Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Ooms on wo 20-04-2016 at 8:42:50,79. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ooms\Downloads\zoek (1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 20-4-2016 8:44:55 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\ORBTR deleted successfully C:\PROGRA~2\Runtime Software deleted successfully C:\PROGRA~2\SVT deleted successfully C:\PROGRA~2\WinISO Computing deleted successfully C:\PROGRA~2\COMMON~1\Portrait Displays deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\AMD deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\PROGRA~3\WinZip deleted successfully C:\Users\Ooms\AppData\Local\ActiveSync deleted successfully C:\Users\Ooms\AppData\Local\TomTom deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-827055934-1174325861-1503729990-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_USERS\S-1-5-21-827055934-1174325861-1503729990-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_USERS\S-1-5-21-827055934-1174325861-1503729990-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{076C6A6B-518B-41D4-A012-C3A6EC470FF2} deleted successfully HKEY_USERS\S-1-5-21-827055934-1174325861-1503729990-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B6A4AD4-D6EE-47dd-B308-0E0930A43853} deleted successfully HKEY_USERS\S-1-5-21-827055934-1174325861-1503729990-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF2EA7B6-B401-42EA-800C-F7B5B266F935} deleted successfully HKEY_USERS\S-1-5-21-827055934-1174325861-1503729990-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5A7FA3A-077C-4A08-A2E1-E89B65295A99} deleted successfully HKEY_USERS\S-1-5-21-827055934-1174325861-1503729990-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5A34660-2979-4E74-B408-380C86D97355} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Ooms\AppData\Roaming\Mozilla\Firefox\Profiles\uu1rqryv.default user.js not found ---- Lines conduit removed from prefs.js ---- user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit. user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2088433/CT2088433", "\"f2626d8cb1e53adf96363131b5c08c143\""); user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"0be2a2f1a6f924e50436b934135d9c1f3\""); user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2865317/CT2865317", "\"63f11bfd43a390314671a95e5332ff343\""); user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/514448/510318/BE", "\"0\""); user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/832836/828639/BE", "\"0\""); user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/909619/905414/BE", "\"0\""); user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/986190/981911/BE", "\"0\""); user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2088433", "\"1354780428\""); user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\""); user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", "\"1334671211\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"8028f138140cc1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"4ead38b3e6bcd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"80ee9485875dcc1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\""); user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2088433", "\"b0247494cf7d18dd5da86e5d578c7bdb\""); user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", "\"b0247494cf7d18dd5da86e5d578c7bdb\""); user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2865317", "\"b0247494cf7d18dd5da86e5d578c7bdb\""); user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\""); user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=CT2088433&octid=CT2088433", "\"1321973286\""); user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=CT2438727&octid=CT2438727", "\"1322100586\""); user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2088433/CT2088433", "\"1311168840\""); user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"1311168869\""); user_pref("CommunityToolbar.ETag.http://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"27f9ceb6f365cb1:0\""); user_pref("CommunityToolbar.ETag.http://storage.conduit.com/7/176/CT1764407/Images/634219899986281250.gif", "\"14819e877b65cb1:0\""); user_pref("CommunityToolbar.ETag.http://storage.conduit.com/images/skins/zynga/seperator.gif", "\"461a8601461ca1:0\""); user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"b2007bd1e0da8241fe3881e633ea7cd9\""); user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"714512f550dacde6b6d2f78e279f71f2\""); user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=nl", "\"398c3932c294262a0b1d2b41055e4a41\""); user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ooms\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\uu1rqryv.default\\conduitCommon\\ ---- Lines yahoo removed from prefs.js ---- user_pref("browser.search.defaultenginename", "Search Provided by Yahoo"); user_pref("browser.search.selectedEngine", "Search Provided by Yahoo"); ---- Lines CommunityToolbar removed from prefs.js ---- user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/16409683.xml", "\"b3ae01ca9634345045f1e7a198e7ae88\"-gzip"); user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/16727535.xml", "\"049156f627787ae0df3243dda0a21e71\"-gzip"); user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/18863815.xml", "\"fe369809a384b5a1abce5690c55511f0\"-gzip"); user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/19058681.xml", "\"701542226a7fba1efd6168a2b202b9da\"-gzip"); user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/19248106.xml", "\"5d6e28dc6f07102255df546cefb3a96a\"-gzip"); user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/19554706.xml", "\"fae45257dc86314c0cf24edb8433b24c\"-gzip"); user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/428333.xml", "\"82af944c78e1f3473529a5fb0c444cc3\"-gzip"); user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/807095.xml", "\"17fc492ee9b579bd72e572c0234584bb\"-gzip"); user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/813286.xml", "\"798774576e8cf7f16fe8b534c1408547\"-gzip"); ---- FireFox user.js and prefs.js backups ---- prefs_20-04-2016_0902_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}] tools\msconfig\startupreg\ApnUpdater] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverFinder] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtect] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtectAll] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\ORBTR not found C:\PROGRA~2\Runtime Software not found C:\PROGRA~2\SVT not found C:\PROGRA~2\WinISO Computing not found C:\Program Files (x86)\Ask.com not found C:\Program Files (x86)\DriverFinder not found C:\Users\Ooms\AppData\Roaming\SearchProtect not found "C:\Program Files (x86)\AVG Secure Search\vprot.exe" not found C:\Users\Ooms\AppData\Local\WinISO Computing deleted C:\Users\Ooms\AppData\Local\{6E415~1 deleted C:\Users\Ooms\AppData\Roaming\ParetoLogic deleted C:\Users\Ooms\AppData\Roaming\DriverCure deleted C:\ProgramData\ParetoLogic deleted C:\Users\Ooms\AppData\Roaming\{19C70EEE-2014-11C4-74D8-18F9E89482E3} deleted C:\PROGRA~3\WoW Worldwide Software LTD deleted C:\FileRecovery.log deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted C:\PROGRA~3\Package Cache deleted C:\Users\Ooms\AppData\Local\updater.log deleted C:\Users\Ooms\AppData\Local\Unity deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Ooms\AppData\LocalLow\Unity deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted "C:\WINDOWS\tasks\{19C70EEE-2014-11C4-74D8-18F9E89482E3}.job" deleted "C:\Users\Ooms\AppData\Local\{99013E28-43D5-4D8B-ACFC-27289DF31177}" deleted "C:\Users\Ooms\AppData\Local\{F19B5198-741A-448C-9F47-F3E00842FDC9}" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.3.0.0\Lightshot.dll" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.3.0.0\Lightshot.exe" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.3.0.0\uploader.dll" deleted "C:\PROGRA~2\Skillbrains" deleted "C:\PROGRA~2\Skillbrains\lightshot" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.3.0.0" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-04-17 16:27:40 91CEAF1202C51687731FB25DD93212D1 16 ----a-w- C:\WINDOWS\2ac78439adc6e9fddae4d725a03af7aeb324ed0fa9c2f1104660c43f90e0fc6ac6cb41466073eeb56093a0744a06e0b82f5443b55d90f4e173332b5f255c3257.cdu 2016-04-17 16:27:40 3A8D3E2ED59144ABF98D47D385622CE4 37152 ----a-w- C:\WINDOWS\d4369b38bcb45d80ee33d2f527ab69df5da08a971e4f55a760f1163523bc7d9872f6262fe9104df5da4e7dd263c7d2a43a963ee2e166c923acc192df2bb48ce8.cdu 2016-04-17 08:54:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\ativpsrm.bin ====== C:\Users\Ooms\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2016-04-17 16:32:28 D6A5C8266C396171870BB3DBA7195221 2640 ----a-w- C:\WINDOWS\SysWOW64\9181dbc4310285bca7a6967fbab57d1315a446af28194151767dcaba0ef2f4e040cf78a2050397d8f176dc3a4e2c0439dfd85d3d0ece4a06522268e5c2bd2507.cdu 2016-04-17 16:32:28 D01ED8331D86A2B9B24D7F9BC3007471 128 ----a-w- C:\WINDOWS\SysWOW64\7fd02536362dd02542b1fc8f76072e9589f7897ab7c819376d41d39c546dc80f0302cee3ecfae1ac4426eaea05990527f862f2a5002b480d929ee2850bfadfd1.cdu 2016-04-17 16:32:28 99DED6A6E895C2E028A4D426314D8D03 5808 ----a-w- C:\WINDOWS\SysWOW64\bb20636f3df29f2111923ffdb57a993bf52f85309fbb879429d4ffc72c3a18c62e6ae11a47635a36ab38c0434dd56df1d7b443f701107b2c77790b39211319c3.cdu 2016-04-17 16:32:28 47CEBE3476727FA030B92D3855ADF00D 768 ----a-w- C:\WINDOWS\SysWOW64\69f1a667d1ed799fff7711e9932246d239e0ee4b9ec36fb286da4486a6cb7f399423573c909e506cf9e3c3c7319722d9414a5a72bd7cb42ec34e8e795c031ebf.cdu 2016-04-17 16:32:28 3CF201BA4E71C01BB5E399BAB41E9872 6896 ----a-w- C:\WINDOWS\SysWOW64\a75925920298d0f9de25ff74e730768b8959f57208866fe8714391f7fadac720f96e8f662843ccb862f6a33db7e78b986d7a268579110912cf6ab45e383be84b.cdu 2016-04-17 16:31:43 D6A5C8266C396171870BB3DBA7195221 2640 ----a-w- C:\WINDOWS\SysWOW64\5f43511ec929c03787331948d3a1d6fcb7af5116e48e550264f5df5decff7cfb338a6c9db9bba88d66239bb4cae425b396a9b3bec95b243888903b400dbe5f6d.cdu 2016-04-17 16:31:43 D01ED8331D86A2B9B24D7F9BC3007471 128 ----a-w- C:\WINDOWS\SysWOW64\082006c6ce545c2ce69daa2569dd8d442886b0689d232099cc556c09fecc472edd5a10b2431fac7419a2a944574352ebf5d097637ddffb0a6a09cc744ba51c27.cdu 2016-04-17 16:31:43 99DED6A6E895C2E028A4D426314D8D03 5808 ----a-w- C:\WINDOWS\SysWOW64\811b08e11a012d79f1d97e35624cdae713101406090b56ec45744c4a14221364c2e8aa58ff3ebc4739879c336dfb8f2a957f76569b5afed34c2c696f50377d7e.cdu 2016-04-17 16:31:43 47CEBE3476727FA030B92D3855ADF00D 768 ----a-w- C:\WINDOWS\SysWOW64\a2e606169d9da4c23e3f1d27b7d2ce9df2cd9421715ee004de5a8a73b56f713c0fc1d1939e2585b722b980abdd1cf921a27341cfa7a49decedc64d335324122d.cdu 2016-04-17 16:31:43 3CF201BA4E71C01BB5E399BAB41E9872 6896 ----a-w- C:\WINDOWS\SysWOW64\c229b0f11d294163349f0536faf7cf4841246ba34b44bcf512aa96c6015ef74f33872b1925a515e11ca18662411d7a6edf303af73ea7d867f5a6236b75a79631.cdu 2016-04-17 16:27:48 1EB1FA48C63BAAE8D514CD571E7DB3CC 1664 ----a-w- C:\WINDOWS\SysWOW64\b25f5fffb0a4db520d3360133c913cfebdce0fedd3e9b1213ec66863be0ec0bd5fd984a09021951ea18fa06fe24bf8ccb43ddcd22c5538632c576db68cf3fd85.cdu 2016-04-17 16:27:45 6ADBDC6DDA5A6B17541E9445B455946F 16 ----a-w- C:\WINDOWS\SysWOW64\3277151ea84c257aa7b33c30b2fcfe2f82884c1e2264d9cd7c1c1c0fbfe99d3933ed649674303bfdefd5bdce63ab5f25d52cf5edbead495dd057c5c67098ec7f.cdu 2016-04-17 16:27:45 1EB1FA48C63BAAE8D514CD571E7DB3CC 1664 ----a-w- C:\WINDOWS\SysWOW64\56381220b62ed92eaaddc92308480282cf032930bd59f9d874c7df6bcc907503070f6a851b77af4502a66a75bb58344405677a4cf53f0e622abd21c8f8a6ae02.cdu 2016-04-17 09:52:47 79422D76818752C6D935A97C8FFC4EEA 44147 ----a-w- C:\WINDOWS\SysWOW64\license.rtf 2016-04-17 09:50:03 EC21FC40C74206DAB19F1A8F9132EFAB 890368 ----a-w- C:\WINDOWS\SysWOW64\AppxPackaging.dll 2016-04-17 09:50:03 E3C2853C8F2EED113646F07D62D08C9E 503296 ----a-w- C:\WINDOWS\SysWOW64\SettingSync.dll 2016-04-17 09:50:03 C8F351BE29CEA63BC5EE5A175576B7F3 1105920 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-04-17 09:50:03 C86784A6F08E733BE19D62C82182FA7D 266752 ----a-w- C:\WINDOWS\SysWOW64\MSFlacDecoder.dll 2016-04-17 09:50:03 C117F577BB0CC6545EA181FBB3FACE99 980352 ----a-w- C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2016-04-17 09:50:03 B65549A1CDB2C827AD022A3F35994FCF 2180136 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2016-04-17 09:50:03 B073C14F8B76DF8652415488C22F10A1 670928 ----a-w- C:\WINDOWS\SysWOW64\mfds.dll 2016-04-17 09:50:03 AF209F751EB761084CEFE2CF10E1CE8D 895080 ----a-w- C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-04-17 09:50:03 A7583A49B0F4A91E5B2E154C3582DF82 420928 ----a-w- C:\WINDOWS\SysWOW64\msvproc.dll 2016-04-17 09:50:03 A34EDEA5F401143A0190642EABA28518 709688 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll 2016-04-17 09:50:03 A19A2DDCC69FF16B5FB68AD4F02B564A 480256 ----a-w- C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-04-17 09:50:03 964DE3052B6A869EFBC86930DD51E8BD 379392 ----a-w- C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2016-04-17 09:50:03 92B98A16E41005D74CF7B2EF28AB1FCF 26112 ----a-w- C:\WINDOWS\SysWOW64\wsdchngr.dll 2016-04-17 09:50:03 8D9CB9BB31AC17112D75456E928C3839 103936 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll 2016-04-17 09:50:03 8C2E49ACD2A820A3FA7C598B811F3803 450912 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2016-04-17 09:50:03 888D41F5EFD6995491326C0DEEA2124A 713824 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2016-04-17 09:50:03 5D676C1C350EA4976B888804444932CE 2061312 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-04-17 09:50:03 550ECFF3C3808065169BFEA6C2B7837C 400896 ----a-w- C:\WINDOWS\SysWOW64\winspool.drv 2016-04-17 09:50:03 49CF99392314B7CAD65DE8A05ABFE30D 882720 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2016-04-17 09:50:03 463DA1563BB9C1849527967BA80C1810 287712 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll 2016-04-17 09:50:03 287FAD133D3E5F47DB367B86DC523631 2798080 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-04-17 09:50:03 162CB5DE3BAB5A029E658180A2E0673A 2919320 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2016-04-17 09:50:03 05B15BD9C92BE52F35A2295B22C5D892 168448 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll 2016-04-17 09:49:58 F29EDA4FE119EBF4881C9BA9AE7B27E7 84832 ----a-w- C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-04-17 09:49:58 B315EB17077EF082A79922D4EA47DBF4 163328 ----a-w- C:\WINDOWS\SysWOW64\fwbase.dll 2016-04-17 09:49:58 9DEB4C56FAAB147839BF68B6C28A38FC 164864 ----a-w- C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll 2016-04-17 09:49:58 9A9CDAB4049BDB383C5CA8746F44E4CB 269824 ----a-w- C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2016-04-17 09:49:58 7734BD0E9C8ED7DC48F559A67D0A79F4 20480 ----a-w- C:\WINDOWS\SysWOW64\wfapigp.dll 2016-04-17 09:49:58 52A1E3042711C59E316936C9EDE560F8 502104 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-04-17 09:49:58 160CC95D34D62B6A72F9E4E3EE52EBCC 369664 ----a-w- C:\WINDOWS\SysWOW64\FirewallAPI.dll 2016-04-17 09:49:56 AD1B282BDE4A19D7CE2D405409DBB8D0 1497088 ----a-w- C:\WINDOWS\SysWOW64\WMPDMC.exe 2016-04-17 09:49:56 780795062541AF34415CCCE4072FBBB8 12586496 ----a-w- C:\WINDOWS\SysWOW64\wmp.dll 2016-04-17 09:49:55 F172B5FDEACA0C57A4892208F617AB91 12125184 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2016-04-17 09:49:55 F0D9C0E953ACE5E5B8D3DD799B089B00 306176 ----a-w- C:\WINDOWS\SysWOW64\ieproxy.dll 2016-04-17 09:49:55 E83DA16178E4E97B572900803183419D 1542816 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll 2016-04-17 09:49:55 529ADF562993ACA4B8AB43847F42F9B0 18673664 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2016-04-17 09:49:55 22269B90E92BECDEB3D67EBE1DDB378E 3666432 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2016-04-17 09:49:55 17998B6098C06B8FAA32890D6E1F7A58 19340800 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2016-04-17 09:49:55 0822CB125008CFCA3DFB52C9DF118273 5662208 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll 2016-04-17 09:49:54 F40196C743D54C56C7C2CCDD6FDE262E 572272 ----a-w- C:\WINDOWS\SysWOW64\taskschd.dll 2016-04-17 09:49:54 F297B1F54D3FF42732C89C738AEC041F 141824 ----a-w- C:\WINDOWS\SysWOW64\easwrt.dll 2016-04-17 09:49:54 E9B121C13C171C28E8AF4871B52AABA0 450560 ----a-w- C:\WINDOWS\SysWOW64\SyncController.dll 2016-04-17 09:49:54 CA57FE09C1255009C9AC1462B7D7264D 957608 ----a-w- C:\WINDOWS\SysWOW64\ole32.dll 2016-04-17 09:49:54 C31BB8559C52E389B82A4B533C2FB39A 764928 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-04-17 09:49:54 BED401741C226F05FCD2C2678F9E9F14 350720 ----a-w- C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-04-17 09:49:54 B9378EA1892974391D15D54E57056130 151040 ----a-w- C:\WINDOWS\SysWOW64\mdmregistration.dll 2016-04-17 09:49:54 B4643C990D071EE99D9713336052F97B 193024 ----a-w- C:\WINDOWS\SysWOW64\credprovhost.dll 2016-04-17 09:49:54 B1D8636E375413D57B50BDE20CA5E710 358400 ----a-w- C:\WINDOWS\SysWOW64\AccountsRt.dll 2016-04-17 09:49:54 9DB69A637142A6C72DF22706CF2F6F7B 31744 ----a-w- C:\WINDOWS\SysWOW64\TimeBrokerClient.dll 2016-04-17 09:49:54 97E96ABEBCB6CF556406781C47C5282A 78848 ----a-w- C:\WINDOWS\SysWOW64\asycfilt.dll 2016-04-17 09:49:54 96BFB1E4B3F38D999E418D286BE45BFB 118272 ----a-w- C:\WINDOWS\SysWOW64\mtxoci.dll 2016-04-17 09:49:54 8CE4D365EF60DA0A098757371DD43752 88576 ----a-w- C:\WINDOWS\SysWOW64\olepro32.dll 2016-04-17 09:49:54 88E6A274B44C66EDBD26F2BA9E0ACE8F 253088 ----a-w- C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-04-17 09:49:54 7D276C5DF303462091092C3311027D30 129024 ----a-w- C:\WINDOWS\SysWOW64\AboveLockAppHost.dll 2016-04-17 09:49:54 65930B7D5917CB0D76CAA51A46F3850B 9918976 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll 2016-04-17 09:49:54 64229C17CFE9262689EAE3E852D3975F 296488 ----a-w- C:\WINDOWS\SysWOW64\policymanager.dll 2016-04-17 09:49:54 5A98CF000F5202776E4A58438AB2E070 4412928 ----a-w- C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2016-04-17 09:49:54 594D1C58958A1F980336964B643784F3 3671040 ----a-w- C:\WINDOWS\SysWOW64\msi.dll 2016-04-17 09:49:54 4591BC3EC5FD8336642F8B94EABD4D4F 187744 ----a-w- C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-04-17 09:49:54 2D0C2AB110A51895D9D1E875201013DE 1557768 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll 2016-04-17 09:49:54 2C313D0D6CAF3467664058F15742CC98 354304 ----a-w- C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-04-17 09:49:54 2BECAD7E55AB723F361254477270ED2F 1707520 ----a-w- C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-04-17 09:49:54 197948552BE23DACBEF10ECC8168FD11 29696 ----a-w- C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-04-17 09:49:54 100E983F59F3BF3A3F8BFA327CF9B438 157184 ----a-w- C:\WINDOWS\SysWOW64\WiFiDisplay.dll 2016-04-17 09:49:54 0C60922D59461C8D1B0A2AA3CF493438 21124344 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2016-04-17 09:49:54 0BF6FDE72035DDC32FAF24344853B80B 777728 ----a-w- C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2016-04-17 09:49:51 FEB304F6F577D923E390F5D6BE7DF870 800768 ----a-w- C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-04-17 09:49:51 EB5DBA11B7C79B28A759AF12F03A17BB 769536 ----a-w- C:\WINDOWS\SysWOW64\ContactApis.dll 2016-04-17 09:49:51 E46FCEC3EAC209AFCDB2825386E51423 415232 ----a-w- C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-04-17 09:49:51 E34395496B11CF5C8C5B6D2E438BFA43 18944 ----a-w- C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll 2016-04-17 09:49:51 DDD613E502D30A6E2E407F3280521311 87040 ----a-w- C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-04-17 09:49:51 C5F501F481234D821457CA3A270BFCE7 83968 ----a-w- C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll 2016-04-17 09:49:51 BC5D8155DBA7DC0E4F92430701C19901 161280 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-04-17 09:49:51 B71A99EC3D8818A6662A6A9D26FE5807 346624 ----a-w- C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-04-17 09:49:51 AD1EC1102124182624F1224768FFAE96 564224 ----a-w- C:\WINDOWS\SysWOW64\WSDApi.dll 2016-04-17 09:49:51 979CCB709243FE7B0E75E9CDCCF8C9A8 784896 ----a-w- C:\WINDOWS\SysWOW64\NMAA.dll 2016-04-17 09:49:51 93B7ED5F44D9C3FB0A74C059E1B9E68B 89088 ----a-w- C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2016-04-17 09:49:51 897906025BD3616BF9C30A3979A73DEE 712704 ----a-w- C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2016-04-17 09:49:51 806D3A66BBC91F7F2B4FCC337C13EFAE 239104 ----a-w- C:\WINDOWS\SysWOW64\NotificationObjFactory.dll 2016-04-17 09:49:51 7D51637A2E604113F1A4E96FF3F2727C 51128 ----a-w- C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-04-17 09:49:51 75B5C1588D3703F44004D3EB2BD358AD 129024 ----a-w- C:\WINDOWS\SysWOW64\CallHistoryClient.dll 2016-04-17 09:49:51 6C2B2CA75F486449921ED10A39DB9799 69744 ----a-w- C:\WINDOWS\SysWOW64\netapi32.dll 2016-04-17 09:49:51 6920DEFBFA38033B2438ED9760231C12 219648 ----a-w- C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-04-17 09:49:51 620737C11CD32E03299E0B60BC896230 552960 ----a-w- C:\WINDOWS\SysWOW64\AppointmentApis.dll 2016-04-17 09:49:51 5A212173FC0622865F409B16ED77C9DF 98304 ----a-w- C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2016-04-17 09:49:51 56315A6A6598E701BB0A5F506DA6143E 200704 ----a-w- C:\WINDOWS\SysWOW64\cemapi.dll 2016-04-17 09:49:51 4B9DE8EAA2E16C34E018749F325BAEFF 949248 ----a-w- C:\WINDOWS\SysWOW64\Unistore.dll 2016-04-17 09:49:51 43AE8C9F7D031AB3DBEADA4C17D8C682 150528 ----a-w- C:\WINDOWS\SysWOW64\VCardParser.dll 2016-04-17 09:49:51 3B1F2F6F89F3F4ED75C5FADDB2E7CFE1 56320 ----a-w- C:\WINDOWS\SysWOW64\POSyncServices.dll 2016-04-17 09:49:51 39E7BAB659A6AB4419A908E578BE7029 56320 ----a-w- C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll 2016-04-17 09:49:51 395F9E50709FAE503C339047207E46CF 540160 ----a-w- C:\WINDOWS\SysWOW64\ChatApis.dll 2016-04-17 09:49:51 395AC69CCD9E2D590775AA6ADD2AE1D2 649728 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-04-17 09:49:51 392434472351B2DA0499AEC962E988CE 37888 ----a-w- C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll 2016-04-17 09:49:51 3547D79A60007624BFEBAFCAE158E992 169984 ----a-w- C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2016-04-17 09:49:51 31657EDEEA6039E71C708BDA61AB62D5 37888 ----a-w- C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll 2016-04-17 09:49:51 2C84609F09FD003FA955567D395EEA8A 575488 ----a-w- C:\WINDOWS\SysWOW64\EmailApis.dll 2016-04-17 09:49:51 2BDB397DC5EC7D3186358F7F2388A009 59904 ----a-w- C:\WINDOWS\SysWOW64\MosStorage.dll 2016-04-17 09:49:51 2823A28AB08EE9DCE85436C700799D66 80384 ----a-w- C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll 2016-04-17 09:49:51 265DB46FE368D8F701A74976D3823ADC 986976 ----a-w- C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-04-17 09:49:51 259517866C369BCC5990292BCB57E709 223744 ----a-w- C:\WINDOWS\SysWOW64\ExSMime.dll 2016-04-17 09:49:51 242708810A22D373904539EDF39FFAD1 196608 ----a-w- C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2016-04-17 09:49:51 1AEBF2230422716D8CE1BEBCBAE961D3 48128 ----a-w- C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll 2016-04-17 09:49:51 15C9692077BA7E20D64E34AE6210B438 5202944 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll 2016-04-17 09:49:51 144B4EDF56E0D48C501F4AAEE5E032B0 6297088 ----a-w- C:\WINDOWS\SysWOW64\mos.dll 2016-04-17 09:49:51 127D1DD4E7385AB56A32D72CF948DB9B 711680 ----a-w- C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-04-17 09:49:49 FD639F1372389D7C5990663D6A100CFE 541304 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-04-17 09:49:49 FC90756CB632C0E4AC0D6A60AF2DF9AD 585216 ----a-w- C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll 2016-04-17 09:49:49 EBD26D676238C0B3938AFF925043576F 394752 ----a-w- C:\WINDOWS\SysWOW64\werui.dll 2016-04-17 09:49:49 EAF904785CA7849C66F6DC2EF0A0E0E7 22528 ----a-w- C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe 2016-04-17 09:49:49 E793B893135F3B6942B6230D45E27610 61440 ----a-w- C:\WINDOWS\SysWOW64\samlib.dll 2016-04-17 09:49:49 E43400F37F8F0FA9281FEB64E3D7F72B 754176 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-04-17 09:49:49 E07F85C08C025B08F25150E60CB69B44 37376 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll 2016-04-17 09:49:49 DBC451C2509141BFA9F851004A5DF99B 2193408 ----a-w- C:\WINDOWS\SysWOW64\actxprxy.dll 2016-04-17 09:49:49 D5BF10F0C309C82820813A7190CE1F5F 65536 ----a-w- C:\WINDOWS\SysWOW64\wininetlui.dll 2016-04-17 09:49:49 D57F7D9FB771CA0B434E975F76413430 1072128 ----a-w- C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2016-04-17 09:49:49 D28C3C4AAB51D00FD6EFA07F6DCC1CBA 1862008 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-04-17 09:49:49 D1600085065675F98F41A01DCD03AA6E 854528 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2016-04-17 09:49:49 CC68ABFB0AA40F62E7BD740101A0C92B 1117184 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-04-17 09:49:49 CC2F923F02D8EB36D0C442CE709B6CD9 1139712 ----a-w- C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2016-04-17 09:49:49 CA3C908B5C24293F1F1FB89301D63F16 1588224 ----a-w- C:\WINDOWS\SysWOW64\msxml3.dll 2016-04-17 09:49:49 CA2EA5401563387162E61444AE15AF59 53248 ----a-w- C:\WINDOWS\SysWOW64\profext.dll 2016-04-17 09:49:49 C9D7861D1C984E1997A3778A97DD1AF9 162816 ----a-w- C:\WINDOWS\SysWOW64\MTF.dll 2016-04-17 09:49:49 C9B1E5A2FE0C7BF75B8B751311331EB4 2604032 ----a-w- C:\WINDOWS\SysWOW64\CertEnroll.dll 2016-04-17 09:49:49 C97B5BEADC79FFC5DAF1C9011CAE796B 5242496 ----a-w- C:\WINDOWS\SysWOW64\windows.storage.dll 2016-04-17 09:49:49 C57E960CD2C7F64AE0295DF0423FE071 1444352 ----a-w- C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-04-17 09:49:49 C31E805C9AD3DBEA0A75337312967E77 792064 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll 2016-04-17 09:49:49 C23A52581FEA6CD49A49160BFA794BF7 6952088 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-04-17 09:49:49 C122D52ED9662F09EC2650B010544468 73872 ----a-w- C:\WINDOWS\SysWOW64\srvcli.dll 2016-04-17 09:49:49 C012CE3AB0120D01C75EDBB869AC463E 523752 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll 2016-04-17 09:49:49 BF769A5BEA8E50F12264746D30D57C6F 52736 ----a-w- C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll 2016-04-17 09:49:49 B8AC85F66A12455FB3F2FDB916B1C679 498176 ----a-w- C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-04-17 09:49:49 B74C5FA6221607F864C62090F74FDB80 799744 ----a-w- C:\WINDOWS\SysWOW64\SRH.dll 2016-04-17 09:49:49 B65D241B81A010B6A78CCEEA900CCFC0 56320 ----a-w- C:\WINDOWS\SysWOW64\wkscli.dll 2016-04-17 09:49:49 B4102814D9B1D1FC6C39869D7F224E12 303104 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll 2016-04-17 09:49:49 B014F98BEE810D5BF9F8C1C75F0EAD92 489984 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-04-17 09:49:49 ACE2B02BA07DF7F13F59D07F7A38AA18 161792 ----a-w- C:\WINDOWS\SysWOW64\msorcl32.dll 2016-04-17 09:49:49 AC42505CBCEE5825BB2695C34E43B1D0 184832 ----a-w- C:\WINDOWS\SysWOW64\PackageStateRoaming.dll 2016-04-17 09:49:49 A8EF9AEDACF24908E12E910BF3977DC9 703840 ----a-w- C:\WINDOWS\SysWOW64\WWAHost.exe 2016-04-17 09:49:49 9B60985A87BA2FED9F57DA30F191098E 315904 ----a-w- C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2016-04-17 09:49:49 91ED19257EAA98C1C95A7E5F0FF07FF0 10240 ----a-w- C:\WINDOWS\SysWOW64\oleacchooks.dll 2016-04-17 09:49:49 856AD15FD2D187EA8435564A135C85C0 228352 ----a-w- C:\WINDOWS\SysWOW64\deviceaccess.dll 2016-04-17 09:49:49 7F0A9630C78E3783680CC9620C4E09C0 6740992 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll 2016-04-17 09:49:49 7C7CC816CEEB07022EBCC6B779B16E1D 521728 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll 2016-04-17 09:49:49 7C557ABB26C2B2D930AA005FF6A8C025 592384 ----a-w- C:\WINDOWS\SysWOW64\Windows.Web.dll 2016-04-17 09:49:49 7A2A3BAAA05C8124D95B2915E904F900 141664 ----a-w- C:\WINDOWS\SysWOW64\wermgr.exe 2016-04-17 09:49:49 70128BC69D515F2D38577D2438861424 133632 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-04-17 09:49:49 6DFDAD2B0EA3385069276DF547F4CAC8 2186864 ----a-w- C:\WINDOWS\SysWOW64\d3d11.dll 2016-04-17 09:49:49 6DA0B412C0DD9DDB5382527488A5AD2E 237056 ----a-w- C:\WINDOWS\SysWOW64\thumbcache.dll 2016-04-17 09:49:49 6D062C6E2C47B3DCDE8F4C3FDB634DEE 83456 ----a-w- C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2016-04-17 09:49:49 6A7ACABAE92C837F5C1330188EAE36AE 535080 ----a-w- C:\WINDOWS\SysWOW64\dnsapi.dll 2016-04-17 09:49:49 65D0043F608A12AF75ED37A65AFB906B 342528 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-04-17 09:49:49 5E52C817BCF919CF11CD523A2EC4A456 638464 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-04-17 09:49:49 51A5FD6E5EF1E9A2C63C615F238961F9 1500672 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2016-04-17 09:49:49 4D2E3D6BC01E7A5E9C6F9AFDBFAF98BB 220064 ----a-w- C:\WINDOWS\SysWOW64\sqmapi.dll 2016-04-17 09:49:49 4B6F30BA21606440EC91852F15B296A9 1626624 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll 2016-04-17 09:49:49 49A21B514FC10B2D55499D58DC78E862 45568 ----a-w- C:\WINDOWS\SysWOW64\jsproxy.dll 2016-04-17 09:49:49 4135F625D8F20D76FB29F86FE7A4CC48 93696 ----a-w- C:\WINDOWS\SysWOW64\fontsub.dll 2016-04-17 09:49:49 408AF8141C4A44BC120F4204F8F79A75 1944576 ----a-w- C:\WINDOWS\SysWOW64\InputService.dll 2016-04-17 09:49:49 402A33FCE08200518FB0012A6BF2E966 2722816 ----a-w- C:\WINDOWS\SysWOW64\esent.dll 2016-04-17 09:49:49 3EB91A44E6BCD05CA257E113FCA1DA0C 43520 ----a-w- C:\WINDOWS\SysWOW64\browcli.dll 2016-04-17 09:49:49 3D74763FFF3EF03D8CC9233B5A0EBBB2 13018624 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-04-17 09:49:49 3ABE2040F4F9BDDD008EC5D4713D5ABE 294752 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll 2016-04-17 09:49:49 38EE252AD45EB7D6834F718B9487D3F9 538736 ----a-w- C:\WINDOWS\SysWOW64\wer.dll 2016-04-17 09:49:49 35B0826C3EF8A0E16DF4F4A8D30246C7 705536 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll 2016-04-17 09:49:49 3249EA75874EE3DD3FCBA141656DF210 713728 ----a-w- C:\WINDOWS\SysWOW64\netlogon.dll 2016-04-17 09:49:49 2E947792E9B1C738E33FD5794B1650F9 30208 ----a-w- C:\WINDOWS\SysWOW64\tbauth.dll 2016-04-17 09:49:49 2C0BBF7FC5526D7285BEAD239895C473 682496 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2016-04-17 09:49:49 2BFF4D19D7FC686C150879A2FD5BAE77 2229760 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2016-04-17 09:49:49 1F19665881A6167CC9E31A42C1F98AC3 638464 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll 2016-04-17 09:49:49 1A341701906986F1865766C6849269FC 323072 ----a-w- C:\WINDOWS\SysWOW64\oleacc.dll 2016-04-17 09:49:49 15E75D27F0C67A7A21D5A514601F0E5A 135168 ----a-w- C:\WINDOWS\SysWOW64\AppxSip.dll 2016-04-17 09:49:49 05B81C404A34101E1DC17C0D9A67EA32 5321728 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-04-17 09:49:49 053E2D136DB8A4743E4C40D5D979834B 200704 ----a-w- C:\WINDOWS\SysWOW64\DisplayManager.dll 2016-04-17 09:40:09 F432E0E5B0958F4982D40EB622FBD7FC 35480 ----a-w- C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-04-17 09:40:09 BF9CAA33ADD4C21C118148B5CFC5494B 778936 ----a-w- C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-04-17 09:40:09 6F391E9286733CC6B34FC0FAB23B8DF3 103120 ----a-w- C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-04-17 09:08:45 6F2CA3BDD1C78C465BC0C1E5DDA15B28 2629632 ----a-w- C:\WINDOWS\SysWOW64\NlsLexicons0009.dll 2016-04-17 09:08:45 14129011499850E46153AB0E6C325F87 4847616 ----a-w- C:\WINDOWS\SysWOW64\NlsData0009.dll 2016-04-17 08:55:03 2F0C6FC51A29DBB3CD3E1A99BBE546A0 2038392 ----a-w- C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-04-13 07:31:58 39E2397EE90CBC724567B9E6906E1AFC 1155072 ----a-w- C:\WINDOWS\SysWOW64\mshtmlmedia.dll ====== C:\WINDOWS\SysWOW64\drivers ===== 2016-04-17 16:27:48 860A70CF7C5D4958E255F1640250767D 656 ----a-w- C:\WINDOWS\SysWOW64\drivers\79189c22c68c13d7f7f7f69113a864748812a00e1b40263dc872e039d9c9244c2d34c4fb337ceefb02ff7fd2d21eadcea3b2e05c6ec4a956af7b3de8ae6e8c96.cdu 2016-04-17 16:27:45 860A70CF7C5D4958E255F1640250767D 656 ----a-w- C:\WINDOWS\SysWOW64\drivers\38ead207484fd9a0a2a7fecbc68042686ed2766a473493a3b67d95fea755bc2dca219d2856464fa16cb38fbd37f6ad08af74a579adf8eeac389dc0bd0cb6c402.cdu 2016-04-13 16:51:33 29CCFF428E5EB70AE429C3DA8968E1EC 20872 ----a-w- C:\WINDOWS\SysWOW64\drivers\DrvAgent64.SYS ====== C:\WINDOWS\Sysnative ===== 2016-04-19 06:48:04 5A0B44AF233C7384141C1DAB3DD930CC 1652 ----a-w- C:\WINDOWS\Sysnative\ASOROSet.bin 2016-04-17 09:52:47 79422D76818752C6D935A97C8FFC4EEA 44147 ----a-w- C:\WINDOWS\Sysnative\license.rtf 2016-04-17 09:50:03 FEBBA212353E4FA90C6164AA970B772F 536256 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll 2016-04-17 09:50:03 EB05F5368F8BBF75157B87FD1F689167 2581504 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2016-04-17 09:50:03 E34A89A196F45473D61CCDAB193293D1 119808 ----a-w- C:\WINDOWS\Sysnative\BitLockerDeviceEncryption.exe 2016-04-17 09:50:03 E083BE4900FCBB6BC42943438DCF2CAD 176128 ----a-w- C:\WINDOWS\Sysnative\SystemSettings.DeviceEncryptionHandlers.dll 2016-04-17 09:50:03 D79FFE2219AE3BA3B871BA2D39B16519 1152328 ----a-w- C:\WINDOWS\Sysnative\mfasfsrcsnk.dll 2016-04-17 09:50:03 D12D3DD397A35EF06CDF41C1A9E3EE45 613376 ----a-w- C:\WINDOWS\Sysnative\SettingSync.dll 2016-04-17 09:50:03 C9BFE1D6420BFADB249162039C321F63 1131520 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Audio.dll 2016-04-17 09:50:03 C8B840675B83DC8A257B075BFE5F9357 261376 ----a-w- C:\WINDOWS\Sysnative\LsaIso.exe 2016-04-17 09:50:03 C3F15E167CB84E2E6027AF17D49D5904 372224 ----a-w- C:\WINDOWS\Sysnative\MDEServer.exe 2016-04-17 09:50:03 BD70B866034C1366D74CCBB5CA97395E 2544264 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2016-04-17 09:50:03 BC767AD01E4DAFD08C21D5D07CC290C9 567808 ----a-w- C:\WINDOWS\Sysnative\MCRecvSrc.dll 2016-04-17 09:50:03 AF13258A6E8FD57CE0B9C6BEDCDF80CB 144896 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Devices.dll 2016-04-17 09:50:03 9C4C3EB6A2371A2038E2BB3A9D54CDE0 498448 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll 2016-04-17 09:50:03 92F74BF86088520654BD5636A69E37F1 848168 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll 2016-04-17 09:50:03 834D1648124F0F2729462BF79DB0C2CD 369912 ----a-w- C:\WINDOWS\Sysnative\audiodg.exe 2016-04-17 09:50:03 751F5B6AF16546162E06211AF1FC2979 794888 ----a-w- C:\WINDOWS\Sysnative\mfds.dll 2016-04-17 09:50:03 6E76BB89EED6C2BD7B1E7B5F9A1C41F0 320000 ----a-w- C:\WINDOWS\Sysnative\MSFlacDecoder.dll 2016-04-17 09:50:03 669F733F85FEBE6F7438C66CBF7FD3FD 1062480 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll 2016-04-17 09:50:03 48E90F12346EE70764CEE435826ABD31 493568 ----a-w- C:\WINDOWS\Sysnative\mfmkvsrcsnk.dll 2016-04-17 09:50:03 47323DE2A684895004CE63EC66FB4AB4 401408 ----a-w- C:\WINDOWS\Sysnative\sharemediacpl.dll 2016-04-17 09:50:03 468D29ECE0AD7700B790A20FA2765313 408120 ----a-w- C:\WINDOWS\Sysnative\AUDIOKSE.dll 2016-04-17 09:50:03 42BF7FA295F453618104B5A50BEE105B 275456 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll 2016-04-17 09:50:03 350CFCC870E30BEE151F3DFB83BD0178 1017032 ----a-w- C:\WINDOWS\Sysnative\mfsrcsnk.dll 2016-04-17 09:50:03 32F3BA2C4849ED727508C021F999E147 3428864 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll 2016-04-17 09:50:03 2A2C0983B6FE62F02E7183335B1F5C20 1054208 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll 2016-04-17 09:50:03 28343B7C30E6AF073B02288EB579D984 476728 ----a-w- C:\WINDOWS\Sysnative\msvproc.dll 2016-04-17 09:50:03 218CEC10714AF029BF4D8BCE600AD1DA 819648 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll 2016-04-17 09:50:03 091D5AE5E663A66EE73B539AF7C32EC5 69632 ----a-w- C:\WINDOWS\Sysnative\fveskybackup.dll 2016-04-17 09:49:58 FDBDA93BA9CD3B78060705B41BFCF92D 288256 ----a-w- C:\WINDOWS\Sysnative\fveui.dll 2016-04-17 09:49:58 F72F137EEFF89D0B5A2FB8867B4ACEED 402432 ----a-w- C:\WINDOWS\Sysnative\FWPUCLNT.DLL 2016-04-17 09:49:58 F6B9E6CB351D86A0C318B37E14B97656 196608 ----a-w- C:\WINDOWS\Sysnative\fwpolicyiomgr.dll 2016-04-17 09:49:58 F374C27099807E99A156953F8416D34A 361472 ----a-w- C:\WINDOWS\Sysnative\bdesvc.dll 2016-04-17 09:49:58 E9B10E704AD5B1BA5E531809C89A085B 93184 ----a-w- C:\WINDOWS\Sysnative\wpninprc.dll 2016-04-17 09:49:58 DF0321E30FD7D00BC8178FC58550B8C0 115040 ----a-w- C:\WINDOWS\Sysnative\NetSetupApi.dll 2016-04-17 09:49:58 CA24B0764C9DFE243D15A8708580673B 107520 ----a-w- C:\WINDOWS\Sysnative\BdeHdCfgLib.dll 2016-04-17 09:49:58 C5DEEC4F7ED591D1E322899ADC4EE45F 207360 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll 2016-04-17 09:49:58 AA97AC06BFA15DA23C7C9C145A226C2D 25600 ----a-w- C:\WINDOWS\Sysnative\wfapigp.dll 2016-04-17 09:49:58 A15D9F32A84660FA62F9D27577B0F105 324608 ----a-w- C:\WINDOWS\Sysnative\fvecpl.dll 2016-04-17 09:49:58 9AE80C03EA83537F17B286ECBBA13D43 184320 ----a-w- C:\WINDOWS\Sysnative\fwbase.dll 2016-04-17 09:49:58 95A03F67830FDCB950E70261128D540D 957952 ----a-w- C:\WINDOWS\Sysnative\IKEEXT.DLL 2016-04-17 09:49:58 9065EB3B7E982A5370790BF729EDBBA7 696664 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll 2016-04-17 09:49:58 712AE16ED8FC7F2363F7EA1D8F6D546A 821248 ----a-w- C:\WINDOWS\Sysnative\fvewiz.dll 2016-04-17 09:49:58 6A5290128257BC733107E7819648CA76 526336 ----a-w- C:\WINDOWS\Sysnative\FirewallAPI.dll 2016-04-17 09:49:58 6A0745D04DFB6E37A6D0FEE339A0B742 556032 ----a-w- C:\WINDOWS\Sysnative\PsmServiceExtHost.dll 2016-04-17 09:49:58 553F19DC6F3F73545CB17FCD7A8AE37B 870912 ----a-w- C:\WINDOWS\Sysnative\MPSSVC.dll 2016-04-17 09:49:58 37F5E2385CB4D10AB42186974B9C241A 794112 ----a-w- C:\WINDOWS\Sysnative\BFE.DLL 2016-04-17 09:49:58 258BCD1FE978849EDB02D131FD1F7893 989536 ----a-w- C:\WINDOWS\Sysnative\SecConfig.efi 2016-04-17 09:49:56 E0932D924DA7C363F40E5B90DC9D2669 129536 ----a-w- C:\WINDOWS\Sysnative\flvprophandler.dll 2016-04-17 09:49:56 C78D43083400B8FAE408FEB1E99F9DA8 1847808 ----a-w- C:\WINDOWS\Sysnative\WMPDMC.exe 2016-04-17 09:49:56 3E80E2B0C0010154CC504DC51BE21968 14252544 ----a-w- C:\WINDOWS\Sysnative\wmp.dll 2016-04-17 09:49:56 24146738C422814EEB2A98FF1FC5C6E1 338432 ----a-w- C:\WINDOWS\Sysnative\ncbservice.dll 2016-04-17 09:49:55 DBADA23940BA56E3D96762C961145654 24602112 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2016-04-17 09:49:55 B21B08D436D2B9E7D280FCF9BCBB5DDE 22378496 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2016-04-17 09:49:55 A6A8B92FBADFA793794C0EEFA77941C3 13382656 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2016-04-17 09:49:55 775B118277B9A81BF9B23AA386A9196D 7836160 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll 2016-04-17 09:49:55 446882966C68D7EF2783E6B327421493 764928 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll 2016-04-17 09:49:55 40D666AEFB8775F25AA403EDB5D2414E 4894208 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2016-04-17 09:49:55 3385A5D97C974EA03D6E17E97830F340 686592 ----a-w- C:\WINDOWS\Sysnative\ieproxy.dll 2016-04-17 09:49:55 2985697A74DE409D53C6ACD2CD30FDAA 1818696 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll 2016-04-17 09:49:54 F8FAB3E1281FB937DB1C8109842A9534 3994624 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll 2016-04-17 09:49:54 F3FE9C939D684607118E306B98CEBBBC 22564328 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2016-04-17 09:49:54 F0D97E9816795E1AAA17396ABD2660C4 4827136 ----a-w- C:\WINDOWS\Sysnative\ExplorerFrame.dll 2016-04-17 09:49:54 EA30B6E587862DF15E35525C60CCAFA9 838144 ----a-w- C:\WINDOWS\Sysnative\uDWM.dll 2016-04-17 09:49:54 E2B2525EF375D716E0DE6FE8F3ADCEDB 365568 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll 2016-04-17 09:49:54 D3406F98BD98633780820C5EDBA9A5B4 166400 ----a-w- C:\WINDOWS\Sysnative\AboveLockAppHost.dll 2016-04-17 09:49:54 CFF6A3799F83060D3FF538564E4264CA 374008 ----a-w- C:\WINDOWS\Sysnative\SystemSettingsAdminFlows.exe 2016-04-17 09:49:54 CFF415024C353DA284731CB72FE3F8FF 770640 ----a-w- C:\WINDOWS\Sysnative\iuilp.dll 2016-04-17 09:49:54 B471A4DA6F8DFF957B6F109FA182C366 3575296 ----a-w- C:\WINDOWS\Sysnative\SystemSettingsThresholdAdminFlowUI.dll 2016-04-17 09:49:54 A74CEC306AB99D74559F7075EDB60A9B 451584 ----a-w- C:\WINDOWS\Sysnative\werui.dll 2016-04-17 09:49:54 A4CA6FE3F02C6299EED8B7296DC902D6 12800 ----a-w- C:\WINDOWS\Sysnative\oleacchooks.dll 2016-04-17 09:49:54 82E25186617BA6C15010F0D47C705705 65536 ----a-w- C:\WINDOWS\Sysnative\basesrv.dll 2016-04-17 09:49:54 7ECAE31725C1DC35CC448FA8D0EA09D9 324608 ----a-w- C:\WINDOWS\Sysnative\RDXTaskFactory.dll 2016-04-17 09:49:54 7185B16516478DF0061C2561C1B072CE 228352 ----a-w- C:\WINDOWS\Sysnative\wsqmcons.exe 2016-04-17 09:49:54 717FDDACE38C314CA5A517E12162CC6D 216576 ----a-w- C:\WINDOWS\Sysnative\QuickActionsDataModel.dll 2016-04-17 09:49:54 68B34C3558BEE0F6B822FA603E9AE441 258280 ----a-w- C:\WINDOWS\Sysnative\sqmapi.dll 2016-04-17 09:49:54 60C04811AC0BB0BFC5E00D293B8F4464 630632 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe 2016-04-17 09:49:54 518A992A6700A86A47F79388F91737C0 1090048 ----a-w- C:\WINDOWS\Sysnative\RDXService.dll 2016-04-17 09:49:54 42C6780C909074A1879F8BBA34920FE6 988160 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll 2016-04-17 09:49:54 335995302980B83CA6B1974A84AC6009 730344 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Shell.Broker.dll 2016-04-17 09:49:54 2989A5B700D1C706ED496CCA75DCFA67 7533568 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll 2016-04-17 09:49:54 2291CACFF9BE4252C2D39D1A6D27B4E4 11545600 ----a-w- C:\WINDOWS\Sysnative\twinui.dll 2016-04-17 09:49:54 1E1631970DDFD63EDD4483D33E18EC89 300104 ----a-w- C:\WINDOWS\Sysnative\LockAppHost.exe 2016-04-17 09:49:54 1BF000CFA56FD272B4ECAC167CDF6A8F 1211904 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Cred.dll 2016-04-17 09:49:54 186BAF9C9F422E6B784E4C990585E2E3 673792 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll 2016-04-17 09:49:54 14D75B31BA6A28F4A46D7432B48C26B3 45568 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll 2016-04-17 09:49:54 0D7BB44BFFFA4E153F4EA1E05522D2C3 37376 ----a-w- C:\WINDOWS\Sysnative\LaunchWinApp.exe 2016-04-17 09:49:54 0C8955B4BB1E9D588B4B62D0BD2E5E78 411648 ----a-w- C:\WINDOWS\Sysnative\oleacc.dll 2016-04-17 09:49:54 0C015924C6DA5368E6B102CC597AC640 1390080 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll 2016-04-17 09:49:54 04EDE78320552097AC7EB3CE69A4A0BD 118272 ----a-w- C:\WINDOWS\Sysnative\fontsub.dll 2016-04-17 09:49:54 0088614FE67298E6996AD19B05AE90C7 1997328 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll 2016-04-17 09:49:52 FF07BE14ED82E218C3EEE7C986118A2E 307712 ----a-w- C:\WINDOWS\Sysnative\usbmon.dll 2016-04-17 09:49:52 F8083C536BEDE61AFB4069D8A8C16DA7 456704 ----a-w- C:\WINDOWS\Sysnative\ipnathlp.dll 2016-04-17 09:49:52 F4F6D943E788447DAE29DA217B6743E6 147456 ----a-w- C:\WINDOWS\Sysnative\mtxoci.dll 2016-04-17 09:49:52 F432ACF44EABBE3EB98F613E1573DA6F 334736 ----a-w- C:\WINDOWS\Sysnative\policymanager.dll 2016-04-17 09:49:52 F40C5151476B066A4061E67DFA641657 128512 ----a-w- C:\WINDOWS\Sysnative\dmcsps.dll 2016-04-17 09:49:52 F07301C282AA222C33F8C28B4F545275 591872 ----a-w- C:\WINDOWS\Sysnative\SmsRouterSvc.dll 2016-04-17 09:49:52 EF953237B34D1468B81A6AB260A3C524 1317640 ----a-w- C:\WINDOWS\Sysnative\winload.efi 2016-04-17 09:49:52 EBD07BD20B5E0E92A398566EF8720F79 31232 ----a-w- C:\WINDOWS\Sysnative\seclogon.dll 2016-04-17 09:49:52 EA195B8BC11C1CDB313CFD456EFFA0E9 997376 ----a-w- C:\WINDOWS\Sysnative\schedsvc.dll 2016-04-17 09:49:52 E9A0D466F6D8EC349DB526146618BCB6 606720 ----a-w- C:\WINDOWS\Sysnative\wcmsvc.dll 2016-04-17 09:49:52 E95C204F9042223B355C4D04CE675D50 86528 ----a-w- C:\WINDOWS\Sysnative\AppCapture.dll 2016-04-17 09:49:52 E81A803BE3E7D49DE669FB8C30B18BA4 414720 ----a-w- C:\WINDOWS\Sysnative\bcastdvr.exe 2016-04-17 09:49:52 E7588419770BDDB510741F734D290E27 1318912 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll 2016-04-17 09:49:52 E5E09ABD5171EB8622821059D8757F43 239616 ----a-w- C:\WINDOWS\Sysnative\credprovhost.dll 2016-04-17 09:49:52 E5C3042B68D4EA89B3C52E150E553DA0 617984 ----a-w- C:\WINDOWS\Sysnative\StorSvc.dll 2016-04-17 09:49:52 E5421101B84007FBC3D11501A6887F42 471552 ----a-w- C:\WINDOWS\Sysnative\NetSetupShim.dll 2016-04-17 09:49:52 E15D10FA246ADC4DC59B93C13F417AA3 440320 ----a-w- C:\WINDOWS\Sysnative\CredProvDataModel.dll 2016-04-17 09:49:52 DAFECF80513C6E6892BBEBB48D555A31 115712 ----a-w- C:\WINDOWS\Sysnative\srpapi.dll 2016-04-17 09:49:52 DAB53783AD08864E873A6B7B874D1783 3671888 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2016-04-17 09:49:52 D842C2B65E77C13273B626317A5BC5C4 555520 ----a-w- C:\WINDOWS\Sysnative\SyncController.dll 2016-04-17 09:49:52 D20C52607024BD08A88CF1CA6B339C9B 517632 ----a-w- C:\WINDOWS\Sysnative\winspool.drv 2016-04-17 09:49:52 D1241DFC397FA8CCFB4BB4B63AAD31AC 755712 ----a-w- C:\WINDOWS\Sysnative\spoolsv.exe 2016-04-17 09:49:52 CD885F960066DDD538CD1BBD509A0EC0 69632 ----a-w- C:\WINDOWS\Sysnative\wininetlui.dll 2016-04-17 09:49:52 C6856D20BE1DB90407C9154B0EC319B9 77824 ----a-w- C:\WINDOWS\Sysnative\provpackageapidll.dll 2016-04-17 09:49:52 C3BB5D3E3DD24AC0BFA9223F2877F136 76800 ----a-w- C:\WINDOWS\Sysnative\NetCfgNotifyObjectHost.exe 2016-04-17 09:49:52 C1C169EFA8E5E30A0A521C0409CAC153 874968 ----a-w- C:\WINDOWS\Sysnative\winresume.exe 2016-04-17 09:49:52 BFE2669F7B0EB1EBAF587490E9E591AA 630272 ----a-w- C:\WINDOWS\Sysnative\PhoneProviders.dll 2016-04-17 09:49:52 BE8C62B0B7BBA8F1152A6A7FCF248404 915456 ----a-w- C:\WINDOWS\Sysnative\configurationclient.dll 2016-04-17 09:49:52 BE7D6EA3650F1C25076335A9C1F3D59B 1098240 ----a-w- C:\WINDOWS\Sysnative\dosvc.dll 2016-04-17 09:49:52 B82C04128A96A05139F9F58ED07D0DB2 3351040 ----a-w- C:\WINDOWS\Sysnative\msi.dll 2016-04-17 09:49:52 B58CE40AC84F1B068A2004400E68245B 87040 ----a-w- C:\WINDOWS\Sysnative\MDMAppInstaller.exe 2016-04-17 09:49:52 B37F21B4C25BF10605A196791F93E324 360448 ----a-w- C:\WINDOWS\Sysnative\vaultsvc.dll 2016-04-17 09:49:52 B232CE503C6666873E7B9E4BA769C524 92160 ----a-w- C:\WINDOWS\Sysnative\policymanagerprecheck.dll 2016-04-17 09:49:52 B0236F0FB7402381A50F2EBF031C49CF 1030416 ----a-w- C:\WINDOWS\Sysnative\winresume.efi 2016-04-17 09:49:52 AEBD5FCFBFF0294A2D87048D4F5417CB 74424 ----a-w- C:\WINDOWS\Sysnative\easinvoker.exe 2016-04-17 09:49:52 AE6A68A065D4C26AF4BEFAA53623B266 2755584 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2016-04-17 09:49:52 AC71C0A77ED618382D5422C6AB1747E4 169472 ----a-w- C:\WINDOWS\Sysnative\mdmmigrator.dll 2016-04-17 09:49:52 A78E76034D230AFE6B74B57BAF8C8BF2 27648 ----a-w- C:\WINDOWS\Sysnative\WiFiConfigSP.dll 2016-04-17 09:49:52 A2B2198B126C8BB489585994A453B064 7474016 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2016-04-17 09:49:52 A2902A998C3A8A049D26235A75DBE300 174592 ----a-w- C:\WINDOWS\Sysnative\easwrt.dll 2016-04-17 09:49:52 9FDAC1F65E074C1CF12C3E80BD5195E4 176640 ----a-w- C:\WINDOWS\Sysnative\mdmregistration.dll 2016-04-17 09:49:52 9BE5ECE2F17B3BEDE6FDE1175BD23266 376536 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.MediaControl.dll 2016-04-17 09:49:52 9822B613AEB1CF24E05EFEE748160637 25088 ----a-w- C:\WINDOWS\Sysnative\irmon.dll 2016-04-17 09:49:52 98112F9B965646D338896FD7B13BB32E 1173344 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2016-04-17 09:49:52 96BAB1499995B85B91C312BA5114CA03 1322248 ----a-w- C:\WINDOWS\Sysnative\ole32.dll 2016-04-17 09:49:52 93E597D2B5C653E94680E8B8E1C59B36 641536 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll 2016-04-17 09:49:52 92840BF0817C457BB011220BA21BAE9B 1832448 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll 2016-04-17 09:49:52 92291BFE95AD37CF486BD3E4B31F746B 1141504 ----a-w- C:\WINDOWS\Sysnative\winload.exe 2016-04-17 09:49:52 91F08041D932816D0D9607F68578A87E 34816 ----a-w- C:\WINDOWS\Sysnative\dmenterprisediagnostics.dll 2016-04-17 09:49:52 8EC4F381818F8A073DEC52C6D1ED9C76 86016 ----a-w- C:\WINDOWS\Sysnative\DeviceEnroller.exe 2016-04-17 09:49:52 8AF0CBE3FC6129C42D7A2A73B681F226 1118208 ----a-w- C:\WINDOWS\Sysnative\localspl.dll 2016-04-17 09:49:52 8790833B243AB6DD22A1F86FFB26B689 1052160 ----a-w- C:\WINDOWS\Sysnative\MsSpellCheckingFacility.dll 2016-04-17 09:49:52 85EE46E85C3E76809BC454A50564ECD6 418304 ----a-w- C:\WINDOWS\Sysnative\dmenrollengine.dll 2016-04-17 09:49:52 84ADBF35DAF6404148AE85973BE26D59 48640 ----a-w- C:\WINDOWS\Sysnative\wfdprov.dll 2016-04-17 09:49:52 7F7591CCC146EC7D9EB77C1277D605F4 1213440 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll 2016-04-17 09:49:52 7C20F3EC0BA5ACB8ED40CDEF41B0AC56 779384 ----a-w- C:\WINDOWS\Sysnative\taskschd.dll 2016-04-17 09:49:52 7BD715D15060E0B6E4AF222CA7120BD1 69632 ----a-w- C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll 2016-04-17 09:49:52 7A0E065E46156F9288AE32B1E0399247 52224 ----a-w- C:\WINDOWS\Sysnative\jsproxy.dll 2016-04-17 09:49:52 77B2F9C522467B1FC8770028D09534DB 91648 ----a-w- C:\WINDOWS\Sysnative\asycfilt.dll 2016-04-17 09:49:52 703430E9FFF072334B247B5E88428331 288768 ----a-w- C:\WINDOWS\Sysnative\vaultcli.dll 2016-04-17 09:49:52 6E04BBE242E2889B37300C4DF5CE1126 3449168 ----a-w- C:\WINDOWS\Sysnative\WSService.dll 2016-04-17 09:49:52 6CA51117CDDB89DB6AE9F196B01C3491 389992 ----a-w- C:\WINDOWS\Sysnative\wlanapi.dll 2016-04-17 09:49:52 69B6B69C95E1FBDC796F5B2019A8B24D 791744 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll 2016-04-17 09:49:52 6870232D80480DA4FF1FBE3373FCA06E 965632 ----a-w- C:\WINDOWS\Sysnative\SRH.dll 2016-04-17 09:49:52 6855984AA46D2452A7C518787E1F2643 1996288 ----a-w- C:\WINDOWS\Sysnative\ActiveSyncProvider.dll 2016-04-17 09:49:52 6758ABE6A73AE709A6C74F121C666CC1 841216 ----a-w- C:\WINDOWS\Sysnative\win32spl.dll 2016-04-17 09:49:52 610D0502400BDAFD4BB8EA10713234C7 74240 ----a-w- C:\WINDOWS\Sysnative\SMSRouter.dll 2016-04-17 09:49:52 6072C7DB85FD3FE8D308EE44865C04DE 305664 ----a-w- C:\WINDOWS\Sysnative\wifiprofilessettinghandler.dll 2016-04-17 09:49:52 5D88798FC34BB61C74256CDD66BDD205 318976 ----a-w- C:\WINDOWS\Sysnative\domgmt.dll 2016-04-17 09:49:52 5CB565C1A0A30D76D7B099EEF9654297 256000 ----a-w- C:\WINDOWS\Sysnative\accountaccessor.dll 2016-04-17 09:49:52 5548D83C60E37CBB1B451A1108D4142C 513888 ----a-w- C:\WINDOWS\Sysnative\devinv.dll 2016-04-17 09:49:52 53AC4B2658807691D2A485EE0F8A50E9 463360 ----a-w- C:\WINDOWS\Sysnative\wlansec.dll 2016-04-17 09:49:52 4C5D035670EB045123DCF87EE2FDB33B 162816 ----a-w- C:\WINDOWS\Sysnative\enrollmentapi.dll 2016-04-17 09:49:52 45FDB4ACF680DF92D6510F77E7FF3E7F 713568 ----a-w- C:\WINDOWS\Sysnative\invagent.dll 2016-04-17 09:49:52 453740989239803FE363FF8B40EA2E08 2295808 ----a-w- C:\WINDOWS\Sysnative\wlansvc.dll 2016-04-17 09:49:52 3F8466CC13D1F614C8FAC24B1C030D59 214528 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.Scanners.dll 2016-04-17 09:49:52 2DDEA2BEDD3169F483C9BE610ADFE8B1 8705672 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Protection.PlayReady.dll 2016-04-17 09:49:52 290D24F50396B379338790B8E8D1C503 1714688 ----a-w- C:\WINDOWS\Sysnative\SRHInproc.dll 2016-04-17 09:49:52 28CFFDB411375B2BBB0EBF295ABAEF29 382464 ----a-w- C:\WINDOWS\Sysnative\wuuhext.dll 2016-04-17 09:49:52 215C9C65601378F56BEECDECBD1EF4AE 216416 ----a-w- C:\WINDOWS\Sysnative\AppxAllUserStore.dll 2016-04-17 09:49:52 1F3D69B0AE210874DDC300C3EF1C9CCD 438784 ----a-w- C:\WINDOWS\Sysnative\AccountsRt.dll 2016-04-17 09:49:52 167176E3A8B095C2E807D27CBE6AB0D3 1902592 ----a-w- C:\WINDOWS\Sysnative\msxml3.dll 2016-04-17 09:49:52 12D83590FEF1C8C28DBF3323C61E831A 31232 ----a-w- C:\WINDOWS\Sysnative\wsdchngr.dll 2016-04-17 09:49:52 11C782F631D915895E56FC1CD8214E51 100232 ----a-w- C:\WINDOWS\Sysnative\omadmapi.dll 2016-04-17 09:49:52 0F85790D9E32FA0B8798AECBBEF6F5F4 1731584 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2016-04-17 09:49:52 0F3C165B71F8140F50A1DB5DE3E6D695 2158592 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll 2016-04-17 09:49:52 0ED8556CB47EC7689D0046791F3427AE 26112 ----a-w- C:\WINDOWS\Sysnative\wlansvcpal.dll 2016-04-17 09:49:52 09918925526BC0B5B823CF1A2473D909 412672 ----a-w- C:\WINDOWS\Sysnative\wlanmsm.dll 2016-04-17 09:49:52 03416DA86664FF2141A5820868B0B9B1 88576 ----a-w- C:\WINDOWS\Sysnative\AppxSysprep.dll 2016-04-17 09:49:52 023338E1DA5B6E5C2EFC7E5ADA7929C5 685568 ----a-w- C:\WINDOWS\Sysnative\scapi.dll 2016-04-17 09:49:51 F99D8BF6ACA4728C9E285BD161C22BCB 938496 ----a-w- C:\WINDOWS\Sysnative\MapControlCore.dll 2016-04-17 09:49:51 F7391A45172C10D8B79A239CDD8BA88B 209408 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll 2016-04-17 09:49:51 F5B8CC586CE9D6187F412B5DFE932468 33280 ----a-w- C:\WINDOWS\Sysnative\wuautoappupdate.dll 2016-04-17 09:49:51 EFA3EFE172FDA2EE7C3F64F17277181C 7199232 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll 2016-04-17 09:49:51 EEA1E99FBC7D91A1A271012F2B4567BB 60416 ----a-w- C:\WINDOWS\Sysnative\PimIndexMaintenanceClient.dll 2016-04-17 09:49:51 E432FCF8572682126C3362AA856DC4AE 221184 ----a-w- C:\WINDOWS\Sysnative\PhoneCallHistoryApis.dll 2016-04-17 09:49:51 E1D8055043DF089DB8ADB67C21DF2CC4 70656 ----a-w- C:\WINDOWS\Sysnative\POSyncServices.dll 2016-04-17 09:49:51 DEFF4C7B937F60923980D4BB7D1724B8 274944 ----a-w- C:\WINDOWS\Sysnative\ExSMime.dll 2016-04-17 09:49:51 DD877B48C28AB34197AD88902971B81D 45056 ----a-w- C:\WINDOWS\Sysnative\UserDataLanguageUtil.dll 2016-04-17 09:49:51 DD57E9F1482E1A9BD2514F6D017DF58A 258560 ----a-w- C:\WINDOWS\Sysnative\UserDataAccountApis.dll 2016-04-17 09:49:51 DA4F2FBA02ADB65797953219ABEF0C44 58400 ----a-w- C:\WINDOWS\Sysnative\SensorsNativeApi.dll 2016-04-17 09:49:51 D8F3E820C39808C00A687AED554D23C0 859136 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.Store.dll 2016-04-17 09:49:51 D169A4C1EDA2F63545628420014F2FE3 808800 ----a-w- C:\WINDOWS\Sysnative\WWAHost.exe 2016-04-17 09:49:51 D0CCDC8D0D00DA363F9D87C2E9A803EF 1297752 ----a-w- C:\WINDOWS\Sysnative\LicenseManager.dll 2016-04-17 09:49:51 CD8C4364BC6040C0226638EF37E13CBB 161280 ----a-w- C:\WINDOWS\Sysnative\CallHistoryClient.dll 2016-04-17 09:49:51 CB902A15DD21B363FECA5DCCF34F5C57 1224704 ----a-w- C:\WINDOWS\Sysnative\Unistore.dll 2016-04-17 09:49:51 C64B693DF26EB7BFF25F9BAD8B54D571 649216 ----a-w- C:\WINDOWS\Sysnative\ngcsvc.dll 2016-04-17 09:49:51 C59CF7385D070450643D61C8ADEFFE3C 958976 ----a-w- C:\WINDOWS\Sysnative\RemoteNaturalLanguage.dll 2016-04-17 09:49:51 C1FD242DB2679B7E8F9D54955131A603 1056256 ----a-w- C:\WINDOWS\Sysnative\JpMapControl.dll 2016-04-17 09:49:51 C10E0567A0C9541F839EC5B4758795DA 48128 ----a-w- C:\WINDOWS\Sysnative\wups.dll 2016-04-17 09:49:51 B8293D5BCBCE179870AAB09CCF21B120 151040 ----a-w- C:\WINDOWS\Sysnative\VEStoreEventHandlers.dll 2016-04-17 09:49:51 B6877446C93D3110E56C90CF13CBEC89 45568 ----a-w- C:\WINDOWS\Sysnative\UserDataTypeHelperUtil.dll 2016-04-17 09:49:51 B3B3BF36976D72C06C2D3524AC040643 81144 ----a-w- C:\WINDOWS\Sysnative\netapi32.dll 2016-04-17 09:49:51 AB416599057FFDC84E28BBB6DA69EADC 235008 ----a-w- C:\WINDOWS\Sysnative\MTF.dll 2016-04-17 09:49:51 AA5E227F977D03198227E09804394A24 127488 ----a-w- C:\WINDOWS\Sysnative\VEDataLayerHelpers.dll 2016-04-17 09:49:51 A617BE5E429A035A1CA8217C1B16F0BB 134656 ----a-w- C:\WINDOWS\Sysnative\browser.dll 2016-04-17 09:49:51 A34D9229F8D3A7164247213C9A283DB0 189952 ----a-w- C:\WINDOWS\Sysnative\WiFiDisplay.dll 2016-04-17 09:49:51 A249C98D869623F1AF0DB4BCFFF6D2A8 68096 ----a-w- C:\WINDOWS\Sysnative\UserDataPlatformHelperUtil.dll 2016-04-17 09:49:51 9BC40C5A140B5F380042E391CC95993F 66560 ----a-w- C:\WINDOWS\Sysnative\moshost.dll 2016-04-17 09:49:51 95D2BD6AC94FB337AF69F8AFE056BEBE 147808 ----a-w- C:\WINDOWS\Sysnative\wermgr.exe 2016-04-17 09:49:51 94612B9F7FC2B1A5C6D337C649B346F1 278528 ----a-w- C:\WINDOWS\Sysnative\NotificationObjFactory.dll 2016-04-17 09:49:51 907B65AD953EA159B573A0BCC82F6DB0 243712 ----a-w- C:\WINDOWS\Sysnative\cemapi.dll 2016-04-17 09:49:51 82A4EFF3567A00EAAA5929C64C42F22D 269824 ----a-w- C:\WINDOWS\Sysnative\moshostcore.dll 2016-04-17 09:49:51 81D0BDE09DA9D13C4A5A47A8ADCE0993 120320 ----a-w- C:\WINDOWS\Sysnative\MapsBtSvc.dll 2016-04-17 09:49:51 81B78E1782DB1BA758FDA7B993C9FEB5 91136 ----a-w- C:\WINDOWS\Sysnative\browserbroker.dll 2016-04-17 09:49:51 8024D7BDD26E9C1280B8B6D605488179 848896 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2016-04-17 09:49:51 7ED9629564A44BF0ECAEDEDE7B1BC1FF 988160 ----a-w- C:\WINDOWS\Sysnative\NMAA.dll 2016-04-17 09:49:51 7E81E3E0D7F83BFE3C3975020B6C7F12 163840 ----a-w- C:\WINDOWS\Sysnative\TimeBrokerServer.dll 2016-04-17 09:49:51 727E03710FB2320AC0C114A9BF40AB40 7979008 ----a-w- C:\WINDOWS\Sysnative\mos.dll 2016-04-17 09:49:51 722A68A4CC2BC8BC3C0B776B0711A3C9 285696 ----a-w- C:\WINDOWS\Sysnative\VEEventDispatcher.dll 2016-04-17 09:49:51 70BA4CAAC5D621DCE88082DA0B1FF014 23552 ----a-w- C:\WINDOWS\Sysnative\ExtrasXmlParser.dll 2016-04-17 09:49:51 6B5963BC0C0074448A502FD19209D1BB 89088 ----a-w- C:\WINDOWS\Sysnative\MapsCSP.dll 2016-04-17 09:49:51 62300878366762EABAC7834543964A6E 498688 ----a-w- C:\WINDOWS\Sysnative\tileobjserver.dll 2016-04-17 09:49:51 61C99C1A4BB5EE14563ED321A859ACB6 726528 ----a-w- C:\WINDOWS\Sysnative\ChatApis.dll 2016-04-17 09:49:51 542C143FA639E4F488005E889C8A9CFD 74752 ----a-w- C:\WINDOWS\Sysnative\MosStorage.dll 2016-04-17 09:49:51 5300F190147040AECDA4F8D669B7D673 28672 ----a-w- C:\WINDOWS\Sysnative\mapsupdatetask.dll 2016-04-17 09:49:51 4C3A93515CA70A7017CBA3A6A95CF080 121856 ----a-w- C:\WINDOWS\Sysnative\AppointmentActivation.dll 2016-04-17 09:49:51 4BE54893EC2A3B26140DF44E7B6D4E99 230400 ----a-w- C:\WINDOWS\Sysnative\DAFWSD.dll 2016-04-17 09:49:51 49FDB6B2E192AD639F09EF90C32A0395 852480 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll 2016-04-17 09:49:51 492FB85E61768950CDD27C87AED6E8FA 587776 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll 2016-04-17 09:49:51 45D26646E3AD737E5DE3DB91CCCE7DBA 339968 ----a-w- C:\WINDOWS\Sysnative\SensorService.dll 2016-04-17 09:49:51 3F4C879B631C77878B42F89990518F72 460288 ----a-w- C:\WINDOWS\Sysnative\MapConfiguration.dll 2016-04-17 09:49:51 3F4461644840A3C5572DDC726C36BDF7 92160 ----a-w- C:\WINDOWS\Sysnative\SensorsNativeApi.V2.dll 2016-04-17 09:49:51 3D0DE8170ECCEC20CBF205D79C535BA1 2275328 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2016-04-17 09:49:51 3932940E0DB7A31B00A415F6B3D3E242 700416 ----a-w- C:\WINDOWS\Sysnative\AppointmentApis.dll 2016-04-17 09:49:51 38C87ECB57CB973AA5DA633B91778670 676352 ----a-w- C:\WINDOWS\Sysnative\WSDApi.dll 2016-04-17 09:49:51 333F190DFAE2E1EE500234B78ADDA297 640472 ----a-w- C:\WINDOWS\Sysnative\wer.dll 2016-04-17 09:49:51 2E165E1CF278FC2B4959B825642A595B 558080 ----a-w- C:\WINDOWS\Sysnative\MBMediaManager.dll 2016-04-17 09:49:51 2BCCAEB08EAF8C5D6BD024B3F020D0EA 790528 ----a-w- C:\WINDOWS\Sysnative\EmailApis.dll 2016-04-17 09:49:51 2771EBB565F5C121E66060B173991D4D 1490432 ----a-w- C:\WINDOWS\Sysnative\UserDataService.dll 2016-04-17 09:49:51 2362BCA98EAF8CE0487664467F720861 178176 ----a-w- C:\WINDOWS\Sysnative\psmsrv.dll 2016-04-17 09:49:51 21098276051C6BEBBA7C8EB79AAF4E22 938496 ----a-w- C:\WINDOWS\Sysnative\ContactApis.dll 2016-04-17 09:49:51 1D00BBEEE33FA7F64A8CBFF471968CB0 195072 ----a-w- C:\WINDOWS\Sysnative\VCardParser.dll 2016-04-17 09:49:51 1AE232355968BBCA3787B5B35DCA0FD0 550912 ----a-w- C:\WINDOWS\Sysnative\StoreAgent.dll 2016-04-17 09:49:51 1A0945D67F0499600E7B43A69210EC5B 41984 ----a-w- C:\WINDOWS\Sysnative\TimeBrokerClient.dll 2016-04-17 09:49:51 087FF4F0D29833949962F8EE60DA345E 199168 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe 2016-04-17 09:49:51 04F7878E7017105AB782353231561749 252928 ----a-w- C:\WINDOWS\Sysnative\PimIndexMaintenance.dll 2016-04-17 09:49:51 04BB77409644685810DBD63D86F5720E 99328 ----a-w- C:\WINDOWS\Sysnative\ngckeyenum.dll 2016-04-17 09:49:51 0271B5C23A375E008C34024088D0F396 1575936 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Speech.dll 2016-04-17 09:49:51 020AD2DA67F206DC160053F88454A0D4 111616 ----a-w- C:\WINDOWS\Sysnative\UserDataTimeUtil.dll 2016-04-17 09:49:49 FBC8C56814642A7CA88ACBCA8DD1121F 145408 ----a-w- C:\WINDOWS\Sysnative\dssvc.dll 2016-04-17 09:49:49 F7526C133AC265F283012E9CD751F873 625000 ----a-w- C:\WINDOWS\Sysnative\ClipSVC.dll 2016-04-17 09:49:49 F66EEB5365413D4B968C5B51D25F88B8 141560 ----a-w- C:\WINDOWS\Sysnative\AuthHost.exe 2016-04-17 09:49:49 F0BBBF8807D5725102A9EB06AEB9C1C5 58368 ----a-w- C:\WINDOWS\Sysnative\browcli.dll 2016-04-17 09:49:49 E8A201E7ACF39359D99EEDD3D059E5AC 1395712 ----a-w- C:\WINDOWS\Sysnative\UIAutomationCore.dll 2016-04-17 09:49:49 DB2911201B4AAC79AF712C5551F0C41D 688640 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.Connectivity.dll 2016-04-17 09:49:49 DB0C2721BE0E21EAA0C4C70B07F481DE 3078144 ----a-w- C:\WINDOWS\Sysnative\esent.dll 2016-04-17 09:49:49 D9A795240A84C9E3DA78BC1B9E239FCF 95744 ----a-w- C:\WINDOWS\Sysnative\samlib.dll 2016-04-17 09:49:49 D22A2DEC01300ECEB41D22AB60B1E4B3 66048 ----a-w- C:\WINDOWS\Sysnative\OnDemandConnRouteHelper.dll 2016-04-17 09:49:49 BEF109D45139E2646C116DD9B6E53E3C 847360 ----a-w- C:\WINDOWS\Sysnative\netlogon.dll 2016-04-17 09:49:49 BAEFEFB04D7F9A554C029FBA52A02BB8 652392 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll 2016-04-17 09:49:49 B8CBDF64077D764D26E6E0255270B7BF 224256 ----a-w- C:\WINDOWS\Sysnative\PackageStateRoaming.dll 2016-04-17 09:49:49 B7C13F4BE0263F3A8303404A96F4246D 358752 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll 2016-04-17 09:49:49 B174232356859EBB0CF8FA950119DA1E 159232 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe 2016-04-17 09:49:49 AFAF7063071A1124985A63382B2BC34C 161792 ----a-w- C:\WINDOWS\Sysnative\AppxSip.dll 2016-04-17 09:49:49 AB3F697651DDAE1C424C9B2412EFBB59 1239552 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.Bluetooth.dll 2016-04-17 09:49:49 A6969BAD3166EDA1C79988DD782A87CF 888320 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.dll 2016-04-17 09:49:49 A407435633C74CB1D6911DC05A90D939 2912256 ----a-w- C:\WINDOWS\Sysnative\CertEnroll.dll 2016-04-17 09:49:49 9CB84B6398F10BCF0CE357F2C7B6056D 286720 ----a-w- C:\WINDOWS\Sysnative\deviceaccess.dll 2016-04-17 09:49:49 9A3E17CDB177913C2A111C80F3D0DBB4 686976 ----a-w- C:\WINDOWS\Sysnative\dnsapi.dll 2016-04-17 09:49:49 99D5C132D5085DACBFF909C3AAF832AC 2624512 ----a-w- C:\WINDOWS\Sysnative\InputService.dll 2016-04-17 09:49:49 998015F786B2B9EE029FB556393CF848 78040 ----a-w- C:\WINDOWS\Sysnative\wkscli.dll 2016-04-17 09:49:49 92FB4032354D2074DA0DC9E70D8305B1 1388032 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2016-04-17 09:49:49 8FFFDB163436D790369E39700B8A7DC1 27648 ----a-w- C:\WINDOWS\Sysnative\LicenseManagerShellext.exe 2016-04-17 09:49:49 87F0EA669FB37C03207A8870C3B91174 1410560 ----a-w- C:\WINDOWS\Sysnative\Windows.Web.Http.dll 2016-04-17 09:49:49 7E0078F1EFEB6F8F47CF85C1D73C7EBC 328192 ----a-w- C:\WINDOWS\Sysnative\profsvc.dll 2016-04-17 09:49:49 797497201A406D6CFDB72FE0545F990C 6972416 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll 2016-04-17 09:49:49 7890990143812A452858058BBD52149F 297472 ----a-w- C:\WINDOWS\Sysnative\thumbcache.dll 2016-04-17 09:49:49 77981E6F98F4A8743D3AEB1A8AF4DE09 108544 ----a-w- C:\WINDOWS\Sysnative\InputLocaleManager.dll 2016-04-17 09:49:49 728146F5877FD08DE65B21817ABB19A8 765952 ----a-w- C:\WINDOWS\Sysnative\fveapi.dll 2016-04-17 09:49:49 7119946D6A8D221C65514267D9F4D520 4774912 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll 2016-04-17 09:49:49 7118498F6E48758A2EF5A7D1982E2B62 1139712 ----a-w- C:\WINDOWS\Sysnative\XblGameSave.dll 2016-04-17 09:49:49 703F15FBAEA94F88FD5E12EFA94A0F7E 2656952 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll 2016-04-17 09:49:49 6D31FB3E4263749BD994B3895322D799 982016 ----a-w- C:\WINDOWS\Sysnative\AppxPackaging.dll 2016-04-17 09:49:49 63939B50C5C103FA71A419BCEA5B1CF0 26112 ----a-w- C:\WINDOWS\Sysnative\TokenBrokerCookies.exe 2016-04-17 09:49:49 5DFAF8BE5A3CABAABF6795BC09EB7876 948736 ----a-w- C:\WINDOWS\Sysnative\XblAuthManager.dll 2016-04-17 09:49:49 5CBB046266CD7CD1593354C93BCDBE91 870400 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll 2016-04-17 09:49:49 5B5F518D6487FDCC9C40A74D3C72B8EE 828928 ----a-w- C:\WINDOWS\Sysnative\Windows.AccountsControl.dll 2016-04-17 09:49:49 597AA6F5B21B1B15C87982FAFD1555EE 6607080 ----a-w- C:\WINDOWS\Sysnative\windows.storage.dll 2016-04-17 09:49:49 594FDF2DB7568C73C282B282845E30CF 36352 ----a-w- C:\WINDOWS\Sysnative\tbauth.dll 2016-04-17 09:49:49 5839A317C25F70979433E0905DFABB1B 284672 ----a-w- C:\WINDOWS\Sysnative\dnsrslvr.dll 2016-04-17 09:49:49 56C238ACFE4CB020D3E38508249039EA 87040 ----a-w- C:\WINDOWS\Sysnative\tzautoupdate.dll 2016-04-17 09:49:49 5417FA7098B9A1F5A6EECB198A7B4BFC 3592704 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys 2016-04-17 09:49:49 5276C6CCA158FD73D20642C6A7A507E7 1946112 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll 2016-04-17 09:49:49 51449675B00C62F970B497A2FBF1BC46 787456 ----a-w- C:\WINDOWS\Sysnative\Windows.Web.dll 2016-04-17 09:49:49 5118193C56A2F8D07554395B78A6FDCC 223232 ----a-w- C:\WINDOWS\Sysnative\fveapibase.dll 2016-04-17 09:49:49 5066575F39AEECAA7A9E03C0FA007A90 881664 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Input.Inking.dll 2016-04-17 09:49:49 50007CDB0F9801A7186F3E81D3377D12 2773096 ----a-w- C:\WINDOWS\Sysnative\d3d11.dll 2016-04-17 09:49:49 497EB340D13433E8FE53625103E0C2D0 146432 ----a-w- C:\WINDOWS\Sysnative\AuthBroker.dll 2016-04-17 09:49:49 46E51F35566F8B73540D56EAA0A97E46 175616 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Core.TextInput.dll 2016-04-17 09:49:49 4098813724BDAC23A74DD6E75CA360CC 450560 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Bluetooth.dll 2016-04-17 09:49:49 4025493B778984A65B1A310864C4F08C 970752 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll 2016-04-17 09:49:49 3EEB5260D4321F7F124955E1D228FDF2 274944 ----a-w- C:\WINDOWS\Sysnative\DisplayManager.dll 2016-04-17 09:49:49 3CE8EBC0B1A74A7AC639C5FAFC549CCA 436736 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll 2016-04-17 09:49:49 3C994D13A234D0E33D592CDF55F09B01 628736 ----a-w- C:\WINDOWS\Sysnative\MessagingDataModel2.dll 2016-04-17 09:49:49 2F9B478546FC00827CB269BAD949D98B 16985600 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2016-04-17 09:49:49 2F844EBBB6BAA883BDDC472C44B738AE 1388544 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys 2016-04-17 09:49:49 2F0FA6F60BC9A971BFBF31D1D2C8AF08 167936 ----a-w- C:\WINDOWS\Sysnative\dafBth.dll 2016-04-17 09:49:49 281C61D772D6F267FEABDF71E38C621C 821760 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll 2016-04-17 09:49:49 2804ACDD73835F051CE71DA4DB25337D 110584 ----a-w- C:\WINDOWS\Sysnative\srvcli.dll 2016-04-17 09:49:49 21045DC8C67DA8600529FED2A6F90D6A 848896 ----a-w- C:\WINDOWS\Sysnative\samsrv.dll 2016-04-17 09:49:49 1C8474EF741ABA77E53BE94DE8E89D26 990720 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll 2016-04-17 09:49:49 15D174719872A30F2FDD6B5B1B8BA5D9 1613664 ----a-w- C:\WINDOWS\Sysnative\diagtrack.dll 2016-04-17 09:49:49 0FEE16BB03B1A97A70121165E7414903 67584 ----a-w- C:\WINDOWS\Sysnative\profext.dll 2016-04-17 09:49:49 0D9E0BDCCCE10F07A7B66A61B27C1F71 116224 ----a-w- C:\WINDOWS\Sysnative\FontProvider.dll 2016-04-17 09:40:07 E91942A0D00C6AA014B2EA33EE0ED0A3 35480 ----a-w- C:\WINDOWS\Sysnative\TsWpfWrp.exe 2016-04-17 09:40:07 E2296A6174894682DF8F0FF29FDDCC82 1166520 ----a-w- C:\WINDOWS\Sysnative\PresentationNative_v0300.dll 2016-04-17 09:40:07 C5FEF4B4A7FB961ECDB0AB07DBCF379E 124624 ----a-w- C:\WINDOWS\Sysnative\PresentationCFFRasterizerNative_v0300.dll 2016-04-17 09:39:55 48E7F01CD9246CAF86702F5CB9100C9F 1087488 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll 2016-04-17 09:39:55 20B48DC4AF4492B31A756528444BDA8C 304752 ----a-w- C:\WINDOWS\Sysnative\systemreset.exe 2016-04-17 09:08:45 E52612EA0C1C1ACD3ABFD09534F6AAE6 5739520 ----a-w- C:\WINDOWS\Sysnative\prm0009.dll 2016-04-17 09:08:44 F44AA79DF45B1CAE6E6C64372D846AA5 6359040 ----a-w- C:\WINDOWS\Sysnative\NlsData0009.dll 2016-04-17 09:08:44 8F1CD3FABC7F24FE329FE39A3EB58C58 2629632 ----a-w- C:\WINDOWS\Sysnative\NlsLexicons0009.dll 2016-04-17 09:04:27 A3588784F362077D5BC09690F57F76D5 22980 ----a-w- C:\WINDOWS\Sysnative\emptyregdb.dat 2016-04-17 08:55:06 90B50CE9AC082028796471B2D6A7C4D1 2134982 ----a-w- C:\WINDOWS\Sysnative\PerfStringBackup.INI 2016-04-13 07:32:00 876DCA7F8F58E6F5F9CA0BD2C09AF134 968704 ----a-w- C:\WINDOWS\Sysnative\MsSpellCheckingFacility.exe 2016-04-13 07:31:56 8FC9C6E4F1CE587C735A06F0CFFEE619 1359360 ----a-w- C:\WINDOWS\Sysnative\mshtmlmedia.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2016-04-19 09:15:22 4778EEECB75C6FB419745BEED3530B9D 26024 ----a-w- C:\WINDOWS\Sysnative\drivers\rsdrvx64.sys 2016-04-19 08:23:46 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2016-04-19 08:23:07 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2016-04-19 08:23:07 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2016-04-19 08:23:07 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys 2016-04-18 06:52:11 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2016-04-17 09:50:03 1A490555FD330CA2764D89191177C867 285696 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys 2016-04-17 09:49:58 083A727D784009F9CCFB120C7841B7AF 2403680 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2016-04-17 09:49:54 E582DA849A58524E645545FB68B6625D 1152864 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2016-04-17 09:49:54 935823F79CBEDB91637B63D37E3A5A36 148480 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys 2016-04-17 09:49:54 19BD8A88AAC580592668B070AC0727D9 2152280 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys 2016-04-17 09:49:54 0B3B0C1D86050355676640488FA897D3 430944 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2016-04-17 09:49:52 EDDB0D726DBECDFC1DBCC6DB464E5A13 146272 ----a-w- C:\WINDOWS\Sysnative\drivers\appid.sys 2016-04-17 09:49:52 E3C82823B22463BC38AA4F8ADA852624 104960 ----a-w- C:\WINDOWS\Sysnative\drivers\rasl2tp.sys 2016-04-17 09:49:52 AA4CD20708B7E0412A5316D7E2875103 530432 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys 2016-04-17 09:49:52 A4411C522D41707D5BCA817A5BB9E30B 114688 ----a-w- C:\WINDOWS\Sysnative\drivers\bridge.sys 2016-04-17 09:49:52 2BC2E99623119521EEF7910A11D0FDE0 694784 ----a-w- C:\WINDOWS\Sysnative\drivers\WdiWiFi.sys 2016-04-17 09:49:51 63C3F74DC398A1C1A77E39DFB9C312CA 1089888 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys 2016-04-17 09:49:49 F45665E77D11F3C1552EDBEAD1559DC8 1997152 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-04-17 09:49:49 F279536122B83FD0D8E158AA753E1B7C 238592 ----a-w- C:\WINDOWS\Sysnative\drivers\xboxgip.sys 2016-04-17 09:49:49 DA0807D87A62D076C29C4E30F1E84F46 26112 ----a-w- C:\WINDOWS\Sysnative\drivers\xinputhid.sys 2016-04-17 09:49:49 B7E1CAA9429E4C3E7E01CB35B97E1536 534368 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2016-04-17 09:49:49 B24408471C1BCB17FC44F5B47EA8DEA3 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2016-04-17 09:49:49 9E9D58F5E1702955B2F4D62996F80E8E 378208 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2016-04-17 09:49:49 8949F77132A4F8F3BA17C6727099F002 127840 ----a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS 2016-04-17 09:49:49 8359F776CA899E761852F2293B724EAE 185184 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2016-04-17 09:49:49 64D4F5DE44B64B8284BADE5819B5195A 394080 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-04-17 09:49:49 469441BAE3FF8A16826FC62C51EF5E18 563552 ----a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys 2016-04-17 09:49:49 3B866F8CB10719A5AF9E410B1B149714 605440 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-04-17 09:49:49 33190E86460C4FF7382848187463DC28 576864 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-04-17 09:49:49 28B8E1C6CBCF9FFE2FABFF3160C26ADF 258912 ----a-w- C:\WINDOWS\Sysnative\drivers\ufx01000.sys 2016-04-17 09:49:49 249A563C48DFD9E42A37587653E003BB 83968 ----a-w- C:\WINDOWS\Sysnative\drivers\serial.sys 2016-04-17 09:49:49 0731E8F4D8D3B8D3FD98A46A8ABFE0A0 333824 ----a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys 2016-04-17 08:53:43 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdFs_01_11_00.Wdf ====== C:\WINDOWS\Tasks ====== 2016-04-19 11:19:42 ED667EF633D78306ABF6FA8065AF1FFB 1024 ----a-w- C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-04-19 11:19:42 C65DDB2285BB0557BC2F8E7DAAE19936 3856 ----a-w- C:\WINDOWS\Sysnative\Tasks\DropboxUpdateTaskMachineCore 2016-04-19 11:19:42 4543C9334AE3FF3A3711B18CAE7CABD8 4088 ----a-w- C:\WINDOWS\Sysnative\Tasks\DropboxUpdateTaskMachineUA 2016-04-19 11:19:42 386AFFCB39AE02C422BCDB958BFF515A 1028 ----a-w- C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-03-21 08:43:31 D57A7827BDD47CE6CFFC5D8D74E6A41D 3996 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Acrobat Update Task ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-04-19 15:52:33 -------- d-----w- C:\Program Files\trend micro 2016-04-17 09:40:43 -------- d-----w- C:\Program Files\Reference Assemblies 2016-04-17 09:40:43 -------- d-----w- C:\Program Files\MSBuild 2016-04-17 08:58:16 -------- d-----w- C:\Program Files\Common Files\SpeechEngines 2016-04-17 08:54:36 -------- d---a-w- C:\Program Files\ATI Technologies 2016-04-17 08:54:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2016-04-17 08:54:10 -------- d-----w- C:\Program Files\AMD 2016-03-21 15:17:06 -------- d---a-w- C:\Program Files\MiniTool Partition Wizard Free 9.1 ======= C:\PROGRA~2 ===== 2016-04-17 09:40:43 -------- d-----w- C:\PROGRA~2\Reference Assemblies 2016-04-17 09:40:43 -------- d-----w- C:\PROGRA~2\MSBuild 2016-04-17 08:58:17 -------- d-----w- C:\PROGRA~2\COMMON~1\SpeechEngines 2016-04-17 08:54:30 -------- d---a-w- C:\PROGRA~2\ATI Technologies 2016-03-25 15:15:16 -------- d-----w- C:\PROGRA~2\VideoLAN 2016-03-22 09:12:20 -------- d---a-w- C:\PROGRA~2\WinUtilities ======= C: ===== ====== C:\Users\Ooms\AppData\Roaming ====== 2016-04-19 11:31:06 407AAB8C27CF7081EECE071C90A65B83 17 ----a-w- C:\Users\Ooms\AppData\Local\resmon.resmoncfg 2016-04-17 09:26:22 -------- d-----w- C:\Users\Ooms\AppData\Local\Comms 2016-04-17 09:19:40 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\DataSharing 2016-04-17 09:11:25 -------- d-----w- C:\Users\Ooms\AppData\Local\MicrosoftEdge 2016-04-17 09:07:04 -------- d-----w- C:\Users\Ooms\AppData\Local\Publishers 2016-04-17 09:06:45 -------- d-----w- C:\Users\Ooms\AppData\Local\TileDataLayer 2016-04-17 09:06:45 -------- d-----w- C:\Users\Ooms\AppData\Local\Packages 2016-04-17 09:04:31 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Packages 2016-04-17 09:00:47 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools 2016-04-17 09:00:47 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility 2016-04-17 09:00:47 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help 2016-04-17 09:00:47 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools 2016-04-17 09:00:47 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility 2016-04-17 09:00:47 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help 2016-04-17 08:57:27 -------- d-s---r- C:\Users\Ooms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2016-04-17 08:57:27 -------- d-----w- C:\Users\Ooms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2016-04-17 08:57:27 -------- d-----w- C:\Users\Ooms\AppData\Roaming 2016-04-17 08:57:27 -------- d-----w- C:\Users\Ooms\AppData\Local\Temp 2016-04-17 08:57:27 -------- d-----w- C:\Users\Ooms\AppData\Local\Microsoft 2016-04-17 08:57:27 -------- d-----w- C:\Users\Ooms\AppData\Local 2016-04-17 08:57:27 -------- d-----r- C:\Users\Ooms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2016-04-17 08:57:27 -------- d-----r- C:\Users\Ooms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2016-04-17 08:57:27 -------- d-----r- C:\Users\Ooms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2016-04-17 08:57:27 -------- d-----r- C:\Users\Ooms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2016-04-17 08:54:14 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft 2016-04-13 17:01:41 -------- d-----w- C:\Users\Ooms\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence 2016-04-13 16:52:16 -------- d-----w- C:\Users\Ooms\AppData\Local\Chromium 2016-04-13 16:51:26 -------- d-----w- C:\Users\Ooms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks 2016-04-04 13:46:50 -------- d-----w- C:\Users\Ooms\AppData\Local\Movavi 2016-04-04 13:46:49 -------- d-----w- C:\Users\Ooms\AppData\Local\VideoEditor 2016-04-01 17:49:29 -------- d-----w- C:\Users\Ooms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2016-04-01 17:49:25 -------- d-----w- C:\Users\Ooms\AppData\Local\Roblox 2016-03-22 13:26:33 C2FD684FDF9112DB3D9B856D2726A385 424 ----a-w- C:\Users\Ooms\AppData\Local\UserProducts.xml ====== C:\Users\Ooms ====== 2016-04-19 15:47:37 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ooms\Desktop\RSITx64.exe 2016-04-19 14:52:42 91FE2A6DA8645CDBB9EE765AF9A745B8 1194696 ----a-w- C:\Users\Ooms\Downloads\shadowcopysetup.exe 2016-04-19 14:16:20 97E2938252C2926FE920B6EF7216C8D0 3901072 ----a-w- C:\Users\Ooms\Downloads\WinThruster_2016_Setup.exe 2016-04-19 13:49:36 -------- d-----r- C:\Users\Ooms\Google Drive 2016-04-19 13:48:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-04-19 13:48:19 5B18A309782EA6C7A369A1C4BF55139C 987728 ----a-w- C:\Users\Ooms\Downloads\googledrivesync.exe 2016-04-19 12:21:02 5AB2EB3CA32416D1C0ADF696579E6924 969845 ----a-w- C:\Users\Ooms\Downloads\ShadowExplorer-0.9-setup (1).exe 2016-04-19 12:20:59 5AB2EB3CA32416D1C0ADF696579E6924 969845 ----a-w- C:\Users\Ooms\Downloads\ShadowExplorer-0.9-setup.exe 2016-04-19 12:16:08 FD321960CF2DF6EEF751CA53E135B638 390392 ----a-w- C:\Users\Ooms\Downloads\ListCrilock.exe 2016-04-19 11:20:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-04-19 09:50:29 7CB39D49819F5E6D0E7791E55767B621 43987032 ----a-w- C:\Users\Ooms\Downloads\torbrowser-install-5.5.4_nl.exe 2016-04-19 09:15:46 -------- d-----w- C:\ProgramData\Licenses 2016-04-19 06:42:20 -------- d-----w- C:\ProgramData\IsolatedStorage 2016-04-17 09:09:25 -------- d-----r- C:\Users\Ooms\OneDrive 2016-04-17 09:08:47 -------- d-----w- C:\ProgramData\ATI 2016-04-17 09:06:41 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Ooms\ntuser.ini 2016-04-17 09:00:47 -------- d-----w- C:\Users\Default\Cookies 2016-04-17 08:57:27 -------- d--h--w- C:\Users\Ooms\AppData 2016-04-17 08:55:11 BDEAFA0B79F1D59749302F906D84A55F 4194304 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bin 2016-04-17 08:55:11 68E0228FE459987112777E373DA7B1AB 4194304 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bak 2016-04-17 08:54:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2016-04-15 13:29:12 4DD19D076A9A6F5473ADCAFDE07C9D45 1192656 ----a-w- C:\Users\Ooms\Documents\flashplayer21_xa_install.exe 2016-04-14 15:37:40 7B712657C9EE66F61B5E8B1553173DD9 6284288 ----a-w- C:\Users\Ooms\Documents\setup.exe 2016-04-14 15:34:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities 2016-04-13 16:51:40 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2016-04-04 13:45:51 124BFB88552E2CAD5277DB9698ADEE4F 4972 ----a-w- C:\ProgramData\rxsmznjf.zcp 2016-04-04 13:45:51 -------- d-----w- C:\ProgramData\Movavi Video Editor 11 2016-03-25 15:15:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-03-22 13:26:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2016-03-22 09:12:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities 2016-03-21 15:17:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.1 ====== C: exe-files == 2016-04-20 06:42:09 8256F178B3EEFA67A4BAC6DEDA87C503 116 ----a-w- C:\$Recycle.Bin\S-1-5-21-827055934-1174325861-1503729990-1001\$IHQ7NU9.exe 2016-04-19 15:52:33 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ooms.exe 2016-04-19 15:47:37 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ooms\Desktop\RSITx64.exe 2016-04-19 14:52:42 91FE2A6DA8645CDBB9EE765AF9A745B8 1194696 ----a-w- C:\Users\Ooms\Downloads\shadowcopysetup.exe 2016-04-19 14:16:20 97E2938252C2926FE920B6EF7216C8D0 3901072 ----a-w- C:\Users\Ooms\Downloads\WinThruster_2016_Setup.exe 2016-04-19 13:48:19 5B18A309782EA6C7A369A1C4BF55139C 987728 ----a-w- C:\Users\Ooms\Downloads\googledrivesync.exe 2016-04-19 12:21:02 5AB2EB3CA32416D1C0ADF696579E6924 969845 ----a-w- C:\Users\Ooms\Downloads\ShadowExplorer-0.9-setup (1).exe 2016-04-19 12:20:59 5AB2EB3CA32416D1C0ADF696579E6924 969845 ----a-w- C:\Users\Ooms\Downloads\ShadowExplorer-0.9-setup.exe 2016-04-19 12:16:46 FD321960CF2DF6EEF751CA53E135B638 390392 ----a-w- C:\$Recycle.Bin\S-1-5-21-827055934-1174325861-1503729990-1001\$RHQ7NU9.exe 2016-04-19 12:16:08 FD321960CF2DF6EEF751CA53E135B638 390392 ----a-w- C:\Users\Ooms\Downloads\ListCrilock.exe 2016-04-19 11:20:33 36412292F7D42582E29FEB42881E1EEF 18392 ----a-w- C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe 2016-04-19 11:20:29 F2C6C8B61A1D9327C8EC701EB6F48289 173032 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe 2016-04-19 11:20:29 E9A61CA7929F5945CF7FCC240A8EA997 23248560 ----a-w- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 2016-04-19 11:20:29 31843A03C37E1DB88E6F9A8A5E2997E7 29992 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbxsvc.exe 2016-04-19 11:20:29 1C5318437DDB6E982709FFF3D9D5E948 29480 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbxsvc.exe 2016-04-19 11:20:02 BCD248A327A5FCDE3C1C4C6AC654D927 68205976 ----a-w- C:\Program Files (x86)\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\3.18.1\DropboxClient_3.18.1.exe 2016-04-19 11:19:42 FE91A4F352A03AF8F4FBA3DCB62C4920 87848 ----atw- C:\Program Files (x86)\Dropbox\Update\1.3.39.1\DropboxUpdateOnDemand.exe 2016-04-19 11:19:42 A1F58FFF448E4099297D6EE0641D4D0E 143144 ----atw- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe 2016-04-19 11:19:42 7F34BD50AE9D20259D5F6E95B6EFB4FC 87336 ----atw- C:\Program Files (x86)\Dropbox\Update\1.3.39.1\DropboxUpdateBroker.exe 2016-04-19 11:19:41 A1F58FFF448E4099297D6EE0641D4D0E 143144 ----atw- C:\Program Files (x86)\Dropbox\Update\1.3.39.1\DropboxUpdate.exe 2016-04-19 11:19:41 9411CB43F9717A3B1E7736F0FBC901E1 143144 ----atw- C:\Program Files (x86)\Dropbox\Update\1.3.39.1\DropboxCrashHandler.exe 2016-04-19 11:15:42 662B746FFA14D025F751A6407504F8F7 51200 ----a-w- C:\Users\Ooms\Downloads\OCF_20131025\OmniCryptoFinder\OmniCryptoFinder.exe 2016-04-19 11:15:42 378DD10936AAFF40EB34D94DC29F2366 22472 ----a-w- C:\Users\Ooms\Downloads\OCF_20131025\OmniCryptoFinder\OmniCryptoFinder.vshost.exe 2016-04-19 11:00:16 F4FF5B6ABB94537232B49ADDB8D87EE1 1581016 ----a-w- C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\SwReporter\6.48.4\software_reporter_tool.exe 2016-04-19 10:40:22 38202B5FD1FA6D06458C0576A83E4F67 14841232 ----a-w- C:\Users\Ooms\Downloads\Disk Doctors NTFS Data Recovery 3_0_4_3882\96ty49ju4t949t4614k69y1ky8io\ntfs-data-recovery.exe 2016-04-19 10:40:22 346EB677AF2C04F0F724A778912FE6AD 2269152 ----a-w- C:\Users\Ooms\Downloads\Disk Doctors NTFS Data Recovery 3_0_4_3882\96ty49ju4t949t4614k69y1ky8io\Citp\DD-NDR.EXE 2016-04-19 10:40:12 38202B5FD1FA6D06458C0576A83E4F67 14841232 ----a-w- C:\Users\Ooms\Downloads\Disk Doctors NTFS Data Recovery 3_0_4_388\96ty49ju4t949t4614k69y1ky8io\ntfs-data-recovery.exe 2016-04-19 10:40:11 346EB677AF2C04F0F724A778912FE6AD 2269152 ----a-w- C:\Users\Ooms\Downloads\Disk Doctors NTFS Data Recovery 3_0_4_388\96ty49ju4t949t4614k69y1ky8io\Citp\DD-NDR.EXE 2016-04-19 09:50:29 7CB39D49819F5E6D0E7791E55767B621 43987032 ----a-w- C:\Users\Ooms\Downloads\torbrowser-install-5.5.4_nl.exe 2016-04-19 09:41:03 681D16176D936D5A686BADCD1F93D49B 3712736 ----a-w- C:\Users\Ooms\Downloads\M3 Data Recovery Professional 5 2\ge1g9eg19g198498r494rt94gr9ththr\m3datarecovery.exe 2016-04-19 09:41:03 67EA0CE2AE5E09823C3F7989F26222C7 2732632 ----a-w- C:\Users\Ooms\Downloads\M3 Data Recovery Professional 5 2\ge1g9eg19g198498r494rt94gr9ththr\Citp\M3DataRecovery.exe 2016-04-19 09:35:04 0BC162D0344A59AC12F2D3E56FD61BAB 14846712 ----a-w- C:\Users\Ooms\Downloads\EaseUS Data Recovery Wizard Professional 10_0_0 Nederlands\95iy9+5ly95gl95959+u5;9+ui59u;p98\drw.exe 2016-04-19 08:20:37 BD59D8A4565D1D1AB3C7CF81948C8DBE 86840 ----a-w- C:\Users\Ooms\AppData\Local\Temp\jrt\CreateRestorePoint.exe 2016-04-19 08:20:37 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Ooms\AppData\Local\Temp\jrt\nfo\nircmdc.exe 2016-04-19 07:45:44 622CCCD61794B4A6B671D954247CF2F3 1584400 ----a-w- C:\Users\Ooms\AppData\Local\Temp\nchuninst\uninst.exe 2016-04-17 16:59:32 23B342F582C3B788F47674B6EC05ABFA 4347528 ----a-w- C:\Windows\InfusedApps\Packages\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe\DvdPlayer.UI.exe 2016-04-17 16:17:46 452D385C764992681D57C157DAB3BF3D 45342624 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\50.0.2661.75\50.0.2661.75_chrome_installer.exe 2016-04-17 11:03:19 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Ooms\AppData\Local\Temp\A7E512FC-71E4-4DCF-9CE9-507C00403776\DismHost.exe 2016-04-17 09:52:54 B8C997E772BE343E1664FEE14C1FB9B7 28849904 ----a-w- C:\Users\Ooms\AppData\Local\Temp\vlc-2.2.1-win32.exe 2016-04-17 09:50:03 E34A89A196F45473D61CCDAB193293D1 119808 ----a-w- C:\Windows\System32\BitLockerDeviceEncryption.exe 2016-04-17 09:50:03 DC9F4F8710C24F1CA8BBE401928F35E4 2095968 ----a-w- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 2016-04-17 09:50:03 D7523E13533827B34ED7781036C5C528 797024 ----a-w- C:\Windows\Boot\PCAT\memtest.exe 2016-04-17 09:50:03 C8B840675B83DC8A257B075BFE5F9357 261376 ----a-w- C:\Windows\System32\LsaIso.exe 2016-04-17 09:50:03 C3F15E167CB84E2E6027AF17D49D5904 372224 ----a-w- C:\Windows\System32\MDEServer.exe 2016-04-17 09:50:03 834D1648124F0F2729462BF79DB0C2CD 369912 ----a-w- C:\Windows\System32\audiodg.exe 2016-04-17 09:50:03 09D8EBC01776C2D117918993EDDC19B2 1474560 ----a-w- C:\Program Files\Windows Media Player\wmpnetwk.exe 2016-04-17 09:49:56 C78D43083400B8FAE408FEB1E99F9DA8 1847808 ----a-w- C:\Windows\System32\WMPDMC.exe 2016-04-17 09:49:56 AD1B282BDE4A19D7CE2D405409DBB8D0 1497088 ----a-w- C:\Windows\SysWOW64\WMPDMC.exe 2016-04-17 09:49:55 34FEF4E83D0C5A86E10BE8E2AE1A9593 7344496 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 2016-04-17 09:49:54 FA457DEBC6875EF5DFC0DF6B7A1003B8 654688 ----a-w- C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe 2016-04-17 09:49:54 CFF6A3799F83060D3FF538564E4264CA 374008 ----a-w- C:\Windows\System32\SystemSettingsAdminFlows.exe 2016-04-17 09:49:54 B9FC60861ACCAD828AF94CE0FDBCF206 578048 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe 2016-04-17 09:49:54 A5B4D0B41EAA275EB1A06F78E5ABD14A 9371992 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 2016-04-17 09:49:54 92291BFE95AD37CF486BD3E4B31F746B 1141504 ----a-w- C:\Windows\System32\Boot\winload.exe 2016-04-17 09:49:54 88E6A274B44C66EDBD26F2BA9E0ACE8F 253088 ----a-w- C:\Windows\SysWOW64\LockAppHost.exe 2016-04-17 09:49:54 7185B16516478DF0061C2561C1B072CE 228352 ----a-w- C:\Windows\System32\wsqmcons.exe 2016-04-17 09:49:54 60C04811AC0BB0BFC5E00D293B8F4464 630632 ----a-w- C:\Windows\System32\fontdrvhost.exe 2016-04-17 09:49:54 2F808173122FCDBAD1138FAE1A9FC2E4 104448 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe 2016-04-17 09:49:54 1E1631970DDFD63EDD4483D33E18EC89 300104 ----a-w- C:\Windows\System32\LockAppHost.exe 2016-04-17 09:49:54 197948552BE23DACBEF10ECC8168FD11 29696 ----a-w- C:\Windows\SysWOW64\LaunchWinApp.exe 2016-04-17 09:49:54 0D7BB44BFFFA4E153F4EA1E05522D2C3 37376 ----a-w- C:\Windows\System32\LaunchWinApp.exe 2016-04-17 09:49:54 0BF7DC1EE93410D13683C3DCF627878C 219136 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 2016-04-17 09:49:52 E81A803BE3E7D49DE669FB8C30B18BA4 414720 ----a-w- C:\Windows\System32\bcastdvr.exe 2016-04-17 09:49:52 D1241DFC397FA8CCFB4BB4B63AAD31AC 755712 ----a-w- C:\Windows\System32\spoolsv.exe 2016-04-17 09:49:52 C3BB5D3E3DD24AC0BFA9223F2877F136 76800 ----a-w- C:\Windows\System32\NetCfgNotifyObjectHost.exe 2016-04-17 09:49:52 C1C169EFA8E5E30A0A521C0409CAC153 874968 ----a-w- C:\Windows\System32\winresume.exe 2016-04-17 09:49:52 C1C169EFA8E5E30A0A521C0409CAC153 874968 ----a-w- C:\Windows\System32\Boot\winresume.exe 2016-04-17 09:49:52 B58CE40AC84F1B068A2004400E68245B 87040 ----a-w- C:\Windows\System32\MDMAppInstaller.exe 2016-04-17 09:49:52 AEBD5FCFBFF0294A2D87048D4F5417CB 74424 ----a-w- C:\Windows\System32\easinvoker.exe 2016-04-17 09:49:52 A2B2198B126C8BB489585994A453B064 7474016 ----a-w- C:\Windows\System32\ntoskrnl.exe 2016-04-17 09:49:52 92291BFE95AD37CF486BD3E4B31F746B 1141504 ----a-w- C:\Windows\System32\winload.exe 2016-04-17 09:49:52 8EC4F381818F8A073DEC52C6D1ED9C76 86016 ----a-w- C:\Windows\System32\DeviceEnroller.exe 2016-04-17 09:49:51 D169A4C1EDA2F63545628420014F2FE3 808800 ----a-w- C:\Windows\System32\WWAHost.exe 2016-04-17 09:49:51 BC5D8155DBA7DC0E4F92430701C19901 161280 ----a-w- C:\Windows\SysWOW64\InstallAgent.exe 2016-04-17 09:49:51 95D2BD6AC94FB337AF69F8AFE056BEBE 147808 ----a-w- C:\Windows\System32\wermgr.exe 2016-04-17 09:49:51 087FF4F0D29833949962F8EE60DA345E 199168 ----a-w- C:\Windows\System32\InstallAgent.exe 2016-04-17 09:49:49 FD639F1372389D7C5990663D6A100CFE 541304 ----a-w- C:\Windows\SysWOW64\fontdrvhost.exe 2016-04-17 09:49:49 F66EEB5365413D4B968C5B51D25F88B8 141560 ----a-w- C:\Windows\System32\AuthHost.exe 2016-04-17 09:49:49 EAF904785CA7849C66F6DC2EF0A0E0E7 22528 ----a-w- C:\Windows\SysWOW64\TokenBrokerCookies.exe 2016-04-17 09:49:49 B174232356859EBB0CF8FA950119DA1E 159232 ----a-w- C:\Windows\System32\DeviceCensus.exe 2016-04-17 09:49:49 A8EF9AEDACF24908E12E910BF3977DC9 703840 ----a-w- C:\Windows\SysWOW64\WWAHost.exe 2016-04-17 09:49:49 8FFFDB163436D790369E39700B8A7DC1 27648 ----a-w- C:\Windows\System32\LicenseManagerShellext.exe 2016-04-17 09:49:49 7A2A3BAAA05C8124D95B2915E904F900 141664 ----a-w- C:\Windows\SysWOW64\wermgr.exe 2016-04-17 09:49:49 63939B50C5C103FA71A419BCEA5B1CF0 26112 ----a-w- C:\Windows\System32\TokenBrokerCookies.exe 2016-04-17 09:40:09 F432E0E5B0958F4982D40EB622FBD7FC 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe 2016-04-17 09:40:07 E91942A0D00C6AA014B2EA33EE0ED0A3 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2016-04-17 09:39:55 20B48DC4AF4492B31A756528444BDA8C 304752 ----a-w- C:\Windows\System32\systemreset.exe 2016-04-17 09:09:25 91DD4AD85BB341CC8CF5187EA06FD171 382144 ----a-w- C:\Users\Ooms\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2016-04-17 09:09:25 88F8A731DEA7F49D92F84A0A77C5CC67 7805120 ----a-w- C:\Users\Ooms\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\OneDriveSetup.exe 2016-04-17 09:09:15 F39504581AE5E6105BEF6F22CCA1757E 145600 ----a-w- C:\Users\Ooms\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe 2016-04-15 16:07:15 D3361E079D51C976E898FC32612E8C5B 1056760 ----a-w- C:\Users\Ooms\AppData\Local\Roblox\Versions\version-2fd5590479874e29\RobloxPlayerLauncher.exe 2016-04-15 13:29:12 4DD19D076A9A6F5473ADCAFDE07C9D45 1192656 ----a-w- C:\Users\Ooms\Documents\flashplayer21_xa_install.exe 2016-04-14 15:37:40 7B712657C9EE66F61B5E8B1553173DD9 6284288 ----a-w- C:\Users\Ooms\Documents\setup.exe 2016-04-14 15:34:57 AA7A48540EB79BA2280F81DA93C1599F 155648 ----a-w- C:\Program Files (x86)\NCH Software\Components\zipcloak2\zipcloak2.exe 2016-04-14 15:34:57 6763E2791B88ABAED880588A994F03E2 1069328 ----a-w- C:\Program Files (x86)\NCH Software\ExpressZip\expresszipsetup_v2.40.exe 2016-04-14 15:34:55 AA7A48540EB79BA2280F81DA93C1599F 155648 ----a-w- C:\Program Files (x86)\NCH Software\ExpressZip\zipcloak2.exe 2016-04-14 15:34:54 57C3B4CB473DAAC22F4E663CFD666898 1149200 ----a-w- C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe 2016-04-13 16:52:27 753BD8B51CE31105A56040438BE93437 1219072 ----a-w- C:\Users\Ooms\AppData\Local\Chromium\Application\51.0.2683.0\Installer\setup.exe 2016-04-13 16:52:26 562A46474509A0F52C5035727207FD40 1068544 ----a-w- C:\Users\Ooms\AppData\Local\Chromium\Application\chrome.exe 2016-04-13 16:52:26 075831B23E263F37CE09E867488B3552 2397696 ----a-w- C:\Users\Ooms\AppData\Local\Chromium\Application\51.0.2683.0\nacl64.exe 2016-04-13 16:52:25 00C16A588E45C13C83D3A1E34A832AA9 745472 ----a-w- C:\Users\Ooms\AppData\Local\Chromium\Application\51.0.2683.0\delegate_execute.exe 2016-04-13 07:32:27 F1CA4530A435A6741346A1ECF3FE10E9 3943144 ----a-w- C:\Windows.old\Windows\SysWOW64\ntoskrnl.exe 2016-04-13 07:32:27 ADFFC3B4418247A562E8727C66DE4428 5551336 ----a-w- C:\Windows.old\Windows\System32\ntoskrnl.exe 2016-04-13 07:32:27 5C47821CC760ED48EA66A28465BD35E4 3998952 ----a-w- C:\Windows.old\Windows\SysWOW64\ntkrnlpa.exe 2016-04-13 07:32:26 682586CACD78EF53EF7301B4180EB595 112640 ----a-w- C:\Windows.old\Windows\System32\smss.exe 2016-04-13 07:32:26 626BE7CD27F44185AA4DCD3603830312 30720 ----a-w- C:\Windows.old\Windows\System32\lsass.exe 2016-04-13 07:32:26 3D6AE177FAF7E3296251DDB05773618E 338432 ----a-w- C:\Windows.old\Windows\System32\conhost.exe 2016-04-13 07:32:25 BEEC56A8B8B5707B0E7139C6D9D57217 296960 ----a-w- C:\Windows.old\Windows\System32\rstrui.exe 2016-04-13 07:32:25 8DCFB284FC896E2F6F02134298A8F1E1 50176 ----a-w- C:\Windows.old\Windows\SysWOW64\auditpol.exe 2016-04-13 07:32:25 59738954027D75A282D82680C8AFBC54 148480 ----a-w- C:\Windows.old\Windows\System32\appidpolicyconverter.exe 2016-04-13 07:32:25 1F8F134C7350EF16C79E1C42005BCDE9 64000 ----a-w- C:\Windows.old\Windows\System32\auditpol.exe 2016-04-13 07:32:25 0E4019A26AE3DB40461B5AA0C3AD6A68 17920 ----a-w- C:\Windows.old\Windows\System32\appidcertstorecheck.exe 2016-04-13 07:32:24 BCF50CD5076E765200740A97FCB4D74F 7680 ----a-w- C:\Windows.old\Windows\SysWOW64\instnm.exe 2016-04-13 07:32:24 866254892512D27510475080EEC15748 2048 ----a-w- C:\Windows.old\Windows\SysWOW64\user.exe 2016-04-13 07:32:24 6DB3EFE1174B79571A28355A732B3337 25600 ----a-w- C:\Windows.old\Windows\SysWOW64\setup16.exe 2016-04-13 07:32:14 9AD833027AF42AEFCA1FE6CD64F31B22 38120 ----a-w- C:\Windows.old\Windows\System32\CompatTelRunner.exe 2016-04-13 07:32:08 2D98A2C9EC46ADE57B04DE54672DB205 49664 ----a-w- C:\Windows.old\Windows\servicing\GC64\tzupd.exe 2016-04-13 07:32:04 5A5C52E1349D8DFFB24C23715C2235DC 114688 ----a-w- C:\Windows.old\Windows\System32\ieetwcollector.exe 2016-04-13 07:32:04 4220C16D79E0386F9C684EEF5586699B 221184 ----a-w- C:\Windows.old\Program Files (x86)\Internet Explorer\ielowutil.exe 2016-04-13 07:32:04 04AA1E7E50F9769EC7839EB76E7BA9F5 725504 ----a-w- C:\Windows.old\Windows\System32\ie4uinit.exe 2016-04-13 07:32:01 A00F16DFE1661B5BC5A2AFF02ED7BB78 222720 ----a-w- C:\Windows.old\Program Files\Internet Explorer\ielowutil.exe 2016-04-13 07:32:01 3A3666314CA3CAB290DCD6C0445DDB12 815312 ----a-w- C:\Windows.old\Program Files (x86)\Internet Explorer\iexplore.exe 2016-04-13 07:32:01 0D509AB88C513DE28EF46B434AD3B1AA 473600 ----a-w- C:\Windows.old\Program Files (x86)\Internet Explorer\ieinstal.exe 2016-04-13 07:32:00 876DCA7F8F58E6F5F9CA0BD2C09AF134 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2016-04-13 07:31:59 239E4651A281DBAA5B5CA3658D94AB78 491008 ----a-w- C:\Windows.old\Program Files\Internet Explorer\ieinstal.exe 2016-04-13 07:31:58 B719287E7679AC28F5847197949D325B 814280 ----a-w- C:\Windows.old\Program Files\Internet Explorer\iexplore.exe 2016-04-13 07:31:58 3E816997AA0924BE8C1F957BB0B6A2AD 115712 ----a-w- C:\Windows.old\Windows\SysWOW64\ieUnatt.exe 2016-04-13 07:31:55 8975E4521C293E751031B6EFCAA6E17A 144384 ----a-w- C:\Windows.old\Windows\System32\ieUnatt.exe === C: other files == 2016-04-20 06:35:50 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-r- C:\Users\Ooms\AppData\Local\Temp\_MEI61922\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2016-04-20 06:35:50 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-r- C:\Users\Ooms\AppData\Local\Temp\_MEI61922\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2016-04-19 13:49:36 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-r- C:\Users\Ooms\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx 2016-04-19 11:20:29 CD0B329D17316316E236BC16F5CF09D3 51824 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-stable.sys 2016-04-19 11:20:29 602534C6AF65E07ACD260AFA55D89D0F 52848 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-dev.sys 2016-04-19 11:20:29 602534C6AF65E07ACD260AFA55D89D0F 52848 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-canary.sys 2016-04-19 11:20:29 5A83DA46A3C55A0756230C8A02CA8696 63088 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-dev.sys 2016-04-19 11:20:29 5A83DA46A3C55A0756230C8A02CA8696 63088 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-canary.sys 2016-04-19 11:20:29 584EC6F441240F575753BCF270891059 61552 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-stable.sys 2016-04-19 11:14:37 5776BC08F17A34283E9CD7A1FEA19E07 248714 ----a-w- C:\Users\Ooms\Downloads\OCF_20131025.zip 2016-04-19 09:15:22 4778EEECB75C6FB419745BEED3530B9D 26024 ----a-w- C:\Windows\System32\drivers\rsdrvx64.sys 2016-04-19 08:23:46 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2016-04-19 08:23:07 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\Windows\System32\drivers\mwac.sys 2016-04-19 08:23:07 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys 2016-04-19 08:23:07 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2016-04-19 08:20:36 D7B94E9872BC71D0B874D0F44A6F5606 126300 ----a-w- C:\Users\Ooms\AppData\Local\Temp\jrt\get.bat 2016-04-19 07:46:35 C300D2F05B767E694E3F12821A2B3449 12055 ----a-w- C:\Users\Ooms\Documents\MyZip.zip 2016-04-17 09:50:03 1A490555FD330CA2764D89191177C867 285696 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2016-04-17 09:49:58 083A727D784009F9CCFB120C7841B7AF 2403680 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2016-04-17 09:49:54 E582DA849A58524E645545FB68B6625D 1152864 ----a-w- C:\Windows\System32\drivers\ndis.sys 2016-04-17 09:49:54 935823F79CBEDB91637B63D37E3A5A36 148480 ----a-w- C:\Windows\System32\drivers\dfsc.sys 2016-04-17 09:49:54 19BD8A88AAC580592668B070AC0727D9 2152280 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2016-04-17 09:49:54 0B3B0C1D86050355676640488FA897D3 430944 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2016-04-17 09:49:52 EDDB0D726DBECDFC1DBCC6DB464E5A13 146272 ----a-w- C:\Windows\System32\drivers\appid.sys 2016-04-17 09:49:52 E3C82823B22463BC38AA4F8ADA852624 104960 ----a-w- C:\Windows\System32\drivers\rasl2tp.sys 2016-04-17 09:49:52 AA4CD20708B7E0412A5316D7E2875103 530432 ----a-w- C:\Windows\System32\drivers\nwifi.sys 2016-04-17 09:49:52 A4411C522D41707D5BCA817A5BB9E30B 114688 ----a-w- C:\Windows\System32\drivers\bridge.sys 2016-04-17 09:49:52 2BC2E99623119521EEF7910A11D0FDE0 694784 ----a-w- C:\Windows\System32\drivers\WdiWiFi.sys 2016-04-17 09:49:51 63C3F74DC398A1C1A77E39DFB9C312CA 1089888 ----a-w- C:\Windows\System32\drivers\http.sys 2016-04-17 09:49:49 F45665E77D11F3C1552EDBEAD1559DC8 1997152 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2016-04-17 09:49:49 F279536122B83FD0D8E158AA753E1B7C 238592 ----a-w- C:\Windows\System32\drivers\xboxgip.sys 2016-04-17 09:49:49 DA0807D87A62D076C29C4E30F1E84F46 26112 ----a-w- C:\Windows\System32\drivers\xinputhid.sys 2016-04-17 09:49:49 B7E1CAA9429E4C3E7E01CB35B97E1536 534368 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2016-04-17 09:49:49 B24408471C1BCB17FC44F5B47EA8DEA3 277856 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2016-04-17 09:49:49 9E9D58F5E1702955B2F4D62996F80E8E 378208 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2016-04-17 09:49:49 8949F77132A4F8F3BA17C6727099F002 127840 ----a-w- C:\Windows\System32\drivers\USBSTOR.SYS 2016-04-17 09:49:49 8359F776CA899E761852F2293B724EAE 185184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2016-04-17 09:49:49 64D4F5DE44B64B8284BADE5819B5195A 394080 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2016-04-17 09:49:49 5417FA7098B9A1F5A6EECB198A7B4BFC 3592704 ----a-w- C:\Windows\System32\win32kfull.sys 2016-04-17 09:49:49 469441BAE3FF8A16826FC62C51EF5E18 563552 ----a-w- C:\Windows\System32\drivers\acpi.sys 2016-04-17 09:49:49 3B866F8CB10719A5AF9E410B1B149714 605440 ----a-w- C:\Windows\System32\drivers\cng.sys 2016-04-17 09:49:49 33190E86460C4FF7382848187463DC28 576864 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys 2016-04-17 09:49:49 2F844EBBB6BAA883BDDC472C44B738AE 1388544 ----a-w- C:\Windows\System32\win32kbase.sys 2016-04-17 09:49:49 28B8E1C6CBCF9FFE2FABFF3160C26ADF 258912 ----a-w- C:\Windows\System32\drivers\ufx01000.sys 2016-04-17 09:49:49 249A563C48DFD9E42A37587653E003BB 83968 ----a-w- C:\Windows\System32\drivers\serial.sys 2016-04-17 09:49:49 0731E8F4D8D3B8D3FD98A46A8ABFE0A0 333824 ----a-w- C:\Windows\System32\drivers\portcls.sys 2016-04-17 09:09:09 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Ooms\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat 2016-04-17 07:52:20 AB91318623028CE626C26FEAE23539B6 394453 ----a-w- C:\Windows.old\Users\Ooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZHS2Y01P\items_v1361[1].zip 2016-04-17 07:52:18 2D45976A5152CAC042E1906210334EAD 330030 ----a-w- C:\Windows.old\Users\Ooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MEEK9DRV\nl[1].zip 2016-04-13 16:51:33 29CCFF428E5EB70AE429C3DA8968E1EC 20872 ----a-w- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS 2016-04-13 07:32:27 FB4397DDCC732DB6A7B33B747C7EB708 154344 ----a-w- C:\Windows.old\Windows\System32\drivers\ksecpkg.sys 2016-04-13 07:32:27 B6C2FA7F5E5BC1A488A57C6344D29D64 95464 ----a-w- C:\Windows.old\Windows\System32\drivers\ksecdd.sys 2016-04-13 07:32:27 ACEC16415275E1AD6F7983EF472810E3 159744 ----a-w- C:\Windows.old\Windows\System32\drivers\mrxsmb.sys 2016-04-13 07:32:26 A9FB80B0BBA6F765F4E691B7AD4963A7 62464 ----a-w- C:\Windows.old\Windows\System32\drivers\appid.sys 2016-04-13 07:32:26 1D4B7972375052F5B7877A6FD9BE33A0 129536 ----a-w- C:\Windows.old\Windows\System32\drivers\mrxsmb20.sys 2016-04-13 07:32:26 0F276F2F2018296FABC7BD2BCCAAB40B 291328 ----a-w- C:\Windows.old\Windows\System32\drivers\mrxsmb10.sys 2016-04-13 07:32:19 616387BBD83372220B09DE95F4E67BBC 73664 ----a-w- C:\Windows.old\Windows\System32\drivers\disk.sys 2016-04-13 07:32:19 1D0A5FF3C7C7EA7480429D16D38B60EA 3216896 ----a-w- C:\Windows.old\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-827055934-1174325861-1503729990-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "HP ENVY 5530 series (NET)"="C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe -deviceID CN53H4619T067B:NW -scfn HP ENVY 5530 series (NET) -AutoStart 1" "Chromium"="c:\users\ooms\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session" "OneDrive"="C:\Users\Ooms\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "Lightshot"="C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe" "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "HP ENVY 5530 series (NET)"="C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe -deviceID CN53H4619T067B:NW -scfn HP ENVY 5530 series (NET) -AutoStart 1" "Chromium"="c:\users\ooms\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session" "OneDrive"="C:\Users\Ooms\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApnUpdater" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AppleSyncNotifier" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotkey Utility] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Hotkey Utility" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Packard Bell\\Hotkey Utility\\HotkeyUtility.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Photosmart 7520 series (NET)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Photosmart 7520 series (NET)" "hkey"="HKCU" "command"="\"C:\\Program Files\\HP\\HP Photosmart 7520 series\\Bin\\ScanToPCActivationApp.exe\" -deviceID \"CN27I1B0ZG05VV:NW\" -scfn \"HP Photosmart 7520 series (NET)\" -AutoStart 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHmon05] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPHmon05" "hkey"="HKLM" "command"="C:\\Windows\\SysWOW64\\hphmon05.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHUPD05] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPHUPD05" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAAnotif" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileDocuments] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MobileDocuments" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyTomTomSA.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MyTomTomSA.exe" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\MyTomTom 3\\MyTomTomSA.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Packard Bell Photo Frame] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Packard Bell Photo Frame" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Packard Bell Photo Frame\\ButtonMonitor.exe -A" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SVT] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SVT" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\SVT\\SVT\\SVT.exe\" \\M" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GamersFirst LIVE!.lnk" "backup"="C:\\Windows\\pss\\GamersFirst LIVE!.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\GAMERS~1\\LIVE!\\Live.exe /silent" "item"="GamersFirst LIVE!" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ooms^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - HP Photosmart 7520 series (netwerk).lnk] "path"="C:\\Users\\Ooms\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Inktwaarschuwingen controleren - HP Photosmart 7520 series (netwerk).lnk" "backup"="C:\\Windows\\pss\\Inktwaarschuwingen controleren - HP Photosmart 7520 series (netwerk).lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Windows\\system32\\RunDll32.exe \"C:\\Program Files\\HP\\HP Photosmart 7520 series\\bin\\HPStatusBL.dll\",RunDLLEntry SERIALNUMBER=CN27I1B0ZG05VV;CONNECTION=NW;MONITOR=1;" "item"="Inktwaarschuwingen controleren - HP Photosmart 7520 series (netwerk)" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeActiveFileMonitor8.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CltMngSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Greg_Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAANTMON] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IDriverT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NAUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Nero BackItUp Scheduler 4.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Updater Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\USBS3S4Detection] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vToolbarUpdater17.1.2] ==== Startup Folders ====================== 2010-10-07 19:40:50 1686 --sha-w- C:\Users\Ooms\AppData\Roaming\Microsoft\LastFlashConfig.wfc ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:@C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [] C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [19-04-2016 13:19] C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [19-04-2016 13:19] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22-12-2015 11:04] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1d15dbc12e943f4.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22-12-2015 11:04] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1d15dbc13094f17.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22-12-2015 11:04] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore1d15dbc12e943f4" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA1d15dbc13094f17" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{AF4E387B-0DAA-4E0D-BACA-56ADBDDE8ECC}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\{017AA6BA-7C48-4E97-8FD2-469F2DA960D5}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\WINDOWS\SysNative\tasks\{458AB507-8FF7-48DE-8C91-984C696B1EDE}" [C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe] "C:\WINDOWS\SysNative\tasks\{47C4627C-ABA4-4DFA-A7E5-9B1726BFBEDB}" [C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe] "C:\WINDOWS\SysNative\tasks\{6C4C97A7-D0C4-460C-B314-D866BA8C9506}" [C:\Program Files (x86)\GamersFirst\Knight Online\Launcher.exe] "C:\WINDOWS\SysNative\tasks\{BCB80FEE-3459-4178-B21B-66ED3BC45BC0}" [C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Ooms\AppData\Roaming\Mozilla\Firefox\Profiles\uu1rqryv.default user_pref("browser.startup.homepage", "www.google.nl"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ooms\AppData\Roaming\Mozilla\Firefox\Profiles\uu1rqryv.default - HP Detect - %ProfilePath%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Ooms\AppData\Roaming\Mozilla\Firefox\Profiles\uu1rqryv.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 30058F2746B25F60DCC7624E227357D1 - C:\Users\Ooms\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.94 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - No path found[] pjldcfjmnllhmgjclecdnfampinooman - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Ooms\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[19-04-2016 15:48] bahkljhhdeciiaodlkppoonappfnheoi - No path found[] cjofdnhdkbflacojpfpkchgafjahijbb - No path found[] lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Drive - Ooms\AppData\Local\Chromium\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Docs Offline - Ooms\AppData\Local\Chromium\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Google Drive App Launcher - Ooms\AppData\Local\Chromium\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh Chrome Web Store Payments - Ooms\AppData\Local\Chromium\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Drive - Ooms\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Docs Offline - Ooms\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Google Drive App Launcher - Ooms\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh Chrome Web Store Payments - Ooms\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Slides - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb uTorrentBar_NL - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Google Search - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Kaspersky URL Advisor - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj Google Sheets - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap AdBlock - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom Dangerous Websites Blocker - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hghkgaeecgjhjkannahfamoehjmkjail Keep My Opt-Outs - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe Virtual Keyboard - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh Adblock for Facebook - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jbfjodonncabnangfknilmabjfofdikc Ghostery - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij Chrome Web Store Payments - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_freeradiocast.dl.myway.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_freeradiocast.dl.myway.com_0.localstorage-journal deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_fromdoctopdf.dl.myway.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_fromdoctopdf.dl.myway.com_0.localstorage-journal deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_passwordlogic.dl.myway.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_passwordlogic.dl.myway.com_0.localstorage-journal deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\https_shoppingbuddy.nl_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\https_shoppingbuddy.nl_0.localstorage-journal deleted successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_shoppingbuddy.nl_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage-journal deleted successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_freeradiocast.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_freeradiocast.dl.tb.ask.com_0.localstorage-journal deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_passwordlogic.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Local Storage\http_passwordlogic.dl.tb.ask.com_0.localstorage-journal deleted successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKLM\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKCU\SearchScopes "DefaultScope"="{2f23ab71-4ac6-41f2-a955-ea576e553146}" HKCU\SearchScopes\73C774505D9A4C46AB02C1161C10594D - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_nlBE396 HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 HKCU\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - http://www.bing.com/search?FORM=UP21DF&PC=UP21&q={searchTerms}&src=IE-SearchBox HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_nlBE396 ==== Reset Google Chrome ====================== C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Secure Preferences was reset successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Web Data-journal was reset successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Driver Restore deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{19C70EEE-2014-11C4-74D8-18F9E89482E3} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Photosmart 7520 series (NET) deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVT deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ooms\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Ooms\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Ooms\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Ooms\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Ooms\AppData\Local\Chromium\User Data\Default\Cache emptied successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Ooms\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=288 folders=95 915283671 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Ooms\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 20-04-2016 at 9:12:35,06 ======================