSBuild 2015-12-06 09:55:28 -------- d-----w- C:\PROGRA~2\COMMON~1\AV ======= C: ===== ====== C:\Users\User\AppData\Roaming ====== 2015-12-12 12:39:56 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-09 14:30:05 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\DataSharing 2015-12-08 18:13:37 -------- d-s---r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Temp 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Microsoft Help 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Microsoft 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-12-08 14:11:14 -------- d-----w- C:\Users\User\AppData\Local\AMD 2015-12-08 13:54:52 -------- d-----w- C:\Users\User\AppData\Local\Comms 2015-12-08 13:44:10 -------- d-----w- C:\Users\User\AppData\Local\MicrosoftEdge 2015-12-08 13:32:26 -------- d-----w- C:\Users\User\AppData\Local\Publishers 2015-12-08 13:29:53 -------- d-----w- C:\Users\User\AppData\Local\Packages 2015-12-08 13:29:48 -------- d-----w- C:\Users\User\AppData\Local\TileDataLayer 2015-12-08 13:24:17 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Packages 2015-12-08 13:07:41 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools 2015-12-08 13:07:41 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility 2015-12-08 13:07:41 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help 2015-12-08 13:07:41 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools 2015-12-08 13:07:41 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility 2015-12-08 13:07:41 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help 2015-12-08 12:55:11 -------- d-----w- C:\Users\User\AppData\Local\Temp 2015-12-08 12:55:11 -------- d-----w- C:\Users\User\AppData\Local\Microsoft 2015-12-08 12:55:11 -------- d-----w- C:\Users\User\AppData\Local 2015-12-08 12:55:10 -------- d-s---r- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2015-12-08 12:55:10 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-12-08 12:55:10 -------- d-----w- C:\Users\User\AppData\Roaming 2015-12-08 12:55:10 -------- d-----r- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-12-08 12:55:10 -------- d-----r- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-12-08 12:55:10 -------- d-----r- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-12-08 12:55:10 -------- d-----r- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2015-12-08 12:50:02 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft 2015-12-08 12:43:31 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache 2015-12-08 12:43:05 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming 2015-12-08 12:43:05 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp 2015-12-08 12:42:59 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming 2015-12-08 12:42:59 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp 2015-12-08 12:42:58 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft 2015-12-08 12:42:58 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local 2015-12-08 12:33:30 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft 2015-12-01 00:02:46 606F47F5D5FF113CA8FDEA0DA34190C8 1349 ----a-w- C:\Users\User\AppData\Local\recently-used.xbel ====== C:\Users\User ====== 2015-12-19 16:02:48 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Downloads\RSITx64.exe 2015-12-19 13:57:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-12-19 13:57:12 822B366BB37A9628CAFFF5BFAF186998 1365154 ----a-w- C:\Users\User\Downloads\7z1512-x64.exe 2015-12-18 15:57:58 FF70EB133BE86B9F9EB18E274DAA6B6C 5111240 ----a-w- C:\Users\User\Downloads\spsetup129 (1).exe 2015-12-18 15:57:56 FF70EB133BE86B9F9EB18E274DAA6B6C 5111240 ----a-w- C:\Users\User\Downloads\spsetup129.exe 2015-12-18 13:01:19 -------- d-----w- C:\ProgramData\Synaptics 2015-12-14 06:42:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dovetail Games - Flight 2015-12-09 13:37:15 586B66416056CE48DF95CEF12668EA92 18872512 ----a-w- C:\Users\User\Downloads\install_flash_player.exe 2015-12-09 11:19:32 F6A22772E4197FFC774F6ACBE46353AA 6801616 ----a-w- C:\Users\User\Downloads\ccsetup_512.exe 2015-12-08 18:13:47 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\DefaultAppPool\ntuser.ini 2015-12-08 18:13:37 -------- d--h--w- C:\Users\DefaultAppPool\AppData 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\Saved Games 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\Roaming 2015-12-08 18:13:37 -------- d-----w- C:\Users\DefaultAppPool\Cookies 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\Videos 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\Pictures 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\Music 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\Links 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\Favorites 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\Downloads 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\Documents 2015-12-08 18:13:37 -------- d-----r- C:\Users\DefaultAppPool\Desktop 2015-12-08 15:23:11 E9827B6C4219262ED3A0EF35DE033FF5 243720 ----a-w- C:\Users\User\Downloads\Firefox Setup Stub 42.0.exe 2015-12-08 14:11:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings 2015-12-08 13:54:49 D2C9E78619F6998EF3FED38472F879AA 329110880 ----a-w- C:\Users\User\Downloads\Radeon-Software-Crimson-Edition-15.11.1-Beta-64Bit-Win10-Win8.1-Win7-Nov30.exe 2015-12-08 13:42:15 -------- d-----r- C:\Users\User\OneDrive 2015-12-08 13:36:04 -------- d-----w- C:\ProgramData\Microsoft OneDrive 2015-12-08 13:30:01 -------- d--h--r- C:\Users\Public\AccountPictures 2015-12-08 13:29:07 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\User\ntuser.ini 2015-12-08 13:26:46 -------- d-----w- C:\ProgramData\USOShared 2015-12-08 13:25:57 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\debug 2015-12-08 13:07:41 -------- d-----w- C:\Users\Default\Roaming 2015-12-08 13:07:41 -------- d-----w- C:\Users\Default\Cookies 2015-12-08 12:55:10 -------- d--h--w- C:\Users\User\AppData 2015-12-08 12:54:28 455582C6BAA774F6FE23C51DE989CE8D 4194304 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bin 2015-12-08 12:54:28 1273851892DD59D219F72BC53693A72D 196608 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bak 2015-12-08 12:47:45 -------- d---a-w- C:\ProgramData\HP 2015-12-08 12:43:37 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2015-12-08 12:43:05 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\Saved Games 2015-12-08 12:43:05 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Videos 2015-12-08 12:43:05 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Pictures 2015-12-08 12:43:05 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Music 2015-12-08 12:43:05 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Links 2015-12-08 12:43:05 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Favorites 2015-12-08 12:43:05 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Downloads 2015-12-08 12:43:05 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Documents 2015-12-08 12:43:05 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Desktop 2015-12-08 12:42:59 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\Saved Games 2015-12-08 12:42:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Videos 2015-12-08 12:42:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Pictures 2015-12-08 12:42:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Music 2015-12-08 12:42:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Links 2015-12-08 12:42:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Favorites 2015-12-08 12:42:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Downloads 2015-12-08 12:42:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Documents 2015-12-08 12:42:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Desktop 2015-12-08 12:42:58 -------- d--h--w- C:\WINDOWS\serviceprofiles\networkservice\AppData 2015-12-07 19:05:20 839A1A4D5043D694CD324C33937E00AE 55915216 ----a-w- C:\Users\User\Downloads\IE11-Windows6.1-x64-en-us.exe 2015-12-07 18:44:31 35D60FD322B1A61AAE7ADF909B6C0B26 7635472 ----a-w- C:\Users\User\Downloads\GetWindows10-sds_____________.exe 2015-12-07 18:42:48 35D60FD322B1A61AAE7ADF909B6C0B26 7635472 ----a-w- C:\Users\User\Downloads\GetWindows10-Web_Default_Attr (1).exe 2015-12-07 18:42:28 35D60FD322B1A61AAE7ADF909B6C0B26 7635472 ----a-w- C:\Users\User\Downloads\GetWindows10-Web_Default_Attr.exe 2015-11-22 10:59:47 -------- d-----w- C:\ProgramData\Easybits Magic Desktop for HP ====== C: exe-files == 2015-12-19 13:57:24 CEA7B2A764F4240D3F60085881DA4054 554496 ----a-w- C:\Program Files\7-Zip\7zG.exe 2015-12-19 13:57:24 29C6CD2F4466478DBAECF45946D22EE5 447488 ----a-w- C:\Program Files\7-Zip\7z.exe 2015-12-19 13:57:24 15A187F4F06F1A73AA6AD476498EF320 14848 ----a-w- C:\Program Files\7-Zip\Uninstall.exe 2015-12-19 13:57:24 04CE61E595F6C2AA6E0FB7FCE75BA148 836096 ----a-w- C:\Program Files\7-Zip\7zFM.exe 2015-12-17 09:25:02 9A81ADFEA183CA54971D9EE568D4AE67 758864 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\47.0.2526.106\47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe 2015-12-13 19:03:18 6AFB359212C71F6AA02087E979E85574 244 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-978257931-2792700483-2985541856-1000\$IJ8H049.exe === C: other files == 2015-12-19 12:42:53 2E4BD3D66AE3CBF7D48D7CF78A3817DD 11499558 ----a-r- C:\Users\User\AppData\Local\Temp\aip_czskatlufrbe.zip 2015-12-18 20:53:02 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\User\AppData\Roaming\Raptr\data\raptrguestf8uudq13\config\certificates\x509\tls_peers\xmpp-server2.raptr.com 2015-12-18 20:34:54 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\User\AppData\Roaming\Raptr\data\raptrguestf8uudq13\config\certificates\x509\tls_peers\xmpp-server4.raptr.com 2015-12-18 19:41:47 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\User\AppData\Roaming\Raptr\data\raptrguestf8uudq13\config\certificates\x509\tls_peers\xmpp-server5.raptr.com 2015-12-18 19:39:01 19555D03CB179BED8B8AAA239A36BDA4 43832 ----a-w- C:\Windows\LastGood\system32\DRIVERS\Smb_driver_Intel.sys 2015-12-18 19:33:06 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\User\AppData\Roaming\Raptr\data\raptrguestf8uudq13\config\certificates\x509\tls_peers\xmpp-server8.raptr.com 2015-12-18 18:29:55 55B6B62F72BED92287DBD0657C1986FE 43680 ----a-w- C:\Program Files\Synaptics\SynTP\Smb_driver_AMDASF.sys 2015-12-18 18:29:55 1FE05A4F787ED7DD39EA968172F20AFC 44192 ----a-w- C:\Program Files\Synaptics\SynTP\Smb_driver_Intel.sys 2015-12-18 18:28:59 3F45C3FE208CA5E68832B65C597A35A6 448312 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\SynTP.sys 2015-12-18 14:02:32 5BEDF856552D9333046FE24CB303F469 989188 ----a-w- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqwqoa8g.default-1450443266236\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi 2015-12-18 14:02:30 5BEDF856552D9333046FE24CB303F469 989188 ----a-w- C:\Users\User\AppData\Local\Temp\tmp-fhj.xpi 2015-12-18 13:03:21 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\User\AppData\Roaming\Raptr\data\raptrguestf8uudq13\config\certificates\x509\tls_peers\xmpp-server7.raptr.com 2015-12-18 12:54:38 5BEDF856552D9333046FE24CB303F469 989188 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-978257931-2792700483-2985541856-1000\$R8H1S8B\f53n8y7f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi 2015-12-18 12:54:38 3FA92BEE6C6DB2394E243339F2823537 25535 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-978257931-2792700483-2985541856-1000\$R8H1S8B\f53n8y7f.default\extensions\{C0D74264-E30B-47E5-B17B-57F0031891BA}.xpi 2015-12-18 12:48:46 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\User\AppData\Roaming\Raptr\data\raptrguestf8uudq13\config\certificates\x509\tls_peers\xmpp-server3.raptr.com 2015-12-18 09:16:51 78065D08A6D5886ACF9B6BA7E34A554C 3593216 ----a-w- C:\Windows\System32\win32kfull.sys 2015-12-14 17:49:26 E7E7E005B0BC4294A64087351D2BD920 1854 ----a-w- C:\Users\User\Desktop\CamSim Boeing 787-10 V5 Emirates\Effects.zip 2015-12-14 11:47:43 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\CollectOneDriveLogs.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Dropbox Update"="C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "BingSvc"="C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -deviceID CN3561FGYN05WK:NW -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1" "OneDrive"="C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Raptr"="C:\Program Files (x86)\Raptr\raptrstub.exe --startup" "Magic Desktop for HP notification"="C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Dropbox Update"="C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "BingSvc"="C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -deviceID CN3561FGYN05WK:NW -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1" "OneDrive"="C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "StartCN"="C:\Program Files\AMD\CNext\CNext\cnext.exe atlogon" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\(default)] "command"="" "hkey"="HKLM" "item"="(default)" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" "hkey"="HKLM" "item"="AdobeAAMUpdater-1.0" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApplePhotoStreams" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beid] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="beid" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Belgium Identity Card\\beid35gui.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BitTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\User\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BTMTrayAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BTMTrayAgent" "hkey"="HKLM" "command"="rundll32.exe \"C:\\Program Files (x86)\\Intel\\Bluetooth\\btmshell.dll\",TrayApp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Easybits Recovery" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GUDelayStartup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GUDelayStartup" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Glary Utilities 4\\StartupManager.exe -delayrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HotKeysCmds" "hkey"="HKLM" "command"="C:\\Windows\\system32\\hkcmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Deskjet 3050A J611 series (NET)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Deskjet 3050A J611 series (NET)" "hkey"="HKCU" "command"="\"C:\\Program Files\\HP\\HP Deskjet 3050A J611 series\\Bin\\ScanToPCActivationApp.exe\" -deviceID \"CN3561FGYN05WK:NW\" -scfn \"HP Deskjet 3050A J611 series (NET)\" -AutoStart 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPConnectionManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPConnectionManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Connection Manager\\HPCMDelayStart.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPOSD] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPOSD" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP On Screen Display\\HPOSD.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAStorIcon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IgfxTray" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstaLAN] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InstaLAN" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Belkin\\Router Setup and Monitor\\BelkinRouterMonitor.exe\" startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IntelliPoint" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LaCie Desktop Manager Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LaCie Desktop Manager Startup" "hkey"="HKCU" "command"="\"C:\\Program Files\\LaCie\\Desktop Manager\\LaCieDesktopManagerStatusItem.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mio Share] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Mio Share" "hkey"="HKCU" "command"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Mio\\Mio Share.appref-ms" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyDriveConnect.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MyDriveConnect.exe" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\MyDrive Connect\\MyDriveConnect.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NCPluginUpdater] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="NCPluginUpdater" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Hewlett-Packard\\HP Health Check\\ActiveCheck\\product_line\\NCPluginUpdater.exe\" Update" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NUSB3MON] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NUSB3MON" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Renesas Electronics\\USB 3.0 Host Controller Driver\\Application\\nusb3mon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Persistence" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\User\\AppData\\Roaming\\Spotify\\Spotify.exe\" -autostart -minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\User\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Start WingMan Profiler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Start WingMan Profiler" "hkey"="HKLM" "command"="C:\\Program Files\\Logitech\\Gaming Software\\LWEMon.exe /noui" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SysTrayApp" "hkey"="HKLM" "command"="C:\\Program Files\\IDT\\WDM\\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra08.exe" "item"="HP Digital Imaging Monitor" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wi-Fi MediaConnect.lnk] "item"="Wi-Fi MediaConnect" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Wi-Fi MediaConnect.lnk" "backup"="C:\\Windows\\pss\\Wi-Fi MediaConnect.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Philips\\WI-FIM~1\\WI-FIM~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\User\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hqghumeaylnlf.lnk] "path"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hqghumeaylnlf.lnk" "backup"="C:\\Windows\\pss\\hqghumeaylnlf.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\ProgramData\\{b345cc90-7514-552a-b345-5cc907513241}\\hqghumeaylnlf.exe /startup" "item"="hqghumeaylnlf" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HuaweiHiSuiteService64.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LightScribeService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NAUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ServiceLayer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TomTomHOMEService] ==== Startup Folders ====================== 2012-04-07 15:33:06 1686 --sha-w- C:\Users\User\AppData\Roaming\Microsoft\LastFlashConfig.wfc ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09-12-2015 14:38] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-978257931-2792700483-2985541856-1000Core.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-978257931-2792700483-2985541856-1000UA.job --a-------- C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [24-06-2015 06:51] C:\WINDOWS\tasks\GlaryInitialize 4.job --a-------- C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-08-2015 07:47] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-08-2015 07:47] C:\WINDOWS\tasks\HPCeeScheduleForUSER-HP$.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [16-06-2015 09:51] C:\WINDOWS\tasks\HPCeeScheduleForUser.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [16-06-2015 09:51] C:\WINDOWS\tasks\MATLAB R2014b Startup Accelerator.job --ah------- C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe [26-07-2014 03:03] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\AMD Updater" ["C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe"] "C:\WINDOWS\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-978257931-2792700483-2985541856-1000Core" [C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-978257931-2792700483-2985541856-1000UA" [C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GlaryInitialize 4" [C:\Program Files (x86)\Glary Utilities 4\Initialize.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForUser" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForUSER-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\MATLAB R2014b Startup Accelerator" [C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe] "C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\WINDOWS\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\WINDOWS\SysNative\tasks\su1x-auth-start-tool" [C:\Users\User\AppData\Local\Temp\WZSE0.TMP\eduroamconfig.exe] "C:\WINDOWS\SysNative\tasks\SuperClick Auto Updater 1.10.0.16 Core" [C:\Program Files (x86)\SuperClick_1.10.0.16\Update\SuperClickAutoUpdateClient.exe] "C:\WINDOWS\SysNative\tasks\SuperClick Auto Updater 1.10.0.16 Pending Update" [C:\Program Files (x86)\SuperClick_1.10.0.16\Update\SuperClickAutoUpdateClient.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{0D8F6337-6B95-4168-8520-367ADEE657A6}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\{10FC14E5-C21C-48AF-BD68-A0A3934EE9B1}" ["c:\users\user\appdata\local\google\chrome\application\chrome.exe"] "C:\WINDOWS\SysNative\tasks\{44BC57C6-383F-45C6-867E-1E0546EAD0EA}" ["c:\users\user\appdata\local\google\chrome\application\chrome.exe"] "C:\WINDOWS\SysNative\tasks\{6DEFA008-AEC8-466D-9CBB-DB94FF459703}" ["c:\users\user\appdata\local\google\chrome\application\chrome.exe"] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" ["C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe"] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqwqoa8g.default-1450443266236 user_pref("browser.startup.homepage", "https://www.google.be/"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [30-11-2015 07:36] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqwqoa8g.default-1450443266236 - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\User\AppData\Roaming\TomTom\HOME\Profiles\yo28w6pj.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - TrueSuite Website Logon - %AppDir%\extensions\websitelogon@truesuite.com - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqwqoa8g.default-1450443266236 2F4781F84C92E8C4B1586E47A78E8A61 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.50.255 684F2DF31062413E094280891DCB6EE1 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll - Shockwave for Director / Shockwave for Director 5DF56521E8985BFD8F21A3D97A4D4574 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll - Shockwave Flash D2B5242013356AF422A42B9FAA4056C2 - C:\Users\User\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin F39B0F02542C637B75A3F2B26135239C - C:\Windows\SysWOW64\NPSM.dll - Microsoft® Windows® Operating System 1704A9A44828F271EC128E1EA46600E7 - C:\Windows\SysWOW64\NPSMDesktopProvider.dll - Microsoft® Windows®-besturingssysteem CE9C0D0B2D60944FE1C6286F12DD9411 - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System FD63DE29FE0A7E738BD81CA0EDDD8020 - C:\Users\User\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30-11-2015 07:36] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions fcfenmboojpjinhpgggodefccipikbpd - No path found[] Belfius Smart Card Reader Chrome Extension - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agicnfmechmlphpjmeefookfjhifbmhi Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Facebook Customizer (by Adblock Plus) - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm Kotnet Login - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdmhfbpjgldhcjpndjohjoiailndlog Google Docs Offline - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi AdBlock - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Avast Online Security - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Web Store Payments - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=nl-be" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com" "Default_Search_URL"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=nl-be" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{4C196110-0ED0-44DE-9E1B-EA681E27E83D} - http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} HKCU\SearchScopes "DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox HKCU\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\SOFTWARE\Mozilla\Firefox\Extensions\smartwebprinting@hp.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\smartwebprinting@hp.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPConnectionManager deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyDriveConnect.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCPluginUpdater deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\zqwqoa8g.default-1450443266236\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=115 folders=87 257522511 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\TEMP\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 19-12-2015 at 18:10:02,24 ======================