Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Brokken on za 15-10-2016 at 17:58:05,63. Microsoft Windows 10 Home 10.0.14393 x64 Running in: Normal Mode Internet Access Detected Launched: D:\Users\Brokken\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-03-26-154258.log 7136 bytes C:\zoek-results2014-03-26-182434.log 419811 bytes C:\zoek-results2014-03-27-163500.log 1815 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\Blender Foundation deleted successfully C:\Program Files\stinger deleted successfully C:\PROGRA~3\374311380 deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Brokken\AppData\Local\ActiveSync deleted successfully C:\Users\Brokken\AppData\Local\EmieSiteList deleted successfully C:\Users\Brokken\AppData\Local\EmieUserList deleted successfully C:\Users\Brokken\AppData\Local\NetworkTiles deleted successfully C:\Users\Brokken\AppData\Local\Skype deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1256367049-2053008340-3862287469-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a5d4ef98-56ef-4a0e-b3bb-756c90b191c1} deleted successfully HKEY_USERS\S-1-5-21-1256367049-2053008340-3862287469-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a5d4ef98-56ef-4a0e-b3bb-756c90b191c1} deleted successfully HKEY_USERS\S-1-5-21-1256367049-2053008340-3862287469-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D87D91DA-1B5C-4251-A42C-E3D01EB89AE7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a5d4ef98-56ef-4a0e-b3bb-756c90b191c1} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a5d4ef98-56ef-4a0e-b3bb-756c90b191c1} deleted successfully HKEY_CLASSES_ROOT\CLSID\{a5d4ef98-56ef-4a0e-b3bb-756c90b191c1} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{a5d4ef98-56ef-4a0e-b3bb-756c90b191c1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5d4ef98-56ef-4a0e-b3bb-756c90b191c1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5d4ef98-56ef-4a0e-b3bb-756c90b191c1} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\TeamViewer\tv_w32.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe C:\Users\Brokken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Flashpaste\FlashPaste.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Gyazo\GyStation.exe C:\Users\Brokken\AppData\Local\join.me.launcher\join.me.launcher.exe C:\Users\Brokken\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Skype\Phone\Skype.exe D:\Users\Brokken\Downloads\zoek.exe C:\WINDOWS\SysWoW64\cmd.exe C:\Windows\SysWoW64\cmd.exe C:\WINDOWS\SysWoW64\cmd.exe ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21cc998b-3c49-4015-bb11-a3863aae5658}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5d4ef98-56ef-4a0e-b3bb-756c90b191c1}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5d4ef98-56ef-4a0e-b3bb-756c90b191c1}] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\GoSaivve not found C:\Program Files (x86)\GoSaivve not found C:\PROGRA~2\OptOn deleted C:\PROGRA~2\YoUtubeAddBlocke deleted C:\PROGRA~2\Anti DDoS Guardian 3.3 deleted C:\Users\Brokken\AppData\Roaming\Sublime Text 2 deleted C:\Users\Brokken\AppData\Roaming\DVDVideoSoft deleted C:\Users\Brokken\AppData\LocalLow\Messenger_Plus_BE deleted C:\found.000 deleted C:\found.001 deleted C:\found.002 deleted C:\found.003 deleted C:\found.004 deleted C:\found.005 deleted C:\PROGRA~3\YoUtubeAddBlocke deleted C:\PROGRA~3\OptOn deleted C:\PROGRA~3\GoSaivve deleted C:\PROGRA~3\{08E30618-5D06-461B-BBD3-4ADFB0810824} deleted C:\PROGRA~3\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2} deleted C:\PROGRA~3\{1D11E9B5-801D-4DE3-8A18-77AC160788F6} deleted C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted C:\PROGRA~3\{E6A5D1F3-568D-4BA2-B7B6-7B6E93D9DA97} deleted C:\PROGRA~3\Package Cache deleted C:\Users\Brokken\AppData\Local\updater.log deleted C:\Users\Brokken\AppData\Local\TempPearl-Flooder2.exe deleted C:\Users\Brokken\AppData\Local\Unity deleted C:\Users\Brokken\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Brokken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\patsearch.bin deleted C:\WINDOWS\SysNative\roboot64.exe deleted C:\Users\Brokken\AppData\LocalLow\Unity deleted C:\WINDOWS\wininit.ini deleted C:\windows\SysNative\tasks\update-S-1-5-21-1256367049-2053008340-3862287469-1000 deleted C:\WINDOWS\tasks\update-S-1-5-21-1256367049-2053008340-3862287469-1000.job deleted C:\windows\SysNative\tasks\LuckyTab deleted C:\windows\SysNative\tasks\ASP deleted C:\windows\SysNative\drivers\Msft_Kernel_webinstrNew_01009.Wdf deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\Public\Desktop\YouTube Downloader.lnk deleted "C:\Users\Brokken\AppData\Local\{B7D6D47D-6EBC-4DC9-942E-76F436856FB0}" deleted "C:\Users\Brokken\AppData\Local\{E2252F3A-28C5-451B-9F60-B97F813829CF}" deleted "C:\windows\SysNative\drivers\{c5e0dd0c-2656-4164-950a-70d8fa52d159}w64.sys" deleted "C:\PROGRA~3\d89aecb949ced122\{44E4311D-BA06-FD43-505E-17DC53F4C22F}.20141019142316" deleted "C:\PROGRA~3\d89aecb949ced122\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20141019140826" deleted "C:\PROGRA~3\d89aecb949ced122\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20141019140844" deleted "C:\PROGRA~3\d89aecb949ced122\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141019140811" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\join.me.launcher.exe" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.Bootstrapper.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.BusinessLogic.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.DataAccess.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.Infrastructure.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.Launcher.Win.Shared.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.PubNub.Win.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.Resources.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.TransientFaultHandling.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\Microsoft.Practices.Prism.PubSubEvents.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\Microsoft.Practices.Unity.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\Newtonsoft.Json.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\NLog.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\System.Reactive.Core.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\System.Reactive.Interfaces.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\System.Reactive.Linq.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\join.me.launcher.exe" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.Bootstrapper.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.BusinessLogic.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.DataAccess.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.Infrastructure.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.Launcher.Win.Shared.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.PubNub.Win.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.Resources.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\JoinMe.TransientFaultHandling.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\Microsoft.Practices.Prism.PubSubEvents.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\Microsoft.Practices.Unity.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\Newtonsoft.Json.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\NLog.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\System.Reactive.Core.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\System.Reactive.Interfaces.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\System.Reactive.Linq.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\nl-NL\JoinMe.Resources.resources.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\ExternalLibs\x86\JoinMe.Launcher.Win.Wrapper.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\nl-NL\JoinMe.Resources.resources.dll" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\ExternalLibs\x86\JoinMe.Launcher.Win.Wrapper.dll" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.4.0.1\Lightshot.dll" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.4.0.1\Lightshot.exe" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.4.0.1\uploader.dll" deleted "C:\PROGRA~3\d89aecb949ced122" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher" deleted "C:\PROGRA~2\Skillbrains" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\ExternalLibs" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\nl-NL" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\ExternalLibs\x86" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\ExternalLibs" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\nl-NL" deleted "C:\Users\Brokken\AppData\Local\join.me.launcher\ExternalLibs\x86" deleted "C:\PROGRA~2\Skillbrains\lightshot" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.4.0.1" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 4096 MB CPU Info: Intel(R) Core(TM)2 Duo CPU T5900 @ 2.20GHz CPU Speed: 930,5 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: NVIDIA GeForce GT 220M | NVIDIA GeForce GT 220M Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: This Qualcomm Atheros network Controller connects you to the network. | Atheros AR9285 Wireless Network Adapter | Microsoft Wi-Fi Direct Virtual Adapter CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW TS-L633C Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 116,0GB | D: 334,7GB Hard Disks - Free: C: 44,5GB | D: 245,0GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 12/03/09 | _ASUS_ - 20091203 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK Computer Inc. N71Vg Country: Nederland Language: NLD ==== System Specs (Software) ====================== Default Browser: Google Chrome 53.0.2785.143 Internet Explorer Version: 11.321.14393.0 Google Chrome version: 53.0.2785.143 Adobe Reader version: 15.20.20039.203716 Sun Java version: 1.8.0_101 (32-bit) Sun Java version: 1.8.0_101 (64-bit) Flash Player version: 23.0.0.162 Shockwave Player version: 12.0.7r148 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-09-29 19:57:45 FC689BE36FA4254D8576A23B697B6B17 130560 ----a-w- C:\WINDOWS\splwow64.exe 2016-09-29 19:56:36 13BE475DA00AB05866CC3632F5AD54B0 4673296 ----a-w- C:\WINDOWS\explorer.exe 2016-09-25 15:54:30 A16E07E6536DF19AE4EA8BDAAEA2C356 15243 ----a-w- C:\WINDOWS\diagwrn.xml 2016-09-25 15:54:30 A16E07E6536DF19AE4EA8BDAAEA2C356 15243 ----a-w- C:\WINDOWS\diagerr.xml 2016-09-25 02:23:20 4B9A306C832256A0A704709B65E56F06 67584 --s-a-w- C:\WINDOWS\bootstat.dat ====== C:\Users\Brokken\AppData\Local\Temp ==== ====== Java Cache ===== 2016-10-15 15:59:05 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Brokken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\a69c80-769d07bb 2016-10-15 15:59:00 33E6A7F07217C4DAFA9AA4E7714A0CCA 8513 ----a-w- C:\Users\Brokken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2afc474c-5182fae4 2016-10-15 15:59:00 4F85459CEC4F78A3987FFFD5B6A816C5 605 ----a-w- C:\Users\Brokken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\39ba0a44-536c34ff 2016-10-15 15:59:00 E291EA331919314014D3475EC28E9B23 430 ----a-w- C:\Users\Brokken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\39ba0a44-688f43ff70552e1e5729d3d88fa07cedfe6cd31c5920b3375f93ff861c1ecdcf-6.0.lap ====== C:\WINDOWS\SysWOW64 ===== 2016-10-15 15:55:54 F78D2BF2C551BE9DF6A2F3210A2964C1 97856 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2016-10-12 14:39:05 E9B97084F697B86201B806DDCCD61A66 88576 ----a-w- C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll 2016-10-12 14:39:05 1B79E6C75FBB444D8DFAFECE2B531533 426496 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll 2016-10-12 14:39:04 E2A881762265DB7F7B6A5A8E956A399A 156672 ----a-w- C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll 2016-10-12 14:39:04 1F058E25DCECC6320C4BDCEDCE9F1EBC 327680 ----a-w- C:\WINDOWS\SysWOW64\daxexec.dll 2016-10-12 14:39:03 82204FBC3AFC6313FDD1C0BD0B2C79F2 873472 ----a-w- C:\WINDOWS\SysWOW64\aadtb.dll 2016-10-12 14:39:03 0AED554D8EF07E5084A2DFBD860896A7 6474752 ----a-w- C:\WINDOWS\SysWOW64\mspaint.exe 2016-10-12 14:39:02 E8D162BD3E2BBB989CB62397D65D3558 566784 ----a-w- C:\WINDOWS\SysWOW64\ShareHost.dll 2016-10-12 14:39:02 E2333F2B0B8703DDFE5AD2819F0750F5 483840 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll 2016-10-12 14:39:02 86EA9C1176BDA42F6C9C66568732505C 2005504 ----a-w- C:\WINDOWS\SysWOW64\DWrite.dll 2016-10-12 14:39:02 4A7AD501B449CED36AC774EE6A6FF0B0 117760 ----a-w- C:\WINDOWS\SysWOW64\AuthBroker.dll 2016-10-12 14:39:01 CBB5BFC926BAA8764F57504C0CA0FC23 404992 ----a-w- C:\WINDOWS\SysWOW64\dsreg.dll 2016-10-12 14:39:01 91EFFACD1CBBB4E2F10FC6CEBA1ECC22 184320 ----a-w- C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2016-10-12 14:39:01 4F18FBFEA9072A8B7FDF45A9FD6A2AA5 7625728 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll 2016-10-12 14:38:59 581E42C73DFE22F2F508CAE792C495C0 12174848 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2016-10-12 14:38:53 FC8718208DEC3C78D639E34312468348 691712 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2016-10-12 14:38:51 A6F3613C9B4E4D4253850E296800F7FE 2256592 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2016-10-12 14:38:44 D0D95F33F633EF118A8E20DF418F81F6 141312 ----a-w- C:\WINDOWS\SysWOW64\dialclient.dll 2016-10-12 14:38:44 6D5748534C4B97B454B3C7F43D7EF848 431616 ----a-w- C:\WINDOWS\SysWOW64\efswrt.dll 2016-10-12 14:38:43 A7BE9485CFF9D25C244CD3E527AF521D 19418624 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2016-10-12 14:38:41 C76D78A0E91AEF7B1AE6538AE8598EA9 19416576 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2016-10-12 14:38:39 E9635D385A8CDDC82661C2E6546E6C2F 822784 ----a-w- C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-10-12 14:38:38 77B047B6D08AFC1578D03BC35FD94FA4 2682880 ----a-w- C:\WINDOWS\SysWOW64\netshell.dll 2016-10-12 14:38:38 3DA9BB2E4A08120757234C0B96905F95 6043136 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll 2016-10-12 14:38:36 C856C469D9459E6AF98224FC6A30742B 125952 ----a-w- C:\WINDOWS\SysWOW64\apprepapi.dll 2016-10-12 14:38:35 73C3BEC894A2B2CE2C434D4995C36095 284672 ----a-w- C:\WINDOWS\SysWOW64\apprepsync.dll 2016-10-12 14:38:34 0E4840CFB644AFD4DCABE47C373FA06C 6108672 ----a-w- C:\WINDOWS\SysWOW64\mos.dll 2016-10-12 14:38:32 F3EC40332BD488E66EF008018023B0C0 3667456 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2016-10-12 14:38:32 B0DA5BABD745E9D07DA0B36E46C6CA8F 1456640 ----a-w- C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-10-12 14:38:31 53014B10D80AB2697CBD24FAD80EB477 884224 ----a-w- C:\WINDOWS\SysWOW64\inetcomm.dll 2016-10-12 14:38:31 18C0DF852EB4BAE839E94410F49CF6F0 545944 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-10-12 14:38:30 B65E65E8A58F68FCC8230E450DDD5C2B 3689984 ----a-w- C:\WINDOWS\SysWOW64\msi.dll 2016-10-12 14:38:29 C8D375B53A863F5CDD3220E4F3A232D5 55808 ----a-w- C:\WINDOWS\SysWOW64\offreg.dll 2016-10-12 14:38:29 39809F1A942E32FDFA115944754A180E 137216 ----a-w- C:\WINDOWS\SysWOW64\credprovs.dll 2016-10-12 14:38:27 426B59A08D30F2EC996AABFEDF994165 850944 ----a-w- C:\WINDOWS\SysWOW64\ContactApis.dll 2016-10-12 14:38:27 309953E2C926A475986B0B8D2C945BE0 299520 ----a-w- C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2016-10-12 14:38:26 989DDA548FBD96F5D3637976022CE5D0 661504 ----a-w- C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2016-10-12 14:38:26 355B607EF9E48A76B4E262CFDBAD4162 710144 ----a-w- C:\WINDOWS\SysWOW64\AppointmentApis.dll 2016-10-12 14:38:26 312DC38536876B54D006CD45E6193C78 858112 ----a-w- C:\WINDOWS\SysWOW64\EmailApis.dll 2016-10-12 14:38:25 9A2D5638547777085AC41A24D28DE2E5 640000 ----a-w- C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-10-12 14:38:25 1B95B6FE7406C76BEE2ED550BBB9E20D 2254336 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2016-10-12 14:38:24 F6E114D3392384C0D7B4004809166D75 1255936 ----a-w- C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-10-12 14:38:24 AA977093E4B741600108FBBDC539EC8F 567808 ----a-w- C:\WINDOWS\SysWOW64\ChatApis.dll 2016-10-12 14:38:24 9D2B100882C4225550374967544779B2 2646016 ----a-w- C:\WINDOWS\SysWOW64\CertEnroll.dll 2016-10-12 14:38:24 3852A1127B4934202FB81932EC9A2307 1594368 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2016-10-12 14:38:23 29532C1C7CD2DACE2CDA15769B98F016 7467520 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll 2016-10-12 14:38:22 4F323A3D28BEEA3645A51CE2EB222EC4 1430720 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-10-12 14:38:21 074C04D763F4FAFD9FF3E82603CD3075 3105792 ----a-w- C:\WINDOWS\SysWOW64\mstsc.exe 2016-10-12 14:38:20 B2061476B9CE8E9D504A3B83F2B13EFA 20965240 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2016-10-12 14:38:06 3A9383E849C3A408391B6AB32E74EFE6 508416 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2016-10-12 14:38:01 93A7E6EFEE6F70010663065DC9C181D7 1705976 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll 2016-10-12 14:38:00 A09950019C01AE9C1BC1CD49958C1DC6 980824 ----a-w- C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-10-12 14:37:58 DEAE6FA53B601224940E28F52B7536EE 3892352 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2016-10-12 14:37:56 486CEF1D0526E7F396CE3B47246F36EF 2999296 ----a-w- C:\WINDOWS\SysWOW64\win32kfull.sys 2016-10-12 14:37:55 4944BA3DB07BC661C9825F7514164480 12345856 ----a-w- C:\WINDOWS\SysWOW64\wmp.dll 2016-10-12 14:37:53 7ED19E4C5FE25DA46CBFE9D83510D40D 751104 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2016-10-12 14:37:53 6F6040B6156104113B9D8686ED65A74B 3369984 ----a-w- C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2016-10-12 14:37:53 0800BAC03625DDA09ED5134EB226DD57 94208 ----a-w- C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2016-10-12 14:37:52 B71A310E62ED5C40D3D61091075994CD 711680 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-10-12 14:37:52 A97B65A743CAD206E9637919150A3605 4612608 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-10-12 14:37:50 1C9D6D7A8056D311F21E3983E7CBF96A 584192 ----a-w- C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2016-10-12 14:37:48 F79810F082DA8542CA7BD7394223FE00 87040 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll 2016-10-12 14:37:48 E6675810782667FBA2625507FF212717 1013248 ----a-w- C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2016-10-12 14:37:48 BAD53ACABFC3A61C8C8521CAB2701CDA 674304 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-10-12 14:37:48 917FA3842E22439BFA78C24C1A1F64D5 116576 ----a-w- C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2016-10-12 14:37:47 A6ED9DDE24E8A8DD91D371C30FB63195 598528 ----a-w- C:\WINDOWS\SysWOW64\Windows.Web.dll 2016-10-12 14:37:45 C962B8C0799A37CDEB09CE15BF57B62B 1360456 ----a-w- C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-10-12 14:37:45 1FA30DD7A757FE41B3F5E9ECC6A1C923 1022304 ----a-w- C:\WINDOWS\SysWOW64\AppxPackaging.dll 2016-10-12 14:37:44 413A5EEDF6F48663B3F0926DD6BA0F1C 2356736 ----a-w- C:\WINDOWS\SysWOW64\MSVidCtl.dll 2016-10-12 14:37:43 9B89A211062056BAF0DE213D084715A3 310272 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-10-12 14:37:43 255DA8853C0D48A5D90CA836E8C6DE1E 58880 ----a-w- C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-10-12 14:37:42 818F687B7E0E3897FB073DB045E19C5C 123904 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll 2016-10-12 14:37:42 1EF08BE9541B7C738823EEDDF578D091 542208 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll 2016-10-12 14:37:39 2C63A048F00606F957C2504C82EF36BD 182784 ----a-w- C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-10-12 14:37:27 02B299257EFA78B690E5CDADEE8E17E5 1980768 ----a-w- C:\WINDOWS\SysWOW64\msxml6.dll 2016-10-12 14:37:22 C154CDD5F23922C5FF0BE5F68E281B99 589312 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll 2016-10-12 14:37:17 F968F7F6E379371EC2BCCBF1738829B3 89088 ----a-w- C:\WINDOWS\SysWOW64\adsmsext.dll 2016-10-05 12:25:46 8CB3DEFB8887C4F0846DB1FC1304D6D2 3851784 ----a-w- C:\WINDOWS\SysWOW64\D3DX9_39.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-10-12 14:39:01 42C292AA69762E4C630208064E412311 113664 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.ServiceDiscovery.Dnssd.dll 2016-10-12 14:39:01 170F8253749208D7C431F91676CD36EC 101888 ----a-w- C:\WINDOWS\Sysnative\UserDeviceRegistration.Ngc.dll 2016-10-12 14:39:00 91B1285AD75D2D7024ECB76853009E30 146432 ----a-w- C:\WINDOWS\Sysnative\AuthBroker.dll 2016-10-12 14:39:00 7722CBEFB4D140D5C443CC5D03F9778A 480768 ----a-w- C:\WINDOWS\Sysnative\dsreg.dll 2016-10-12 14:39:00 71C446BA0E327922E81D44DC7C92A3E9 268800 ----a-w- C:\WINDOWS\Sysnative\UserMgrProxy.dll 2016-10-12 14:39:00 47A88A58D75E255E06AE6BDCE5255D21 196096 ----a-w- C:\WINDOWS\Sysnative\UserDeviceRegistration.dll 2016-10-12 14:39:00 16747F22F593122590CC9B21964E20EA 759296 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2016-10-12 14:38:59 70C298C6990F5A0BBF60F5C035BAA0B9 2446696 ----a-w- C:\WINDOWS\Sysnative\msxml6.dll 2016-10-12 14:38:58 8B11CF0C3371BDC7C115E9E1DBF6DE3A 2800128 ----a-w- C:\WINDOWS\Sysnative\netshell.dll 2016-10-12 14:38:58 351979684DF4DBCEA8A0838E1124C6DE 1589248 ----a-w- C:\WINDOWS\Sysnative\msdtctm.dll 2016-10-12 14:38:57 424A70711226098D38F09CEEE96984B6 2914304 ----a-w- C:\WINDOWS\Sysnative\CertEnroll.dll 2016-10-12 14:38:56 CB55967A8A21117D5A37334D65352A2A 13081088 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2016-10-12 14:38:54 F1649FDFAD6FD8F8F96FEA0F51751404 1364992 ----a-w- C:\WINDOWS\Sysnative\wpncore.dll 2016-10-12 14:38:53 E010703EC49A1EBD7B90F57E0A9E6846 1322848 ----a-w- C:\WINDOWS\Sysnative\wpx.dll 2016-10-12 14:38:53 BB23DF07C549E3CBE21AA0D8E2CFCF2E 396800 ----a-w- C:\WINDOWS\Sysnative\ncsi.dll 2016-10-12 14:38:52 A6B63498681612EC54DA054F8CD58D4B 982528 ----a-w- C:\WINDOWS\Sysnative\inetcomm.dll 2016-10-12 14:38:52 9B9F520C72EE33EAEC857124BB800243 368640 ----a-w- C:\WINDOWS\Sysnative\nlasvc.dll 2016-10-12 14:38:52 979E1E43F50D4BA6EAD46DC54EAB57BA 157696 ----a-w- C:\WINDOWS\Sysnative\credprovs.dll 2016-10-12 14:38:52 72669C6C0B70C7617B32D123C72EF41C 425472 ----a-w- C:\WINDOWS\Sysnative\bcdedit.exe 2016-10-12 14:38:50 B568DDB9AF50A7AFB67EE2BEF2D026B3 2667520 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2016-10-12 14:38:50 92F0CBB6CE03C7B2933B39177C20962D 1778176 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2016-10-12 14:38:50 3D3A3AE7C5CA417783209E6D6D4F42A8 2750384 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2016-10-12 14:38:49 C9677E068A2ED52CA477307E32DABB89 2476544 ----a-w- C:\WINDOWS\Sysnative\DWrite.dll 2016-10-12 14:38:49 54C31C2B815E2E26BB8158022F837C9C 983040 ----a-w- C:\WINDOWS\Sysnative\ngcsvc.dll 2016-10-12 14:38:48 6F06965A9905BBE41FCC898DDF7647F6 22568960 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2016-10-12 14:38:47 D85192BF73C2894D35CF1666B3AA70A2 23680512 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2016-10-12 14:38:45 3CB955AD94B312D7D2F38966C9FC219B 22219328 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2016-10-12 14:38:39 218BC40B61A88460E0BC827848CE0AAC 8126464 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll 2016-10-12 14:38:37 BC45C66ABEF4756F68F51B14C975F7CD 2265088 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll 2016-10-12 14:38:36 DC1A05FBCB4CDD88208EDD7B06F77628 4747776 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2016-10-12 14:38:36 AD09954F09246C4C0DEC0CF08E0125BF 1690112 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.onecore.dll 2016-10-12 14:38:36 39C70F43C4E7591DD196586388244974 1107456 ----a-w- C:\WINDOWS\Sysnative\aadtb.dll 2016-10-12 14:38:35 B2B36750E1DCB530CFA44883AFDD5EDC 1509376 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys 2016-10-12 14:38:35 45F740736878E8C84E392B455B110199 237568 ----a-w- C:\WINDOWS\Sysnative\Windows.Web.Diagnostics.dll 2016-10-12 14:38:34 8D958808853BE6D12997F8290879820C 2390016 ----a-w- C:\WINDOWS\Sysnative\smartscreen.exe 2016-10-12 14:38:31 E4BBECEFAE8FC9E2C7386183056D1EF5 590848 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2016-10-12 14:38:29 4597AFDD76E4E579838F5FE80CF61B51 99328 ----a-w- C:\WINDOWS\Sysnative\adsmsext.dll 2016-10-12 14:38:27 7BAEE438AC832D68028EF7E5FFEBA46E 956416 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.desktop.dll 2016-10-12 14:38:26 E3044670C8B617A95D621E4AC222F511 590336 ----a-w- C:\WINDOWS\Sysnative\efswrt.dll 2016-10-12 14:38:26 A164374BB90548E6A83C94E04F8A7769 146784 ----a-w- C:\WINDOWS\Sysnative\CloudExperienceHostCommon.dll 2016-10-12 14:38:26 44F8011B39DC01607109C76DAE6AD7AF 765440 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.Sensors.dll 2016-10-12 14:38:25 DF7DDFB4040CED82E53FB72052C50253 651264 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.AllJoyn.dll 2016-10-12 14:38:25 AC5E9BE667E7F68E5A9B057503DA20B9 187904 ----a-w- C:\WINDOWS\Sysnative\dialclient.dll 2016-10-12 14:38:23 89F4C6306FE1A29A21DBFE3287CC1885 1859264 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.Store.dll 2016-10-12 14:38:22 F78870C8520BC47B5B83083356A59316 360040 ----a-w- C:\WINDOWS\Sysnative\SystemSettingsAdminFlows.exe 2016-10-12 14:38:16 A337C6D516D394982FCEC5A2312C9CFA 327680 ----a-w- C:\WINDOWS\Sysnative\wc_storage.dll 2016-10-12 14:38:16 62255F0593C9967DCE38EBD4B959A823 945664 ----a-w- C:\WINDOWS\Sysnative\WpcWebFilter.dll 2016-10-12 14:38:16 243A4F48B12243616A083627DC4C0F01 463360 ----a-w- C:\WINDOWS\Sysnative\daxexec.dll 2016-10-12 14:38:13 AE204AEE1408DA5F82B0BC26CBB43C5C 1980416 ----a-w- C:\WINDOWS\Sysnative\diagtrack.dll 2016-10-12 14:38:09 BD5FE88F1FF0BD851FE998433FCC133D 1493504 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2016-10-12 14:38:07 7C4FAE7A8D55C897E5AE681B245A005F 837632 ----a-w- C:\WINDOWS\Sysnative\wbiosrvc.dll 2016-10-12 14:38:01 2FDA49BA58F24FC431C5D46203ACB316 296960 ----a-w- C:\WINDOWS\Sysnative\mfsensorgroup.dll 2016-10-12 14:38:00 2D6CC779108F3D10EFEB68694F56AA94 804864 ----a-w- C:\WINDOWS\Sysnative\FrameServer.dll 2016-10-12 14:37:59 30F8D6458D30226A7522A65BFA8A4DAA 8075264 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll 2016-10-12 14:37:59 145ABEEB1CAA6A07D090AB760A6C5D28 2213248 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll 2016-10-12 14:37:57 098690861CBA1D56884DB74A33FECB50 13434368 ----a-w- C:\WINDOWS\Sysnative\wmp.dll 2016-10-12 14:37:54 C9AFCF17166ED68CD50C6161FA3E1754 911872 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.dll 2016-10-12 14:37:54 99607AB70A9CC717523527F07943E312 561664 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.Wallet.dll 2016-10-12 14:37:54 05DDFD4E50E504766028069EC42AE1DC 774656 ----a-w- C:\WINDOWS\Sysnative\Windows.Web.dll 2016-10-12 14:37:53 A0356DC83D0B5C020151ACD9C3017392 1328128 ----a-w- C:\WINDOWS\Sysnative\Windows.Web.Http.dll 2016-10-12 14:37:53 19986DF1B9394BA1A20D4C62A6CEA53C 924672 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.BackgroundTransfer.dll 2016-10-12 14:37:52 5AC5896E64AA17EE1BBDC28BBDDC3101 909312 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Search.dll 2016-10-12 14:37:51 CC8251F2487453DEFB832EF91BA93B53 1172472 ----a-w- C:\WINDOWS\Sysnative\winload.exe 2016-10-12 14:37:51 B08A20D27A4D94FF21F91E6FB1092340 894088 ----a-w- C:\WINDOWS\Sysnative\winresume.exe 2016-10-12 14:37:51 3BF5DB41703D883563327AF3DF851350 1051104 ----a-w- C:\WINDOWS\Sysnative\winresume.efi 2016-10-12 14:37:50 805EA1685BAC83FE9364DF82DBBB790A 1353768 ----a-w- C:\WINDOWS\Sysnative\winload.efi 2016-10-12 14:37:50 2EB168A050569ECEBF6BAEDED2FBB0AB 998912 ----a-w- C:\WINDOWS\Sysnative\TSWorkspace.dll 2016-10-12 14:37:49 A9C60295BC9E7C7477F7BCC83356336B 584192 ----a-w- C:\WINDOWS\Sysnative\UIRibbonRes.dll 2016-10-12 14:37:49 2ED2E96B5A6744E67BFFEDAD8965881F 775168 ----a-w- C:\WINDOWS\Sysnative\GamePanel.exe 2016-10-12 14:37:49 1AB84F1CEF3ABFD49CB2C01FD7F9CBE8 176128 ----a-w- C:\WINDOWS\Sysnative\apprepapi.dll 2016-10-12 14:37:49 035F0F0664AE01624691026C784A2CA5 379904 ----a-w- C:\WINDOWS\Sysnative\apprepsync.dll 2016-10-12 14:37:48 AEB4FF628102E6DE554B972229655EFD 223744 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.HostName.dll 2016-10-12 14:37:48 82663CF47C9958D83F56A410F1012F44 701952 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.Connectivity.dll 2016-10-12 14:37:47 69125F2E2E6E7C7A246A1207246CADC5 241504 ----a-w- C:\WINDOWS\Sysnative\CloudExperienceHost.dll 2016-10-12 14:37:46 E21E74D118E16FF9BA42A6F87F34E9B0 446124 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml 2016-10-12 14:37:46 B2BF860EBDC02527F334E9E6F0F34C30 1112928 ----a-w- C:\WINDOWS\Sysnative\AppxPackaging.dll 2016-10-12 14:37:46 5DCBEBB77512F737A6D11D798AAC47E2 3496960 ----a-w- C:\WINDOWS\Sysnative\MSVidCtl.dll 2016-10-12 14:37:43 89AC2029CAFB373A3A4248284A52CEEF 3059200 ----a-w- C:\WINDOWS\Sysnative\msi.dll 2016-10-12 14:37:43 7B1488C91CB52BA774D077D602974D7C 73216 ----a-w- C:\WINDOWS\Sysnative\offreg.dll 2016-10-12 14:37:41 37A5ADE7C82A85A0B9991880733C5060 3617792 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys 2016-10-12 14:37:41 27841A3507A27233E7BD6CA99FB76839 7812448 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2016-10-12 14:37:40 DC09A8F384BD1ADD0D2265C4BF41AEC8 1145856 ----a-w- C:\WINDOWS\Sysnative\EmailApis.dll 2016-10-12 14:37:40 C86B21E18545F2A00BE8438B3F64E5E7 1071728 ----a-w- C:\WINDOWS\Sysnative\mfnetcore.dll 2016-10-12 14:37:40 2F338D525BCA71DC06FA83E72025CBBB 748544 ----a-w- C:\WINDOWS\Sysnative\ChatApis.dll 2016-10-12 14:37:39 FF17F3A49C3C3F1DF98ED419E209A5DB 4129928 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2016-10-12 14:37:39 C1205EEBE05A10394B3C7C22890F9263 1013760 ----a-w- C:\WINDOWS\Sysnative\ContactApis.dll 2016-10-12 14:37:39 A1D6EAC6622B351212AC52621ABD3D9B 771072 ----a-w- C:\WINDOWS\Sysnative\AppointmentApis.dll 2016-10-12 14:37:38 BB3DF8AED949BEFB5248D7F1A2846E66 936960 ----a-w- C:\WINDOWS\Sysnative\MCRecvSrc.dll 2016-10-12 14:37:38 9830DF79D9A9D647039820FFA5050FFD 406016 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll 2016-10-12 14:37:38 5513BF049FD7DF493CBA8C80346557FC 6285312 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll 2016-10-12 14:37:38 1CB218C1D60DE781649AD307BDD4423F 73216 ----a-w- C:\WINDOWS\Sysnative\Windows.StateRepositoryBroker.dll 2016-10-12 14:37:36 667CE851EBDF393E0131D51141C7AA13 6664192 ----a-w- C:\WINDOWS\Sysnative\mspaint.exe 2016-10-12 14:37:36 0C70BD1400822C375B62C48BF25042CC 122880 ----a-w- C:\WINDOWS\Sysnative\Windows.StateRepositoryClient.dll 2016-10-12 14:37:35 21A82A267DE3E0EC597D1C34037E6496 833024 ----a-w- C:\WINDOWS\Sysnative\win32spl.dll 2016-10-12 14:37:34 9ACA7C29C3D81A2D0810517F070B447F 1840640 ----a-w- C:\WINDOWS\Sysnative\FntCache.dll 2016-10-12 14:37:33 FD881B87C853EB2F0B8B7B5CC71D6FE3 4136960 ----a-w- C:\WINDOWS\Sysnative\Windows.StateRepository.dll 2016-10-12 14:37:33 CD788633B6BE81B1C6029C8E8D9ABBA8 716800 ----a-w- C:\WINDOWS\Sysnative\ShareHost.dll 2016-10-12 14:37:32 7EE23535A2FDA5DBD91D570F3D569E82 9129984 ----a-w- C:\WINDOWS\Sysnative\twinui.dll 2016-10-12 14:37:28 C21AE05FEF386D35EC28D029ED7E7BFC 1908224 ----a-w- C:\WINDOWS\Sysnative\AzureSettingSyncProvider.dll 2016-10-12 14:37:28 6DBF399C89DC88C1D878A4A6AFAA0D47 4749312 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll 2016-10-12 14:37:22 3ABBE234D9AC21471711AE5BC08C290E 7654912 ----a-w- C:\WINDOWS\Sysnative\mos.dll 2016-10-12 14:37:21 77553E78EBDEE5BB415611E7D0C9834D 628032 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe 2016-10-12 14:37:20 1A285D1020E3D6FC310A1D68FC8CBA9C 1656832 ----a-w- C:\WINDOWS\Sysnative\GdiPlus.dll 2016-10-12 14:37:19 9D931EB26EBD5E8647BD9884CBF93BBB 244816 ----a-w- C:\WINDOWS\Sysnative\mfps.dll 2016-10-12 14:37:19 0072D9AFFB4BE25A6E766A0124599073 352768 ----a-w- C:\WINDOWS\Sysnative\cloudAP.dll 2016-10-12 14:37:16 94FB38121322D6D728722778270DD9E6 167936 ----a-w- C:\WINDOWS\Sysnative\ErrorDetails.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2016-10-12 14:38:51 25D32BE04FE0A23FDF57FD5382757672 143872 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys 2016-10-12 14:38:34 2CF0CB2A0ED68C5455371E84C16F9627 64352 ----a-w- C:\WINDOWS\Sysnative\drivers\MegaSas2i.sys 2016-10-12 14:38:06 8F5C24F4F47120157AB6D889B96A2AC2 619368 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-10-12 14:37:44 0D1D392ED2597F295956D058D33BD7C3 144896 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys 2016-10-12 14:37:43 E5E5D9E317739CEE510EAF46C88A7C38 128864 ----a-w- C:\WINDOWS\Sysnative\drivers\tm.sys 2016-10-12 14:37:42 D5564FC81350458ED570528C4E3B1CCF 1181536 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2016-10-12 14:37:21 7C3D10BEC8B0DBA00A78C78EB10B3AE2 279904 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2016-10-12 14:37:19 FFFBB40B9C7AD811AA6EA74A0A6168B1 187232 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2016-10-12 14:37:19 FE33B645A2E0F5AB0B42318355B85178 2537824 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2016-09-29 19:59:03 3D04046C468AD2868A093925B5E2AA0A 218976 ----a-w- C:\WINDOWS\Sysnative\drivers\tpm.sys 2016-09-29 19:58:59 E330144B97D493AA886000DCAAA8DAF5 119648 ----a-w- C:\WINDOWS\Sysnative\drivers\wcifs.sys 2016-09-29 19:58:46 0B779E9FC426CA2268D28181FA6C222F 39424 ----a-w- C:\WINDOWS\Sysnative\drivers\kbdhid.sys 2016-09-29 19:56:24 8EEC4925C03E375C4EC496E45C44139A 649568 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys 2016-09-29 19:56:22 D2EC2AD9C2F514AEECD5EC2B46107228 2190176 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-09-29 19:56:22 B66D8C75C9BC59D637177AB3B1C569A6 81760 ----a-w- C:\WINDOWS\Sysnative\drivers\stornvme.sys 2016-09-29 19:56:22 33ADC48D971260DD3DAA264CB7CF145C 657760 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-09-29 19:56:13 964943933D448935595C450AC4E8A5B1 23392 ----a-w- C:\WINDOWS\Sysnative\drivers\cmimcext.sys 2016-09-29 19:56:11 BAFD8946905DF03E6ECDDB154A4BAA9C 1046880 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys 2016-09-29 19:56:11 53EB8CE34B55A1EE63424C8DB7388BFC 130912 ----a-w- C:\WINDOWS\Sysnative\drivers\storahci.sys 2016-09-29 19:56:05 0108B58F6CD981EEEB5FFA25D1B75228 401760 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-09-29 19:56:03 88B66D75B0D26B449C83D54C87F30553 51712 ----a-w- C:\WINDOWS\Sysnative\drivers\winhvr.sys 2016-09-29 19:55:10 F7C22604CD8AFB9AF1C1E3CE39A5A09F 223584 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2016-09-29 19:55:09 9DB326B54C03EF2892E7551D8B354036 128352 ----a-w- C:\WINDOWS\Sysnative\drivers\partmgr.sys 2016-09-29 19:55:06 8CB606A3057355FD5A9DBDD1A0AC94EF 719360 ----a-w- C:\WINDOWS\Sysnative\drivers\WdiWiFi.sys 2016-09-29 19:55:05 EDAF0E161BE98CCC4FC9671481600745 435040 ----a-w- C:\WINDOWS\Sysnative\drivers\rdbss.sys 2016-09-29 19:54:28 43AC4C5CC233BCE9D7C46DA0E7EC0676 557408 ----a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys 2016-09-29 19:54:24 1312896CAE6AF0D4557DB7B37283C116 713216 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys 2016-09-29 19:54:22 D723D2C98598B0DF5832427740B2825D 335712 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-09-29 19:54:16 92F6E3E6D3F1795263EB34B37F74AEF7 74080 ----a-w- C:\WINDOWS\Sysnative\drivers\vpci.sys 2016-09-25 03:13:31 E83830BB74AE8CBECEA0ECD94DE436F9 409088 ----a-w- C:\WINDOWS\Sysnative\drivers\srv.sys 2016-09-25 03:13:31 9EA203A07EFA6D74F07F32EF0DAB5CA6 108384 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys 2016-09-25 03:13:31 68FDFCE44D29EE8AE52E3CCB46BB0554 409944 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS 2016-09-25 03:13:31 200E4A385F5F370D8866BAE25B0D9D32 282624 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys 2016-09-25 03:13:29 705C0F8BCCEF6E7CB704CCB454192D7E 133472 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecdd.sys 2016-09-25 03:13:29 5DD8CB01C0394F8D052763D2E3C6E684 2256224 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys 2016-09-25 03:13:29 5008FF3BBB078956C60DCA0044CF175B 379744 ----a-w- C:\WINDOWS\Sysnative\drivers\Classpnp.sys 2016-09-25 03:13:22 F13EE0DB1FB1D6946AC3228D7EFCFC8F 248320 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys 2016-09-25 03:13:22 E671EDAB0726E05ECEF4058B4CD73C4D 450392 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2016-09-25 03:13:15 68B1E0DA1BB1680494227E88CE821E2F 62816 ----a-w- C:\WINDOWS\Sysnative\drivers\dam.sys 2016-09-25 03:13:03 8833A059270A60CE347FEB9A7951B3F4 681304 ----a-w- C:\WINDOWS\Sysnative\drivers\ClipSp.sys 2016-09-25 03:13:03 74FC79C52395B10FFD0B55CF22CF88FC 73568 ----a-w- C:\WINDOWS\Sysnative\drivers\hvservice.sys 2016-09-25 03:13:03 55AD13E2BAFC5AB53A10F8C271F5D242 168800 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2016-09-25 03:13:02 D8536CB438CC4CCDAE047B768EED22B2 38400 ----a-w- C:\WINDOWS\Sysnative\drivers\hidusb.sys 2016-09-25 03:13:02 D82592B327C43AC9381E9FBEF79C7F68 156672 ----a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys 2016-09-25 03:13:02 B9A33B9298BAFCE11E9823B1056D5BB0 40960 ----a-w- C:\WINDOWS\Sysnative\drivers\hidparse.sys 2016-09-25 03:13:02 B4F448F2424492F99F83D3676A453553 226816 ----a-w- C:\WINDOWS\Sysnative\drivers\usbvideo.sys 2016-09-25 03:13:02 63088A3361D9A308F328F11E9099DD87 43520 ----a-w- C:\WINDOWS\Sysnative\drivers\xinputhid.sys 2016-09-25 03:13:02 2A9817B5A9260D8F60D52E36BEF10443 118112 ----a-w- C:\WINDOWS\Sysnative\drivers\EhStorTcgDrv.sys 2016-09-25 03:01:41 43C8D087B31C592163B33A4BDA540E40 199008 ----a-w- C:\WINDOWS\Sysnative\drivers\wof.sys 2016-09-25 02:24:08 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_ETD_01011.Wdf ====== C:\WINDOWS\Tasks ====== 2016-09-25 15:53:13 F58E1B39BA57BA59445BD0865156EFDB 2436 ----a-w- C:\WINDOWS\Sysnative\Tasks\WC3 2016-09-25 15:53:13 EDB87F659B479F7E7FD404D34E531CF6 2308 ----a-w- C:\WINDOWS\Sysnative\Tasks\{A0C99CB6-2C44-4F33-9A63-451A8EA47B0C} 2016-09-25 15:53:13 E95420239FE219FEE6A421CCE89E06EE 2300 ----a-w- C:\WINDOWS\Sysnative\Tasks\{E35B1FA9-1211-4DE8-9675-816C4EBB4D4F} 2016-09-25 15:53:13 DFBECB66A7B9581D966CF33366D7B190 2276 ----a-w- C:\WINDOWS\Sysnative\Tasks\{46726778-ED8D-4366-9286-31E94E76AEAE} 2016-09-25 15:53:13 D4E1B13A518E60DD298B64E02A5956AA 2254 ----a-w- C:\WINDOWS\Sysnative\Tasks\{D6CA25F3-252E-4505-A4DC-16AF4C095684} 2016-09-25 15:53:13 D3941AEFC747C9B2A5AFF8E78F79DFAA 2316 ----a-w- C:\WINDOWS\Sysnative\Tasks\{F43576E5-1869-4B24-A1CA-5C821F11AF04} 2016-09-25 15:53:13 C243271E38AF290C5DF2DB448B189447 2340 ----a-w- C:\WINDOWS\Sysnative\Tasks\{96319C78-475D-419E-9228-C45C6AAF130A} 2016-09-25 15:53:13 BCBE5FA9A5A5084B5D4623F0A9146BE3 2828 ----a-w- C:\WINDOWS\Sysnative\Tasks\OneDrive Standalone Update Task 2016-09-25 15:53:13 A91DC1E75DF534A3835B6D83A25A191A 2398 ----a-w- C:\WINDOWS\Sysnative\Tasks\{F6AF9FAC-9DD2-4325-836A-C315B66A2EA1} 2016-09-25 15:53:13 A48AE295B799F0364A3F74AF25AD75F4 2318 ----a-w- C:\WINDOWS\Sysnative\Tasks\P4G Sidebar 2016-09-25 15:53:13 8B82EFDE235F0FCAD49C37F3E6114827 2296 ----a-w- C:\WINDOWS\Sysnative\Tasks\{FC87AD84-DBCE-4D7A-AE31-325502DEB8E7} 2016-09-25 15:53:13 7B0D670BF08F0CC07BD00689CE96ADCE 2254 ----a-w- C:\WINDOWS\Sysnative\Tasks\{1C619248-7B1B-4E8E-8132-35387A354349} 2016-09-25 15:53:13 77777EC11F3852624605A40726F2BAB8 2304 ----a-w- C:\WINDOWS\Sysnative\Tasks\{7F3CC658-9C14-480F-B2CF-DFD44DC9BDD6} 2016-09-25 15:53:13 6CF43CE8E1500149BBFD0686B3CD5FDA 2258 ----a-w- C:\WINDOWS\Sysnative\Tasks\{58BB4FD0-CF31-424B-83F7-5D4253F545C4} 2016-09-25 15:53:13 6579E5494F6F83B20178382E0921822D 3282 ----a-w- C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{C18138E2-116D-41D5-AE89-BC42841E68A9} 2016-09-25 15:53:13 1E51DE7F2526E7A0E84867C6161E89CC 2398 ----a-w- C:\WINDOWS\Sysnative\Tasks\{CF48FB1B-C1E5-46F2-83F3-C2D0D64A7F4F} 2016-09-25 15:53:13 1D6D0A75BDD7E4B1CE70FF1138E6DD75 2342 ----a-w- C:\WINDOWS\Sysnative\Tasks\P4GIntlCtrl 2016-09-25 15:53:13 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\WPD 2016-09-25 15:53:08 FF5C508799C90768EEFDE219040B428B 2538 ----a-w- C:\WINDOWS\Sysnative\Tasks\CreateChoiceProcessTask 2016-09-25 15:53:08 E44AE6355E3618A8797DA296E1D050CA 2520 ----a-w- C:\WINDOWS\Sysnative\Tasks\GyazoUpdateTaskMachine 2016-09-25 15:53:08 E288451292E88DE7A49085B646423CE8 2644 ----a-w- C:\WINDOWS\Sysnative\Tasks\Apple Diagnostics 2016-09-25 15:53:08 DD72ACC3ECD672F5C92A35A5D7AAD2CA 3376 ----a-w- C:\WINDOWS\Sysnative\Tasks\DropboxUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000Core 2016-09-25 15:53:08 B94C1DFC26AEDFF383EC88303154DEFF 3648 ----a-w- C:\WINDOWS\Sysnative\Tasks\DropboxUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000UA 2016-09-25 15:53:08 9473189B495628F7A5EE15B9D6AB09FF 3400 ----a-w- C:\WINDOWS\Sysnative\Tasks\FacebookUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000Core 2016-09-25 15:53:08 74563E21E3871AD04FAB413B19E68BF9 2660 ----a-w- C:\WINDOWS\Sysnative\Tasks\GyazoUpdateTaskMachineDaily 2016-09-25 15:53:08 607BE87F938F786A7F9165BE2B2F2FD5 3374 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2016-09-25 15:53:08 42A39E68819111648B1680EE8A68C524 3598 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2016-09-25 15:53:08 2E7D60730337ED1CBFB7A1AC722B2786 4562 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Acrobat Update Task 2016-09-25 15:53:08 1E0908878513C1D88B375DB249BE7BB6 3642 ----a-w- C:\WINDOWS\Sysnative\Tasks\FacebookUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000UA 2016-09-25 15:53:08 1CC7FDCCC8E7564FC2D1348D59853FC4 3198 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater 2016-09-25 15:53:08 027910C4DE7A1EE5DF1ABD957C0A25F1 2332 ----a-w- C:\WINDOWS\Sysnative\Tasks\ASUS SmartLogon Console Sensor 2016-09-25 15:53:08 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Apple ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-09-25 03:03:21 -------- d-----w- C:\Program Files\Reference Assemblies 2016-09-25 03:03:21 -------- d-----w- C:\Program Files\MSBuild 2016-09-25 02:33:28 -------- d-----w- C:\Program Files\Common Files\SpeechEngines 2016-09-25 02:24:25 -------- d-----w- C:\Program Files\NVIDIA Corporation 2016-09-25 02:24:13 -------- d-----w- C:\Program Files\Realtek 2016-09-25 02:23:57 -------- d-----w- C:\Program Files\Elantech 2016-09-21 15:39:17 -------- d-----w- C:\Program Files\iPod 2016-09-21 15:39:04 -------- d---a-w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2016-10-15 15:56:40 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2016-10-06 20:32:37 -------- d---a-w- C:\PROGRA~2\COMMON~1\Skype 2016-10-05 12:23:49 -------- d---a-w- C:\PROGRA~2\Microsoft Expression 2016-09-25 03:03:21 -------- d---a-w- C:\PROGRA~2\MSBuild 2016-09-25 03:03:21 -------- d-----w- C:\PROGRA~2\Reference Assemblies 2016-09-25 02:33:32 -------- d-----w- C:\PROGRA~2\COMMON~1\SpeechEngines 2016-09-25 02:24:51 -------- d--h--w- C:\PROGRA~2\Uninstall Information ======= C: ===== ====== C:\Users\Brokken\AppData\Roaming ====== 2016-10-15 16:18:57 -------- d-----w- C:\Users\Brokken\AppData\Local\NetworkTiles 2016-10-12 11:14:43 -------- d-----w- C:\Users\Brokken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-10-04 16:13:59 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\DataSharing 2016-09-25 16:37:17 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\ConnectedDevicesPlatform 2016-09-25 16:36:44 -------- d-----w- C:\Users\Brokken\AppData\Local\ConnectedDevicesPlatform 2016-09-25 15:57:37 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\ConnectedDevicesPlatform 2016-09-25 03:06:54 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft 2016-09-25 03:06:54 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming 2016-09-25 02:28:41 -------- d-----w- C:\Users\Brokken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2016-09-25 02:28:41 -------- d-----w- C:\Users\Brokken\AppData\Roaming 2016-09-25 02:28:41 -------- d-----w- C:\Users\Brokken\AppData\Local\Temp 2016-09-25 02:28:41 -------- d-----w- C:\Users\Brokken\AppData\Local\Microsoft 2016-09-25 02:28:41 -------- d-----w- C:\Users\Brokken\AppData\Local 2016-09-25 02:28:41 -------- d-----r- C:\Users\Brokken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 2016-09-25 02:28:41 -------- d-----r- C:\Users\Brokken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2016-09-25 02:28:41 -------- d-----r- C:\Users\Brokken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2016-09-25 02:28:41 -------- d-----r- C:\Users\Brokken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2016-09-25 02:28:41 -------- d-----r- C:\Users\Brokken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2016-09-25 02:27:13 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Packages 2016-09-25 02:24:50 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft 2016-09-25 02:22:38 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache 2016-09-25 02:22:04 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp 2016-09-25 02:22:04 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft 2016-09-25 02:22:04 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local 2016-09-25 02:21:59 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming 2016-09-25 02:21:59 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp 2016-09-25 02:21:59 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft 2016-09-25 02:21:59 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local ====== C:\Users\Brokken ====== 2016-10-15 14:03:10 -------- d-----w- C:\Users\Brokken\vsxu 2016-10-15 13:39:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vovoid VSXu 0.5.0 2016-10-06 20:32:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-10-05 12:25:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression 2016-09-25 16:39:56 -------- d-----w- C:\ProgramData\Microsoft OneDrive 2016-09-25 16:36:41 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Brokken\ntuser.ini 2016-09-25 15:57:29 -------- d-----w- C:\ProgramData\USOShared 2016-09-25 03:06:54 -------- d--h--w- C:\WINDOWS\serviceprofiles\Localservice\AppData 2016-09-25 02:28:41 -------- d--h--w- C:\Users\Brokken\AppData 2016-09-25 02:27:54 CA5C272DF4A459952E7A18B5A5C1CA3C 196608 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bak 2016-09-25 02:27:54 9F3DC7AB452EC58F732C1DF30178D5C3 4194304 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bin 2016-09-25 02:25:01 -------- d-----w- C:\ProgramData\NVIDIA 2016-09-25 02:24:36 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2016-09-25 02:22:42 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2016-09-25 02:22:04 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\Saved Games 2016-09-25 02:22:04 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Videos 2016-09-25 02:22:04 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Pictures 2016-09-25 02:22:04 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Music 2016-09-25 02:22:04 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Links 2016-09-25 02:22:04 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Favorites 2016-09-25 02:22:04 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Downloads 2016-09-25 02:22:04 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Documents 2016-09-25 02:22:04 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Desktop 2016-09-25 02:22:00 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\Saved Games 2016-09-25 02:22:00 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Videos 2016-09-25 02:22:00 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Pictures 2016-09-25 02:21:59 -------- d--h--w- C:\WINDOWS\serviceprofiles\networkservice\AppData 2016-09-25 02:21:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Music 2016-09-25 02:21:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Links 2016-09-25 02:21:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Favorites 2016-09-25 02:21:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Downloads 2016-09-25 02:21:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Documents 2016-09-25 02:21:59 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Desktop 2016-09-21 15:43:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2016-09-21 15:40:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes ====== C: exe-files == 2016-10-15 15:55:55 F8211DB97BF852C3292C3E9C710C19D9 0 ----a-we C:\Documents and Settings\All Users\Oracle\Java\javapath\javaws.exe 2016-10-15 15:55:55 E3E51A21B00CDDE757E4247257AA7891 0 ----a-we C:\Documents and Settings\All Users\Oracle\Java\javapath\java.exe 2016-10-15 15:55:55 48C96771106DBDD5D42BBA3772E4B414 0 ----a-we C:\Documents and Settings\All Users\Oracle\Java\javapath\javaw.exe 2016-10-15 15:52:30 0AF64B59269F6F5C7DF5B97DF8C0E0AB 739904 ----a-w- C:\Documents and Settings\Brokken\Downloads\JavaSetup8u101.exe 2016-10-15 14:11:24 8F214F80F71ABB8C6183F9F3DD121BD9 24365524 ----a-w- C:\Documents and Settings\Brokken\Downloads\Plane9-2.4.1.4.exe 2016-10-15 13:43:18 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Documents and Settings\Brokken\Downloads\RSITx64 (1).exe 2016-10-15 13:38:00 93A18A39203C8899904DA436356AA808 21917736 ----a-w- C:\Documents and Settings\Brokken\Downloads\VSXu_0.5.1_amd64.exe 2016-10-12 18:02:46 FDBB2F4A9C51B0CB7A541282454FB1A2 33870400 ----a-w- C:\Documents and Settings\Brokken\Downloads\Sunnieday.exe === C: other files == 2016-10-15 15:55:31 91052ADB799AEF68EA76931997C40CE4 14156 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\lib\deploy\ffjcext.zip 2016-10-13 15:41:31 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-r- C:\Users\Brokken\AppData\Local\Temp\_MEI88162\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2016-10-13 15:41:28 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-r- C:\Users\Brokken\AppData\Local\Temp\_MEI88162\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2016-10-12 11:14:30 9516B0A2506DFAD604A0CDC42E21650D 73840 ----a-w- C:\Users\Brokken\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-stable.sys 2016-10-12 11:14:30 9516B0A2506DFAD604A0CDC42E21650D 73840 ----a-w- C:\Users\Brokken\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-dev.sys 2016-10-12 11:14:30 9516B0A2506DFAD604A0CDC42E21650D 73840 ----a-w- C:\Users\Brokken\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-canary.sys 2016-10-12 11:14:30 7D564ACBF730162DFFB3552A84022B15 62064 ----a-w- C:\Users\Brokken\AppData\Roaming\Dropbox\bin\driver_x86\dbx-stable.sys 2016-10-12 11:14:30 7D564ACBF730162DFFB3552A84022B15 62064 ----a-w- C:\Users\Brokken\AppData\Roaming\Dropbox\bin\driver_x86\dbx-dev.sys 2016-10-12 11:14:30 7D564ACBF730162DFFB3552A84022B15 62064 ----a-w- C:\Users\Brokken\AppData\Roaming\Dropbox\bin\driver_x86\dbx-canary.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1256367049-2053008340-3862287469-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Brokken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Facebook Update"="C:\Users\Brokken\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Flashpaste"="C:\Program Files (x86)\Flashpaste\flashpaste.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "Spotify"="C:\Users\Brokken\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT EPLTarget\P0000000000000000 /M WF-7515 Series" "EPLTarget\P0000000000000001"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT EPLTarget\P0000000000000001 /M WF-7515 Series" "EPLTarget\P0000000000000002"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT EPLTarget\P0000000000000002 /M WF-7515 Series" "Dropbox Update"="C:\Users\Brokken\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe" "join.me.launcher"="C:\Users\Brokken\AppData\Local\join.me.launcher\join.me.launcher.exe" "OneDrive"="C:\Users\Brokken\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "iCloudPhotos"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" "EPLTarget\P0000000000000003"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT EPLTarget\P0000000000000003 /M WF-7515 Series" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-21-1256367049-2053008340-3862287469-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1256367049-2053008340-3862287469-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "Lightshot"="C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Brokken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Facebook Update"="C:\Users\Brokken\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Flashpaste"="C:\Program Files (x86)\Flashpaste\flashpaste.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "Spotify"="C:\Users\Brokken\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT EPLTarget\P0000000000000000 /M WF-7515 Series" "EPLTarget\P0000000000000001"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT EPLTarget\P0000000000000001 /M WF-7515 Series" "EPLTarget\P0000000000000002"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT EPLTarget\P0000000000000002 /M WF-7515 Series" "Dropbox Update"="C:\Users\Brokken\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe" "join.me.launcher"="C:\Users\Brokken\AppData\Local\join.me.launcher\join.me.launcher.exe" "OneDrive"="C:\Users\Brokken\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "iCloudPhotos"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" "EPLTarget\P0000000000000003"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT EPLTarget\P0000000000000003 /M WF-7515 Series" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " "WindowsDefender"=""%ProgramFiles%\Windows Defender\MSASCuiL.exe"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AmIcoSinglun64" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\AmIcoSingLun\\AmIcoSinglun64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GrooveMonitor" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Default Manager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Microsoft Default Manager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft\\Search Enhancement Pack\\Default Manager\\DefMgr.exe\" -resume" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RtHDVCpl" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Setwallpaper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Setwallpaper" "hkey"="HKLM" "command"="c:\\programdata\\SetWallpaper.cmd" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\FancyStart daemon.lnk" "backup"="C:\\Windows\\pss\\FancyStart daemon.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\Installer\\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\\_A1DDD39913A1970387B7B3.exe -d" "item"="FancyStart daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\SRS Premium Sound.lnk" "backup"="C:\\Windows\\pss\\SRS Premium Sound.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\Installer\\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h" "item"="SRS Premium Sound" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13-09-2016 17:06] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000Core.job --a-------- C:\Users\Brokken\AppData\Local\Dropbox\Update\DropboxUpdate.exe [26-06-2015 15:43] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000UA.job --a-------- C:\Users\Brokken\AppData\Local\Dropbox\Update\DropboxUpdate.exe [26-06-2015 15:43] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000Core.job --a-------- C:\Users\Brokken\AppData\Local\Facebook\Update\FacebookUpdate.exe [05-12-2012 17:17] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000UA.job --a-------- C:\Users\Brokken\AppData\Local\Facebook\Update\FacebookUpdate.exe [05-12-2012 17:17] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-06-2015 16:04] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-06-2015 16:04] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\WINDOWS\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000Core" [C:\Users\Brokken\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000UA" [C:\Users\Brokken\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000Core" [C:\Users\Brokken\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1256367049-2053008340-3862287469-1000UA" [C:\Users\Brokken\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GyazoUpdateTaskMachine" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"] "C:\WINDOWS\SysNative\tasks\GyazoUpdateTaskMachineDaily" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task" [C:\Users\Brokken\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\P4G Sidebar" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\WINDOWS\SysNative\tasks\P4GIntlCtrl" [\IntlCtrl.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{C18138E2-116D-41D5-AE89-BC42841E68A9}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\WC3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe] "C:\WINDOWS\SysNative\tasks\{1C619248-7B1B-4E8E-8132-35387A354349}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\WINDOWS\SysNative\tasks\{D6CA25F3-252E-4505-A4DC-16AF4C095684}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [13-10-2016 17:14] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [13-10-2016 17:14] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Torch deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Brokken\AppData\Local\Torch deleted Fake profile C:\Users\Brokken\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Brokken\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Brokken\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Gast\AppData\Local\Torch deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[20-04-2016 12:41] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[25-05-2016 10:31] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Drive - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Invite All (for Facebook) - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih McAfee® WebAdvisor - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Docs Offline - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Whitelisted domains - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Invite All Friends on Facebook - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj Skype - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Drive App Launcher - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh Chrome Web Store Payments - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Brokken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage deleted successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" "Search Page"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwEZqA_FE8m8vFsdA7Ek0jwCsmKs2qh9IBYHt1z_K8b9gweADV7W4Yg3ZvzIdDIORlXW14Ni4WjlwHP_eWRnLCb9tSMW8QvY3VbFaZt_Y9F78APZ3KIC9ZI7IkHihwv0WPZ6LgEqX7FsCu0UZE_2bZt-ABUQ&q={searchTerms}" "Default_Search_URL"="http://isearch.omiga-plus.com/web/?type=ds&ts=1405250182&from=smt&uid=ST9500325AS_6VE5M9C3XXXX6VE5M9C3&q={searchTerms}" "Search Bar"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwEZqA_FE8m8vFsdA7Ek0jwCsmKs2qh9IBYHt1z_K8b9gweADV7W4Yg3ZvzIdDIORlXW14Ni4WjlwHP_eWRnLCb9tSMW8QvY3VbFaZt_Y9F78APZ3KIC9ZI7IkHihwv0WPZ6LgEqX7FsCu0UZE_2bZt-ABUQ&q={searchTerms}" "Use Search Asst"="yes" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" "Default"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwEZqA_FE8m8vFsdA7Ek0jwCsmKs2qh9IBYHt1z_K8b9gweADV7W4Yg3ZvzIdDIORlXW14Ni4WjlwHP_eWRnLCb9tSMW8QvY3VbFaZt_Y9F78APZ3KIC9ZI7IkHihwv0WPZ6LgEqX7FsCu0UZE_2bZt-ABUQ&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwEZqA_FE8m8vFsdA7Ek0jwCsmKs2qh9IBYHt1z_K8b9gweADV7W4Yg3ZvzIdDIORlXW14Ni4WjlwHP_eWRnLCb9tSMW8QvY3VbFaZt_Y9F78APZ3KIC9ZI7IkHihwv0WPZ6LgEqX7FsCu0UZE_2bZt-ABUQ&q={searchTerms}" "Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwEZqA_FE8m8vFsdA7Ek0jwCsmKs2qh9IBYHt1z_K8b9gweADV7W4Yg3ZvzIdDIORlXW14Ni4WjlwHP_eWRnLCb9tSMW8QvY3VbFaZt_Y9F78APZ3KIC9ZI7IkHihwv0WPZ6LgEqX7FsCu0UZE_2bZt-ABUQ&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" "Use Search Asst"="no" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} - http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwEZqA_FE8m8vFsdA7Ek0jwCsmKs2qh9IBYHt1z_K8b9gweADV7W4Yg3ZvzIdDIORlXW14Ni4WjlwHP_eWRnLCb9tSMW8QvY3VbFaZt_Y9F78APZ3KIC9ZI7IkHihwv0WPZ6LgEqX7FsCu0UZE_2bZt-ABUX&q={searchTerms} HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKCU\SearchScopes "DefaultScope"="{6FCFE35E-51E1-4946-8DAE-668FE8CCCC69}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - No_Url_Value HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKCU\SearchScopes\{6FCFE35E-51E1-4946-8DAE-668FE8CCCC69} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 ==== Reset Google Chrome ====================== C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1f3f431b.TMP was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2324aad7.TMP was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF232e9e2a.TMP was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF27c6231a.TMP will be reset at reboot C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2fb2a4a.TMP was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF345b59.TMP was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3bf81780.TMP was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF44466c5f.TMP will be reset at reboot C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF4b8594e.TMP was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF65d7f57c.TMP was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF66ef161.TMP was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF77c78ed.TMP was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6B4401F2-A956-9A60-2128-6BED20895B3C} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{44E4311D-BA06-FD43-505E-17DC53F4C22F} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EEE6C376-6118-11DC-9C72-001320C79847} deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O1 - Hosts: 0.0.0.1 mssplus.mcafee.com O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Brokken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Brokken\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Flashpaste] C:\Program Files (x86)\Flashpaste\flashpaste.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [Spotify] "C:\Users\Brokken\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-7515 Series" O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-7515 Series" O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT "EPLTarget\P0000000000000002" /M "WF-7515 Series" O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Brokken\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe O4 - HKCU\..\Run: [join.me.launcher] C:\Users\Brokken\AppData\Local\join.me.launcher\join.me.launcher.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Brokken\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe O4 - HKCU\..\Run: [EPLTarget\P0000000000000003] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /EPT "EPLTarget\P0000000000000003" /M "WF-7515 Series" O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1256367049-2053008340-3862287469-1004\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1256367049-2053008340-3862287469-1004\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'UpdatusUser') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.sint-niklaas.be/activex/AMC.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAWFwk.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee OOBE Service (McOobeSv) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\IE\54VJI7EA will be deleted at reboot C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\IE\7VP1CFPD will be deleted at reboot C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\IE\8ZJ8O1ZX will be deleted at reboot C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\IE\AXGXDDMH will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7791 folders=494 831047730 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Brokken\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF27c6231a.TMP" not found "C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF44466c5f.TMP" not found "C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found "C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found "C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted "C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted "C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted "C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted "C:\Users\Brokken\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted "C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\IE\54VJI7EA" not found "C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\IE\7VP1CFPD" not found "C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\IE\8ZJ8O1ZX" not found "C:\Users\Brokken\AppData\Local\Microsoft\Windows\INetCache\IE\AXGXDDMH" not found ==== EOF on zo 16-10-2016 at 15:13:45,90 ======================