Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Acer on do 12-05-2016 at 15:38:19,10. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Acer\Downloads\zoek (5).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-10-14-133807.log 47380 bytes C:\zoek-results2016-01-22-102145.log 30597 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully C:\Users\Acer\AppData\Local\ActiveSync deleted successfully C:\Users\Acer\AppData\Local\NetworkTiles deleted successfully C:\Users\Acer\AppData\Local\Skype deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe C:\WINDOWS\SysWOW64\svchost.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Acer\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Users\Acer\Downloads\zoek (5).exe C:\WINDOWS\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AgereModemAudio] - Agere Modem Call Progress Audio - c:\program files\lsi softmodem\agr64svc.exe R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe R2 - [EaseUS Agent] - EaseUS Agent Service - c:\program files (x86)\easeus\todo backup\bin\agent.exe R2 - [ePowerSvc] - Acer ePower Service - c:\program files\acer\acer epower management\epowersvc.exe R2 - [HPSupportSolutionsFrameworkService] - HP Support Solutions Framework Service - c:\program files (x86)\hewlett-packard\hp support solutions\hpsupportsolutionsframeworkservice.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [MSMQ] - Message Queuing - c:\windows\system32\mqsvc.exe R2 - [NOBU] - Norton Online Backup - c:\program files (x86)\symantec\norton online backup\nobuagent.exe R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe R2 - [SynTPEnhService] - SynTPEnh Caller Service - c:\program files\synaptics\syntp\syntpenhservice.exe R2 - [TeamViewer9] - TeamViewer 9 - c:\program files (x86)\teamviewer\version9\teamviewer_service.exe R2 - [UNS] - Intel(R) Management & Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe R2 - [Updater Service] - Updater Service - c:\program files\acer\acer updater\updaterservice.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe R3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [diagnosticshub.standardcollector.service] - Microsoft(R) Diagnostics Hub Standard Collector-service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files\microsoft office\office14\groove.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [MWLService] - MyWinLocker Service - c:\program files (x86)\egistec mywinlocker\x86\mwlservice.exe S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [Sony PC Companion] - Sony PC Companion - c:\program files (x86)\sony\sony pc companion\pccservice.exe S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\WINDOWS\SysNative\config\systemprofile\Searches deleted "C:\Users\Acer\AppData\Roaming\AVG" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3957 MB CPU Info: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz CPU Speed: 2128,6 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: AMD Mobility Radeon HD 5000 Series | AMD Mobility Radeon HD 5000 Series Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Hosted Network Virtual Adapter | Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR5B93 Wireless Network Adapter | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT32N Ports: COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 290,1GB | D: 290,4GB Hard Disks - Free: C: 187,7GB | D: 38,8GB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 07/29/10 | ACRSYS - 6040000 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer Aspire 7740 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Default Browser: Google Chrome 50.0.2661.94 Internet Explorer Version: 11.306.10586.0 Google Chrome version: 50.0.2661.94 Adobe Reader version: 15.16.20039.185268 Sun Java version: 1.8.0_91 (32-bit) Sun Java version: 1.8.0_91 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-05-12 10:01:57 2617877C5761B8A696FD0368861EE6E4 4515256 ----a-w- C:\WINDOWS\explorer.exe 2016-05-10 14:18:48 8D26DAE92B9995B082AE5B6BC2FB70DB 52184 ----a-w- C:\WINDOWS\avastSS.scr ====== C:\Users\Acer\AppData\Local\Temp ==== ====== Java Cache ===== 2016-04-25 13:36:06 C2C4419CC379775E48EFD958C3FEBFEE 479817 ----a-w- C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1784d7c2-6ef9df87 2016-04-25 13:36:06 879059926DA54157B68F211696D0C103 437 ----a-w- C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-31dd21483c370f10d50919e7f606200b29b1a28ae4eed846ca2c3c62f1816baa-6.0.lap 2016-04-25 13:36:06 C611538EFED63F122E4A07F748AC01B3 793 ----a-w- C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-5db5adc5 ====== C:\WINDOWS\SysWOW64 ===== 2016-05-12 10:02:46 DFB54165665C7E369A59B273C91B90B0 800768 ----a-w- C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-05-12 10:02:46 52FEDEA32F2BBFCD3AAA83FD39852C1A 2061824 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-05-12 10:02:46 40591C3BEBAEA638423B10863315D93F 87040 ----a-w- C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-05-12 10:02:46 3A1BD59AF5A0D20438D1E44FCF5EA4E8 349696 ----a-w- C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-05-12 10:02:46 1159023FAA938BF54C7C033D2BC643BE 59904 ----a-w- C:\WINDOWS\SysWOW64\MosStorage.dll 2016-05-12 10:02:45 3AEDE16F62921F443DDE37440C84B6F1 5205504 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll 2016-05-12 10:02:36 0561104CC8619EC5A53848F642434235 13018112 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-05-12 10:02:32 6BC0E961EA78AFD90348C8E05896A7DC 784896 ----a-w- C:\WINDOWS\SysWOW64\NMAA.dll 2016-05-12 10:02:31 98DA2DE9A1AC739DF3750F7DABECC9CF 6295552 ----a-w- C:\WINDOWS\SysWOW64\mos.dll 2016-05-12 10:02:31 0188F4F7264EE585DE518FD02DDD9F79 711680 ----a-w- C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-05-12 10:02:29 15F732C297CE4B169D85214A96A16559 792064 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll 2016-05-12 10:02:26 22120EE8EC8AC405618FEA768071E267 19344384 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2016-05-12 10:02:23 3A5C07D5517087143701DBEB749F0EF1 18676224 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2016-05-12 10:02:10 B6506139C8A4CE3BDD3B4EFDF63A87B5 348672 ----a-w- C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-05-12 10:02:10 9CD20753821A4F28AA797B5C9A24050F 9918976 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll 2016-05-12 10:02:07 5D9BB3289D25FDEA1B2DD491C9771778 21123320 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2016-05-12 10:02:05 5A77C7C30E117F60ACCEF43E2EA6841D 12125696 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2016-05-12 10:02:05 468AA89AF32BEE9D6B0ABBDF7C88CF20 5240960 ----a-w- C:\WINDOWS\SysWOW64\windows.storage.dll 2016-05-12 10:02:04 A404EA688829EF2657431CB34D0C72DF 5660160 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll 2016-05-12 10:02:03 85ED26DB17B3270944C344E0E5B7C34A 1542816 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll 2016-05-12 10:02:02 9F6F693FD7738B8DA4B420E46E973F35 2919832 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2016-05-12 10:02:01 FB01CB67364FF3AA677F0CFD8C958E50 5324288 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-05-12 10:01:56 FA6CCFE5305E3D276F06A104EAA83029 4759040 ----a-w- C:\WINDOWS\SysWOW64\d2d1.dll 2016-05-12 10:01:55 80785EA474D952CC0CB2CF936E36DDE0 3666432 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2016-05-12 10:01:55 692E62EA6039478321AE5D24A68E1FE2 4074160 ----a-w- C:\WINDOWS\SysWOW64\explorer.exe 2016-05-12 10:01:54 717DDEC1ABA5678EDC9F2AF1044BAA69 2000896 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll 2016-05-12 10:01:48 4B71644224F39A390B6DCC482B3D582A 639488 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll 2016-05-12 10:01:48 2942FB92C23B77D3BD9D38117AF3663B 1557768 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll 2016-05-12 10:01:48 1D04327817511268754ED6F177DAD3E8 754176 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-05-12 10:01:47 1F90253211F8E102D814F4DE4D550B85 1626624 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll 2016-05-12 10:01:46 362C9AA8696C74CD38F1416FF866C25C 522176 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll 2016-05-12 10:01:46 35E635469515D564CE418DDCC7B7BC96 1500160 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2016-05-12 10:01:46 32A696B0A48CCCCE5FC8E8E572FD4E90 434688 ----a-w- C:\WINDOWS\SysWOW64\LogonController.dll 2016-05-12 10:01:46 2CE163D00A7DA251D77F7B39E267382B 925064 ----a-w- C:\WINDOWS\SysWOW64\mfplat.dll 2016-05-12 10:01:45 E48F0A089D9BAE356BF14FE3A16B1147 489984 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-05-12 10:01:45 03B7C4D05DB7FF060E49FA900FCE627E 451928 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2016-05-12 10:01:44 B91176A909798C7EAC28AB4FE786CA53 705536 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll 2016-05-12 10:01:44 25E42F5C3FDE0E96BF3C16814DC7A688 1372304 ----a-w- C:\WINDOWS\SysWOW64\gdi32.dll 2016-05-12 10:01:43 D408D20295BA135DC1B9B181FADF78DD 255168 ----a-w- C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-05-12 10:01:43 4AE45F3077E79A3E3B22996F80DA9E7A 354304 ----a-w- C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-05-12 10:01:43 30E3DC9ED2C6641709AC961CB7CE72BB 647680 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll 2016-05-12 10:01:42 4ECC2FAF9F29066636E06253C0D7FA06 503296 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2016-05-12 10:01:41 CD36155EE56E94B4E8830FA90822511F 503296 ----a-w- C:\WINDOWS\SysWOW64\SettingSync.dll 2016-05-12 10:01:41 318E2A6EC26C9703A5B273B015672660 388608 ----a-w- C:\WINDOWS\SysWOW64\schannel.dll 2016-05-12 10:01:40 9CAC58EBAFB3E32711920568810CDCD7 307200 ----a-w- C:\WINDOWS\SysWOW64\ieproxy.dll 2016-05-12 10:01:40 89C74675E6DE7888153B1F6644772774 1536088 ----a-w- C:\WINDOWS\SysWOW64\crypt32.dll 2016-05-12 10:01:40 1B26C71109A2EA27DD6684719BF493EC 188256 ----a-w- C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-05-12 10:01:40 122F8F0FAF690B88FBDE2DB097740AB6 569744 ----a-w- C:\WINDOWS\SysWOW64\SHCore.dll 2016-05-12 10:01:39 1587235261E629DFFAA0C39A72CAD1A6 667648 ----a-w- C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-05-12 10:01:39 10564E7A7EE807FF580E34A94ACF5590 1522152 ----a-w- C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-05-12 10:01:38 A825405D442EB9A2526468E16296DD58 513368 ----a-w- C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-05-12 10:01:38 9E6DBA611E99BE75589D6A358F54364F 137728 ----a-w- C:\WINDOWS\SysWOW64\shacct.dll 2016-05-12 10:01:38 8E8FBA400CD678AB46D46BB24921A051 342528 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-05-12 10:01:37 E7BD4D15CDC5A1E162256CFADCA92344 1337240 ----a-w- C:\WINDOWS\SysWOW64\user32.dll 2016-05-12 10:01:37 525FC35182F9660E2A7DCC75607535DC 707608 ----a-w- C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-05-12 10:01:35 A1A9DDD5C6A335C0B97423A2F75C9299 453472 ----a-w- C:\WINDOWS\SysWOW64\directmanipulation.dll 2016-05-12 10:01:35 9F8A026A9643F89B4E451539A7AAC0C9 50176 ----a-w- C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-05-12 10:01:35 5AEDC6D333BC8D8B1DE5928FCE2150DB 400896 ----a-w- C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-05-12 10:01:35 460CDD92C5283DCB9E35AF2B8DB7F200 461824 ----a-w- C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-05-12 10:01:35 30F680D95B0CCABE46C775672C912C0A 306832 ----a-w- C:\WINDOWS\SysWOW64\wlanapi.dll 2016-05-12 10:01:34 FAD56D0A789345614220D9B770DF400A 465760 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-05-12 10:01:33 AB48B90C4DB88D2F31D1A6F460F76D29 241664 ----a-w- C:\WINDOWS\SysWOW64\cryptngc.dll 2016-05-12 10:01:33 25B0BAA64D6D62873FAA7719DB64015C 183904 ----a-w- C:\WINDOWS\SysWOW64\rsaenh.dll 2016-05-12 10:01:31 E9E7FA1FC796ADC16A1169736EFC7AF3 84480 ----a-w- C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll 2016-05-12 10:01:31 96101F3B90BDE894A862CDF1B808A03F 84832 ----a-w- C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-05-12 10:01:31 0D19695F93813C63B4656E42536892FA 47104 ----a-w- C:\WINDOWS\SysWOW64\hmkd.dll 2016-05-12 10:01:30 DA97C8A8C517210E4ACA90E45C836E80 80896 ----a-w- C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-05-12 10:01:30 AA7CBB3B7A7BFC41E9EC4EF645797DFA 502104 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-05-12 10:01:30 98DA8D97E83C73E7AD7A142A801E1898 2193408 ----a-w- C:\WINDOWS\SysWOW64\actxprxy.dll 2016-05-12 10:01:30 359765C7C700F7CED909A69C5DBBD943 140800 ----a-w- C:\WINDOWS\SysWOW64\BrowserSettingSync.dll 2016-05-12 10:01:29 F5814ED9E8B83F872FBDCB139B001C8A 23552 ----a-w- C:\WINDOWS\SysWOW64\wups.dll 2016-05-12 10:01:29 89C06DA6E3B3C06F69E2CAFB3431CAF5 31232 ----a-w- C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe 2016-05-12 10:01:29 3166A46AA132AACD035C7163108F2DA1 103936 ----a-w- C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-05-12 10:01:27 CD94405BB0A90B179E94BE23F4D2B79D 39424 ----a-w- C:\WINDOWS\SysWOW64\wfdprov.dll 2016-05-12 10:01:27 8450005F7BA8662A64E3FB7B0C3EE836 51712 ----a-w- C:\WINDOWS\SysWOW64\wshbth.dll 2016-05-12 10:01:27 51DF6FC12B5EF8CA87414D79C98CBC7A 395264 ----a-w- C:\WINDOWS\SysWOW64\wlansec.dll 2016-05-12 10:01:27 486919689633D1C0DADA718DF1A3E7FB 219648 ----a-w- C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-05-12 10:01:27 3D3BBD2DA5660B0B6C9F6A8B9401648C 337920 ----a-w- C:\WINDOWS\SysWOW64\wlanmsm.dll 2016-05-12 10:01:24 9B034D049D1C6EC9BED55D2F27D86ED9 2186 ----a-w- C:\WINDOWS\SysWOW64\AppxProvisioning.xml ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-05-12 10:02:46 FD60606E2E7F74D7104A5DA1210D38E6 460800 ----a-w- C:\WINDOWS\Sysnative\MapConfiguration.dll 2016-05-12 10:02:45 F1CC271FBAD94FBD3D69BC6BE443C33B 1056256 ----a-w- C:\WINDOWS\Sysnative\JpMapControl.dll 2016-05-12 10:02:45 E4B5C9FEF4C8978CF75B584188868AF8 2582016 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2016-05-12 10:02:45 78A9EBBAC348ACD9AF5B72ECF90944A7 853504 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll 2016-05-12 10:02:44 D2EF3FDF915BBA7C9832FA890DD4D85A 16984576 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2016-05-12 10:02:44 1B8A57EC632457E909A06957CB216806 7200256 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll 2016-05-12 10:02:34 FA05A804701A1BF900577A0F7C14B59E 24604672 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2016-05-12 10:02:30 99DDB4A100F6013E6B6B269880F0C936 988160 ----a-w- C:\WINDOWS\Sysnative\NMAA.dll 2016-05-12 10:02:30 614EF7EFFE6896791CC8E4D045F37579 7977472 ----a-w- C:\WINDOWS\Sysnative\mos.dll 2016-05-12 10:02:30 5FD7FDCE260C2ADE6CFFBC141657E8C0 939520 ----a-w- C:\WINDOWS\Sysnative\MapControlCore.dll 2016-05-12 10:02:29 A1144CA95D4C30449331D3DF39F295F9 970752 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll 2016-05-12 10:02:29 3602BE2186C15362DF2B5C489AC1B1D1 22379008 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2016-05-12 10:02:16 79BF53E386256057C30EF606DC3CFDFB 870400 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll 2016-05-12 10:02:16 0BECECA1B6DA7B022FC9502D22B9E9B3 22561256 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2016-05-12 10:02:14 DBD087566420D945303C278A4FD90E60 440320 ----a-w- C:\WINDOWS\Sysnative\CredProvDataModel.dll 2016-05-12 10:02:14 75A22EF6AC813D4FE63E30C3C292F871 11545088 ----a-w- C:\WINDOWS\Sysnative\twinui.dll 2016-05-12 10:02:12 24F2141493C1A2F6FDEC8C3FA5A95CDE 6605504 ----a-w- C:\WINDOWS\Sysnative\windows.storage.dll 2016-05-12 10:02:11 8F225A78F60DB08D4691C1C27CF644F2 6974464 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll 2016-05-12 10:02:09 5EED294E19B8293E4F0845CED31489BA 13383168 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2016-05-12 10:02:08 62D33462C8781DA354519488A571A9AD 7832576 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll 2016-05-12 10:02:02 03DE6DE0019FFC0DE60759A893BD8B3F 1819208 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll 2016-05-12 10:02:01 89FE1A65D15DE2AA9CBF86AA6A731557 7474528 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2016-05-12 10:01:59 F6718A9F2B5BFA1A42618F63BC890713 5502976 ----a-w- C:\WINDOWS\Sysnative\d2d1.dll 2016-05-12 10:01:58 7E500CCA3EC66C419F2E4BBDE8617647 4894208 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2016-05-12 10:01:57 7539A3BF1DC12C53D6DDE078BE888951 190144 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe 2016-05-12 10:01:56 F83E3BAEF5931399978A31753B22D0BE 713920 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll 2016-05-12 10:01:56 3F943A9A21814C6A394FBB8F1D4E622D 1401024 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll 2016-05-12 10:01:56 2A643E48326E427C6A43005EC29F314D 2444288 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll 2016-05-12 10:01:54 8A88DBA247BFF23BD284C2189F41FDA5 2280960 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2016-05-12 10:01:52 0BF8D8C7EC9FB15D6480A12101E88B71 606720 ----a-w- C:\WINDOWS\Sysnative\wcmsvc.dll 2016-05-12 10:01:52 087FBBC026DCC0F693E91079B9901B7E 2166784 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll 2016-05-12 10:01:51 DE1C434F0F89C37687D34FB8A8E77B46 120320 ----a-w- C:\WINDOWS\Sysnative\MapsBtSvc.dll 2016-05-12 10:01:51 B28EA19205448B34303D006D50E9E65A 74752 ----a-w- C:\WINDOWS\Sysnative\MosStorage.dll 2016-05-12 10:01:51 7DDC2D8133CC1CA646134CC450C02C15 28672 ----a-w- C:\WINDOWS\Sysnative\mapsupdatetask.dll 2016-05-12 10:01:51 77DE2FC672F423C2DFCF2A12DB74197C 89088 ----a-w- C:\WINDOWS\Sysnative\MapsCSP.dll 2016-05-12 10:01:51 56B24B359838BE86B013C2CFD38BDFC4 72704 ----a-w- C:\WINDOWS\Sysnative\moshost.dll 2016-05-12 10:01:51 489EDA0C433F5B0AA54033F523F2C80E 269824 ----a-w- C:\WINDOWS\Sysnative\moshostcore.dll 2016-05-12 10:01:51 1A944DC7982279E73C4181DD5D50E021 3591168 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys 2016-05-12 10:01:51 19D88BF131158F4286294C372B4410B3 1946112 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll 2016-05-12 10:01:50 C57CBD3D0A4B832F3DC18250FC02C3DE 46784 ----a-w- C:\WINDOWS\Sysnative\CompatTelRunner.exe 2016-05-12 10:01:50 AB17E08B47FECDAF0E1349797A6C41A4 1184960 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2016-05-12 10:01:50 A8ECAFE7C58ABABA7CB1C377B7A7E309 984576 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll 2016-05-12 10:01:50 5BDA53E18911DEAB35F03AA1C3213A78 3673424 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2016-05-12 10:01:50 082DC7D3704A17FF022D70C577785254 2066432 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll 2016-05-12 10:01:49 F172E5709824756634091047826E7A9F 1319424 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll 2016-05-12 10:01:49 191A50C760243B5B8E08E0A1CA0B1F7C 821760 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll 2016-05-12 10:01:48 0C8655AAC4EA262F62B00DCDA4639819 2598912 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll 2016-05-12 10:01:47 F75A1710366B5C6B02D3C061DAA4C578 529920 ----a-w- C:\WINDOWS\Sysnative\LogonController.dll 2016-05-12 10:01:47 DA5108028A00B865BBECB1980EB05EB8 1997328 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll 2016-05-12 10:01:47 C1D51970E74AB5FFE46FE624BFE900C6 1731072 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2016-05-12 10:01:47 A5C14F8FE076B41778C56F2414F5D246 650304 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll 2016-05-12 10:01:47 6D8365722FBB3E58FC2B10FEA00BE840 514752 ----a-w- C:\WINDOWS\Sysnative\devinv.dll 2016-05-12 10:01:47 54D6AEA7933377556BBBEC5F45539922 673280 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll 2016-05-12 10:01:47 090AAD83736B45769D2688E3BC1AB80A 1092464 ----a-w- C:\WINDOWS\Sysnative\mfplat.dll 2016-05-12 10:01:46 EBE067467C144B097CEF5F609F6ABF43 865792 ----a-w- C:\WINDOWS\Sysnative\AzureSettingSyncProvider.dll 2016-05-12 10:01:46 D5D0D1345DEAC9D08A6A5B146A29ADBE 1390080 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll 2016-05-12 10:01:46 5C156EC4E44E30331BCC865A3B61D839 585728 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe 2016-05-12 10:01:46 0B28F2ACE5103586D322AD98FAA01309 870912 ----a-w- C:\WINDOWS\Sysnative\MPSSVC.dll 2016-05-12 10:01:46 00A8CD22CCF7FA34501038C3C35186BD 498960 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll 2016-05-12 10:01:45 86BE19C6A177AEB93302EA5C4FBE2D11 754664 ----a-w- C:\WINDOWS\Sysnative\CoreMessaging.dll 2016-05-12 10:01:45 2453622FF2CCB1BA1DFA588207E9C7A4 294592 ----a-w- C:\WINDOWS\Sysnative\invagent.dll 2016-05-12 10:01:45 0676A6C9A6EECA48E14B9AE13B0E3508 1387520 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys 2016-05-12 10:01:44 ECF260CA5837CE3174AAAE450C1888C6 605184 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2016-05-12 10:01:44 ACC6B16066D073AA0E20B044BFEF9CD1 471552 ----a-w- C:\WINDOWS\Sysnative\NetSetupShim.dll 2016-05-12 10:01:44 8B4111E094EDDBED23EFA1FF8B5F314A 613376 ----a-w- C:\WINDOWS\Sysnative\SettingSync.dll 2016-05-12 10:01:44 85A676350B7A349B1DFB47654FBF8C71 804352 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2016-05-12 10:01:44 70C5D325E1BBD9C771542375F9DE5711 303216 ----a-w- C:\WINDOWS\Sysnative\LockAppHost.exe 2016-05-12 10:01:44 5DA95027DF2317174E8C39B4A8D1FCD8 1213440 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll 2016-05-12 10:01:44 1D7F891D7ADCE1A6824FCB57D6768E14 689152 ----a-w- C:\WINDOWS\Sysnative\ieproxy.dll 2016-05-12 10:01:43 F1DF87BCF5429D48484E78FB1933326B 848896 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2016-05-12 10:01:43 CFF943806EBAD5CFAC26FD3DF304E79F 1073152 ----a-w- C:\WINDOWS\Sysnative\RDXService.dll 2016-05-12 10:01:43 6EA247B3631FE0181583566B9D828B22 413536 ----a-w- C:\WINDOWS\Sysnative\wifitask.exe 2016-05-12 10:01:42 A2953084546B1F46B5CCC7FC57A72C1B 314880 ----a-w- C:\WINDOWS\Sysnative\RDXTaskFactory.dll 2016-05-12 10:01:42 93C28A95FC5CA7F420343AC9693E05E6 1594920 ----a-w- C:\WINDOWS\Sysnative\gdi32.dll 2016-05-12 10:01:42 82BC3D304654F8EBEFABDDC2AD70AFE3 497152 ----a-w- C:\WINDOWS\Sysnative\tileobjserver.dll 2016-05-12 10:01:41 F5F7CE3E32536F1A37FB3972F27A814F 1399224 ----a-w- C:\WINDOWS\Sysnative\user32.dll 2016-05-12 10:01:41 A29004CC4FE3A06B5C71969F6411FD41 287232 ----a-w- C:\WINDOWS\Sysnative\provhandlers.dll 2016-05-12 10:01:41 82C4028BABC9BADCD89600F5084E4543 479232 ----a-w- C:\WINDOWS\Sysnative\schannel.dll 2016-05-12 10:01:41 810B7BA7636930BD6A21A93296FBCA51 292864 ----a-w- C:\WINDOWS\Sysnative\provengine.dll 2016-05-12 10:01:41 52C95CFC459242ECBD8A557A197F6FF6 725776 ----a-w- C:\WINDOWS\Sysnative\SHCore.dll 2016-05-12 10:01:41 453EEF8F903DE266D9CB16313B5FA796 215040 ----a-w- C:\WINDOWS\Sysnative\aepic.dll 2016-05-12 10:01:41 3CFA0EA6ABC10436D998F7958912387C 1848072 ----a-w- C:\WINDOWS\Sysnative\crypt32.dll 2016-05-12 10:01:40 F7DD01F464ED3ADB8477CD5FD1DE6CF4 356864 ----a-w- C:\WINDOWS\Sysnative\ActivationManager.dll 2016-05-12 10:01:40 F00A2E895B61858DBB3FE870495E37FA 210432 ----a-w- C:\WINDOWS\Sysnative\wcmcsp.dll 2016-05-12 10:01:40 ABF13620065E258771320165E0759761 1776768 ----a-w- C:\WINDOWS\Sysnative\WindowsCodecs.dll 2016-05-12 10:01:40 7F0318ECC1E6E566D02F218DD59CEA84 484352 ----a-w- C:\WINDOWS\Sysnative\DataSenseHandlers.dll 2016-05-12 10:01:40 37E893F5A0BB0DCF89D8464F4D5E0C3D 217440 ----a-w- C:\WINDOWS\Sysnative\AppxAllUserStore.dll 2016-05-12 10:01:39 C49BB15138D9A7AE2901692CA30E11D1 181248 ----a-w- C:\WINDOWS\Sysnative\shacct.dll 2016-05-12 10:01:39 5470B002C5E5D4DC8C4C330EAE8A685D 619296 ----a-w- C:\WINDOWS\Sysnative\d3d10level9.dll 2016-05-12 10:01:39 50E41D3203DA334DBBD2B3B6C7EA64CD 988672 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll 2016-05-12 10:01:39 1997A751EF0FB9889E6642428DC4CAB2 1161120 ----a-w- C:\WINDOWS\Sysnative\rpcrt4.dll 2016-05-12 10:01:38 FE42F8A07885E518ED1E846C93E4B78C 617984 ----a-w- C:\WINDOWS\Sysnative\StorSvc.dll 2016-05-12 10:01:38 A55AB67676D0E90C279E36AF78EECCFA 515072 ----a-w- C:\WINDOWS\Sysnative\OneDriveSettingSyncProvider.dll 2016-05-12 10:01:38 734B3E9E4DA94DD093C6759CA0C2AA1E 4775424 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll 2016-05-12 10:01:38 3655A59A1E16307F2F6475AC037C1EE4 87040 ----a-w- C:\WINDOWS\Sysnative\MDMAppInstaller.exe 2016-05-12 10:01:38 33C215D1F36A184FB0C0F83ECBE12B5B 351232 ----a-w- C:\WINDOWS\Sysnative\NgcCtnr.dll 2016-05-12 10:01:37 E650C69B5CA9B786AD91E3E7F962A0EE 848896 ----a-w- C:\WINDOWS\Sysnative\samsrv.dll 2016-05-12 10:01:37 C991F0E48492D1550279F901AB2332B0 390496 ----a-w- C:\WINDOWS\Sysnative\wlanapi.dll 2016-05-12 10:01:37 C1C81AAF533552B3C4D9F11A5FF97700 291360 ----a-w- C:\WINDOWS\Sysnative\wininit.exe 2016-05-12 10:01:37 0CFE0F27EC828D9659FD8BF3A529F7B1 166400 ----a-w- C:\WINDOWS\Sysnative\SubscriptionMgr.dll 2016-05-12 10:01:36 EED30CDEAB6E4B45CBF1BD5298952049 550656 ----a-w- C:\WINDOWS\Sysnative\directmanipulation.dll 2016-05-12 10:01:36 981F6C7FB2338CC7889BA4D37C1A9DCE 69632 ----a-w- C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll 2016-05-12 10:01:36 7AAA9916AA10F4B0E9743798A5BA6549 649216 ----a-w- C:\WINDOWS\Sysnative\ngcsvc.dll 2016-05-12 10:01:36 679DD4763AA8028B2F26651D3D02A2E1 582656 ----a-w- C:\WINDOWS\Sysnative\ngccredprov.dll 2016-05-12 10:01:36 3C52661045548D78EC0EB76495CB978F 66560 ----a-w- C:\WINDOWS\Sysnative\MosHostClient.dll 2016-05-12 10:01:36 242DA5F2A6D9C5DFE2F99127BD2077A4 92352 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll 2016-05-12 10:01:36 0FB83658FBB2C5A18AB98C5C94DB9FAF 289792 ----a-w- C:\WINDOWS\Sysnative\NgcCtnrSvc.dll 2016-05-12 10:01:35 B9B902C12D6872DE9135B0A7C1ACA5A8 565600 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe 2016-05-12 10:01:35 B985F4CC9D63594D8D3DCADAC07F257E 130560 ----a-w- C:\WINDOWS\Sysnative\CloudDomainJoinDataModelServer.dll 2016-05-12 10:01:35 A1BFD44C6343BDF582828EAB6B4CBDE5 630784 ----a-w- C:\WINDOWS\Sysnative\PhoneProviders.dll 2016-05-12 10:01:35 5907323899BCEFA32BF6B002F2493C09 76288 ----a-w- C:\WINDOWS\Sysnative\ngcpopkeysrv.dll 2016-05-12 10:01:34 E706406D61508D207F6B41CA4AD30891 127488 ----a-w- C:\WINDOWS\Sysnative\VEDataLayerHelpers.dll 2016-05-12 10:01:34 72229D3836EA9697F5E13AAEA85F8688 204048 ----a-w- C:\WINDOWS\Sysnative\rsaenh.dll 2016-05-12 10:01:33 EDF39F56DDF4116DCC8779A65EF8D6C5 58208 ----a-w- C:\WINDOWS\Sysnative\dwminit.dll 2016-05-12 10:01:33 C1FCA0AED814F1E814700833EF8E0616 179712 ----a-w- C:\WINDOWS\Sysnative\BrowserSettingSync.dll 2016-05-12 10:01:33 7CEC266216126BC9A0E1072E1A7E5702 279040 ----a-w- C:\WINDOWS\Sysnative\ListSvc.dll 2016-05-12 10:01:33 45FA01F8B7971ACB65202038E34D04A3 86528 ----a-w- C:\WINDOWS\Sysnative\wpdbusenum.dll 2016-05-12 10:01:32 D906EFF6ADB6704071C903E62867AC23 696672 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll 2016-05-12 10:01:32 90A52EBAC043CFCA92E5F3DEAD4BBB4C 48128 ----a-w- C:\WINDOWS\Sysnative\wups.dll 2016-05-12 10:01:32 5E903356FCDC2C7011E5341A1C2D48E9 192000 ----a-w- C:\WINDOWS\Sysnative\provisioningcsp.dll 2016-05-12 10:01:32 4766A523BD8265F3082662A49C382680 26408 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2016-05-12 10:01:31 DCC42EF91745E4AB13602B9A4D86DDC4 115040 ----a-w- C:\WINDOWS\Sysnative\NetSetupApi.dll 2016-05-12 10:01:31 C417C35D0B714320708A1C18673ACE6C 104448 ----a-w- C:\WINDOWS\Sysnative\BluetoothApis.dll 2016-05-12 10:01:31 5DBA65D48CB7B17E241BB7430745C2E0 59392 ----a-w- C:\WINDOWS\Sysnative\hmkd.dll 2016-05-12 10:01:30 D0F9C288251907FD44B96837DBDF0A50 320000 ----a-w- C:\WINDOWS\Sysnative\cryptngc.dll 2016-05-12 10:01:30 0BFEB4862FC2422DAC67EE95C278ECE0 111616 ----a-w- C:\WINDOWS\Sysnative\updatepolicy.dll 2016-05-12 10:01:29 33931A5F8E8B4446C547B020409D66C4 436736 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll 2016-05-12 10:01:28 ED309332DA910BE791F40F09F6FC50B5 38400 ----a-w- C:\WINDOWS\Sysnative\ByteCodeGenerator.exe 2016-05-12 10:01:28 AB1738C51C1C1F41A885467E7BB0D37B 285696 ----a-w- C:\WINDOWS\Sysnative\VEEventDispatcher.dll 2016-05-12 10:01:28 09098FB07B47765865492C53B66E29E5 764928 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll 2016-05-12 10:01:27 FE3A72E9BC5515509517D9BF41144252 414720 ----a-w- C:\WINDOWS\Sysnative\bcastdvr.exe 2016-05-12 10:01:27 C3534256AF526A16AADBA335AA99D58F 63488 ----a-w- C:\WINDOWS\Sysnative\wshbth.dll 2016-05-12 10:01:27 315CFB6974B5111E3E62E9A512C92B25 151040 ----a-w- C:\WINDOWS\Sysnative\VEStoreEventHandlers.dll 2016-05-12 10:01:27 1AF7E0BA5D1AEA3DEF1CF05B070803FA 89600 ----a-w- C:\WINDOWS\Sysnative\NFCProvisioningPlugin.dll 2016-05-12 10:01:26 F70CB98E5669D44CBFA6F3EBF534977F 86528 ----a-w- C:\WINDOWS\Sysnative\AppCapture.dll 2016-05-12 10:01:26 BD3F339FE542C30BB4A88F34A597728C 134656 ----a-w- C:\WINDOWS\Sysnative\wificonnapi.dll 2016-05-12 10:01:26 9C6EE1DE9CF7B77FF550A737816EB6DB 207360 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll 2016-05-12 10:01:24 9B034D049D1C6EC9BED55D2F27D86ED9 2186 ----a-w- C:\WINDOWS\Sysnative\AppxProvisioning.xml 2016-05-10 14:19:29 7E8152C231FF349CEEEB12146D90E952 398152 ----a-w- C:\WINDOWS\Sysnative\aswBoot.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2016-05-12 10:01:53 48D8729FACC784900B831212AE56F824 1996640 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-05-12 10:01:45 01C01ED15ED56B98088CE1D5A0965E6A 577368 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-05-12 10:01:42 E7463CE8579A0418A98BE9BE42C647D7 534872 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2016-05-12 10:01:39 CFFE69B6C276A3418687109EA8AC9E7D 330072 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-05-12 10:01:39 B880BE37452AB1D4AA93845F58EF7960 95072 ----a-w- C:\WINDOWS\Sysnative\drivers\sdport.sys 2016-05-12 10:01:36 357910142E9285B978689B1DB4EFA00A 393568 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-05-12 10:01:34 C330883C06E2D4CE4F6982F048265D37 335712 ----a-w- C:\WINDOWS\Sysnative\drivers\fastfat.sys 2016-05-12 10:01:33 C0752D58193603B6ED762B4027C65E1B 155136 ----a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys 2016-05-12 10:01:33 50DFE05C698E9B0A63D95E3D669A105C 638816 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys 2016-05-12 10:01:32 8F2523C9D8F1448FF2156452AF60FA00 87552 ----a-w- C:\WINDOWS\Sysnative\drivers\filecrypt.sys 2016-05-12 10:01:32 82D3B1F4D80057826AA649D78147DE36 63488 ----a-w- C:\WINDOWS\Sysnative\drivers\UcmCx.sys 2016-05-12 10:01:32 67B9684B8272D5EBD1CCBB1DBD425EC8 99680 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys 2016-05-12 10:01:32 2A87EA182EA333D79AA0B03833EA67F2 131424 ----a-w- C:\WINDOWS\Sysnative\drivers\ufxsynopsys.sys 2016-05-12 10:01:30 4AAD6547953D373A1EB5B2DF583D868B 67072 ----a-w- C:\WINDOWS\Sysnative\drivers\usbser.sys 2016-05-10 14:22:48 786E8BCDFF674068F3C950615FC2E71C 37144 ----a-w- C:\WINDOWS\Sysnative\drivers\aswKbd.sys 2016-05-10 14:20:18 DF190688D993A3DB227BFB0BB40BD7D4 103064 ----a-w- C:\WINDOWS\Sysnative\drivers\aswRdr2.sys 2016-05-10 14:20:18 D873455DFA27680585AE238503917DF5 74544 ----a-w- C:\WINDOWS\Sysnative\drivers\aswRvrt.sys 2016-05-10 14:20:18 BA4CDCD8C0395E91C38CD2C5CE3E7FA2 287528 ----a-w- C:\WINDOWS\Sysnative\drivers\aswVmm.sys 2016-05-10 14:20:18 6B7F6CE19A16240EE9DE2C528897ED9C 465792 ----a-w- C:\WINDOWS\Sysnative\drivers\aswSP.sys 2016-05-10 14:20:18 3575F9226251DE48E065ED5C384A21EF 166432 ----a-w- C:\WINDOWS\Sysnative\drivers\aswStm.sys 2016-05-10 14:20:18 33D0DD0471FDF449C81338863FC63978 107792 ----a-w- C:\WINDOWS\Sysnative\drivers\aswMonFlt.sys 2016-05-10 14:20:18 1694434F5B9AB16772C7A8E2EF9134CA 37656 ----a-w- C:\WINDOWS\Sysnative\drivers\aswHwid.sys 2016-05-10 14:20:16 A371A06EC8F4830C263D3F5CA5A11B65 1070904 ----a-w- C:\WINDOWS\Sysnative\drivers\aswSnx.sys 2016-04-14 07:41:24 19BD8A88AAC580592668B070AC0727D9 2152280 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys 2016-04-14 07:40:22 3B866F8CB10719A5AF9E410B1B149714 605440 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-04-14 07:40:02 63C3F74DC398A1C1A77E39DFB9C312CA 1089888 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys 2016-04-14 07:39:51 083A727D784009F9CCFB120C7841B7AF 2403680 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2016-04-14 07:39:47 28B8E1C6CBCF9FFE2FABFF3160C26ADF 258912 ----a-w- C:\WINDOWS\Sysnative\drivers\ufx01000.sys 2016-04-14 07:39:41 9E9D58F5E1702955B2F4D62996F80E8E 378208 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2016-04-14 07:39:37 E582DA849A58524E645545FB68B6625D 1152864 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2016-04-14 07:39:31 DA0807D87A62D076C29C4E30F1E84F46 26112 ----a-w- C:\WINDOWS\Sysnative\drivers\xinputhid.sys 2016-04-14 07:39:29 935823F79CBEDB91637B63D37E3A5A36 148480 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys 2016-04-14 07:39:19 B24408471C1BCB17FC44F5B47EA8DEA3 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2016-04-14 07:39:17 AA4CD20708B7E0412A5316D7E2875103 530432 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys 2016-04-14 07:39:17 2BC2E99623119521EEF7910A11D0FDE0 694784 ----a-w- C:\WINDOWS\Sysnative\drivers\WdiWiFi.sys 2016-04-14 07:39:15 8359F776CA899E761852F2293B724EAE 185184 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2016-04-14 07:38:34 249A563C48DFD9E42A37587653E003BB 83968 ----a-w- C:\WINDOWS\Sysnative\drivers\serial.sys 2016-04-14 07:38:26 0731E8F4D8D3B8D3FD98A46A8ABFE0A0 333824 ----a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys ====== C:\WINDOWS\Tasks ====== 2016-05-10 14:23:18 3AD9D8AE731F377EE1297046956D773A 4004 ----a-w- C:\WINDOWS\Sysnative\Tasks\SafeZone scheduled Autoupdate 1462890192 2016-05-10 14:20:44 76C52C70BD7AE489200FE1360C5B227B 4006 ----a-w- C:\WINDOWS\Sysnative\Tasks\avast! Emergency Update 2016-04-16 08:59:02 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Apple 2016-04-14 11:40:29 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\2BrightSparks ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2016-05-10 14:38:57 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2016-04-25 13:35:23 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2016-04-16 08:49:51 -------- d---a-w- C:\PROGRA~2\QuickTime ======= C: ===== ====== C:\Users\Acer\AppData\Roaming ====== 2016-04-30 09:32:12 -------- d-----w- C:\Users\Acer\AppData\Local\46F755CB-F4F2-4733-B30F-B594A22B9F0E.aplzod 2016-04-28 15:47:36 75CDC6BFDB2DDC0BEE9CDD1EA4441655 7542 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\WER1C12.tmp.WERInternalMetadata.xml ====== C:\Users\Acer ====== 2016-05-11 11:59:29 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Acer\Downloads\RSITx64 (2).exe 2016-05-10 14:38:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-04-16 09:02:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-04-16 08:49:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-04-16 08:30:16 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\.oracle_jre_usage ====== C: exe-files == 2016-05-12 10:01:57 2617877C5761B8A696FD0368861EE6E4 4515256 ----a-w- C:\Windows\explorer.exe 2016-05-12 10:01:31 E004E3D268827C6F2E500411D95DF85E 493056 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2016-05-12 10:01:30 97FF7539F4E46E86A802CD5876549ACA 476160 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2016-05-12 09:55:08 E8B364111F317A60DF073826E628FF6F 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe 2016-05-12 09:55:08 54D932590CEAB260ADC4FF79797B21D9 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateWebPlugin.exe 2016-05-12 09:55:08 108CB30A5B4C5247E414A3086458FCFC 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateBroker.exe 2016-05-12 09:55:07 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateSetup.exe 2016-05-12 09:55:06 A425CDCEB9D26E9A5ABAFA259799D447 312472 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe 2016-05-12 09:55:06 56FE3C885B0901601549E23E7A435984 250008 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe 2016-05-12 09:55:06 13FF5C375BD0C702EA1252E79592692F 135832 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateComRegisterShell64.exe 2016-05-12 09:55:05 50FCC5C822A6B4FC6F377EE9F9F37C7B 152216 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdate.exe 2016-05-12 09:55:04 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\GoogleUpdateSetup.exe 2016-05-11 12:01:30 E8B364111F317A60DF073826E628FF6F 92824 ----atw- C:\Users\Acer\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe 2016-05-11 12:01:30 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Users\Acer\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateSetup.exe 2016-05-11 12:01:30 54D932590CEAB260ADC4FF79797B21D9 92824 ----atw- C:\Users\Acer\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateWebPlugin.exe 2016-05-11 12:01:30 108CB30A5B4C5247E414A3086458FCFC 92824 ----atw- C:\Users\Acer\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateBroker.exe 2016-05-11 12:01:24 A425CDCEB9D26E9A5ABAFA259799D447 312472 ----atw- C:\Users\Acer\AppData\Local\Google\Update\1.3.30.3\GoogleCrashHandler64.exe 2016-05-11 12:01:24 13FF5C375BD0C702EA1252E79592692F 135832 ----atw- C:\Users\Acer\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateComRegisterShell64.exe 2016-05-11 12:01:23 56FE3C885B0901601549E23E7A435984 250008 ----atw- C:\Users\Acer\AppData\Local\Google\Update\1.3.30.3\GoogleCrashHandler.exe 2016-05-11 12:01:23 50FCC5C822A6B4FC6F377EE9F9F37C7B 152216 ----atw- C:\Users\Acer\AppData\Local\Google\Update\1.3.30.3\GoogleUpdate.exe 2016-05-11 12:01:20 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Users\Acer\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\GoogleUpdateSetup.exe 2016-05-11 11:59:29 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Acer\Downloads\RSITx64 (2).exe 2016-05-10 14:42:13 ABDB9D35071C3DD66E04C8E9449D5F30 62464 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe 2016-05-10 14:42:13 81FDA615FB56889C3F870F8DF997C314 362672 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe 2016-05-10 14:42:13 7BCA1072B332C5C421651125CD765C0D 389808 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe 2016-05-10 14:42:13 11ED409F462FBF3C755A282CE41EB5DE 310960 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe 2016-05-10 14:42:13 11ED409F462FBF3C755A282CE41EB5DE 310960 ----a-w- C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe 2016-05-10 11:33:52 CC1827FAAC97AE29826A2E9BBF709A0A 1362424 ----a-w- C:\Users\Acer\AppData\Local\Temp\SafeZone Installer\installer.exe 2016-05-08 05:39:39 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Acer\AppData\Local\Temp\36B917F9-06DE-40D8-93C6-B82985D80A6B\DismHost.exe 2016-05-07 07:01:42 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Acer\AppData\Local\Temp\E1EB948C-FBA3-4A08-B060-F0DEA8F6AEF3\DismHost.exe === C: other files == 2016-05-12 10:01:53 48D8729FACC784900B831212AE56F824 1996640 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2016-05-12 10:01:51 1A944DC7982279E73C4181DD5D50E021 3591168 ----a-w- C:\Windows\System32\win32kfull.sys 2016-05-12 10:01:45 0676A6C9A6EECA48E14B9AE13B0E3508 1387520 ----a-w- C:\Windows\System32\win32kbase.sys 2016-05-12 10:01:45 01C01ED15ED56B98088CE1D5A0965E6A 577368 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys 2016-05-12 10:01:42 E7463CE8579A0418A98BE9BE42C647D7 534872 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2016-05-12 10:01:39 CFFE69B6C276A3418687109EA8AC9E7D 330072 ----a-w- C:\Windows\System32\drivers\pci.sys 2016-05-12 10:01:39 B880BE37452AB1D4AA93845F58EF7960 95072 ----a-w- C:\Windows\System32\drivers\sdport.sys 2016-05-12 10:01:36 357910142E9285B978689B1DB4EFA00A 393568 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2016-05-12 10:01:34 C330883C06E2D4CE4F6982F048265D37 335712 ----a-w- C:\Windows\System32\drivers\fastfat.sys 2016-05-12 10:01:33 C0752D58193603B6ED762B4027C65E1B 155136 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2016-05-12 10:01:33 50DFE05C698E9B0A63D95E3D669A105C 638816 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2016-05-12 10:01:32 8F2523C9D8F1448FF2156452AF60FA00 87552 ----a-w- C:\Windows\System32\drivers\filecrypt.sys 2016-05-12 10:01:32 82D3B1F4D80057826AA649D78147DE36 63488 ----a-w- C:\Windows\System32\drivers\UcmCx.sys 2016-05-12 10:01:32 67B9684B8272D5EBD1CCBB1DBD425EC8 99680 ----a-w- C:\Windows\System32\drivers\pdc.sys 2016-05-12 10:01:32 2A87EA182EA333D79AA0B03833EA67F2 131424 ----a-w- C:\Windows\System32\drivers\ufxsynopsys.sys 2016-05-12 10:01:30 4AAD6547953D373A1EB5B2DF583D868B 67072 ----a-w- C:\Windows\System32\drivers\usbser.sys 2016-05-10 14:22:48 786E8BCDFF674068F3C950615FC2E71C 37144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2016-05-10 14:20:18 DF190688D993A3DB227BFB0BB40BD7D4 103064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2016-05-10 14:20:18 D873455DFA27680585AE238503917DF5 74544 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2016-05-10 14:20:18 BA4CDCD8C0395E91C38CD2C5CE3E7FA2 287528 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2016-05-10 14:20:18 6B7F6CE19A16240EE9DE2C528897ED9C 465792 ----a-w- C:\Windows\System32\drivers\aswSP.sys 2016-05-10 14:20:18 3575F9226251DE48E065ED5C384A21EF 166432 ----a-w- C:\Windows\System32\drivers\aswStm.sys 2016-05-10 14:20:18 33D0DD0471FDF449C81338863FC63978 107792 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2016-05-10 14:20:18 1694434F5B9AB16772C7A8E2EF9134CA 37656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys 2016-05-10 14:20:16 A371A06EC8F4830C263D3F5CA5A11B65 1070904 ----a-w- C:\Windows\System32\drivers\aswSnx.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-2668737801-3381503766-2512015713-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_7360584B616087257445E78FC1FAACF2"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "Google Update"="C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe /c" "OneDrive"="C:\Users\Acer\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Spotify Web Helper"="C:\Users\Acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "iCloudPhotos"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d" "EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "ArcadeDeluxeAgent"="C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "Reader Library Launcher"="C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "EaseUS TB Tray Agent"="C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_7360584B616087257445E78FC1FAACF2"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "Google Update"="C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe /c" "OneDrive"="C:\Users\Acer\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Spotify Web Helper"="C:\Users\Acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "iCloudPhotos"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" "PLFSetI"="C:\Windows\PLFSetI.exe" "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-11-2015 08:29] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29-08-2015 12:31] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29-08-2015 12:31] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2668737801-3381503766-2512015713-1000Core.job --a-------- C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [28-08-2015 07:40] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2668737801-3381503766-2512015713-1000UA.job --a-------- C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [28-08-2015 07:40] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\Google Updater and Installer" [C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2668737801-3381503766-2512015713-1000Core" [C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2668737801-3381503766-2512015713-1000UA" [C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] "C:\WINDOWS\SysNative\tasks\HPCustParticipation HP DeskJet 3630 series" ["C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe"] "C:\WINDOWS\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\WINDOWS\SysNative\tasks\SafeZone scheduled Autoupdate 1462890192" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\WINDOWS\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\WINDOWS\SysNative\tasks\Tweaking.com - Windows Repair Tray Icon" [C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{17853842-4EF4-4E26-A18A-81DD6D90D839}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\{544C7FA0-F6C1-4F12-99DC-6C287F11A31D}" ["c:\users\acer\appdata\local\google\chrome\application\chrome.exe"] "C:\WINDOWS\SysNative\tasks\{7A8A6320-4F30-456B-9C69-02D1912D95E6}" ["c:\users\acer\appdata\local\google\chrome\application\chrome.exe"] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-11-25 13:54:50 -------- d-----w- C:\PROGRA~3\USOShared 2015-11-25 13:54:57 -------- d-sh--we C:\PROGRA~3\Application Data 2015-11-25 14:01:32 -------- d-----w- C:\PROGRA~3\Microsoft OneDrive 2015-12-18 08:20:44 -------- d-----w- C:\PROGRA~3\ATI 2016-01-04 13:11:44 -------- d---a-w- C:\PROGRA~3\HP Product Assistant 2016-02-18 09:10:49 -------- d-----w- C:\PROGRA~3\Hewlett-Packard 2016-04-06 13:54:27 -------- d-----w- C:\PROGRA~3\Visan 2016-04-07 10:03:39 -------- d---a-w- C:\PROGRA~3\HP Photo Creations 2016-04-16 08:27:02 -------- d-----w- C:\PROGRA~3\AVAST Software ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [10-05-2016 16:19] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [10-05-2016 16:19] ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[10-05-2016 16:18] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[29-04-2016 15:53] MapsGalaxy - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn Chrome Web Store Payments - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ijjnmdphpnlnelhbhefnfmimenjgbfcn_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} HKCU\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [EaseUS TB Tray Agent] "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7360584B616087257445E78FC1FAACF2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKCU\..\Run: [Google Update] "C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [OneDrive] "C:\Users\Acer\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab O16 - DPF: {9E858349-A287-4D37-8C27-034330E160F9} (MijnAlbum Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/aus8.0.35/Uploader8.cab O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP.Acer-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=954 folders=203 536816230 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Acer\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 12-05-2016 at 16:29:43,00 ======================