Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Simon on do 22-09-2016 at 21:03:48,49. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Simon\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 22-9-2016 21:04:32 Zoek.exe System Restore Point Created Successfully. ==== VirusTotal Scan ====================== C:\Program Files (x86)\Gyazo\GyStation.exe https://www.virustotal.com/file/C01EDAA72A4A214066ED84CDF4EBA7AD2BDEBAE633100F8C08966639B5492D50/analysis/ ==== Empty Folders Check ====================== C:\Users\Simon\AppData\Roaming\DAEMON Tools Pro deleted successfully C:\Users\Simon\AppData\Roaming\HDDHealth deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent Adobe Digital Editions 3.0 Adobe Flash Player 11 Plugin Adobe Flash Player 23 ActiveX Adobe Reader XI (11.0.17) - Nederlands Adobe Refresh Manager Adobe Shockwave Player 12.0 AI Suite 3 AMD Catalyst Install Manager AMD Wireless Display v3.0 Ansel Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support Apple Software Update Arma 3 Asmedia USB Host Controller Driver ASUS Boot Setting ASUS HomeCloud Launcher ASUS MultiFrame ASUS Product Register Program ASUS ROG Connect Plus Battle.net Battlelog Web Plugins BattlEye for OA Uninstall Bonjour Brother MFL-Pro Suite DCP-L8400CDN Call of Duty: Black Ops - Multiplayer CCleaner Corsair Gaming Headset Software Corsair Link 4 Corsair Link(TM) USB Dongle (Driver Removal) Counter-Strike: Global Offensive CPUID ROG CPU-Z 1.72.1 DAEMON Tools Pro DEFCON Definition Update for Microsoft Office 2010 (KB3115475) 64-Bit Edition Dropbox ESN Sonar Flight Simulator X Flight Simulator X Service Pack 1 Free MP4 Video Converter Free YouTube To MP3 Converter Futuremark SystemInfo Geeks3D FurMark 1.17.0.0 Ghostbuster Glyph Google Chrome Google Update Helper Gyazo 3.2.2 H1Z1: King of the Kill HDD Health v4.2 HI-TECH C51-lite V9.60PL0 Infinite HDT App Intel(R) Chipset Device Software Intel(R) Management Engine Components Intel(R) ME UninstallLegacy Intel(R) Network Connections 20.2.3001.0 Intel(R) USB 3.0 eXtensible Host Controller Driver Intel© Trusted Connect Service Client iTunes Java 8 Update 101 Java Auto Updater KeyBot II League of Legends Logitech Gaming Software Logitech Gaming Software 8.81 Malwarebytes Anti-Malware versie 2.2.1.1043 Media Streamer MemTweakIt Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.1 (Nederlands) Microsoft .NET Framework 4.6.1 (NLD) Microsoft ASP.NET MVC 4 Runtime Microsoft Flight Simulator X Microsoft Flight Simulator X: Acceleration Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 32-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Silverlight Microsoft Silverlight 5.1 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24210 Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24210 Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24210 Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24210 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD MSI Afterburner 4.1.1 MSI Gaming APP MSI Kombustor 2.5.9 MSI Live Update 6 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK National Instruments Software NI-APAL 2.2 64-Bit Error Files NI-APAL 2.2 Error Files NI-APAL 2.2 Error Files for LabVIEW RT NI-CAN 2.7.5 NI-CAN 2.7.5 ADE Support Files NI-CAN Driver Files NI-CAN Driver Files 64-bit NI-CAN Provider for MAX NI-DAQmx/LabVIEW shared documentation 15.0.0 NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 15.0.0 NI-Mesa NI-PAL 2.9.1 64-Bit Error Files NI-PAL 2.9.1 Error Files NI-PAL 2.9.1 Error Files for LabVIEW RT NI-PAL 2.9.1f0 NI-PAL 2.9.1f0 for 64 Bit Windows NI-PAL 2.9.1f0 for Phar Lap ETS NI-RPC 15.0.0f0 NI-RPC 15.0.0f0 for 64 Bit Windows NI-RPC 15.0.0f0 for Phar Lap ETS NI-RPC 4.4.0f0 for Phar Lap ETS NI .NET Framework 4.0 NI Assistant Framework 64-bit NI Assistant Framework LabVIEW Code Generator 2015 NI Certificates Deployment Support NI Circuit Design Suite 13.0 Core NI Circuit Design Suite 13.0 Pro NI Circuit Design Suite 13.0 Pro Licenses NI Circuit Design Suite Master Database NI CodeSignAPI NI Customer Experience Improvement Program NI Distributed System Manager 2015 NI Error Reporting 2015 NI EulaDepot NI Example Finder 15.0 NI Instrument IO Assistant for LabVIEW 2015 32-bit NI JSON Map Files NI LabVIEW 2012 Real-Time NBFifo NI LabVIEW 2012 Run-Time Engine Web Server NI LabVIEW 2012 SP1 Run-Time Engine Non-English Support. NI LabVIEW 2013 Run-Time Engine Non-English Support. NI LabVIEW 2013 Run-Time Engine Web Server NI LabVIEW 2014 Real-Time Error Dialog NI LabVIEW 2014 SP1 Run-Time Engine Web Server NI LabVIEW 2015 NI LabVIEW 2015 Compare Utility NI LabVIEW 2015 Database Connectivity Toolkit NI LabVIEW 2015 Database Connectivity Toolkit License NI LabVIEW 2015 Deployable License NI LabVIEW 2015 Deployment Framework NI LabVIEW 2015 Help NI LabVIEW 2015 Help File NI LabVIEW 2015 Manuals NI LabVIEW 2015 MeasAppChm File NI LabVIEW 2015 Merge Utility NI LabVIEW 2015 Real-Time NBFifo NI LabVIEW 2015 Report Generation Toolkit for Microsoft Office NI LabVIEW 2015 Report Generation Toolkit License NI LabVIEW 2015 Run-Time Engine Web Server NI LabVIEW 2015 Scripting Code Generator NI LabVIEW 2015 Search NI LabVIEW 2015 Simulation NI LabVIEW 2015 Web Server NI LabVIEW C Interface NI LabVIEW MAX XML NI LabVIEW Runtime 2014 SP1 Non-English Support. NI LabVIEW Runtime 2015 Non-English Support. NI LabVIEW Web Services Runtime NI LabWindows/CVI 2013 SP2 Code Generator NI LabWindows/CVI 2015 DLL Builder for LabVIEW NI LabWindows/CVI Run-Time Engine 2013 SP2 (Updated) NI Launcher NI License Manager NI Logos LabVIEW 2015 Support NI Math Kernel Libraries NI MAX Support for 64 Bit Windows NI MDF Support NI mDNS Responder 14.0 for Windows 64-bit NI mDNS Responder 14.0.0 NI Measurement & Automation Explorer 15.0.0 NI MetaSuite Installer NI Multisim LabVIEW Interoperability Support 13.0 NI MXS 15.0.0 NI Network Discovery 15.0 NI Network Discovery 15.0 for Windows 64-bit NI OPC Support NI OPCEnum Shared NI OPCEnum Shared 64-bit NI Portable Configuration 15.0.0 NI Portable Configuration for 64 Bit Windows 15.0.0 NI Real-Time Device Manager NI Registration Wizard NI Remote Provider for MAX 15.0.0 NI Remote PXI Provider for MAX 15.0.0 NI Remote System Discovery Troubleshooting Wizard 15.0 NI Search Shared NI Security Update (KB 67L8LCQW) NI Security Update (KB 67L8LCQW) (64-bit) NI Service Locator 2015 NI SLCP 2.1 NI Software Provider for MAX 15.0.0 NI SSL LabVIEW 2015 Support NI SSL LabVIEW RTE 2012 SP1 Support NI SSL LabVIEW RTE 2013 Support NI SSL LabVIEW RTE 2014 Support NI SSL LabVIEW RTE 2015 Support NI SSL Support NI SSL Support (64-bit) NI System API Client for WIF 15.0.0 NI System API Web-Service 32-bit 15.0.0 NI System API Windows 32-bit 15.0.0 NI System API Windows 64-bit 15.0.0 NI System Configuration 15.0.0 LabVIEW Support NI System Configuration LV2015 Support 15.0.0 NI System Configuration Runtime 15.0.0 NI System Configuration Runtime 15.0.0 for Windows 64-bit NI System Logging Utilities NI System State Publisher NI System State Publisher (64-bit) NI System Web Server 2015 NI System Web Server Base 2015 NI System Web Server Base 2015 (64-bit) NI TDM Excel Add-In 15.0 NI TDM Excel Add-In 15.0 64-bit NI TDM Streaming 15.0 NI TDM Streaming 15.0 (64-bit) NI Trace Engine NI Trace Engine (64-bit) NI Uninstaller NI Update Service 15.0 NI Update Service 15.0 (64-bit) NI USI 15.0.0 NI USI 15.0.0 64-bit NI Variable Engine (64-bit) NI Variable Engine 2015 NI Variable Engine LabVIEW 2015 Support NI VC2005MSMs x64 NI VC2005MSMs x86 NI VC2008MSMs x64 NI VC2008MSMs x86 NI VC2010SP1MSMs x64 NI VC2010SP1MSMs x86 NI VIPM Helper 2014 SP2 NI Visual C++ 2008 Redistributable Package NI Visual C++ 2010 Redistributable Package NI Web-Based Configuration and Monitoring 15.0 NI Web Application Server 2015 NI Web Application Server 2015 (64-bit) NI Web Pipeline 15.0 NI Web Pipeline 15.0 (64-bit) NI WS Repl Library 2015 NI WS Repl Library 2015 (64-bit) NI Xalan Delay Load 1.10.3 NI Xalan Delay Load 1.10.3 64-bit NI Xerces Delay Load 2.7.6 NI Xerces Delay Load 2.7.6 64-bit NVIDIA-configuratiescherm 372.70 NVIDIA 3D Vision controllerstuurprogramma 369.04 NVIDIA 3D Vision stuurprogramma 372.70 NVIDIA Grafisch stuurprogramma 372.70 NVIDIA HD Audio-stuurprogramma 1.3.34.15 NVIDIA Install Application NVIDIA PhysX Systeem Software 9.16.0318 NVIDIA Stereoscopic 3D Driver OldSchool RuneScape Launcher 1.2.7 Origin Popcorn Time PowerISO Prison Architect Realtek Ethernet Controller Driver Realtek Ethernet Diagnostic Utility Reset NI Config 15.0.0 RivaTuner Statistics Server 6.3.0 ROG Game First III ROG RAMDisk ROGRAMCACHE RollerCoaster Tycoon: Deluxe SABnzbd 0.7.20 Samsung AllShare Samsung Kies Samsung Kies3 SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4.6.1 (KB3122661) Security Update for Microsoft .NET Framework 4.6.1 (KB3127233) Security Update for Microsoft .NET Framework 4.6.1 (KB3136000) Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2) Security Update for Microsoft .NET Framework 4.6.1 (KB3142037) Security Update for Microsoft .NET Framework 4.6.1 (KB3143693) Security Update for Microsoft .NET Framework 4.6.1 (KB3164025) Security Update for Microsoft Access 2010 (KB3101544) 64-Bit Edition Security Update for Microsoft Excel 2010 (KB3118316) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB3114414) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553313) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553432) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2920748) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2956076) 64-Bit Edition Security Update for Microsoft Office 2010 (KB3054984) 64-Bit Edition Security Update for Microsoft Office 2010 (KB3085528) 64-Bit Edition Security Update for Microsoft Office 2010 (KB3101520) 64-Bit Edition Security Update for Microsoft Office 2010 (KB3114400) 64-Bit Edition Security Update for Microsoft Office 2010 (KB3118309) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB3114885) 64-Bit Edition Security Update for Microsoft Outlook 2010 (KB3118313) 64-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2920812) 64-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB3115467) 64-Bit Edition Security Update for Microsoft Publisher 2010 (KB2817478) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB3114872) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2999465) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2965313) 64-Bit Edition Security Update for Microsoft Word 2010 (KB3115471) 64-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition ShellShock Live Sid Meier's Civilization V Siemens NX 9.0 Siemens PLM License Server Skype Click to Call SkypeT 7.12 Software voor Intel© Chipset-apparaten Speccy Spotnet Steam Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD TeamSpeak 3 Client Town of Salem TrackMania United Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2999508) 64-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition Update for Microsoft Office 2010 (KB2553140) 64-Bit Edition Update for Microsoft Office 2010 (KB2553347) 64-Bit Edition Update for Microsoft Office 2010 (KB2553388) 64-Bit Edition Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589318) 64-Bit Edition Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition Update for Microsoft Office 2010 (KB2791057) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft Office 2010 (KB2881030) 64-Bit Edition Update for Microsoft Office 2010 (KB2883019) 64-Bit Edition Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition Update for Microsoft Office 2010 (KB3054873) 64-Bit Edition Update for Microsoft Office 2010 (KB3054886) 64-Bit Edition Update for Microsoft Office 2010 (KB3054977) 64-Bit Edition Update for Microsoft Office 2010 (KB3055042) 64-Bit Edition Update for Microsoft Office 2010 (KB3055047) 64-Bit Edition Update for Microsoft Office 2010 (KB3114555) 64-Bit Edition Update for Microsoft Office 2010 (KB3114989) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2956075) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2760779) 64-Bit Edition Update for Microsoft Outlook 2010 (KB3114756) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553308) 64-Bit Edition Update for Microsoft Project 2010 (KB3115249) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition Uplay VI Package Manager 2014 SP2 VLC media player 2.1.0 Vulkan Run Time Libraries 1.0.11.1 WebStorage WIF Core Dependencies Windows 15.0.0 Windows-stuurprogrammapakket - Corsair Components, Inc. (SIUSBXP) USB (10/30/2015 3.6) Windows 7 downloadprogramma voor USB/DVD Windows 7 USB/DVD Download Tool WinRAR 4.20 (64-bit) ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe C:\Windows\SysWOW64\muachost.exe C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe C:\Program Files (x86)\Gyazo\GyStation.exe C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe C:\Users\Simon\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\HDD Health\hddhealth.exe C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe C:\Program Files (x86)\ROGRAMCACHE\RamCache.exe C:\Program Files (x86)\MSI\Live Update\Live Update.exe C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe C:\Users\Simon\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe C:\Users\Simon\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe C:\Users\Simon\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Users\Simon\AppData\Local\Temp\virustotal.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgidsagent.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blindman.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instup.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbampt.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamscheduler.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDFiles.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDMain.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDWinSec.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe] "Debugger="- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe] "Debugger="- ==== Deleting Files \ Folders ====================== "C:\Program Files (x86)\clientmonitor.exe" not found "C:\Users\Simon\AppData\Roaming\iFaZGeUKaMJSAAbhQfSif.cmd" not found "C:\Program Files (x86)\clientmonitor.exe" not found "C:\Users\Simon\AppData\Roaming\iFaZGeUKaMJSAAbhQfSif.cmd" not found ==== Files Found In C:\Users\Simon\AppData\Roaming\tda ====================== 2012-01-29 22:34:20 750320 ---ha-r- 71D8F6D5DC35517275BC38EBCC815F9F C:\Users\Simon\AppData\Roaming\tda\obj.cmd --- C:\Users\Simon\AppData\Roaming\tda\obj.cmd 2016-03-20 20:35:35 406307 ---ha-r- EB08EF640B810366C2EEAF12AF4B25EE C:\Users\Simon\AppData\Roaming\tda\ioq.cmc --- C:\Users\Simon\AppData\Roaming\tda\ioq.cmc 2016-03-20 20:35:36 11658 ---ha-r- CA3637AEB73E4A4D5BE0AA6B5A17348B C:\Users\Simon\AppData\Roaming\tda\uef.mp4 --- C:\Users\Simon\AppData\Roaming\tda\uef.mp4 2016-03-20 20:35:36 12531 ---ha-r- 775CCAC65DA8F6D3766BC2E70CEA024B C:\Users\Simon\AppData\Roaming\tda\mrg.ico --- C:\Users\Simon\AppData\Roaming\tda\mrg.ico 2016-03-20 20:35:36 13805 ---ha-r- EEFD526745325978488E9029127B4526 C:\Users\Simon\AppData\Roaming\tda\adm.bmp --- C:\Users\Simon\AppData\Roaming\tda\adm.bmp 2016-03-20 20:35:36 14472 ---ha-r- FD40497803021B4CE401FEFC2E18DEA7 C:\Users\Simon\AppData\Roaming\tda\ngc.ppt --- C:\Users\Simon\AppData\Roaming\tda\ngc.ppt 2016-03-20 20:35:36 427380 ---ha-r- 8C9E8912683B8CBA72AB241E7D8415B2 C:\Users\Simon\AppData\Roaming\tda\wls.mp3 --- C:\Users\Simon\AppData\Roaming\tda\wls.mp3 ==== Files Found In C:\Users\Simon\AppData\Roaming\slp ====================== 2012-01-29 21:34:20 750320 ---ha-r- 71D8F6D5DC35517275BC38EBCC815F9F C:\Users\Simon\AppData\Roaming\slp\uvq.bat --- C:\Users\Simon\AppData\Roaming\slp\uvq.bat 2016-06-26 21:46:24 405986 ---ha-r- AF30FE7A359CB6D8E02B4427A1254126 C:\Users\Simon\AppData\Roaming\slp\wmr.mdk --- C:\Users\Simon\AppData\Roaming\slp\wmr.mdk 2016-06-26 21:46:26 11567 ---ha-r- B35642C262C093E9E478FF11A90549B0 C:\Users\Simon\AppData\Roaming\slp\drb.xl --- C:\Users\Simon\AppData\Roaming\slp\drb.xl 2016-06-26 21:46:26 11762 ---ha-r- 57FE7C4D4A96CC67FEB043C485C089DC C:\Users\Simon\AppData\Roaming\slp\fut.mp3 --- C:\Users\Simon\AppData\Roaming\slp\fut.mp3 2016-06-26 21:46:26 13515 ---ha-r- 7C16B2213A181964CCDDFE072EC585F4 C:\Users\Simon\AppData\Roaming\slp\xgv.mp3 --- C:\Users\Simon\AppData\Roaming\slp\xgv.mp3 2016-06-26 21:46:27 418085 ---ha-r- 1A58BFC9C9FFFF6FAB8F721E35812B4E C:\Users\Simon\AppData\Roaming\slp\wql.ico --- C:\Users\Simon\AppData\Roaming\slp\wql.ico ==== Files Found In C:\Users\Simon\AppData\Roaming\ddh ====================== 2012-01-29 21:34:20 750320 ---ha-r- 71D8F6D5DC35517275BC38EBCC815F9F C:\Users\Simon\AppData\Roaming\ddh\hpa.com --- C:\Users\Simon\AppData\Roaming\ddh\hpa.com 2016-06-13 23:30:07 406157 ---ha-r- DB2AB44940987589522CC7E6FCABF321 C:\Users\Simon\AppData\Roaming\ddh\ckr.udt --- C:\Users\Simon\AppData\Roaming\ddh\ckr.udt 2016-06-13 23:30:08 11752 ---ha-r- 883A4866E7ED5C9592CB03B642FBAEF6 C:\Users\Simon\AppData\Roaming\ddh\aum.jpg --- C:\Users\Simon\AppData\Roaming\ddh\aum.jpg 2016-06-13 23:30:09 430289 ---ha-r- 5B5AF0F13BDF24FB7B66F2B6186281F0 C:\Users\Simon\AppData\Roaming\ddh\hsh.ico --- C:\Users\Simon\AppData\Roaming\ddh\hsh.ico ==== System Specs ====================== Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 16314 MB CPU Info: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz CPU Speed: 3562,4 MHz Sound Card: Oortelefoon van hoofdtelefoon ( | Realtek Digital Output (2- Real | Display Adapters: NVIDIA GeForce GTX 980 Ti | NVIDIA GeForce GTX 980 Ti | NVIDIA GeForce GTX 980 Ti | NVIDIA GeForce GTX 980 Ti | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; ASUS PG278Q | Dell ST2220M(Digital) | Screen Resolution: 2560 X 1440 - 32 bit Network: Network Present Network Adapters: Intel(R) Ethernet Connection (2) I219-V CD / DVD Drives: No optical drives found. Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 238,4GB | D: 100,0MB | E: 1862,9GB | G: 1862,9GB Hard Disks - Free: C: 25,5GB | D: 37,1MB | E: 221,0GB | G: 1469,5GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 10/01/15 | GBT - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. MAXIMUS VIII GENE Country: Nederland Language: NLD ==== System Specs (Software) ====================== SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Internet Explorer Version: 11.0.9600.18449 Google Chrome version: 53.0.2785.116 Adobe Reader version: 11.0.17.9 Sun Java version: 1.8.0_101 (32-bit) Sun Java version: 1.8.0_101 (64-bit) Flash Player version: 11.9.900.152 Shockwave Player version: 12.0.6r147 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Simon\AppData\Local\Temp ==== 2016-09-21 17:22:32 F79AC417D93C32467347AD057764E38C 743600 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.780\autorunsc64.exe 2016-09-21 17:22:32 D510609047DEE6DF0A5DDBF84EA196FB 629928 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.780\autorunsc.exe 2016-09-21 17:22:32 3D5554237D26BEE4B146193121FEA746 843440 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.780\Autoruns64.exe 2016-09-21 17:22:32 088E659223761E033284CE23CABFF819 715424 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.780\Autoruns.exe 2016-09-21 17:21:48 F79AC417D93C32467347AD057764E38C 743600 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.333\autorunsc64.exe 2016-09-21 17:21:48 D510609047DEE6DF0A5DDBF84EA196FB 629928 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.333\autorunsc.exe 2016-09-21 17:21:48 3D5554237D26BEE4B146193121FEA746 843440 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.333\Autoruns64.exe 2016-09-21 17:21:48 088E659223761E033284CE23CABFF819 715424 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.333\Autoruns.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-09-22 17:58:13 F78D2BF2C551BE9DF6A2F3210A2964C1 97856 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-09-21 15:16:12 9704C3ABF5163E67F6A6FCCA79DAD35C 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2016-09-15 16:12:21 FCDB0FD3A1ECDAFA4C953ED0F0AF5071 20312064 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2016-09-15 16:12:21 E81C4D5B6A678F36F052438A49CD5B48 91136 ----a-w- C:\Windows\SysWOW64\inseng.dll 2016-09-15 16:12:21 E02CDB97D376EA55E840807A6E8D61E0 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2016-09-15 16:12:21 CAABD0302911066D4860DCA5BA0F210E 346320 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2016-09-15 16:12:21 B51C5F590E3453207B31B10858DE00CD 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2016-09-15 16:12:21 AB37C67BF2E2D24758FFD209BD907A97 498688 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2016-09-15 16:12:21 AB348819D1384A6B61FFF982E3197404 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2016-09-15 16:12:21 A8F96A50D37297F7C050DDEE79ABA0B2 1316352 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2016-09-15 16:12:21 A1A34F3FC6828BC3607AF37688A1C03C 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2016-09-15 16:12:21 903AB195DEF789E1E8B2641766E2C980 692736 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2016-09-15 16:12:21 8629C49C837FCD69B0163AFB8C30FD69 130048 ----a-w- C:\Windows\SysWOW64\occache.dll 2016-09-15 16:12:21 5A4F9BCD0C08760A425183C32C641CAC 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2016-09-15 16:12:21 2D8A732E8380EF7BBB8E405B68A7732B 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2016-09-15 16:12:21 165587D25D4C8BE398A050BAD971C906 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2016-09-15 16:12:21 0DD908ABA314823CEA0D7EEFDB800E50 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-09-15 16:12:20 FAC7256D1205CD59C67BA85E8A4DC01C 476160 ----a-w- C:\Windows\SysWOW64\ieui.dll 2016-09-15 16:12:20 D04E1DD0C0DBEC3568F0AEEB1B8601E4 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2016-09-15 16:12:20 CB989AF28CEB4E71D127FA1E0686E676 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll 2016-09-15 16:12:20 C38EBAE98B5D2B4A5F9370FB4EE6FB4B 13808128 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2016-09-15 16:12:20 9AD01E0F56F5F310BBEBA8AEF7729FD0 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2016-09-15 16:12:20 570E0391BFC0CCFB6E1F63C35DF0F47E 2286592 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2016-09-15 16:12:20 4182A960B163AE8E9B4C5AE1F1FBDF20 2055680 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2016-09-15 16:12:20 0823693EDBABAC06FF955D9E7501FAF2 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2016-09-15 16:12:19 EDE952C03267767A05F9C7800C4116A8 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2016-09-15 16:12:19 D8F0B919B727443B079D907164D3C0F1 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2016-09-15 16:12:19 6904CC18680F8746C8F7873701A5D1C0 4607488 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2016-09-15 16:12:19 54C506F1B569AA25BD06428C9563F61A 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2016-09-15 16:12:19 47D100AC1CDF0B19332387CB7E1FEF8F 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2016-09-15 16:12:19 42B01C859A89EEA6237DBD9A290DF857 2445824 ----a-w- C:\Windows\SysWOW64\wininet.dll 2016-09-15 16:12:19 2283E1E7CB05E77DA2A6D728464C5277 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2016-09-15 16:12:19 0A944A150B5BDFF106F0FC6CCC9FBBD5 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2016-09-15 16:12:14 FEF5B7E2CC88215E7D4789C13C1B5729 275456 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2016-09-15 16:12:14 FBEA64C4AC884FC735A0C23216E9B562 30208 ----a-w- C:\Windows\SysWOW64\wups.dll 2016-09-15 16:12:14 EE16D4205B0C692B9C3BA6DF7855FCDB 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2016-09-15 16:12:14 C7F9A2FBB73D75191FBF88ACB2563765 3944680 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2016-09-15 16:12:14 B7EACDF250F0F9E3EEC97C29970C71C7 93696 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2016-09-15 16:12:14 9FFAA819B32476804ED0FED6DD245094 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2016-09-15 16:12:14 9B2CA35A812596333B44AD59857AD07D 573440 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2016-09-15 16:12:14 95BF306BE1D8C32867F680766788931E 254464 ----a-w- C:\Windows\SysWOW64\schannel.dll 2016-09-15 16:12:14 901B8E4C2BA406EDCA8B3A8DADA4AD6E 644096 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2016-09-15 16:12:14 87BA3E79C594ABCFB576CE20E557E301 1314112 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2016-09-15 16:12:14 6C776DB52210002932F3C97C29FDE894 4000488 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2016-09-15 16:12:14 4CD379CD6698D360B7005F09BC8EA655 174080 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2016-09-15 16:12:13 FEDCCF1CB54068C113C3ADF9B7ACB0A3 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2016-09-15 16:12:13 DE71C18B03FBFFF648F5DBB0C5477F0F 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2016-09-15 16:12:13 D58FF04BAC142931F69BB5525BDAAD19 141312 ----a-w- C:\Windows\SysWOW64\rpchttp.dll 2016-09-15 16:12:13 D3018C01809D5D7DBDCEF5F722B09E91 36352 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2016-09-15 16:12:13 CE3C9E04371DD30983DF090631301653 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll 2016-09-15 16:12:13 CAA96DE8A89F16B555F4689253C5173D 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2016-09-15 16:12:13 C16403269708D8044A3AF041769218EC 25088 ----a-w- C:\Windows\SysWOW64\msimsg.dll 2016-09-15 16:12:13 BECA6760255CD050FF3754119D1AF580 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2016-09-15 16:12:13 BEC72BA50E703184BA0CF2DD06B707C8 145920 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2016-09-15 16:12:13 B6B0210E9F4F961B52C88B605176E1F2 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2016-09-15 16:12:13 A1263219C202979CCFE4FD9AD99DBC00 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2016-09-15 16:12:13 98AF306170576A41573013C17D68570B 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2016-09-15 16:12:13 881EDFC0B3103ADFD50B1ED7B3C97060 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll 2016-09-15 16:12:13 81512CEA265D3C0DEB4F4557C693E768 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2016-09-15 16:12:13 804A445357C35467FD9EB025619860C0 2365440 ----a-w- C:\Windows\SysWOW64\msi.dll 2016-09-15 16:12:13 77C1745546361C0532C035A29A5B6CEA 1806848 ----a-w- C:\Windows\SysWOW64\authui.dll 2016-09-15 16:12:13 71367FF56BBB71C750E2D031DF346531 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2016-09-15 16:12:13 6FE508E1F2533759EFBA6552CE8EC3CF 342528 ----a-w- C:\Windows\SysWOW64\certcli.dll 2016-09-15 16:12:13 60ACCB7E0462A6269C8E07ADA5A651FB 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2016-09-15 16:12:13 60066CC1F3C451DA041189C5DB296EF3 1176064 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2016-09-15 16:12:13 54B44043A7298DCD7C0B54912EEA8CA6 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2016-09-15 16:12:13 53CBE17893292F129B3260A2C3514889 67584 ----a-w- C:\Windows\SysWOW64\asycfilt.dll 2016-09-15 16:12:13 4879889B8AA5A4C01A63BDF84A343371 260608 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2016-09-15 16:12:13 3D46E4BF61A20565347BBFBD7759F189 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2016-09-15 16:12:13 3608A16863D63D6267E44530712FC245 106496 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2016-09-15 16:12:13 33F4F776DEDCE9D88A991C560F854460 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2016-09-15 16:12:13 307A6D4F7CD94E384ECFF05AFA30B42C 90624 ----a-w- C:\Windows\SysWOW64\olepro32.dll 2016-09-15 16:12:13 2BA37F90ABD36251A53C2769ADD55BC4 553472 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2016-09-15 16:12:13 2B857FD18BA4B5BE6409BD6CE79EB4BD 73216 ----a-w- C:\Windows\SysWOW64\msiexec.exe 2016-09-15 16:12:13 2A7D01A465922F6C521B23DCE51F16C6 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2016-09-15 16:12:13 2A18A51C9BBFE9B98EB594B09B27B476 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2016-09-15 16:12:13 29F32A8694D634649B8E84B5EC8F08B2 223232 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2016-09-15 16:12:13 1D8D59ED918612CA5E3731275E5C4EEC 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2016-09-15 16:12:13 0C906DFCC35D764FF80989ECC541DCC8 666112 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2016-09-15 16:12:13 05DBB27C81C29AD8627FA631E7F1834B 690688 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2016-09-15 16:12:12 85439A5872E044ABBCDD289D62CDC78E 741888 ----a-w- C:\Windows\SysWOW64\inetcomm.dll 2016-09-15 16:12:12 61B2A783334B96D790FED4B9554E23CD 581632 ----a-w- C:\Windows\SysWOW64\oleaut32.dll 2016-09-15 16:12:12 41DD70DF48DBE81D14F22FBD87EAC992 84480 ----a-w- C:\Windows\SysWOW64\INETRES.dll 2016-09-15 16:12:12 0FBC0E335B65EE5A0175631237817510 833024 ----a-w- C:\Windows\SysWOW64\user32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-09-21 15:16:12 C365622F20C5525865216A96BF692E99 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2016-09-15 16:12:21 BEB502E8862341FEB95DFC6B6284115D 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2016-09-15 16:12:21 B97F87192E714AD89FB7EF4A18A4C32A 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2016-09-15 16:12:21 87AFFBBDF1AE74DC181A1CDE9027EA89 724992 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2016-09-15 16:12:21 682A64FD861CDFB45F67AA5FE17BA1A1 107520 ----a-w- C:\Windows\Sysnative\inseng.dll 2016-09-15 16:12:21 4F748ADA19F30F3E7D4E0A1701DA7B89 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2016-09-15 16:12:21 3CE829A63256939949A6EEEEC28D14F9 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2016-09-15 16:12:21 2D02B511AA07FCEA609454DE106EDB76 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2016-09-15 16:12:20 F4C01905813E54CD5BA23723B266913E 2131456 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2016-09-15 16:12:20 B30F72CE629E162868B558DBAFB9CFD0 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2016-09-15 16:12:20 A28190FACB9A57460646DC34D1872602 1550848 ----a-w- C:\Windows\Sysnative\urlmon.dll 2016-09-15 16:12:20 937EF34C7D5BFEA2DE4D292CE891508D 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2016-09-15 16:12:20 7CB3C40A2217D66CE079C7C3A3E26E72 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2016-09-15 16:12:20 62FA32D750EE2EE4A5428EBB1D19579F 806400 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2016-09-15 16:12:20 468885F5A8EF535C283650172EEFF7A3 394440 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2016-09-15 16:12:20 2519AE972350743048572AE2B4468A6A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2016-09-15 16:12:20 2324CEE54911FB2F19932EF17B8832DF 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2016-09-15 16:12:20 0E761BABDE88967371D7349E0ABC6533 2894336 ----a-w- C:\Windows\Sysnative\iertutil.dll 2016-09-15 16:12:20 0AC6429EC84835E46B6DFF4F942A04E6 152064 ----a-w- C:\Windows\Sysnative\occache.dll 2016-09-15 16:12:19 FCC72FD5CBADC4C0E9DFA57C39AEC7AB 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2016-09-15 16:12:19 EDFE9C542057783240B99AF1D22AB9E7 15411712 ----a-w- C:\Windows\Sysnative\ieframe.dll 2016-09-15 16:12:19 8F6C78FAAE2B608B95CC74B05F2B28EE 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll 2016-09-15 16:12:19 813CA8C89C2926FA99529D5F3AACC58D 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2016-09-15 16:12:19 7E7E95BD081708B6F25C8D53905C2555 576000 ----a-w- C:\Windows\Sysnative\vbscript.dll 2016-09-15 16:12:19 6BDCAE109401EE7C3BAE723CA07053BE 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2016-09-15 16:12:19 395A8C5912EF997552BC83825A2929A0 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2016-09-15 16:12:19 14A3ACA98CB619425CCAF80C98BAFE9B 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2016-09-15 16:12:19 02D87281AF419BCC51CCC3E1212D4316 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2016-09-15 16:12:18 F28B26DE031D6C7AC3F393417191A22F 2921472 ----a-w- C:\Windows\Sysnative\wininet.dll 2016-09-15 16:12:18 CF7437C37E29B7EE1C03A080D1BF2320 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2016-09-15 16:12:18 8697B372F86B785B6ED4ECCC4356A9BA 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2016-09-15 16:12:18 7936C38FA219F9677B6ADC1BD449312A 6047232 ----a-w- C:\Windows\Sysnative\jscript9.dll 2016-09-15 16:12:18 63FE1FCCA4DE89650B5F1B053F90C14D 817664 ----a-w- C:\Windows\Sysnative\jscript.dll 2016-09-15 16:12:18 4E6BE9C51B49CB2727060E4F66CFA43D 417792 ----a-w- C:\Windows\Sysnative\html.iec 2016-09-15 16:12:18 4E37DAED89FE489530347D714272D5E1 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2016-09-15 16:12:18 33063F69D8E97D6A5C81AE5D9083239D 25770496 ----a-w- C:\Windows\Sysnative\mshtml.dll 2016-09-15 16:12:14 F7F7E24FC6FBE3D74B6ABAF52656F66D 148480 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe 2016-09-15 16:12:14 EF275A532A94E4DEB0B5661ACB791B94 345600 ----a-w- C:\Windows\Sysnative\schannel.dll 2016-09-15 16:12:14 E05CBE6583B1AED1F860CCDDE666113E 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2016-09-15 16:12:14 C9805CDE0B275E7554F9023497169B9B 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2016-09-15 16:12:14 C17021807EEDE0695C1389EDDF06E425 37888 ----a-w- C:\Windows\Sysnative\wuapp.exe 2016-09-15 16:12:14 B96D67F1BF78F1005B9D77EA7889F2B8 215552 ----a-w- C:\Windows\Sysnative\winsrv.dll 2016-09-15 16:12:14 B163D07568771A97DEFD950648679D13 706280 ----a-w- C:\Windows\Sysnative\winload.efi 2016-09-15 16:12:14 9BA64DDB52B87FAC36C46886CFCA4C2B 37888 ----a-w- C:\Windows\Sysnative\wups2.dll 2016-09-15 16:12:14 9AE1FCEC20546D3FB24DD568BFE74223 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2016-09-15 16:12:14 9A61B81B35B13ECAF2965B4371AF75C8 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2016-09-15 16:12:14 8D85C1A3A9ABBF017E91CCE4F7B5C8EB 3156480 ----a-w- C:\Windows\Sysnative\wucltux.dll 2016-09-15 16:12:14 82BADDAAC75360E26A0401EDEB11A1B8 709120 ----a-w- C:\Windows\Sysnative\wuapi.dll 2016-09-15 16:12:14 7D3220956748820C31955C98E9469808 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2016-09-15 16:12:14 75BFFDCF1ACFA5EBC9A054B1CCB9B440 419840 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2016-09-15 16:12:14 72D9FC1995B11D65FDAACF23C9607E85 5548264 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2016-09-15 16:12:14 563CCCAF39FDB0D937D024CC5F095913 880640 ----a-w- C:\Windows\Sysnative\advapi32.dll 2016-09-15 16:12:14 4E257E23F111375F2E411607170B2A19 3244032 ----a-w- C:\Windows\Sysnative\msi.dll 2016-09-15 16:12:14 43AD6021706E7E7CCAA17740F5E9C077 631176 ----a-w- C:\Windows\Sysnative\winresume.efi 2016-09-15 16:12:14 4079968F0045D92422F720BB51C79F9F 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2016-09-15 16:12:14 3C9D585087C26F7A7C6D770EC53C4A33 1483264 ----a-w- C:\Windows\Sysnative\crypt32.dll 2016-09-15 16:12:14 34356D8A4183B33E8097A3D80833FAAE 140288 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2016-09-15 16:12:14 32F45ACEAEE42571D073B5B7BB472C99 98816 ----a-w- C:\Windows\Sysnative\wudriver.dll 2016-09-15 16:12:14 31F32E0C1A8BA9A37EEC23DE5F27F847 2607104 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2016-09-15 16:12:14 2C49C5C911D1BE2A815BC183C0B2FED1 34816 ----a-w- C:\Windows\Sysnative\appidsvc.dll 2016-09-15 16:12:14 23257822EAF8FC8CD4D683A1A82AA3AF 36864 ----a-w- C:\Windows\Sysnative\wups.dll 2016-09-15 16:12:14 0C709E54E665A336873463270B2AEEE9 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2016-09-15 16:12:14 0A42765C13B78202EF653E30FD27C5D7 1732864 ----a-w- C:\Windows\Sysnative\ntdll.dll 2016-09-15 16:12:14 06D4BE9539D4CC0236272782E2257401 192512 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2016-09-15 16:12:13 F63A440221719BAC48A28834D05B2C5A 1941504 ----a-w- C:\Windows\Sysnative\authui.dll 2016-09-15 16:12:13 E4D394D0B3DEB6A49AD50941C44CFD83 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2016-09-15 16:12:13 DA5FADF15C43947A7AD8412D248E57F9 190464 ----a-w- C:\Windows\Sysnative\rpchttp.dll 2016-09-15 16:12:13 D443E764731A796558FF3C28CBDCB66F 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll 2016-09-15 16:12:13 D27D736D6D1CA572B474AED2D5EC95F9 730624 ----a-w- C:\Windows\Sysnative\kerberos.dll 2016-09-15 16:12:13 CFAD4ECC5EBCA91B081CCBCA45A047EB 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2016-09-15 16:12:13 C845001BA493FD701DE9C52965912632 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2016-09-15 16:12:13 C5FA87D9F531D575F464494F9D05613D 1212928 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2016-09-15 16:12:13 C45A96B798B76ABF634A7CA48D60A80F 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2016-09-15 16:12:13 BB8702D3E670974D537E358754B7995A 84992 ----a-w- C:\Windows\Sysnative\asycfilt.dll 2016-09-15 16:12:13 BABBB1EF7402596711A3F418DDF73C7C 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2016-09-15 16:12:13 B77589C7F1F2BA410F68B921E3D46AB7 210432 ----a-w- C:\Windows\Sysnative\wdigest.dll 2016-09-15 16:12:13 B46099A534B7989D80330EA82D9092D6 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll 2016-09-15 16:12:13 B1962E21F74697AB442FA4432B970E85 190976 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2016-09-15 16:12:13 9342404FC12123D921EAEF65F8599C22 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll 2016-09-15 16:12:13 89067FE9C89648998445B0FB87C9B1DF 316416 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2016-09-15 16:12:13 7979EA8F2EA15C930F2C8236F3F4F036 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe 2016-09-15 16:12:13 782DDA181B71FA8B03C439E5BF0A708B 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2016-09-15 16:12:13 766A34A54FC6A0ECBF8EDFD28A4F7D08 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2016-09-15 16:12:13 74405C6FEF9AF0A6EB1D3E357158EDA4 312320 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2016-09-15 16:12:13 6B9B262066A4954D1BC8D55CD5A1DE1F 690688 ----a-w- C:\Windows\Sysnative\adtschema.dll 2016-09-15 16:12:13 487601317F3DB0C972FE5ABE1F6A1557 44032 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2016-09-15 16:12:13 41EE9CED8075A6D89431FC39DD60A278 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2016-09-15 16:12:13 3752B0A50F1A239BCD549C753774572C 43520 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2016-09-15 16:12:13 2CEF280BF6A300863BC3D8B279D86356 114408 ----a-w- C:\Windows\Sysnative\consent.exe 2016-09-15 16:12:13 26443F6B5D1692D97976C78E66F93B0B 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2016-09-15 16:12:13 2430391BDED12D866D6D3BEF255470B9 141824 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2016-09-15 16:12:13 1CCAF735FF8E0D1AE6A6F2C85CF2AF0E 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2016-09-15 16:12:13 1BD70157E3E7B9D7F1A67A728CA45D08 25088 ----a-w- C:\Windows\Sysnative\msimsg.dll 2016-09-15 16:12:13 162602852D72A20528620FC2865BA7D7 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2016-09-15 16:12:13 1276DC55C5727AC593E41D18FB5317C6 228864 ----a-w- C:\Windows\Sysnative\wintrust.dll 2016-09-15 16:12:13 11417DB50AF5F96E3CB3C88593EEAB1B 128512 ----a-w- C:\Windows\Sysnative\msiexec.exe 2016-09-15 16:12:13 0EDC6C454A9ACFE4B84725004678D453 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2016-09-15 16:12:13 0A1939D3261498FF0ADDB3FD65CC93E3 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2016-09-15 16:12:13 07FA7B813F15F0A19AF82D77CE8CF978 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2016-09-15 16:12:13 07932D7BA536B0BB58306A156A9AFC31 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2016-09-15 16:12:13 0682C2EB736B22BF05C02D475A117A2F 463872 ----a-w- C:\Windows\Sysnative\certcli.dll 2016-09-15 16:12:13 03EE5AA694175884095CB5126162D7E4 59904 ----a-w- C:\Windows\Sysnative\appidapi.dll 2016-09-15 16:12:13 0220F878DB8D075BF1EF94BCDD2E055C 1464320 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2016-09-15 16:12:12 DBD79D5945FE150278EF5DE84B34A8BD 877056 ----a-w- C:\Windows\Sysnative\oleaut32.dll 2016-09-15 16:12:12 8F4B991E7837E8E0F90C856659456652 1009152 ----a-w- C:\Windows\Sysnative\user32.dll 2016-09-15 16:12:12 8911B5327E8A31D50ACC05AC8AF7E455 84480 ----a-w- C:\Windows\Sysnative\INETRES.dll 2016-09-15 16:12:12 7EB307D1909F1BEBBC395831295C0EA2 976896 ----a-w- C:\Windows\Sysnative\inetcomm.dll 2016-09-15 16:12:12 2EE086581ECBACC396B294A0112FF16D 3218432 ----a-w- C:\Windows\Sysnative\win32k.sys ====== C:\Windows\Sysnative\drivers ===== 2016-09-22 19:00:09 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2016-09-19 19:17:03 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\Sysnative\drivers\EsgScanner.sys 2016-09-15 16:12:22 EC666682FE8344CF7E6ED69E74FA9F4F 464896 ----a-w- C:\Windows\Sysnative\drivers\srv.sys 2016-09-15 16:12:22 E450C0318DCE8ED28ED272C8806B8495 405504 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys 2016-09-15 16:12:22 9C12C78AD36C23D925711A4640228225 168960 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys 2016-09-15 16:12:13 F93EDDF0B69760456C6E0D73405AC078 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-09-15 16:12:13 EB7BB4F58971F4FE099B3CE127346563 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-09-15 16:12:13 A558D659B722FE5FB8C6E1BF288F7316 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-09-15 16:12:13 6EBBA531A455E8F1092FD530A8682A97 154856 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-09-15 16:12:13 52F8C264D3BF90D2726FDE6642A381D4 62464 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2016-09-15 16:12:13 341C65D6D4E9AB705258AC83511F7ADD 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-09-15 16:12:12 B2875D7ABB82867DC3AA03D991940201 1896168 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2016-09-15 16:12:12 7FE5586314EE7D6AA8483264A089E5AF 46080 ----a-w- C:\Windows\Sysnative\drivers\tcpipreg.sys 2016-09-15 16:12:12 5545D2CB5DC6855ADAE275D50FEC1CFF 377576 ----a-w- C:\Windows\Sysnative\drivers\netio.sys 2016-09-15 16:12:12 1140F1415D3CF49B4038CD346C2AE91A 287976 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2016-09-04 15:48:02 6F6F94E2D41B5B89375D6214D155577F 14093368 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys 2016-09-04 15:48:02 67B51A97733B10D716B366C2ED126763 223304 ----a-w- C:\Windows\Sysnative\drivers\nvhda64v.sys 2016-09-04 15:48:02 38175904276F86EA4704EC13B77FB4B0 56376 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys ====== C:\Windows\Tasks ====== 2016-09-05 18:50:47 -------- d-----w- C:\Windows\Sysnative\Tasks\Apple ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-09-13 17:48:43 -------- d-----w- C:\Program Files\iPod 2016-09-13 17:48:42 -------- d-----w- C:\Program Files\iTunes 2016-09-09 13:25:57 -------- d-----w- C:\Program Files\A3Launcher 2016-09-05 18:50:37 -------- d-----w- C:\Program Files\Bonjour ======= C:\PROGRA~2 ===== 2016-09-22 17:58:28 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2016-09-05 18:50:47 -------- d-----w- C:\PROGRA~2\Apple Software Update 2016-09-05 18:50:37 -------- d-----w- C:\PROGRA~2\Bonjour 2016-09-04 15:48:40 -------- d-----w- C:\PROGRA~2\VulkanRT ======= C: ===== 2016-09-19 19:17:25 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Simon\AppData\Roaming ====== 2016-09-20 16:38:39 -------- d-----w- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-09-09 12:33:21 -------- d-----w- C:\Users\Simon\AppData\Local\Bohemia_Interactive 2016-09-09 12:33:20 -------- d-----w- C:\Users\Simon\AppData\Local\Arma 3 Launcher 2016-09-09 12:20:40 -------- d-----w- C:\Users\Simon\AppData\Local\Arma 3 2016-09-08 16:31:40 -------- d-----w- C:\Users\Simon\AppData\Locallow\uTorrent ====== C:\Users\Simon ====== 2016-09-22 17:58:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-09-22 17:57:47 271BD1D1A794BAFCC4A197E14C071A4E 739904 ----a-w- C:\Users\Simon\Downloads\chromeinstall-8u101 (1).exe 2016-09-22 17:56:44 271BD1D1A794BAFCC4A197E14C071A4E 739904 ----a-w- C:\Users\Simon\Downloads\chromeinstall-8u101.exe 2016-09-21 15:24:12 DB9530DFF0A71D48E4877D47990AF006 8244656 ----a-w- C:\Users\Simon\Downloads\ccsetup522.exe 2016-09-20 20:24:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Simon\Desktop\RSITx64.exe 2016-09-19 21:50:05 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\Simon\Downloads\mbam-setup-2.2.1.1043.exe 2016-09-19 21:48:17 D0C3F0827A1CC0107E5D42E23F664A84 3861056 ----a-w- C:\Users\Simon\Downloads\AdwCleaner (1).exe 2016-09-19 21:45:22 D0C3F0827A1CC0107E5D42E23F664A84 3861056 ----a-w- C:\Users\Simon\Downloads\AdwCleaner.exe 2016-09-19 19:17:13 -------- d-----w- C:\Users\Simon\Start Menu 2016-09-19 19:16:50 FF00E6F2FA487FC76629666127044DEA 3516080 ----a-w- C:\Users\Simon\Downloads\SpyHunter-Installer.exe 2016-09-13 17:48:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-09-09 13:25:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A3Launcher 2016-09-09 13:25:24 C31893EA0D8F6856B5A90A2E59FA0872 13913152 ----a-w- C:\Users\Simon\Downloads\setup_a3launcher (1).exe 2016-09-09 12:20:40 -------- d-----w- C:\ProgramData\Bohemia Interactive 2016-09-09 11:53:34 C31893EA0D8F6856B5A90A2E59FA0872 13913152 ----a-w- C:\Users\Simon\Downloads\setup_a3launcher.exe 2016-09-04 15:48:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-08-28 13:40:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends ====== C: exe-files == 2016-09-22 17:58:13 F8211DB97BF852C3292C3E9C710C19D9 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2016-09-22 17:58:13 E3E51A21B00CDDE757E4247257AA7891 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2016-09-22 17:58:13 48C96771106DBDD5D42BBA3772E4B414 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2016-09-22 17:58:12 F8211DB97BF852C3292C3E9C710C19D9 269888 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaws.exe 2016-09-22 17:58:12 F434A8AC7F1C8C0E2587B9A9F30E397B 52800 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssvagent.exe 2016-09-22 17:58:12 ED3F3D8E4C382BF8095B9DE217511E29 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\policytool.exe 2016-09-22 17:58:12 E9AA62B1696145A08D223E7190785E25 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\pack200.exe 2016-09-22 17:58:12 E3E51A21B00CDDE757E4247257AA7891 191040 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\java.exe 2016-09-22 17:58:12 CF2F023D2B5F0BFB2ECF8AEEA7C51481 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\java-rmi.exe 2016-09-22 17:58:12 CA17B8CBD623477C5D1D334B79890225 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\klist.exe 2016-09-22 17:58:12 C2A59C7343D370BC57765896490331E5 70208 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe 2016-09-22 17:58:12 C15F0FE651B05F4288CBC3672F6DC3CE 159296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\unpack200.exe 2016-09-22 17:58:12 B4AD335E868693F009B7644E2ED555C1 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\ktab.exe 2016-09-22 17:58:12 9A4CF09834F086568DF469E3F670BF07 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\keytool.exe 2016-09-22 17:58:12 7DA6AA3CC4763C6F9C20B43E6C9A9547 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\orbd.exe 2016-09-22 17:58:12 7624A9B769CDCF3A75FE5A9FEAADD61F 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\tnameserv.exe 2016-09-22 17:58:12 5F85F7F2DFAC397D642834B61809240F 82496 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2launcher.exe 2016-09-22 17:58:12 530D5597E565654D378F3C87654CCABA 30784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\jabswitch.exe 2016-09-22 17:58:12 4F11D43AA2215CE771DA528878F01C8E 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\jjs.exe 2016-09-22 17:58:12 4DE6BFE6EA98BC42A5358ED8307107B2 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\kinit.exe 2016-09-22 17:58:12 48C96771106DBDD5D42BBA3772E4B414 191552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe 2016-09-22 17:58:12 43C1D1D0E248604CB3B643C0BDF4EC9A 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\servertool.exe 2016-09-22 17:58:12 31C0CED43A07A2DFF3AFC557EBABBE0F 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\rmiregistry.exe 2016-09-22 17:58:12 12B6E1C3205A8B17AC20E00A889DFC43 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\rmid.exe 2016-09-22 17:57:47 271BD1D1A794BAFCC4A197E14C071A4E 739904 ----a-w- C:\Users\Simon\Downloads\chromeinstall-8u101 (1).exe 2016-09-22 17:56:44 271BD1D1A794BAFCC4A197E14C071A4E 739904 ----a-w- C:\Users\Simon\Downloads\chromeinstall-8u101.exe 2016-09-21 17:22:32 F79AC417D93C32467347AD057764E38C 743600 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.780\autorunsc64.exe 2016-09-21 17:22:32 D510609047DEE6DF0A5DDBF84EA196FB 629928 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.780\autorunsc.exe 2016-09-21 17:22:32 3D5554237D26BEE4B146193121FEA746 843440 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.780\Autoruns64.exe 2016-09-21 17:22:32 088E659223761E033284CE23CABFF819 715424 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.780\Autoruns.exe 2016-09-21 17:21:48 F79AC417D93C32467347AD057764E38C 743600 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.333\autorunsc64.exe 2016-09-21 17:21:48 D510609047DEE6DF0A5DDBF84EA196FB 629928 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.333\autorunsc.exe 2016-09-21 17:21:48 3D5554237D26BEE4B146193121FEA746 843440 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.333\Autoruns64.exe 2016-09-21 17:21:48 088E659223761E033284CE23CABFF819 715424 ------w- C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.333\Autoruns.exe 2016-09-21 15:24:12 DB9530DFF0A71D48E4877D47990AF006 8244656 ----a-w- C:\Users\Simon\Downloads\ccsetup522.exe 2016-09-21 15:16:12 7339DDA5031988D1A4399D57C546108D 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe 2016-09-20 20:24:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Simon\Desktop\RSITx64.exe 2016-09-20 16:38:39 9CF3DC8A48713B6C79FD2D4E90DFCDBD 25382344 ----a-w- C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe 2016-09-20 16:38:39 88307018C7889C08D96CFA7FE0A44507 174056 ----a-w- C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 2016-09-20 16:38:39 87BAD536426F26D39D5684D3217DCEAF 36648 ----a-w- C:\Users\Simon\AppData\Roaming\Dropbox\bin\driver_x86\dbxsvc.exe 2016-09-20 16:38:39 38ABCA069E5C5B0F3C79A974A7FE49BD 42792 ----a-w- C:\Users\Simon\AppData\Roaming\Dropbox\bin\driver_amd64\dbxsvc.exe 2016-09-20 16:38:29 A9FE04469DB1BD154935370D794DF5ED 70542136 ----a-w- C:\Users\Simon\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\10.4.26\DropboxClient_10.4.26.exe 2016-09-19 21:50:05 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\Simon\Downloads\mbam-setup-2.2.1.1043.exe 2016-09-19 21:48:17 D0C3F0827A1CC0107E5D42E23F664A84 3861056 ----a-w- C:\Users\Simon\Downloads\AdwCleaner (1).exe 2016-09-19 21:45:22 D0C3F0827A1CC0107E5D42E23F664A84 3861056 ----a-w- C:\Users\Simon\Downloads\AdwCleaner.exe 2016-09-19 19:16:50 FF00E6F2FA487FC76629666127044DEA 3516080 ----a-w- C:\Users\Simon\Downloads\SpyHunter-Installer.exe === C: other files == 2016-09-22 19:00:09 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2016-09-22 19:00:04 8741E6DF191C805028B92CEC44B1BA88 27320 ----a-w- C:\Windows\Temp\cpuz138\cpuz138_x64.sys 2016-09-22 17:58:12 91052ADB799AEF68EA76931997C40CE4 14156 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\lib\deploy\ffjcext.zip 2016-09-21 16:58:37 4D96F8E2BAD1AD13DB934209A7036372 1304400 ----a-w- C:\Users\Simon\Downloads\Autoruns.zip 2016-09-20 16:38:39 9516B0A2506DFAD604A0CDC42E21650D 73840 ----a-w- C:\Users\Simon\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-stable.sys 2016-09-20 16:38:39 9516B0A2506DFAD604A0CDC42E21650D 73840 ----a-w- C:\Users\Simon\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-dev.sys 2016-09-20 16:38:39 9516B0A2506DFAD604A0CDC42E21650D 73840 ----a-w- C:\Users\Simon\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-canary.sys 2016-09-20 16:38:39 7D564ACBF730162DFFB3552A84022B15 62064 ----a-w- C:\Users\Simon\AppData\Roaming\Dropbox\bin\driver_x86\dbx-stable.sys 2016-09-20 16:38:39 7D564ACBF730162DFFB3552A84022B15 62064 ----a-w- C:\Users\Simon\AppData\Roaming\Dropbox\bin\driver_x86\dbx-dev.sys 2016-09-20 16:38:39 7D564ACBF730162DFFB3552A84022B15 62064 ----a-w- C:\Users\Simon\AppData\Roaming\Dropbox\bin\driver_x86\dbx-canary.sys 2016-09-19 19:17:25 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat 2016-09-19 19:17:03 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-21300297-881835126-3664115066-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe" "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTAgent.exe -autorun" "CorsairLink4"="C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe -startup" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "uTorrent"="C:\Users\Simon\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "NIRegistrationWizard"="C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1043" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "ASUS AiChargerPlus Execute"="C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" "ASUS Media Streamer WSAgent"="C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe" "ROGRAMCACHE"="C:\Program Files (x86)\ROGRAMCACHE\RamCache.exe" "Live Update"="C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER" "Corsair Gaming Headset Software"="C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe /minimized" "ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun" "BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "WebStorage"="C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSPanel.exe /S" "ASUS Media Streamer DMS"="C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe" "ASUS Media Streamer ShareEdit"="C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe" "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTAgent.exe -autorun" "CorsairLink4"="C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe -startup" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "uTorrent"="C:\Users\Simon\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "NIRegistrationWizard"="C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1043" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAHS1Sound] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CAHS1Sound" "hkey"="HKLM" "command"="C:\\Windows\\syswow64\\RunDll32.exe C:\\Windows\\Syswow64\\CAHS1.dll,CMICtrlWnd" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\jsUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jsUpdate" "hkey"="HKLM" "command"="C:\\Users\\Simon\\AppData\\Roaming\\tda\\obj.cmd C:\\Users\\Simon\\AppData\\Roaming\\tda\\ioq.cmc" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Simon\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WdicobuUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WdicobuUpdate" "hkey"="HKLM" "command"="C:\\Users\\Simon\\AppData\\Roaming\\mlm\\edl.bat C:\\Users\\Simon\\AppData\\Roaming\\mlm\\ovv.ofc" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WpdavesssUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WpdavesssUpdate" "hkey"="HKLM" "command"="C:\\Users\\Simon\\AppData\\Roaming\\slp\\uvq.bat C:\\Users\\Simon\\AppData\\Roaming\\slp\\wmr.mdk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WrhostsssssssUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WrhostsssssssUpdate" "hkey"="HKLM" "command"="C:\\Users\\Simon\\AppData\\Roaming\\ddh\\hpa.com C:\\Users\\Simon\\AppData\\Roaming\\ddh\\ckr.udt" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\LOLRecorder.lnk" "backup"="C:\\Windows\\pss\\LOLRecorder.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="E:\\PROGRA~1\\LOLREP~1\\LOLREC~1.EXE -minimize" "item"="LOLRecorder" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Simon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CHcgYAYTVhNBCTMJ.cmd.lnk] "path"="C:\\Users\\Simon\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CHcgYAYTVhNBCTMJ.cmd.lnk" "backup"="C:\\Windows\\pss\\CHcgYAYTVhNBCTMJ.cmd.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Simon\\AppData\\Roaming\\IFAZGE~1.CMD C:\\Users\\Simon\\AppData\\Roaming\\iFaZGeUKaMJSAAbhQfS" "item"="CHcgYAYTVhNBCTMJ.cmd" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Simon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^irVzWJrYnjU.lnk] "path"="C:\\Users\\Simon\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\irVzWJrYnjU.lnk" "backup"="C:\\Windows\\pss\\irVzWJrYnjU.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Simon\\AppData\\Roaming\\ALETHJ~1\\HKRVSG~1.EXE " "item"="irVzWJrYnjU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Simon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NzWJrYnjUOgh.lnk] "path"="C:\\Users\\Simon\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NzWJrYnjUOgh.lnk" "backup"="C:\\Windows\\pss\\NzWJrYnjUOgh.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Simon\\AppData\\Roaming\\ALETHJ~2\\ZRVSGX~1.EXE " "item"="NzWJrYnjUOgh" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Simon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^qArVzWJ.lnk] "path"="C:\\Users\\Simon\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\qArVzWJ.lnk" "backup"="C:\\Windows\\pss\\qArVzWJ.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Simon\\AppData\\Roaming\\WLETHJ~1\\HFKRVS~1.EXE " "item"="qArVzWJ" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Simon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sclMgr.org.url] "path"="C:\\Users\\Simon\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\sclMgr.org.url" "backup"="C:\\Windows\\pss\\sclMgr.org.url.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Simon\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\sclMgr.org.url" "item"="sclMgr.org" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Simon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^svncmgr).org.url] "path"="C:\\Users\\Simon\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svncmgr).org.url" "backup"="C:\\Windows\\pss\\svncmgr).org.url.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Simon\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svncmgr).org.url" "item"="svncmgr).org" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Simon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Update.lnk] "path"="C:\\Users\\Simon\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Update.lnk" "backup"="C:\\Windows\\pss\\Update.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Simon\\AppData\\Roaming\\Windevice.exe " "item"="Update" ==== Startup Folders ====================== 2013-12-02 16:00:07 289 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD 2013-12-02 16:00:07 289 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD 2015-12-04 15:30:55 1040 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk 2016-03-14 19:23:34 1223 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13-09-2016 19:00] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-21300297-881835126-3664115066-1000Core.job --a------ C:\Users\Simon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [17-06-2015 13:27] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-21300297-881835126-3664115066-1000UA.job --a------ C:\Users\Simon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [17-06-2015 13:27] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31-08-2015 00:41] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31-08-2015 00:41] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-21300297-881835126-3664115066-1000Core" [C:\Users\Simon\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-21300297-881835126-3664115066-1000UA" [C:\Users\Simon\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GyazoUpdateTaskMachine" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"] "C:\Windows\SysNative\tasks\GyazoUpdateTaskMachineDaily" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"] "C:\Windows\SysNative\tasks\MSISW_Host" [C:\Windows\SysWOW64\muachost.exe] "C:\Windows\SysNative\tasks\NIUpdateServiceCheckTask" [C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe] "C:\Windows\SysNative\tasks\NIUpdateServiceStartupTask" [C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe] "C:\Windows\SysNative\tasks\SS2svc32Run" ["C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe"] "C:\Windows\SysNative\tasks\SS2svc64Run" ["C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe"] "C:\Windows\SysNative\tasks\SS2UILauncherRun" ["C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe"] "C:\Windows\SysNative\tasks\{1B6C1E52-9F58-4497-9280-CC8230D0A28B}" [C:\Program Files (x86)\The SIMS 4 Deluxe Edition\Game\Bin\The.Sims.4.Launcher.exe] "C:\Windows\SysNative\tasks\{E59B0B60-5196-4D0C-8089-50B1CC214318}" [C:\Program Files (x86)\The SIMS 4 Deluxe Edition\Game\Bin\The.Sims.4.Launcher.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\ASUS\ASUS AISuiteIII" [C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe] "C:\Windows\SysNative\tasks\ASUS\ASUS DIPAwayMode" [C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe] "C:\Windows\SysNative\tasks\ASUS\ASUS Media Streamer DMR" [C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe] "C:\Windows\SysNative\tasks\ASUS\ASUS Product Register Service" [C:\Program Files (x86)\ASUS\APRP\aprp.exe] "C:\Windows\SysNative\tasks\ASUS\Ez Update" [C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe] "C:\Windows\SysNative\tasks\ASUS\GpuFanHelper" [C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe] "C:\Windows\SysNative\tasks\ASUS\KeyBot II Execute" [C:\Program Files (x86)\ASUS\KeyBot II\KeyBotII.exe] "C:\Windows\SysNative\tasks\ASUS\Push Notice Server Execute" [C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe] "C:\Windows\SysNative\tasks\ASUS\RamDisk" [C:\Program Files (x86)\ASUS\ROG RAMDisk\loadImage.exe] "C:\Windows\SysNative\tasks\ASUS\RC TweakIt Server Execute" [C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe] "C:\Windows\SysNative\tasks\ASUS\USB 3.0 Boost Service" [C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== Profilepath: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4mzr269p.default D1DC265C3FF7F92B4A75A55B3749D48C - e:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 2D389D314D1928AA30778229090F9AD3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 12168CF405F3A7D6C722517D631FCD1D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll - Shockwave Flash DDC4B753983AF90EEDA7360C16D4D39A - C:\Users\Simon\AppData\Roaming\Mozilla\plugins\npoctoshape.dll - Octoshape Streaming Services 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[25-05-2016 10:31] Google Slides - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Ban Checker for Steam - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\canbadmphamemnmdfngmcabnjmjgaiki SIH - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl Image Downloader - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj Google Search - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Tampermonkey - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo Google Sheets - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap LoungeDestroyer - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl Google Docs Offline - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Whitelisted domains - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Unlimited Free VPN - Hola - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio Infinite HD App - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\laealigljflmglcgncipdbmbjgjdpiim Skype - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Chrome Web Store Payments - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02