Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by francist on do 11-02-2016 at 12:50:31,69. Microsoft Windows 10 Pro 10.0.10586 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\francist\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 11-2-2016 12:52:52 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\Common Files\Symantec Shared deleted successfully C:\PROGRA~2\Comms deleted successfully C:\PROGRA~2\SoftwareDistribution deleted successfully C:\Users\francist\AppData\Local\ActiveSync deleted successfully C:\Users\francist\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3730078115-3281393171-2249441152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3730078115-3281393171-2249441152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TuneUp.UtilitiesSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater40.2.5 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\francist\AppData\Roaming\Mozilla\Firefox\Profiles\jt4zovbk.default-1448637341249 user.js not found ---- Lines mysearch removed from prefs.js ---- user_pref("browser.startup.homepage", "https://mysearch.avg.com/?cid={94F9534A-F5FD-4C8A-8231-27A3CF955A96}&mid=fa654a13166347d3810bd156963d5ea5-22cea ---- FireFox user.js and prefs.js backups ---- prefs_11-02-2016_1309_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "vProt"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dropbox.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\finereader.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quickstart.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realconverter.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realplay.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realtrimmer.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rnxproc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rpsystray.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbase.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdraw.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\simpress.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smath.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snagit32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snagiteditor.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soffice.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swriter.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winproj.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe] ==== Deleting Files \ Folders ====================== C:\Users\francist\AppData\Roaming\sweet-page deleted C:\ProgramData\AVG Web TuneUp deleted C:\ProgramData\AVG Security Toolbar deleted C:\Users\francist\AppData\Local\AVG Web TuneUp deleted C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted C:\PROGRA~2\lWinManProl deleted C:\PROGRA~2\AVG Secure Search deleted C:\PROGRA~2\Package Cache deleted C:\Users\francist\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\System32\AI_RecycleBin deleted C:\Users\francist\AppData\Roaming\Mozilla\Firefox\Profiles\jt4zovbk.default-1448637341249\searchplugins\avg-secure-search.xml deleted "C:\Program Files\AVG Web TuneUp\vprot.exe" deleted "C:\Program Files\AVG Web TuneUp\vprot.exe" deleted "C:\Program Files\AVG Web TuneUp\vprot.exe" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\log4cplusU.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\40.2.5\avgdttbx.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\log4cplusU.dll" deleted "C:\Program Files\AVG Web TuneUp" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" deleted "C:\Program Files\AVG Web TuneUp" deleted "C:\Program Files\AVG Web TuneUp" deleted "C:\Program Files\Common Files\AVG Secure Search" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\40.2.5" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-02-10 10:14:25 FCBCED2A237DCD7EF86CED551B731742 4064320 ----a-w- C:\WINDOWS\explorer.exe 2016-01-29 09:29:19 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\ativpsrm.bin 2016-01-29 09:28:42 C11D8E7FDDEFD59C9F52C7EF79FE9AEA 67584 --s-a-w- C:\WINDOWS\bootstat.dat 2016-01-29 09:04:56 B2194EB444C603546EF4A53F65373E02 10449 ----a-w- C:\WINDOWS\diagerr.xml 2016-01-29 09:04:56 692CA5EBC9E0CEF0A8D0BE4DF7400CEE 9528 ----a-w- C:\WINDOWS\diagwrn.xml ====== C:\Users\francist\AppData\Local\Temp ==== ====== Java Cache ===== 2016-01-31 18:19:16 FFA22E4BDEE42608BFD97D1CB7A7208D 456 ----a-w- C:\Users\francist\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\1277dac0-1b481f7d 2016-01-31 18:19:15 75608CF57BA1FEE643B1F8C508D7B3D0 24241 ----a-w- C:\Users\francist\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\65678843-6561ac3f ====== C:\WINDOWS\system32 ===== 2016-02-10 10:14:39 8098C092B1C51D918C7FD17A0BC1B93A 18678272 ----a-w- C:\WINDOWS\System32\edgehtml.dll 2016-02-10 10:14:34 A898C851127646F4F657BBC7CD9DB987 19339776 ----a-w- C:\WINDOWS\System32\mshtml.dll 2016-02-10 10:14:32 3B0CA32C396D84B4D3984177EA615F07 12125696 ----a-w- C:\WINDOWS\System32\ieframe.dll 2016-02-10 10:14:31 01BFC0BC4D4986C7911B5A120E0EAC7B 9918976 ----a-w- C:\WINDOWS\System32\twinui.dll 2016-02-10 10:14:30 8B9DDC7866BD9B1A502D000D39CD40E3 5242496 ----a-w- C:\WINDOWS\System32\windows.storage.dll 2016-02-10 10:14:29 07A364F690FBA4183D266577989815E6 2977280 ----a-w- C:\WINDOWS\System32\win32kfull.sys 2016-02-10 10:14:28 000326E598D2F2FD1E0740F2123D28F9 942592 ----a-w- C:\WINDOWS\System32\reseteng.dll 2016-02-10 10:14:27 0FAFB579F8D0DD97D62EAF87AE552B03 21124344 ----a-w- C:\WINDOWS\System32\shell32.dll 2016-02-10 10:14:26 FBF8BBB141504F661FA7F6864D95C16B 2230784 ----a-w- C:\WINDOWS\System32\wininet.dll 2016-02-10 10:14:26 E6EE0236D61AE1B946B9FE7F059C694F 5662208 ----a-w- C:\WINDOWS\System32\Chakra.dll 2016-02-10 10:14:26 7A30D9C0B3AB3796BD6B7833ED456F82 1903616 ----a-w- C:\WINDOWS\System32\wuaueng.dll 2016-02-10 10:14:26 00ECC00ED8713D7FDE30323237C5CAEF 792064 ----a-w- C:\WINDOWS\System32\kerberos.dll 2016-02-10 10:14:25 E46F252B9C6F481754792F60C725107A 1541792 ----a-w- C:\WINDOWS\System32\ntdll.dll 2016-02-10 10:14:25 7A395D7F908257D298DDC8A190FBD1A0 1087488 ----a-w- C:\WINDOWS\System32\lsasrv.dll 2016-02-10 10:14:24 F02A0D9F011212BC96B6DEF4F0E42AE9 1504768 ----a-w- C:\WINDOWS\System32\urlmon.dll 2016-02-10 10:14:24 CBE2DFB96C188DC8913B0CCBFA50C2FF 1824264 ----a-w- C:\WINDOWS\System32\combase.dll 2016-02-10 10:14:24 52C8B2C9A9F61F2F1BE133E6015FA288 2919320 ----a-w- C:\WINDOWS\System32\iertutil.dll 2016-02-10 10:14:23 EC716A6D2F7120201071583379A248B9 1560848 ----a-w- C:\WINDOWS\System32\KernelBase.dll 2016-02-10 10:14:23 A9EEEFE4CFF7EEA891C77169A4C43D0A 295264 ----a-w- C:\WINDOWS\System32\msv1_0.dll 2016-02-10 10:14:23 7FCEAC6F67C822B63306D1F6CB8B8A4B 3666432 ----a-w- C:\WINDOWS\System32\jscript9.dll 2016-02-10 10:14:22 8A4FB745E66D5184DA2FD31735259EDB 299008 ----a-w- C:\WINDOWS\System32\microsoft-windows-system-events.dll 2016-02-10 10:14:22 884F688A48C43611D724E63F42346101 5798240 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe 2016-02-10 10:14:22 6EB3A9117D1849AE452110A2C66CC411 820704 ----a-w- C:\WINDOWS\System32\WinTypes.dll 2016-02-10 10:14:21 F87C928A9C09611670BBF6533281003C 162816 ----a-w- C:\WINDOWS\System32\msorcl32.dll 2016-02-10 10:14:21 F7169F42A954DEAD789529859921BD36 81112 ----a-w- C:\WINDOWS\System32\OpenWith.exe 2016-02-10 10:14:21 C125005880ED737E95454A93DF76A817 279376 ----a-w- C:\WINDOWS\System32\systemreset.exe 2016-02-10 10:14:20 AD18802933E2F0BD9FDE02FF35D8AEC3 118272 ----a-w- C:\WINDOWS\System32\mtxoci.dll 2016-02-10 10:14:20 0FC0E3CA4D36EB8A3BC1BA48436C1645 63488 ----a-w- C:\WINDOWS\System32\cfgbkend.dll 2016-02-10 10:14:20 0B247775E6D85763E490BAE3B7CE0CB9 31232 ----a-w- C:\WINDOWS\System32\ztrace_maps.dll 2016-02-10 10:14:19 F7F4D3C8F419097D5219C80B811978A9 203264 ----a-w- C:\WINDOWS\System32\iassam.dll 2016-02-10 10:14:19 EC0F9E1BF64F2162F232C072BB1D6768 45568 ----a-w- C:\WINDOWS\System32\jsproxy.dll 2016-02-10 10:14:18 B4974CD853D21A8B35031BBF3DDB22BA 81408 ----a-w- C:\WINDOWS\System32\ngckeyenum.dll 2016-02-10 10:14:18 529D8C676C042EC2E6930221F81C1A4A 99840 ----a-w- C:\WINDOWS\System32\hlink.dll 2016-02-10 10:14:18 3ADA661523773B1A461CCA2BB1E4478B 65536 ----a-w- C:\WINDOWS\System32\wininetlui.dll 2016-01-29 21:38:24 D44345210CAC304817FAFBD4F0671E2C 6971752 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll 2016-01-29 21:37:18 FB105327027BFD691840687456690BBA 2796032 ----a-w- C:\WINDOWS\System32\Windows.Media.dll 2016-01-29 21:37:17 AD780450655553B8A55B327E2051D42F 2180128 ----a-w- C:\WINDOWS\System32\mfcore.dll 2016-01-29 21:37:17 6E7BF3FB027D46B7DEFCFFBEF8C4511D 2026736 ----a-w- C:\WINDOWS\System32\msxml6.dll 2016-01-29 21:37:17 32BF0F999279961833888317C3FE45D9 2061824 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll 2016-01-29 21:36:25 674333934AEF201C56419742CD86782B 973664 ----a-w- C:\WINDOWS\System32\LicenseManager.dll 2016-01-29 21:36:21 D80737E0C4AFE5D4714D14F27A9E6CFB 1706496 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll 2016-01-29 21:36:09 8FA6855FCD9F683BC6761B97F7F48408 13018624 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll 2016-01-29 21:36:07 1F7C4CBC0C5788E3E91C08A3D32F7BB9 1118208 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll 2016-01-29 21:36:04 5B64BFE61393D22D908BB5E2A17B6147 1328128 ----a-w- C:\WINDOWS\System32\comsvcs.dll 2016-01-29 21:36:02 8310F69B59EFA4EC47B6B3F535BFC3CB 898184 ----a-w- C:\WINDOWS\System32\mfsrcsnk.dll 2016-01-29 21:36:01 D8E958F0E5929BFEC15238E0E1F94C64 983464 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll 2016-01-29 21:36:01 B934E18B1A20A26768F57EDBD6882A38 884256 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll 2016-01-29 21:35:53 AD509AC05E94B96768165FA744642AD9 703840 ----a-w- C:\WINDOWS\System32\WWAHost.exe 2016-01-29 21:35:53 110A45F765495043CB8ED918FEFD8D90 572928 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll 2016-01-29 21:35:52 A9B375A65A92C45D9723B1BAD8F87D1E 1105920 ----a-w- C:\WINDOWS\System32\Windows.Media.Audio.dll 2016-01-29 21:35:52 76B00BE575C4D8CF3D7334240C8DAF90 683008 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll 2016-01-29 21:35:52 600A12A37D8F0B98E3497C59505338D1 716928 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll 2016-01-29 21:35:52 15CBF93FDCD9CA05C94FC83722E7F364 706048 ----a-w- C:\WINDOWS\System32\usermgr.dll 2016-01-29 21:35:51 532AC1D121972B17BE523A9988A3A0E5 2155008 ----a-w- C:\WINDOWS\System32\authui.dll 2016-01-29 21:35:34 A1EB9EF86954DF012BD3A48803DB36C8 6297088 ----a-w- C:\WINDOWS\System32\mos.dll 2016-01-29 21:35:33 FD6EE242ACD2E05AFE920139D12C3053 670928 ----a-w- C:\WINDOWS\System32\mfds.dll 2016-01-29 21:35:33 F8C66D9D6AEC233715C8B32DB203EF6D 502112 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll 2016-01-29 21:35:32 6D151B11358362786C45F1A4A21576FA 925064 ----a-w- C:\WINDOWS\System32\mfplat.dll 2016-01-29 21:35:32 302A0BE9FA2874A3E99C0E25C992E7C7 1467392 ----a-w- C:\WINDOWS\System32\GdiPlus.dll 2016-01-29 21:35:30 EDD93EDB3758471A4862D3CF70FE9007 503296 ----a-w- C:\WINDOWS\System32\vbscript.dll 2016-01-29 21:35:30 79061676C5B8CB6C8658D31367CBC548 588288 ----a-w- C:\WINDOWS\System32\PhoneService.dll 2016-01-29 21:35:30 66FC7843E349C68F424EB79E0A17D8D2 493056 ----a-w- C:\WINDOWS\System32\winlogon.exe 2016-01-29 21:35:29 104ED5E318C5EED6178BE9F4B4E1E5A2 4759040 ----a-w- C:\WINDOWS\System32\d2d1.dll 2016-01-29 21:35:28 C85501FE7EFD33E06A877B8786F396B6 462760 ----a-w- C:\WINDOWS\System32\mfreadwrite.dll 2016-01-29 21:35:28 0604004E6311491796A8586846B9B929 820224 ----a-w- C:\WINDOWS\System32\XboxNetApiSvc.dll 2016-01-29 21:35:27 775C32A6DE7E9702CB04B10C69D80457 450904 ----a-w- C:\WINDOWS\System32\MFCaptureEngine.dll 2016-01-29 21:35:27 2B6C84CF3AE5E1CEE5C763115DAF5FB4 389120 ----a-w- C:\WINDOWS\System32\schannel.dll 2016-01-29 21:35:17 D65BB03F5A41B9B49B673D42044388EF 1154560 ----a-w- C:\WINDOWS\System32\win32kbase.sys 2016-01-29 21:35:17 0A8409C137B580A3EEB80E33649044F3 701384 ----a-w- C:\WINDOWS\System32\mfnetcore.dll 2016-01-29 21:35:16 59ED6F0C5F7AE0311EFB5C57925F02C9 233984 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll 2016-01-29 21:35:16 30D9F2E3C7195227AF1F5E839A2A5106 926560 ----a-w- C:\WINDOWS\System32\winload.exe 2016-01-29 21:35:16 0B7C5790893F3650162BED4BEA35D9A6 695752 ----a-w- C:\WINDOWS\System32\WMADMOD.DLL 2016-01-29 21:35:15 2236E31FDBF29B5C4B6E36F355347DD8 1300016 ----a-w- C:\WINDOWS\System32\WpcMon.exe 2016-01-29 21:35:14 794D6891102C4CA040C64CB76966CC58 1273728 ----a-w- C:\WINDOWS\System32\user32.dll 2016-01-29 21:35:14 60B9A4BA0654466FF112D540BF325176 433664 ----a-w- C:\WINDOWS\System32\MBMediaManager.dll 2016-01-29 21:35:13 44CBF47585584D74C3D0C2320031E539 569856 ----a-w- C:\WINDOWS\System32\qdvd.dll 2016-01-29 21:35:07 70A2A6670F4F38F66D0759FEA36458D1 1051584 ----a-w- C:\WINDOWS\System32\winload.efi 2016-01-29 21:35:00 A2D4D3DC17A53C0FE5BA36F041F8E9C1 641728 ----a-w- C:\WINDOWS\System32\generaltel.dll 2016-01-29 21:35:00 0FA8D61A4D4F56063113F9DA4E18848B 289248 ----a-w- C:\WINDOWS\System32\MFPlay.dll 2016-01-29 21:34:59 CBB102963C67F260E72ADC765824271D 826880 ----a-w- C:\WINDOWS\System32\audiosrv.dll 2016-01-29 21:34:59 973E60E30EA0364525DC5F359CB061EA 1552896 ----a-w- C:\WINDOWS\System32\wlidsvc.dll 2016-01-29 21:34:59 627DC6C1A8D38FFC64BF884C2DE90410 573440 ----a-w- C:\WINDOWS\System32\qedit.dll 2016-01-29 21:34:59 27492454AA6473C1EA4AD68D43362221 484864 ----a-w- C:\WINDOWS\System32\wcmsvc.dll 2016-01-29 21:34:59 0B8C82099C16CC3AF45ABBE9BADC0B0C 498176 ----a-w- C:\WINDOWS\System32\MessagingDataModel2.dll 2016-01-29 21:34:58 6F260156AB9C4C38A7AF7C333F641746 1793024 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll 2016-01-29 21:34:57 D8A5A0329A80F00BEEF3913B4443DDEB 301056 ----a-w- C:\WINDOWS\System32\MDEServer.exe 2016-01-29 21:34:57 337E7D5B768ABDBEA9F17823F76D5F1B 381952 ----a-w- C:\WINDOWS\System32\mfmkvsrcsnk.dll 2016-01-29 21:34:56 7BA4B67BDA4222B55FA700E31B63F32D 208176 ----a-w- C:\WINDOWS\System32\mftranscode.dll 2016-01-29 21:34:56 618F2F816184ACD818984435BCF90884 168448 ----a-w- C:\WINDOWS\System32\wcmcsp.dll 2016-01-29 21:34:55 4CE9BF384DAAE2BF9E49C5B7E2F106F0 270848 ----a-w- C:\WINDOWS\System32\MSFlacDecoder.dll 2016-01-29 21:34:54 6F9FEEB36510524C956E6E8D987CB1D5 1696176 ----a-w- C:\WINDOWS\System32\WMALFXGFXDSP.dll 2016-01-29 21:34:45 A680339559FBC02BC0854D73DDE85C7B 1174008 ----a-w- C:\WINDOWS\System32\msctf.dll 2016-01-29 21:34:45 38B72D108FEA74BAB5B240A791E3D482 203104 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll 2016-01-29 21:34:44 86128937B83E51BF543CBCB854AE4FFC 405568 ----a-w- C:\WINDOWS\System32\AudioSes.dll 2016-01-29 21:34:43 C8892F76C2D15CB1175E3F7A04D07904 890880 ----a-w- C:\WINDOWS\System32\WMSPDMOD.DLL 2016-01-29 21:34:43 53F74B2F4AEA9C6A7BB9DABDCC3C7431 613888 ----a-w- C:\WINDOWS\System32\winhttp.dll 2016-01-29 21:34:41 789FB26FFDE8D0B6FAA6B778853CF0B4 1223168 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe 2016-01-29 21:34:40 460025624EE2152F2FB7486960CBE112 204288 ----a-w- C:\WINDOWS\System32\provengine.dll 2016-01-29 21:34:40 30C2700A2CDEF6042585C9296ABC9054 499432 ----a-w- C:\WINDOWS\System32\advapi32.dll 2016-01-29 21:34:39 B44BC5CC78CF476028D1939A7712BD93 652312 ----a-w- C:\WINDOWS\System32\evr.dll 2016-01-29 21:34:30 F9EB151571AB85B2F7A035B5CAB6475F 959840 ----a-w- C:\WINDOWS\System32\aeinv.dll 2016-01-29 21:34:30 AFA5A77BB7F6FEFBDB9CAE34D3A215CF 1944576 ----a-w- C:\WINDOWS\System32\InputService.dll 2016-01-29 21:34:30 3A24E199AA5A30D6E7C30D01E2BF4C7E 161280 ----a-w- C:\WINDOWS\System32\InstallAgent.exe 2016-01-29 21:34:29 5E312BF7E912AAE9DA472B0027C4B8A9 709688 ----a-w- C:\WINDOWS\System32\mfsvr.dll 2016-01-29 21:34:29 1C22BFBABCF389F2A985A32C01819467 5202944 ----a-w- C:\WINDOWS\System32\BingMaps.dll 2016-01-29 21:34:24 D1DCC52ECBC85AB123509C683E8F12AC 123904 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe 2016-01-29 21:34:24 5561E40D95AC576A9CCDF6D0BA577354 599904 ----a-w- C:\WINDOWS\System32\invagent.dll 2016-01-29 21:34:18 626E736B04150EC59601D2D3EEFEDA6D 123392 ----a-w- C:\WINDOWS\System32\ProximityCommon.dll 2016-01-29 21:34:12 848606B6742D80BF6A7DD30E580BA7A9 1626624 ----a-w- C:\WINDOWS\System32\dwmcore.dll 2016-01-29 21:34:11 D0C48E54B65F6FCF9695D3988E24FB39 149504 ----a-w- C:\WINDOWS\System32\storewuauth.dll 2016-01-29 21:34:11 38AE24B1BB6C1D67ED81E63951B781FC 144384 ----a-w- C:\WINDOWS\System32\wscsvc.dll 2016-01-29 21:34:11 2003BE1653553FBC9D809BA40AEE4D68 1542656 ----a-w- C:\WINDOWS\System32\quartz.dll 2016-01-29 21:34:11 0B202554398DBFDEE5777CDC2E6C8254 364168 ----a-w- C:\WINDOWS\System32\services.exe 2016-01-29 21:34:10 94A99147A62D9830676B47D2BFA8FA46 125440 ----a-w- C:\WINDOWS\System32\wshom.ocx 2016-01-29 21:34:10 132209E26098FCDDEC023B460E68EBEB 1070080 ----a-w- C:\WINDOWS\System32\WMSPDMOE.DLL 2016-01-29 21:34:08 F2061A1835E8844637168800292309BF 84832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll 2016-01-29 21:34:08 76D352B877C990F96B7B85CA95C15BD3 608256 ----a-w- C:\WINDOWS\System32\MapsStore.dll 2016-01-29 21:34:06 9F403CC92DC7B18F204FC364CE89FE7C 297072 ----a-w- C:\WINDOWS\System32\audiodg.exe 2016-01-29 21:34:06 09C206C7C594BE128DDB477816008FEF 97792 ----a-w- C:\WINDOWS\System32\dialserver.dll 2016-01-29 21:34:05 3F8B09A6D234877025A5EBECF9151F58 162816 ----a-w- C:\WINDOWS\System32\MTF.dll 2016-01-29 21:34:04 7A48941BD36C50DC2D66F0BBA701A73E 176128 ----a-w- C:\WINDOWS\System32\MTFServer.dll 2016-01-29 21:34:01 51B550A0FBFA6E04F8595ED0BD99C202 100160 ----a-w- C:\WINDOWS\System32\MP3DMOD.DLL 2016-01-29 21:33:55 B33A7EE529960BB112C95F875875491B 433504 ----a-w- C:\WINDOWS\System32\devinv.dll 2016-01-29 21:33:55 7D81335F3FCD9C37DE3C8C9989428C99 431240 ----a-w- C:\WINDOWS\System32\WWanAPI.dll 2016-01-29 21:33:55 4A49EC3B4063CC569134D2BA64FA5022 350720 ----a-w- C:\WINDOWS\System32\CredProvDataModel.dll 2016-01-29 21:33:55 4466D3B7E9F92C63571B7405ACE137D0 109056 ----a-w- C:\WINDOWS\System32\flvprophandler.dll 2016-01-29 21:33:54 F58AFDE7C8F12E247BC3A83359804CAA 140800 ----a-w- C:\WINDOWS\System32\shutdownux.dll 2016-01-29 21:33:54 EADB21EC74FCD3391A3C6631CCDE9B2C 1028608 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll 2016-01-29 21:33:54 A9E33F498846F8440DAC18991BE2B584 1137856 ----a-w- C:\WINDOWS\System32\appraiser.dll 2016-01-29 21:33:54 5814754D92DBD471D5AB7437B20EE3F0 687616 ----a-w- C:\WINDOWS\System32\msfeeds.dll 2016-01-29 21:33:53 04A0DAFAD2CA21DE28057F05BF63A967 463360 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll 2016-01-29 21:33:50 DDC479FA1A36285BFC1EF25B547403C3 273408 ----a-w- C:\WINDOWS\System32\SensorsApi.dll 2016-01-29 21:33:46 D9EF9F5DA78CD085FD23C8EBB6108662 409088 ----a-w- C:\WINDOWS\System32\StoreAgent.dll 2016-01-29 21:33:39 FFC1668489B3FD901A152CEAA5145BEA 168360 ----a-w- C:\WINDOWS\System32\wscapi.dll 2016-01-29 21:33:39 F70E740860B62BB2AFF19095933D8D1B 398848 ----a-w- C:\WINDOWS\System32\srcore.dll 2016-01-29 21:33:37 8A26A15B852AF385469AD62865CCAE7F 2050048 ----a-w- C:\WINDOWS\System32\inetcpl.cpl 2016-01-29 21:33:33 231B2A35098FF389FF5D7DCC6B9A6E7A 122368 ----a-w- C:\WINDOWS\System32\omadmclient.exe 2016-01-29 21:33:33 1F48933EFAB68EDD3B456C78E17B89CE 871936 ----a-w- C:\WINDOWS\System32\MSMPEG2ENC.DLL 2016-01-29 21:33:32 A18F8AAC3EEBDF2D98A82A66C327404F 411136 ----a-w- C:\WINDOWS\System32\SmsRouterSvc.dll 2016-01-29 21:33:32 6CE4F5BC53932C885B2276C2B352065C 34816 ----a-w- C:\WINDOWS\System32\usermgrcli.dll 2016-01-29 21:33:29 EF3D963CD01DBBBAA7394BB1A638A1BB 116728 ----a-w- C:\WINDOWS\System32\mfps.dll 2016-01-29 21:33:24 A60B02C7D70EEBF8E362BA5C06339177 366224 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll 2016-01-29 21:33:23 4E5E9DF5290C7D41E3E7F57C1DAB616F 353792 ----a-w- C:\WINDOWS\System32\DscCore.dll 2016-01-29 21:33:23 4C421E34FF4A836590401A3E9A5B5DE8 415744 ----a-w- C:\WINDOWS\System32\catsrvut.dll 2016-01-29 21:33:22 FAA5A3DE34FD44C220691C4527E88453 157696 ----a-w- C:\WINDOWS\System32\SimCfg.dll 2016-01-29 21:33:22 AD0450E2D2241FE93BB3B93BEFEC7D48 614912 ----a-w- C:\WINDOWS\System32\fveapi.dll 2016-01-29 21:33:21 D99D73C3C2D43BFFACF0D15033DA6B4D 53248 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll 2016-01-29 21:33:21 3A280280AEA583EAB0375C330F7A6CE9 335872 ----a-w- C:\WINDOWS\System32\iedkcs32.dll 2016-01-29 21:33:20 CBBE2AE683A404179DF898D4EAD914CE 199168 ----a-w- C:\WINDOWS\System32\provhandlers.dll 2016-01-29 21:33:17 3DC2B14F0D9AB2358F1F99B75B4DA076 325120 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll 2016-01-29 21:33:13 8880848DC5DEE8BF8FE34DBC57C5655C 129024 ----a-w- C:\WINDOWS\System32\SimAuth.dll 2016-01-29 21:32:59 0A1B73BDF991F28BB4DADA3FBE336B70 309088 ----a-w- C:\WINDOWS\System32\wifitask.exe 2016-01-29 21:32:40 502937AB9A06F98B60232ACFAA2BF404 186368 ----a-w- C:\WINDOWS\System32\ie4uinit.exe 2016-01-29 21:32:40 220AC8BC8061A93A1A962CE8A4C4AB00 140800 ----a-w- C:\WINDOWS\System32\MusNotification.exe 2016-01-29 21:32:39 B3A8463C47E0E7007382A12176ACBD46 200704 ----a-w- C:\WINDOWS\System32\DisplayManager.dll 2016-01-29 21:32:39 A589CD44BDB433F727EE84792FCCF0C0 87040 ----a-w- C:\WINDOWS\System32\MapsBtSvc.dll 2016-01-29 21:32:39 4F5F1E4C323F6D40E1BB0CC0DC18CE0E 73728 ----a-w- C:\WINDOWS\System32\policymanagerprecheck.dll 2016-01-29 21:32:39 29EF8EC898FE21680DB5FB15DB513EC8 235008 ----a-w- C:\WINDOWS\System32\ksproxy.ax 2016-01-29 21:32:39 163520CFB807FF90F8E0605BDE52EFF7 48128 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe 2016-01-29 21:32:38 B1173096FD6DC41F03B6999354BC1CE4 497664 ----a-w- C:\WINDOWS\System32\StorSvc.dll 2016-01-29 21:32:38 559358D3C39A1EC0D944714C32FAD582 799744 ----a-w- C:\WINDOWS\System32\rasdlg.dll 2016-01-29 21:32:35 3F0A974B1FF6979681AB9F52C3C5BDC0 238080 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll 2016-01-29 21:32:32 8984242A86764C5BD97D539EA40FA9B4 60416 ----a-w- C:\WINDOWS\System32\SMSRouter.dll 2016-01-29 21:32:32 1C1DC38D8D6E075DE06ED174B9E81FE9 535040 ----a-w- C:\WINDOWS\System32\rastls.dll 2016-01-29 21:32:25 5C481928AA9636DA64AEB4443BA2AA69 135168 ----a-w- C:\WINDOWS\System32\provisioningcsp.dll 2016-01-29 21:32:21 9797BB52F1943B78CD245B41AE833E1F 653312 ----a-w- C:\WINDOWS\System32\rasapi32.dll 2016-01-29 21:32:20 DBE39E4BDCC3D8F49A2B0277652120D0 41984 ----a-w- C:\WINDOWS\System32\pcaui.exe 2016-01-29 21:32:20 2DE2DAF437341AECB280DBFE88CBB581 346112 ----a-w- C:\WINDOWS\System32\MapConfiguration.dll 2016-01-29 21:32:19 5FDEA752B7EB1D1C403709636E22E21F 396800 ----a-w- C:\WINDOWS\System32\ipnathlp.dll 2016-01-29 21:32:18 966DFA9D02276E67B3EBC0EC911E193B 438784 ----a-w- C:\WINDOWS\System32\Windows.Networking.UX.EapRequestHandler.dll 2016-01-29 21:32:17 002FEA8D8DAD387F4127846A36202E40 203264 ----a-w- C:\WINDOWS\System32\moshostcore.dll 2016-01-29 21:32:01 9CBBFF383012199E612FE72877299882 93184 ----a-w- C:\WINDOWS\System32\rasauto.dll 2016-01-29 21:32:01 650A2E42A8965FEEF24105EF3D19780B 510976 ----a-w- C:\WINDOWS\System32\wlidcli.dll 2016-01-29 21:32:01 288B5CD7045B549F96B36675785392EC 140288 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll 2016-01-29 21:32:00 CF17C8CA575EC10ACDE1671CDED01B73 17408 ----a-w- C:\WINDOWS\System32\rasautou.exe 2016-01-29 21:32:00 9D0BD0FF21F86AE74245A50F657A9F77 382976 ----a-w- C:\WINDOWS\System32\wbiosrvc.dll 2016-01-29 21:32:00 04174F7AC86FBC4C28762DDBC7A8F2A7 1496064 ----a-w- C:\WINDOWS\System32\aitstatic.exe 2016-01-29 21:31:59 DAAEFA9CDDAFC2096B8D0D0F2F0AD6F0 107520 ----a-w- C:\WINDOWS\System32\FilterDS.dll 2016-01-29 21:31:59 9E84E013166E29FEA871E5E596BD52B5 151552 ----a-w- C:\WINDOWS\System32\KnobsCore.dll 2016-01-29 21:31:59 907532FFDE2CB2F49B441880F035C967 120832 ----a-w- C:\WINDOWS\System32\provdatastore.dll 2016-01-29 21:31:59 5A414B58FE411CC4F3F84CE0ABDB68F3 133632 ----a-w- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll 2016-01-29 21:31:59 25274997B7249705C3D346B12964FFBB 50688 ----a-w- C:\WINDOWS\System32\moshost.dll 2016-01-29 21:31:58 B745ED5B35D628C4F4D8918930E25188 335360 ----a-w- C:\WINDOWS\System32\DDDS.dll 2016-01-29 21:31:58 708D0744D65977AE69230A30063C7AFA 192512 ----a-w- C:\WINDOWS\System32\fveapibase.dll 2016-01-29 21:31:58 3FF51A71289B43752061B6EC24B8045E 44032 ----a-w- C:\WINDOWS\System32\provtool.exe 2016-01-29 21:31:57 64F7A89D4DBFA69D40C7C1FF5BB4457E 166912 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll 2016-01-29 21:31:56 EEBE15EFF20FD10C7EE6D6A1FD31F6AE 14848 ----a-w- C:\WINDOWS\System32\wshrm.dll 2016-01-29 21:31:56 4A2AD2C3B186FFE8EFE4DC7AB492F73E 79360 ----a-w- C:\WINDOWS\System32\winhttpcom.dll 2016-01-29 21:31:55 E8E1211E912DB0137E21EA0837E68FFD 11776 ----a-w- C:\WINDOWS\System32\sscoreext.dll 2016-01-29 21:31:55 B7B67257F01B0B814066F245DAD34367 93696 ----a-w- C:\WINDOWS\System32\winbio.dll 2016-01-29 21:31:55 866A9F8875D17A47B0D9B08A782D97FF 176128 ----a-w- C:\WINDOWS\System32\aepic.dll 2016-01-29 21:31:54 4F03BB612736C82CEEF37DB5417A6E99 89600 ----a-w- C:\WINDOWS\System32\win32k.sys 2016-01-29 21:31:50 27C3814755F5078A06B3B95CC6BAD111 13312 ----a-w- C:\WINDOWS\System32\rasadhlp.dll 2016-01-29 21:31:48 96D60277EF8CB48BD3D920298C9D7F83 11776 ----a-w- C:\WINDOWS\System32\rastlsext.dll 2016-01-29 21:31:48 192B579E14C116D2B742FEBE85A4D3C1 2756096 ----a-w- C:\WINDOWS\System32\mshtml.tlb 2016-01-29 21:31:47 F60E1993D8D8FD2E23516C1278B209C1 34304 ----a-w- C:\WINDOWS\System32\BackgroundTransferHost.exe 2016-01-29 21:31:47 C31497BE0B66DFF987E8BBF7108633A9 103424 ----a-w- C:\WINDOWS\System32\wificonnapi.dll 2016-01-29 21:31:47 A5262EAC7484855AF901D3815239CCB4 7680 ----a-w- C:\WINDOWS\System32\readingviewresources.dll 2016-01-29 21:31:47 87D8A048A8F0EE702DEC3FEA8DF0C037 25600 ----a-w- C:\WINDOWS\System32\StorageUsage.dll 2016-01-29 21:31:47 7F9FD6CDCF37260243418814398D0177 40448 ----a-w- C:\WINDOWS\System32\Windows.Networking.XboxLive.ProxyStub.dll 2016-01-29 19:03:50 CEFEF0297A2DD097D86017A842BABB4B 5739520 ----a-w- C:\WINDOWS\System32\prm0009.dll 2016-01-29 19:03:49 6F2CA3BDD1C78C465BC0C1E5DDA15B28 2629632 ----a-w- C:\WINDOWS\System32\NlsLexicons0009.dll 2016-01-29 19:03:49 14129011499850E46153AB0E6C325F87 4847616 ----a-w- C:\WINDOWS\System32\NlsData0009.dll 2016-01-29 09:46:55 20C1983C2962D7F903D55B87B482DE14 21552 ----a-w- C:\WINDOWS\System32\emptyregdb.dat 2016-01-29 09:31:33 EB13FED63B562F2564D50C187513E067 2088024 ----a-w- C:\WINDOWS\System32\PerfStringBackup.INI 2016-01-29 09:27:25 68D2A57BA3B4533919D91F917E286447 378464 ----a-w- C:\WINDOWS\System32\FNTCACHE.DAT 2016-01-29 09:26:23 1008D525DBD436AB171CE6EF432F92D1 44147 ----a-w- C:\WINDOWS\System32\license.rtf 2016-01-29 09:22:47 F7F009E10E52C760EF48D2AD7E4D892E 29696 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe 2016-01-29 09:22:47 F0ED21F9D39229B305C363B6ED023170 11776 ----a-w- C:\WINDOWS\System32\dciman32.dll 2016-01-29 09:22:47 D0693220928997E1DD513B261AF86308 454056 ----a-w- C:\WINDOWS\System32\AudioEng.dll 2016-01-29 09:22:47 BC6B60847CDEFFB3DE3AA394366881DF 490496 ----a-w- C:\WINDOWS\System32\Windows.UI.dll 2016-01-29 09:22:47 A95DDF60D6EC95625C4987750619C5DB 93696 ----a-w- C:\WINDOWS\System32\fontsub.dll 2016-01-29 09:22:47 A4CC1E8330E839AA619978E61AEEEAC4 73360 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll 2016-01-29 09:22:47 93050CE746C09F2F6F49A4893FB060ED 647168 ----a-w- C:\WINDOWS\System32\jscript.dll 2016-01-29 09:22:47 8E93F5481D1A608D90104F24DD610B76 540752 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe 2016-01-29 09:22:47 8E2CB7E297C2631CB063319377ED7AD0 303104 ----a-w- C:\WINDOWS\System32\atmfd.dll 2016-01-29 09:22:47 663BB5E8F425300F19408A962B268D7F 113624 ----a-w- C:\WINDOWS\System32\EncDump.dll 2016-01-29 09:22:47 54F47C0CD2DE99A7B8C7583CF6C22D92 3072 ----a-w- C:\WINDOWS\System32\lpk.dll 2016-01-29 09:22:47 54653101CE8F04569B6E49551E882267 748032 ----a-w- C:\WINDOWS\System32\wpncore.dll 2016-01-29 09:22:47 4D554EA34AE794FB3290FD3500501A63 29696 ----a-w- C:\WINDOWS\System32\iernonce.dll 2016-01-29 09:22:47 2C5A8D334EFB14914B1618247CD0DAAF 37376 ----a-w- C:\WINDOWS\System32\atmlib.dll 2016-01-29 09:22:47 18548E72550BBEF6D7B1D11394EB0649 81088 ----a-w- C:\WINDOWS\System32\acmigration.dll 2016-01-29 09:22:47 0A1268471953D61709B68E2F1537E5ED 61440 ----a-w- C:\WINDOWS\System32\iesetup.dll 2016-01-29 09:22:45 FF5EAE824168CFF1DC160F709A051CC8 358912 ----a-w- C:\WINDOWS\System32\dmenrollengine.dll 2016-01-29 09:22:45 F69D5083FDF08E34125F81DC3321BB5D 6529024 ----a-w- C:\WINDOWS\System32\wwanmm.dll 2016-01-29 09:22:45 EDD54C760B9B70AA3857BD04941D20F8 67072 ----a-w- C:\WINDOWS\System32\wwanprotdim.dll 2016-01-29 09:22:45 EBB01B0223DBB9660E4FFB35854D69BF 400896 ----a-w- C:\WINDOWS\System32\winspool.drv 2016-01-29 09:22:45 E25595035712B43ED690478179284188 3197440 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll 2016-01-29 09:22:45 D213E29D66D7182AF58CB525EFC2F409 421888 ----a-w- C:\WINDOWS\System32\LogonController.dll 2016-01-29 09:22:45 CE751328E562F16EDA3437D8B6C81E0E 33280 ----a-w- C:\WINDOWS\System32\wsplib.dll 2016-01-29 09:22:45 CCD0ECBB9B48217F62005A3B30AEF776 18432 ----a-w- C:\WINDOWS\System32\Windows.Management.Provisioning.ProxyStub.dll 2016-01-29 09:22:45 C3493FC896147510C0B591BE776FAE41 40448 ----a-w- C:\WINDOWS\System32\RemovableMediaProvisioningPlugin.dll 2016-01-29 09:22:45 BD876D9654A3AEE5223EED4778E675BF 130560 ----a-w- C:\WINDOWS\System32\mdmmigrator.dll 2016-01-29 09:22:45 BBB582241B78E931D32DD0E713B9433D 58368 ----a-w- C:\WINDOWS\System32\BarcodeProvisioningPlugin.dll 2016-01-29 09:22:45 B1793DC47728F39E7EF9C1B1E034139F 140288 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll 2016-01-29 09:22:45 B13BE7A31C732B5773FDF51FB140B614 334336 ----a-w- C:\WINDOWS\System32\bcastdvr.exe 2016-01-29 09:22:45 A99C583B3D2337EFBA9709CFC484083F 951808 ----a-w- C:\WINDOWS\System32\wwansvc.dll 2016-01-29 09:22:45 A7EFEED89BCDBB8586B39EF9E98997C8 64000 ----a-w- C:\WINDOWS\System32\wwancfg.dll 2016-01-29 09:22:45 A2BB500813EB6A960EB362C0803DCC56 443744 ----a-w- C:\WINDOWS\System32\wimserv.exe 2016-01-29 09:22:45 993A4EE49BEE646566F80972E72B531D 116224 ----a-w- C:\WINDOWS\System32\dmcertinst.exe 2016-01-29 09:22:45 986E9A8EFFD88AE278EBDAA59E4B113C 385024 ----a-w- C:\WINDOWS\System32\wwanconn.dll 2016-01-29 09:22:45 7C4540E407794F95308DD4DCA750E537 549376 ----a-w- C:\WINDOWS\System32\CellularAPI.dll 2016-01-29 09:22:45 75F7D82383D8CF10D5999874993A2EF5 27136 ----a-w- C:\WINDOWS\System32\bcastdvr.proxy.dll 2016-01-29 09:22:45 754E3DE9A61C36A86CB6301FA0D16263 520704 ----a-w- C:\WINDOWS\System32\PhoneProviders.dll 2016-01-29 09:22:45 6BBB4172DDF348821C3C4B7FE844077B 1443328 ----a-w- C:\WINDOWS\System32\SRHInproc.dll 2016-01-29 09:22:45 5467DAD0BDB397D84052FCCF8686FB9C 60928 ----a-w- C:\WINDOWS\System32\mssign32.dll 2016-01-29 09:22:45 3B101F7C6FF56673FDC65C220FFE1EE3 48128 ----a-w- C:\WINDOWS\System32\ihvrilproxy.dll 2016-01-29 09:22:45 31DE6A034E8BBA043CB2F4612033C12A 296488 ----a-w- C:\WINDOWS\System32\policymanager.dll 2016-01-29 09:22:45 2AF0E5217FE677C29669E0243F28D64F 70656 ----a-w- C:\WINDOWS\System32\AppCapture.dll 2016-01-29 09:22:45 29B0AB47D5FF5E6926E66B9E23271D1A 1764864 ----a-w- C:\WINDOWS\System32\pnidui.dll 2016-01-29 09:22:45 24743A802C906182204DD92C821DF357 44544 ----a-w- C:\WINDOWS\System32\rilproxy.dll 2016-01-29 09:22:45 23A968565D51FEC30EADFBC70BE35117 793600 ----a-w- C:\WINDOWS\System32\SRH.dll 2016-01-29 09:22:45 1E7B13CDBA9D57D2BF54A7501FB17376 586080 ----a-w- C:\WINDOWS\System32\wimgapi.dll 2016-01-29 09:22:45 102F3BB5D63225A25817C8E44B85533F 63528 ----a-w- C:\WINDOWS\System32\wwapi.dll 2016-01-29 09:22:45 0D0D00B930014A3C2FB4BDCBF205598A 86016 ----a-w- C:\WINDOWS\System32\KnobsCsp.dll 2016-01-29 09:22:45 08560416CB05E037504E75C9FC9CFF35 118272 ----a-w- C:\WINDOWS\System32\provops.dll 2016-01-29 09:22:45 084BDCD719907E5B89F286238E0275E6 66560 ----a-w- C:\WINDOWS\System32\NFCProvisioningPlugin.dll 2016-01-29 09:22:45 027BA780411E28F94D7B652BDDC53783 43520 ----a-w- C:\WINDOWS\System32\Wwanpref.dll 2016-01-29 09:22:44 FAE7DA27029FDDA27375722B4DC387D7 138240 ----a-w- C:\WINDOWS\System32\ETWCoreUIComponentsResources.dll 2016-01-29 09:22:44 F7E43CE6745617BC3D61D4B3391C9F3A 66560 ----a-w- C:\WINDOWS\System32\tzautoupdate.dll 2016-01-29 09:22:44 F32770E19F1CB817274BC85824730E48 470528 ----a-w- C:\WINDOWS\System32\MbaeApi.dll 2016-01-29 09:22:44 F2D2E8091D0929884E6A86AFD9981E2F 2001408 ----a-w- C:\WINDOWS\System32\twinui.appcore.dll 2016-01-29 09:22:44 EBD19D0E20C113468631504BFE56FB3F 2185840 ----a-w- C:\WINDOWS\System32\d3d11.dll 2016-01-29 09:22:44 D707B12965D5E8DFBD7C5BF7FB12AF02 24064 ----a-w- C:\WINDOWS\System32\WordBreakers.dll 2016-01-29 09:22:44 D5E3869A0A510054A5699DDEFC8F3136 23552 ----a-w- C:\WINDOWS\System32\mapsupdatetask.dll 2016-01-29 09:22:44 D51618B0CB2B51F7D9B8DEB38A454126 36352 ----a-w- C:\WINDOWS\System32\UIAutomationCoreRes.dll 2016-01-29 09:22:44 CBEBD6D9314AD2047BD23F16509D8E4A 131584 ----a-w- C:\WINDOWS\System32\tetheringservice.dll 2016-01-29 09:22:44 CA260C1A4CFC95D49DBE4DAEDCD65585 58368 ----a-w- C:\WINDOWS\System32\MosStorage.dll 2016-01-29 09:22:44 C45A2E737585F84A6503EB4FAD9B6371 23552 ----a-w- C:\WINDOWS\System32\nativemap.dll 2016-01-29 09:22:44 C11AFEBFFDD62BA366D2F146212B415E 110592 ----a-w- C:\WINDOWS\System32\Microsoft-Windows-MapControls.dll 2016-01-29 09:22:44 BFB8E01951FF5081840F7F926D6F172B 17408 ----a-w- C:\WINDOWS\System32\wups2.dll 2016-01-29 09:22:44 B8422BC49928455E848A37F3649958D1 42496 ----a-w- C:\WINDOWS\System32\tetheringclient.dll 2016-01-29 09:22:44 B0DB58B85CF68C61AFBEFC107807FECF 784896 ----a-w- C:\WINDOWS\System32\NMAA.dll 2016-01-29 09:22:44 ADAF3873B0A29C4AFC0D8B89C3485A94 227840 ----a-w- C:\WINDOWS\System32\deviceaccess.dll 2016-01-29 09:22:44 AC742BB0B79CD4C535E6A317FD4A18A8 315904 ----a-w- C:\WINDOWS\System32\Windows.Internal.Bluetooth.dll 2016-01-29 09:22:44 AA0644D24DD488B1E1517189DD3DC00B 48640 ----a-w- C:\WINDOWS\System32\MosHostClient.dll 2016-01-29 09:22:44 A9B0C4D21059830FE0AD962F46010545 34304 ----a-w- C:\WINDOWS\System32\mapstoasttask.dll 2016-01-29 09:22:44 A971D150CD168A1F7BD775674896F02C 711680 ----a-w- C:\WINDOWS\System32\MapControlCore.dll 2016-01-29 09:22:44 A820BD54E6B4A68C6E4490EA23FA5650 1860096 ----a-w- C:\WINDOWS\System32\cdp.dll 2016-01-29 09:22:44 9FE071ED2AAE48A691D234E757297CF3 49152 ----a-w- C:\WINDOWS\System32\XblAuthTokenBrokerExt.dll 2016-01-29 09:22:44 9C28941E2ECC65A9E20825F3659F1036 23776 ----a-w- C:\WINDOWS\System32\wuauclt.exe 2016-01-29 09:22:44 9ACCC0C1786391EF1FD1FAF12AE22801 340480 ----a-w- C:\WINDOWS\System32\PlayToDevice.dll 2016-01-29 09:22:44 8BAD6657817E0960C7CB6026323828A1 511320 ----a-w- C:\WINDOWS\System32\mf.dll 2016-01-29 09:22:44 847B31F89A3009D5D851479224B7579A 2680320 ----a-w- C:\WINDOWS\System32\msftedit.dll 2016-01-29 09:22:44 7F64C196D3FA41C0F437A158FDEF7F50 800768 ----a-w- C:\WINDOWS\System32\JpMapControl.dll 2016-01-29 09:22:44 7E346926E807146BBDC024CF3A65C90C 727752 ----a-w- C:\WINDOWS\System32\dcomp.dll 2016-01-29 09:22:44 7CDF1630DCF7C9167E551874D18C3CE0 709120 ----a-w- C:\WINDOWS\System32\BingOnlineServices.dll 2016-01-29 09:22:44 761E6E736B47DA42D74227A26F658108 100864 ----a-w- C:\WINDOWS\System32\offlinelsa.dll 2016-01-29 09:22:44 6BECBA890B1AEB896C49C13E276FA8DD 80384 ----a-w- C:\WINDOWS\System32\SensorsNativeApi.V2.dll 2016-01-29 09:22:44 6AE2C3CFEA73E2D01CB1E00DBD1EC4A5 205824 ----a-w- C:\WINDOWS\System32\NmaDirect.dll 2016-01-29 09:22:44 69D01027783BCD13108501B147D923FA 43376 ----a-w- C:\WINDOWS\System32\SensorsUtilsV2.dll 2016-01-29 09:22:44 65E98344070A6C0B66ED476F735B14D3 59904 ----a-w- C:\WINDOWS\System32\EditBufferTestHook.dll 2016-01-29 09:22:44 65B18446114D3078A7ED997011E396CD 25088 ----a-w- C:\WINDOWS\System32\tetheringconfigsp.dll 2016-01-29 09:22:44 5A3BD4FC0B9240B831B6C1D994521B71 204800 ----a-w- C:\WINDOWS\System32\Microsoft-Windows-AppModelExecEvents.dll 2016-01-29 09:22:44 588E4109C8A78BC211AC1D5756652A67 1139200 ----a-w- C:\WINDOWS\System32\UIAutomationCore.dll 2016-01-29 09:22:44 57A2AAE6BD896F54767284BAB7C2D183 1859448 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll 2016-01-29 09:22:44 53E2029302DA056DE856D4C662663B2B 10240 ----a-w- C:\WINDOWS\System32\Microsoft-Windows-MosTrace.dll 2016-01-29 09:22:44 52838DDB3B20C7330A30D89509A93B55 1268736 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.Resources.dll 2016-01-29 09:22:44 4C85D9A9FD26D3F00BBF5D3F469F1800 241664 ----a-w- C:\WINDOWS\System32\cryptngc.dll 2016-01-29 09:22:44 4C27D0E3118F3C23335410C9E8FE00ED 240128 ----a-w- C:\WINDOWS\System32\SensorService.dll 2016-01-29 09:22:44 451356B814B46BB6582F307E24AA0863 9728 ----a-w- C:\WINDOWS\System32\Microsoft-Windows-MosHost.dll 2016-01-29 09:22:44 44EA232C4B4E9A24B68D8AD9BA363470 14848 ----a-w- C:\WINDOWS\System32\IcsEntitlementHost.exe 2016-01-29 09:22:44 3FCEAC0D175851962F9CF797A370A14F 3072 ----a-w- C:\WINDOWS\System32\MapControlStringsRes.dll 2016-01-29 09:22:44 3B1D8CE3E56BA82EF02C126226B7C357 948224 ----a-w- C:\WINDOWS\System32\Unistore.dll 2016-01-29 09:22:44 39EE017547FA46BB17C5D5D4D4DE8CA8 51128 ----a-w- C:\WINDOWS\System32\SensorsNativeApi.dll 2016-01-29 09:22:44 35383CA7169E12D885B9B553F59E3154 41984 ----a-w- C:\WINDOWS\System32\XblAuthManagerProxy.dll 2016-01-29 09:22:44 330D8E185C902CC14AFB60F1FF80ECEC 10752 ----a-w- C:\WINDOWS\System32\MapsBtSvcProxy.dll 2016-01-29 09:22:44 311E5D44DDFAD1A139CF780715D5DF41 538112 ----a-w- C:\WINDOWS\System32\XblAuthManager.dll 2016-01-29 09:22:44 2EECE39CDFFF244B2489FD8ACDC14D7A 517632 ----a-w- C:\WINDOWS\System32\PlayToManager.dll 2016-01-29 09:22:44 262D880248233D3A96C15F7C7E1BAD21 58368 ----a-w- C:\WINDOWS\System32\MosResource.dll 2016-01-29 09:22:44 211D4B4307F6B7323E52BA0A76CAD8C4 689152 ----a-w- C:\WINDOWS\System32\modernexecserver.dll 2016-01-29 09:22:44 1973BD62F29F443E9BC467FAA9F27159 83456 ----a-w- C:\WINDOWS\System32\InputLocaleManager.dll 2016-01-29 09:22:44 123BD3D4504BB548A823152EAC57DE00 32040 ----a-w- C:\WINDOWS\System32\mfpmp.exe 2016-01-29 09:22:44 0F95220B30A257B7C049C8E14B8DA245 74752 ----a-w- C:\WINDOWS\System32\MapsCSP.dll 2016-01-29 09:18:30 F432E0E5B0958F4982D40EB622FBD7FC 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe 2016-01-29 09:18:29 BF9CAA33ADD4C21C118148B5CFC5494B 778936 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll 2016-01-29 09:18:29 6F391E9286733CC6B34FC0FAB23B8DF3 103120 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll ====== C:\WINDOWS\system32\drivers ===== 2016-02-10 10:14:41 E981125E0D97ED9364B84AB018384FB8 483680 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys 2016-02-10 10:14:36 5BF3947CB2E05B65BFD293E71C405634 1714016 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys 2016-02-10 10:14:20 5865C9FCFB7A2175CD21270A785DFBB5 125952 ----a-w- C:\WINDOWS\System32\drivers\mrxdav.sys 2016-01-29 21:36:27 67CC605D5DDF5D9DC8BF5FBED1FF89B7 1821024 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys 2016-01-29 21:34:11 6434A57F79DFCE27F6AB73CB074910E2 121856 ----a-w- C:\WINDOWS\System32\drivers\rmcast.sys 2016-01-29 21:33:23 D0D7E162E702F4790A6EA4C0C1102258 771424 ----a-w- C:\WINDOWS\System32\drivers\http.sys 2016-01-29 21:31:59 BE2A61419D971AC8A3C00E027E1FC43F 48640 ----a-w- C:\WINDOWS\System32\drivers\usbser.sys 2016-01-29 19:03:48 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf 2016-01-29 09:22:47 1683BCB69B9950CD8C97865F3EC6781E 95072 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys 2016-01-29 09:22:47 0E423A5854E1265F3B6D27332601355F 471392 ----a-w- C:\WINDOWS\System32\drivers\afd.sys 2016-01-29 09:22:45 9E649CA7603DFE8ABB69568524A616BF 30048 ----a-w- C:\WINDOWS\System32\drivers\wimmount.sys 2016-01-29 09:22:44 7D30C95B11EE389E962DD04C60C2D270 504624 ----a-w- C:\WINDOWS\System32\drivers\cng.sys 2016-01-29 09:22:44 6A813C491F74C68F518E7968CFE1D771 139616 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys 2016-01-29 09:22:44 57A7585BB9952E90C4A791833EB31B99 76128 ----a-w- C:\WINDOWS\System32\drivers\sdstor.sys 2016-01-29 09:22:44 53453E09F6A80A5019E93792F3E0BC04 96768 ----a-w- C:\WINDOWS\System32\drivers\capimg.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-02-09 19:49:08 -------- d-----w- C:\Program Files\Speccy 2016-02-09 16:07:02 -------- d-----w- C:\Program Files\Reason 2016-01-29 09:35:36 -------- d-----w- C:\Program Files\Common Files\SpeechEngines 2016-01-29 09:28:55 -------- d-----w- C:\Program Files\Realtek 2016-01-29 09:18:58 -------- d---a-w- C:\Program Files\MSBuild 2016-01-29 09:18:58 -------- d-----w- C:\Program Files\Reference Assemblies ======= C: ===== 2016-01-29 09:12:02 93B885ADFE0DA089CDF634904FD59F71 1 --sha-w- C:\BOOTNXT ====== C:\Users\francist\AppData\Roaming ====== 2016-01-31 10:33:20 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing 2016-01-30 09:26:02 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\AppData\Local\AvgSetupLog 2016-01-29 19:31:27 -------- d-----w- C:\Users\francist\AppData\Local\Comms 2016-01-29 19:08:23 -------- d-----w- C:\Users\francist\AppData\Local\MicrosoftEdge 2016-01-29 18:59:56 -------- d-----w- C:\Users\francist\AppData\Local\Publishers 2016-01-29 18:59:07 -------- d-----w- C:\Users\francist\AppData\Local\Packages 2016-01-29 18:59:01 -------- d-----w- C:\Users\francist\AppData\Local\TileDataLayer 2016-01-29 09:47:07 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\AppData\Local\Packages 2016-01-29 09:41:53 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg 2016-01-29 09:39:51 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools 2016-01-29 09:39:51 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility 2016-01-29 09:39:51 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help 2016-01-29 09:39:51 -------- d-----w- C:\Users\Default\AppData\Local\AVG 2016-01-29 09:39:51 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools 2016-01-29 09:39:51 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility 2016-01-29 09:39:51 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help 2016-01-29 09:39:51 -------- d-----w- C:\Users\Default User\AppData\Local\AVG 2016-01-29 09:32:13 -------- d-----w- C:\Users\francist\AppData\Roaming 2016-01-29 09:32:13 -------- d-----w- C:\Users\francist\AppData\Local\Temp 2016-01-29 09:32:13 -------- d-----w- C:\Users\francist\AppData\Local\Microsoft 2016-01-29 09:32:13 -------- d-----w- C:\Users\francist\AppData\Local 2016-01-29 09:28:00 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache 2016-01-29 09:27:42 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming 2016-01-29 09:27:42 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp 2016-01-29 09:27:37 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming 2016-01-29 09:27:37 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp 2016-01-29 09:27:36 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft 2016-01-29 09:27:36 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local 2016-01-29 09:27:35 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft ====== C:\Users\francist ====== 2016-02-10 17:42:12 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\francist\Downloads\RSIT.exe 2016-02-09 19:49:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-02-09 19:47:26 FF70EB133BE86B9F9EB18E274DAA6B6C 5111240 ----a-w- C:\Users\francist\Downloads\spsetup129 (1).exe 2016-02-09 19:47:12 FF70EB133BE86B9F9EB18E274DAA6B6C 5111240 ----a-w- C:\Users\francist\Downloads\spsetup129.exe 2016-02-09 16:05:53 30EECB62C9C31360541C4CE6F4000488 2178872 ----a-w- C:\Users\francist\Downloads\ShouldIRemoveIt_Setup.exe 2016-01-29 19:25:30 FEF5C779D0B44382EF8F073BA0BBF7BB 37329920 ----a-w- C:\Users\francist\Downloads\Office 2010 Toolkit.exe 2016-01-29 18:59:10 -------- d--h--r- C:\Users\Public\AccountPictures 2016-01-29 18:58:49 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\francist\ntuser.ini 2016-01-29 09:48:39 -------- d-----w- C:\ProgramData\USOShared 2016-01-29 09:48:26 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\debug 2016-01-29 09:39:51 -------- d-----w- C:\Users\Default\Cookies 2016-01-29 09:32:13 -------- d--h--w- C:\Users\francist\AppData 2016-01-29 09:31:43 711A18442B53E8411160AB32D6DBC48C 262144 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bak 2016-01-29 09:31:43 1AC93CE33E4424587DE26BAE29B97F62 4194304 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bin 2016-01-29 09:28:26 -------- d-----w- C:\ProgramData\OPHC 2016-01-29 09:28:05 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2016-01-29 09:27:42 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\Saved Games 2016-01-29 09:27:42 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Videos 2016-01-29 09:27:42 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Pictures 2016-01-29 09:27:42 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Music 2016-01-29 09:27:42 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Links 2016-01-29 09:27:42 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Favorites 2016-01-29 09:27:42 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Downloads 2016-01-29 09:27:42 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Documents 2016-01-29 09:27:42 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Desktop 2016-01-29 09:27:37 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\Saved Games 2016-01-29 09:27:37 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Videos 2016-01-29 09:27:37 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Pictures 2016-01-29 09:27:37 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Music 2016-01-29 09:27:37 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Links 2016-01-29 09:27:37 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Favorites 2016-01-29 09:27:37 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Downloads 2016-01-29 09:27:37 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Documents 2016-01-29 09:27:37 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Desktop 2016-01-29 09:27:36 -------- d--h--w- C:\WINDOWS\serviceprofiles\networkservice\AppData ====== C: exe-files == 2016-02-10 18:54:07 4EA829EA903E51AA70767753757E621F 2519960 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.109\48.0.2564.109_48.0.2564.103_chrome_updater.exe 2016-02-10 17:42:12 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\francist\Downloads\RSIT.exe 2016-02-10 15:37:18 F5E535745F0E2140C31623DF8F9AD746 13677800 ----a-w- C:\Users\francist\AppData\Local\Microsoft\Windows\INetCache\IE\H2IMK35C\picasa_3.9.141.259_s_fi7haiecsdkk6zsv4rdyft-j8[1].exe 2016-02-10 10:46:57 58E08D1BFE49158D1D87980687F6A7AB 120000 ----a-w- C:\Users\francist\AppData\Local\Temp\233705A5-8845-47D4-B90F-622E29513056\DismHost.exe 2016-02-10 10:14:29 2EE77D9B1E34A0BF16DC8B8BA0C6ED26 5055344 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 2016-02-10 10:14:25 FCBCED2A237DCD7EF86CED551B731742 4064320 ----a-w- C:\Windows\explorer.exe 2016-02-10 10:14:22 884F688A48C43611D724E63F42346101 5798240 ----a-w- C:\Windows\System32\ntoskrnl.exe 2016-02-10 10:14:21 F7169F42A954DEAD789529859921BD36 81112 ----a-w- C:\Windows\System32\OpenWith.exe 2016-02-10 10:14:21 C125005880ED737E95454A93DF76A817 279376 ----a-w- C:\Windows\System32\systemreset.exe 2016-02-10 03:48:30 F489BF87E4B3E9CCEFA102CC347F180F 95048 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdateWebPlugin.exe 2016-02-10 03:48:30 A70C804C5BCC0BBFCB7E9173C32B0221 95048 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe 2016-02-10 03:48:30 A4C58EA455234AFD3B622D838CDE4C39 987728 ----a-w- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdateSetup.exe 2016-02-10 03:48:30 1457C6AC71CAEC4D692FDD62155A9745 95048 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdateBroker.exe 2016-02-10 03:48:28 ABF64234F3462571E66527828040219B 252232 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe 2016-02-10 03:48:28 8C17EAF5E4883284A75FC560C7F021AB 137544 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdateComRegisterShell64.exe 2016-02-10 03:48:28 2E6215108125A42160A1EC17208A50F0 313672 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler64.exe 2016-02-10 03:48:27 A4C58EA455234AFD3B622D838CDE4C39 987728 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.29.5\GoogleUpdateSetup.exe 2016-02-10 03:48:27 750446ED76A5D13E902174DDDDA1A62B 154440 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdate.exe 2016-02-09 19:47:26 FF70EB133BE86B9F9EB18E274DAA6B6C 5111240 ----a-w- C:\Users\francist\Downloads\spsetup129 (1).exe 2016-02-09 19:47:12 FF70EB133BE86B9F9EB18E274DAA6B6C 5111240 ----a-w- C:\Users\francist\Downloads\spsetup129.exe 2016-02-09 16:07:03 C2649AD15118FD46780D6FCBC38447D0 14534 ----a-r- C:\Users\francist\AppData\Roaming\Microsoft\Installer\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}\SystemFoldermsiexec.exe 2016-02-09 16:07:03 30A52E96E1488E245524FD839596B01A 17542 ----a-r- C:\Users\francist\AppData\Roaming\Microsoft\Installer\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}\ShouldIRemoveIt.exe 2016-02-09 16:05:53 30EECB62C9C31360541C4CE6F4000488 2178872 ----a-w- C:\Users\francist\Downloads\ShouldIRemoveIt_Setup.exe 2016-02-09 11:05:40 58E08D1BFE49158D1D87980687F6A7AB 120000 ----a-w- C:\Users\francist\AppData\Local\Temp\FEF2D59A-1122-4A38-A0AF-E555364801EA\DismHost.exe 2016-02-08 09:12:19 DB409F9BD2FA779E75835B1E0FE1181C 159328 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\unpack200.exe 2016-02-08 09:12:19 C84504D069A78BE5E4444EA06AA5E102 16480 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\orbd.exe 2016-02-08 09:12:19 B100697A0837596183F3BBD94448F68E 30816 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\jabswitch.exe 2016-02-08 09:12:19 ABC1BAF673FA608029D45EB6C78E1D04 50784 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\ssvagent.exe 2016-02-08 09:12:19 AB6E988F108E2437E65536F3F5550BA2 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\ktab.exe 2016-02-08 09:12:19 A3AA0A0935506C7ECA6EF2F584CD416F 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\policytool.exe 2016-02-08 09:12:19 8BD1E7120713F9581645D5FDD14B8D25 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\rmid.exe 2016-02-08 09:12:19 876744373E18627410A9F23C348C5D9E 76896 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\jp2launcher.exe 2016-02-08 09:12:19 6ABADA3CA8DC4AC2AFDA69A6836C362F 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\pack200.exe 2016-02-08 09:12:19 66550F1F363BC66AFD9A530AD8CB6570 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\kinit.exe 2016-02-08 09:12:19 5B98DCE4893425BA4F08C2BE134CABE5 191584 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\javaw.exe 2016-02-08 09:12:19 4383D5735FD7743D01AD04E9AAD1D6CF 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\keytool.exe 2016-02-08 09:12:19 3B74EE580794FCBDE389639E9D8ECEFB 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\rmiregistry.exe 2016-02-08 09:12:19 328A57535A2B74C924FA34DD29039E9D 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\java-rmi.exe 2016-02-08 09:12:19 2942578781EFB763366176C015F09ACD 16480 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\tnameserv.exe 2016-02-08 09:12:19 249C1C8BD8AC9568E5C5A0EC2FB39018 191072 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\java.exe 2016-02-08 09:12:19 237CDD69D6E3866533B402F321A11A4E 68192 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\javacpl.exe 2016-02-08 09:12:19 2211C51BABE577798343D69F818E25AB 278624 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\javaws.exe 2016-02-08 09:12:19 16E2FE80EE89DCCA1907D97E34656E19 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\jjs.exe 2016-02-08 09:12:19 0A7708846A0629D518739075A40DDD06 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\servertool.exe 2016-02-08 09:12:19 04E0265E964D9ECB07B105D456B96982 15968 ----a-w- C:\Program Files\Java\jre1.8.0_73\bin\klist.exe 2016-02-08 09:11:49 71E0FFFBDE5AE8C84E1315337D3193D9 736352 ----a-w- C:\Users\francist\AppData\Local\Temp\jre-8u73-windows-au.exe === C: other files == 2016-02-10 10:14:41 E981125E0D97ED9364B84AB018384FB8 483680 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys 2016-02-10 10:14:36 5BF3947CB2E05B65BFD293E71C405634 1714016 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2016-02-10 10:14:29 07A364F690FBA4183D266577989815E6 2977280 ----a-w- C:\Windows\System32\win32kfull.sys 2016-02-10 10:14:20 5865C9FCFB7A2175CD21270A785DFBB5 125952 ----a-w- C:\Windows\System32\drivers\mrxdav.sys 2016-02-09 16:07:03 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\francist\AppData\Local\Temp\{A387F076-7822-45DF-9F3A-01ECE5E022D7}.bat 2016-02-08 09:12:19 EFE4B4EBEBBF14DE84461AFCC281DA12 14130 ----a-w- C:\Program Files\Java\jre1.8.0_73\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3730078115-3281393171-2249441152-1000\Software\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "AVG_UI"="C:\Program Files\AVG\Av\avuirunnerx.exe C:\Program Files\AVG\Av\avgui.exe" "Dropbox"="C:\Program Files\Dropbox\Client\Dropbox.exe /systemstartup" "AvgUi"="C:\Program Files\AVG\Framework\Common\avguirnx.exe /lps=fmw" "RealDownloader"="C:\Program Files\RealNetworks\RealDownloader\downloader2.exe" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bonus.SSR.FR10] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Bonus.SSR.FR10" "hkey"="HKLM" "command"="\"C:\\Program Files\\ABBYY FineReader 10\\Bonus.ScreenshotReader.exe\" /autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Windows\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TkBellExe" "hkey"="HKLM" "command"="\"C:\\Program Files\\Real\\RealPlayer\\Update\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RealPlayer Cloud Service] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job --a-------- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [09-02-2016 23:59] C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09-02-2016 23:59] C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files\Dropbox\Update\DropboxUpdate.exe [12-09-2015 09:32] C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files\Dropbox\Update\DropboxUpdate.exe [12-09-2015 09:32] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [17-12-2015 11:38] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [17-12-2015 11:38] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\system32\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe] "C:\WINDOWS\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\system32\tasks\AVGPCTuneUp_Task_BkGndMaintenance" [C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe] "C:\WINDOWS\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\WINDOWS\system32\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\system32\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\system32\tasks\Java Platform SE Auto Updater" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\WINDOWS\system32\tasks\Opera scheduled Autoupdate 1378240423" [C:\Program Files\Opera\launcher.exe] "C:\WINDOWS\system32\tasks\RealDownloader Update Check" [C:\Program Files\RealNetworks\RealDownloader\downloader2.exe] "C:\WINDOWS\system32\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3730078115-3281393171-2249441152-1000" [C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe] "C:\WINDOWS\system32\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3730078115-3281393171-2249441152-1000" [C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe] "C:\WINDOWS\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\WINDOWS\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "deskCutv2@gmail.com"="C:\Users\francist\AppData\Roaming\Mozilla\Firefox\Profiles\u38188c5.default-1422026848436\extensions\deskCutv2@gmail.com" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "mozilla_cc@internetdownloadmanager.com"="C:\Users\francist\AppData\Roaming\IDM\idmmzcc5" [07-12-2014 11:12] ==== Firefox Extensions ====================== ProfilePath: C:\Users\francist\AppData\Roaming\Mozilla\Firefox\Profiles\jt4zovbk.default-1448637341249 - AVG Web TuneUp - %ProfilePath%\extensions\avg@toolbar.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\francist\AppData\Roaming\Mozilla\Firefox\Profiles\jt4zovbk.default-1448637341249 999A833D87C8CD918B5EE8C3F8149D2B - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 2EE002ABE4A9C96D74C2EB6B31BCD928 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealTimes Download Plugin 968D54EEB85FAA3D8444EA6D71DD446B - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 8C98D3D162E200A8F2620E1709F19EF0 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa D2B5242013356AF422A42B9FAA4056C2 - C:\Users\francist\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin 83949CA2E938F744F6D344A90A5C2EC3 - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll - Foxit PhantomPDF Plugin for Mozilla ==== Deleted Firefox Extensions ====================== C:\Users\francist\AppData\Roaming\Mozilla\Firefox\Profiles\jt4zovbk.default-1448637341249\extensions\avg@toolbar.xpi deleted ==== Chromium Look ====================== Google Docs - francist\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - francist\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - francist\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - francist\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Docs Offline - francist\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - francist\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Bitdefender QuickScan - francist\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie Gmail - francist\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1438877806&z=533eaf52df69f58469af5c0g0z4cfb0bam3m8m5b6o&from=cor&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E575578555785" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.sweet-page.com/web/?type=ds&ts=1438877806&z=533eaf52df69f58469af5c0g0z4cfb0bam3m8m5b6o&from=cor&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E575578555785&q={searchTerms}" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1438877806&z=533eaf52df69f58469af5c0g0z4cfb0bam3m8m5b6o&from=cor&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E575578555785" "Start Page"="http://www.sweet-page.com/?type=hp&ts=1438877806&z=533eaf52df69f58469af5c0g0z4cfb0bam3m8m5b6o&from=cor&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E575578555785" "Search Page"="http://www.sweet-page.com/web/?type=ds&ts=1438877806&z=533eaf52df69f58469af5c0g0z4cfb0bam3m8m5b6o&from=cor&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E575578555785&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://www.sweet-page.com/web/?type=ds&ts=1438877806&z=533eaf52df69f58469af5c0g0z4cfb0bam3m8m5b6o&from=cor&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E575578555785&q={searchTerms}" "SearchAssistant"="http://www.sweet-page.com/web/?type=ds&ts=1438877806&z=533eaf52df69f58469af5c0g0z4cfb0bam3m8m5b6o&from=cor&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E575578555785&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{9D4AB4E7-2DBE-40C8-A9AF-7E4C8923C1DE}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{4030B667-69E0-4F21-ABDF-AF858A436EC6} - https://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{9D4AB4E7-2DBE-40C8-A9AF-7E4C8923C1DE} - https://www.google.com/search?q={searchTerms} ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\defsearchp@gmail.com deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\deskCutv2@gmail.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scalc.exe deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully ==== Empty IE Cache ====================== C:\Users\francist\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\francist\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\francist\AppData\Local\Mozilla\Firefox\Profiles\jt4zovbk.default-1448637341249\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\francist\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\francist\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=263 folders=91 105225491 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\francist\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 11-02-2016 at 13:39:38,81 ======================