Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Ewoud on di 01-11-2016 at 21:01:36,97. Microsoft Windows 10 Home 10.0.14393 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ewoud\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 1-11-2016 21:03:18 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\ClearfiCopyHook {ED32C084-BABB-11E1-B491-D4D66088709B} C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\7-Zip deleted successfully C:\PROGRA~2\l3g5sayk deleted successfully C:\PROGRA~2\Lavasoft deleted successfully C:\PROGRA~2\Nexon deleted successfully C:\PROGRA~2\njphwmni deleted successfully C:\PROGRA~2\TCP Monitor deleted successfully C:\Program Files\BlackShot deleted successfully C:\PROGRA~3\BSD deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\Lavasoft deleted successfully C:\PROGRA~3\MyApps deleted successfully C:\PROGRA~3\regid.1986-12.com.adobe deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\PROGRA~3\Solid State Networks deleted successfully C:\PROGRA~3\{EB5F5A55-037A-4E47-806B-2C8AA9374701} deleted successfully C:\Users\Ewoud\AppData\Local\ActiveSync deleted successfully C:\Users\Ewoud\AppData\Local\EmieSiteList deleted successfully C:\Users\Ewoud\AppData\Local\EmieUserList deleted successfully C:\Users\Ewoud\AppData\Local\MediaShow deleted successfully C:\Users\Ewoud\AppData\Local\NetworkTiles deleted successfully C:\Users\Ewoud\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe C:\WINDOWS\SysWoW64\svchost.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Avira\Antivirus\sched.exe C:\Program Files (x86)\Avira\Antivirus\avguard.exe C:\Program Files (x86)\Avira\Antivirus\avgnt.exe C:\Users\Ewoud\Desktop\zoek.exe C:\WINDOWS\SysWoW64\cmd.exe C:\Windows\SysWoW64\cmd.exe C:\WINDOWS\SysWoW64\cmd.exe ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\7-Zip not found C:\PROGRA~2\l3g5sayk not found C:\PROGRA~2\Lavasoft not found C:\PROGRA~2\Nexon not found C:\PROGRA~2\njphwmni not found C:\PROGRA~2\TCP Monitor not found C:\PROGRA~3\{EB5F5A55-037A-4E47-806B-2C8AA9374701} not found C:\Users\Ewoud\AppData\Local\Lavasoft deleted C:\windows\SysNative\Tasks\1015avUpdateInfo deleted C:\windows\SysNative\Tasks\1215avzUpdateInfo deleted C:\windows\SysNative\Tasks\MegaBackupSystemIsIdleChecker deleted C:\Users\Ewoud\.android deleted C:\Users\Public\Pokki deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted C:\Users\Ewoud\AppData\LocalLow\Unity deleted "C:\Windows\Installer\18fea.msi" deleted "C:\Windows\Installer\301c1.msi" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 4020 MB CPU Info: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz CPU Speed: 2397,2 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | Intel(R) HD Graphics Family Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller | Bluetooth Device (Personal Area Network) | Qualcomm Atheros AR956x Wireless Network Adapter | Microsoft Wi-Fi Direct Virtual Adapter | Microsoft Hosted Network Virtual Adapter CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8E2Q Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 448,0GB Hard Disks - Free: C: 359,0GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer EA50_HB Country: Nederland Language: NLD ==== System Specs (Software) ====================== Internet Explorer Version: 11.321.14393.0 Google Chrome version: 54.0.2840.71 Adobe Reader version: 11.0.17.9 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-10-28 11:14:30 A470FC325D5F69D6B171A5F28232BD4F 4673304 ----a-w- C:\WINDOWS\explorer.exe 2016-10-28 11:14:09 BCDB205132974EC3AB6F5C01DD93489B 130560 ----a-w- C:\WINDOWS\splwow64.exe ====== C:\Users\Ewoud\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2016-10-28 11:15:01 6AAF3F01481C49A6299924A44F4EAA24 1557808 ----a-w- C:\WINDOWS\SysWOW64\winmde.dll 2016-10-28 11:15:00 97DB310F624DF60F89773B47328F008B 12174848 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2016-10-28 11:14:59 ABC876110238D8FDBC868E3B8270D86C 1263848 ----a-w- C:\WINDOWS\SysWOW64\msctf.dll 2016-10-28 11:14:59 A8678930066706C79C0B04F8CF91B4AE 7468032 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll 2016-10-28 11:14:45 F4C78B9D11E446682807C0B1468FF4DF 222720 ----a-w- C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-10-28 11:14:45 ECA98102FDA036EA3F2852A407FBCC9F 470016 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll 2016-10-28 11:14:45 8183E6F1CB1279219CCC631674F357B2 179712 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-10-28 11:14:45 77F0F4BCE23963904F930FE2D99AE7D4 459776 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll 2016-10-28 11:14:45 26180577AC7731FB95D0DBEBC9840404 471552 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll 2016-10-28 11:14:45 15817560A0BD74683AA4DEA7A71255D3 555008 ----a-w- C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-10-28 11:14:44 AF3F5EE938656D2F92B2CA512DCB034B 747008 ----a-w- C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2016-10-28 11:14:43 7A2A7A1E8A0FB49EDD29FCE9D24E33F9 1424488 ----a-w- C:\WINDOWS\SysWOW64\d3d9.dll 2016-10-28 11:14:41 C3E0142EB96C1401F972A55AE2071C81 95232 ----a-w- C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-10-28 11:14:41 2065F3B7BB23DB8E0395DED69A498912 576400 ----a-w- C:\WINDOWS\SysWOW64\wer.dll 2016-10-28 11:14:40 D37C001CC9131C80A201F3C27B808F18 186424 ----a-w- C:\WINDOWS\SysWOW64\weretw.dll 2016-10-28 11:14:40 49A6050FBE7C8D0B3C5E1A2A55E1BFC4 749920 ----a-w- C:\WINDOWS\SysWOW64\drvstore.dll 2016-10-28 11:14:39 D3F868A86554F462B75852C103A51803 1228288 ----a-w- C:\WINDOWS\SysWOW64\usercpl.dll 2016-10-28 11:14:39 346BC86522950AC3F2BBE645836BBE04 67584 ----a-w- C:\WINDOWS\SysWOW64\iscsiwmi.dll 2016-10-28 11:14:30 7093B0D11DBA94523F5714F80495FCB5 90624 ----a-w- C:\WINDOWS\SysWOW64\olepro32.dll 2016-10-28 11:14:29 E99618325465E564B678B8FD9AB50B74 20969928 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2016-10-28 11:14:26 D03279F3764B17D469174402FD67F65E 1323008 ----a-w- C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-10-28 11:14:26 51022991C13E9AA968424F5F8D25466C 1113600 ----a-w- C:\WINDOWS\SysWOW64\wsp_health.dll 2016-10-28 11:14:25 EDD1E47BAF4CC905D31A1FC87C99C82F 1993216 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll 2016-10-28 11:14:25 A3E205E94443B388264B53276C28646C 182784 ----a-w- C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-10-28 11:14:23 67A6B5E9C56578342FA9A9F3811C3127 455040 ----a-w- C:\WINDOWS\SysWOW64\DolbyDecMFT.dll 2016-10-28 11:14:23 51D061BEC9CE0B6693B7C21546F58D2C 74752 ----a-w- C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-10-28 11:14:22 6826F8695BC445B826C4AE0A7205364E 772608 ----a-w- C:\WINDOWS\SysWOW64\ntshrui.dll 2016-10-28 11:14:22 199BB32B8878D8DDDCF7ACD40424ECE9 81408 ----a-w- C:\WINDOWS\SysWOW64\cmifw.dll 2016-10-28 11:14:21 B5A437927F0BE276A5C34A71761A6DBC 465920 ----a-w- C:\WINDOWS\SysWOW64\LockAppBroker.dll 2016-10-28 11:14:20 073F6F7935D0AD0F088272BAF23BF398 79360 ----a-w- C:\WINDOWS\SysWOW64\asycfilt.dll 2016-10-28 11:14:19 BDF7BDD5D89F09977B6A1BE52FEA41C7 18432 ----a-w- C:\WINDOWS\SysWOW64\stdole2.tlb 2016-10-28 11:14:19 476862E989515FDA0F2552ADB59BBDDE 198144 ----a-w- C:\WINDOWS\SysWOW64\FSClient.dll 2016-10-28 11:14:16 BD015F37450FC3C1A4098DFB1912687E 12349440 ----a-w- C:\WINDOWS\SysWOW64\wmp.dll 2016-10-28 11:14:16 671E38CF2AD869B6D83A7DD2C91EBDA0 187904 ----a-w- C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-10-28 11:14:15 FC815DA31E8EE168F89D29101BE8C1C1 542208 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll 2016-10-28 11:14:15 D2F04061D48AFD883072E68245F40435 484584 ----a-w- C:\WINDOWS\SysWOW64\AudioSes.dll 2016-10-28 11:14:15 84AF13FE61DC95AC2D597FCCDB46EE61 357376 ----a-w- C:\WINDOWS\SysWOW64\Geolocation.dll 2016-10-28 11:14:14 F3157B20F2F9240F10A8FBCF909147AE 1631232 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-10-28 11:14:13 FAA16FBC6711E6DB2DB50D37FBF19D1E 2999808 ----a-w- C:\WINDOWS\SysWOW64\win32kfull.sys 2016-10-28 11:14:13 49BA6CBE300A27B968467B30A92210CF 13868544 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-10-28 11:14:12 623EFE96365AE8F0EEBE6B104B18DAB2 6108672 ----a-w- C:\WINDOWS\SysWOW64\mos.dll 2016-10-28 11:14:11 01C2988C758BD155CA88E018D02C8FA3 2748928 ----a-w- C:\WINDOWS\SysWOW64\mispace.dll 2016-10-28 11:14:10 B6EF4459B26D2D55535094AF29E206A9 1570680 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll 2016-10-28 11:14:09 238C5C54118A7807B2362CB83531182B 675840 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-10-28 11:14:07 3E8908FCB9B3624901B4C5C4ECEBD687 2708992 ----a-w- C:\WINDOWS\SysWOW64\esent.dll 2016-10-28 11:14:05 D531B49869D898A1D28D1868A615A0FE 760832 ----a-w- C:\WINDOWS\SysWOW64\NMAA.dll 2016-10-28 11:14:05 A8D17164E37141D1FAC49843B177D5F3 5376000 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll 2016-10-28 11:14:04 C4ABAF3F9F322C968AEACFA2A9925F08 838144 ----a-w- C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-10-28 11:14:04 19513A910B600F6FD639BCDD326DDB9D 254656 ----a-w- C:\WINDOWS\SysWOW64\wmpeffects.dll 2016-10-28 11:14:03 5B1DAB6FC3627A51B839C7F71C4959D7 715264 ----a-w- C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-10-28 11:14:02 6CBECADC72DE0693D830648FBC241227 175104 ----a-w- C:\WINDOWS\SysWOW64\wmpdxm.dll 2016-10-28 11:14:02 069C566D053D998837EA6A16F6652F09 32768 ----a-w- C:\WINDOWS\SysWOW64\efsext.dll 2016-10-28 11:13:59 E70DD2021CD187351EFE94ACE2B5B2CC 102912 ----a-w- C:\WINDOWS\SysWOW64\wmpshell.dll 2016-10-28 11:13:59 C3926AB51D0A56E12FE7DF8C6BDAB120 109568 ----a-w- C:\WINDOWS\SysWOW64\chartv.dll 2016-10-28 11:13:59 9D55397B7000228C59836BA5E5B44DFB 306688 ----a-w- C:\WINDOWS\SysWOW64\esentutl.exe 2016-10-28 11:13:59 65A62B9F807AC148B4FF80A9084C812F 549376 ----a-w- C:\WINDOWS\SysWOW64\ActionCenterCPL.dll 2016-10-28 11:13:53 47EC695564C0C0268300E5A996399A89 2256896 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2016-10-28 11:13:48 B011D0A9593526FBDC99AB0C11B239E0 5685760 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-10-28 11:13:46 E8EDC4785646866E8CE0573D1935FDFB 4311736 ----a-w- C:\WINDOWS\SysWOW64\explorer.exe 2016-10-28 11:13:46 B14573527A1C75447F83DECD00A24E07 33280 ----a-w- C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe 2016-10-28 11:13:46 98D9A5D88518A284D5D70800C922A322 545944 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-10-28 11:13:46 15B77C775E662EF0E39032E3992B21B1 2256592 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2016-10-28 11:13:46 00265109796854F61E1B869E5265E8C1 1595392 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2016-10-28 11:13:45 D1393913F0666A92EA436B6C7A0CC099 310272 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-10-28 11:13:45 CB8C1D493C5A801F8AF6D5328A91C570 2333184 ----a-w- C:\WINDOWS\SysWOW64\WsmSvc.dll 2016-10-28 11:13:44 837545D9554CC4746FEFA31811859ACC 7626752 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll 2016-10-28 11:13:39 71122A72B7100C823867AE5CD27BB26F 1969912 ----a-w- C:\WINDOWS\SysWOW64\hevcdecoder.dll 2016-10-28 11:13:37 57D2A617BD2E8663E5B56835EC1BFFF0 142336 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll 2016-10-28 11:13:36 F30A3A524E7D3B345304724ACAD460A6 1556992 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-10-28 11:13:35 D3ABAC096932A15C2E347CFDE300C281 959112 ----a-w- C:\WINDOWS\SysWOW64\ole32.dll 2016-10-28 11:13:35 9F1F1CCF24B2D6982A3443A4825BA96E 422400 ----a-w- C:\WINDOWS\SysWOW64\twinapi.dll 2016-10-28 11:13:35 5838E521A894FB9B2E3978EB6A646353 798208 ----a-w- C:\WINDOWS\SysWOW64\authui.dll 2016-10-28 11:13:35 1F2C068D22D4E980430D02D7AAB79FF0 2484736 ----a-w- C:\WINDOWS\SysWOW64\gameux.dll 2016-10-28 11:13:34 B7938AAC81C0233A39A11E7FA31BFD55 39424 ----a-w- C:\WINDOWS\SysWOW64\dtdump.exe 2016-10-28 11:13:34 3D70809FAFD92B41552369AFBE0A7607 580608 ----a-w- C:\WINDOWS\SysWOW64\hgcpl.dll 2016-10-28 11:13:29 F0D7EBAC8AF6083293F2627868BE22B4 152064 ----a-w- C:\WINDOWS\SysWOW64\autoplay.dll 2016-10-28 11:13:28 E1384740313A08126FA2D3A709AD8E28 358912 ----a-w- C:\WINDOWS\SysWOW64\stobject.dll 2016-10-28 11:13:28 93F6F443EC908A0810D89FD809F3DDE0 632832 ----a-w- C:\WINDOWS\SysWOW64\sud.dll 2016-10-28 11:13:28 93319B7E502C192C92E0CD2B97617509 288256 ----a-w- C:\WINDOWS\SysWOW64\systemcpl.dll 2016-10-28 11:13:27 F8884F3F10E2018846C7607EA573315F 348672 ----a-w- C:\WINDOWS\SysWOW64\zipfldr.dll 2016-10-28 11:13:27 01247DCCE50D4032E4D93E45137C61FD 506880 ----a-w- C:\WINDOWS\SysWOW64\DevicePairing.dll 2016-10-28 11:13:26 7DD00FBBF8256FE99593B7A13D064BC5 896512 ----a-w- C:\WINDOWS\SysWOW64\fontext.dll 2016-10-28 11:13:26 40449FA933832310BDE90BE4C21354AA 2458112 ----a-w- C:\WINDOWS\SysWOW64\themecpl.dll 2016-10-28 11:13:23 3758F3E6D5AD0115710A4C38EBC566B5 306176 ----a-w- C:\WINDOWS\SysWOW64\ieproxy.dll 2016-10-28 11:13:21 63CF9E094A62A787937B955D654C55DE 2005504 ----a-w- C:\WINDOWS\SysWOW64\DWrite.dll 2016-10-28 11:13:11 B74141855782DF8B4BC10613078D8638 709120 ----a-w- C:\WINDOWS\SysWOW64\CPFilters.dll 2016-10-28 11:13:11 A3EA585DC457B57A6DEFC1654504C4A6 3892352 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2016-10-28 11:13:11 757941B57CBDB59C97C7C2D55C9A664C 952416 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll 2016-10-28 11:13:11 442DC61509E9672786E548A0B5EE531C 3307520 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-10-28 11:13:10 BB8D21E3DEAA7FB1D77158D4FBCF24D5 327680 ----a-w- C:\WINDOWS\SysWOW64\daxexec.dll 2016-10-28 11:13:10 6CE5B809ACB5B03BEA6140FC31D53B44 884224 ----a-w- C:\WINDOWS\SysWOW64\inetcomm.dll 2016-10-28 11:13:10 29B81C330268D77A8B23D697C7CD1CFA 410112 ----a-w- C:\WINDOWS\SysWOW64\SndVolSSO.dll 2016-10-28 11:13:10 1F7BCA44AD521CA0722AC787DC746C5E 1123368 ----a-w- C:\WINDOWS\SysWOW64\mfplat.dll 2016-10-28 11:13:09 F3F33D11511351D96F919D8C719AAAFF 4612608 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-10-28 11:13:09 7B93CD92C41D9DD69835B6219B1BB7BF 19416576 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2016-10-28 11:13:08 83563656E52E536D97F7527A9FDD7D0C 1170944 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-10-28 11:13:08 727F5E1E1BCF599AF1F03B9ADC356525 712192 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-10-28 11:13:07 F8CA7E1DCC958DEE67AB07F3671758F4 3733504 ----a-w- C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2016-10-28 11:13:06 8923FE21F17099DED0CA9357791FDA83 19418112 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2016-10-28 11:13:04 1E6B34E44C4FEBFBC06B6CAE14E7529B 846560 ----a-w- C:\WINDOWS\SysWOW64\WinTypes.dll 2016-10-28 11:13:03 E4BDE75B8A2B008D2F6E3F080FDCF51B 272720 ----a-w- C:\WINDOWS\SysWOW64\wintrust.dll 2016-10-28 11:13:03 C52927410240787FFEC4682C931B2AEA 4423680 ----a-w- C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2016-10-28 11:13:02 F6F5D864C91DE608518ACED43C900056 2166232 ----a-w- C:\WINDOWS\SysWOW64\combase.dll 2016-10-28 11:13:02 3EA6EBC56A17E2B9AF27459179949D56 806400 ----a-w- C:\WINDOWS\SysWOW64\D3D12.dll 2016-10-28 11:13:01 80C84FDEB9891DF894AEC50F09C172B5 2276736 ----a-w- C:\WINDOWS\SysWOW64\d3d11.dll 2016-10-28 11:13:01 5D52820BCF597EAC5B109D1494B149BA 1556712 ----a-w- C:\WINDOWS\SysWOW64\crypt32.dll 2016-10-28 11:13:00 DF51C1442A3DB8ADE2B78DCDEC2419FD 636928 ----a-w- C:\WINDOWS\SysWOW64\winhttp.dll 2016-10-28 11:13:00 7F1F8A3AF8CDA9368966E22AE64D5C9E 1435896 ----a-w- C:\WINDOWS\SysWOW64\user32.dll 2016-10-28 11:13:00 1AF944ED98AA15C72B1039D8CBA41CFF 1853776 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2016-10-28 11:12:59 B1BA71F16535CF6619AEEEFEA302A28B 687936 ----a-w- C:\WINDOWS\SysWOW64\msvproc.dll 2016-10-28 11:12:59 12FAECF59215A3FB4AB8AC76B039B4AC 198656 ----a-w- C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-10-28 11:12:58 242A028EC89D850F6084F6085E669A07 601712 ----a-w- C:\WINDOWS\SysWOW64\oleaut32.dll 2016-10-28 11:12:57 21C5E2DEC69E82B444082BC9DC18C930 1509376 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-10-28 11:12:55 DBAD85BFE615D3C006D68DC630FACBFD 76800 ----a-w- C:\WINDOWS\SysWOW64\powercfg.exe 2016-10-28 11:12:55 3D84D07AE55418FCB30E647DF2BB419F 226304 ----a-w- C:\WINDOWS\SysWOW64\dhcpcore6.dll 2016-10-28 11:12:54 617EBC7797E4A5F84B204199AE9CDE7D 336896 ----a-w- C:\WINDOWS\SysWOW64\msinfo32.exe 2016-10-28 11:12:54 4CE9153BA933DE8AE9A448003E226233 270336 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll 2016-10-28 11:12:53 84049D2250E659F66994E0D64099FBC3 81408 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-10-28 11:15:02 9B142FECCBE9D402D63892B12EB1C8AC 498952 ----a-w- C:\WINDOWS\Sysnative\DolbyDecMFT.dll 2016-10-28 11:15:02 40628BFFD1C5D6B7E27D66AA36E9BDCC 1472536 ----a-w- C:\WINDOWS\Sysnative\mfplat.dll 2016-10-28 11:15:01 B1383DC57D602C97546C2BCDB4357170 1990648 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll 2016-10-28 11:15:01 30E8FBBB05CA98C68CC86346504CA417 1062480 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll 2016-10-28 11:15:00 0AE04E934E2E2EC164B228622651F730 4129928 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2016-10-28 11:14:58 7044281C968D12CCB9E76B29C37F62E3 628040 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe 2016-10-28 11:14:58 65F0D2AB077B8BEDA121E9C12C136E86 3778560 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2016-10-28 11:14:57 B227E34833D54E00C02A4EDA448B85C4 6285312 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll 2016-10-28 11:14:57 20BE541385E830C9D21E595D9C9DBEDF 244816 ----a-w- C:\WINDOWS\Sysnative\mfps.dll 2016-10-28 11:14:56 339647E1113C49E330B0E38A72F4202E 13081600 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2016-10-28 11:14:55 C509CCD23B086DFC9EAF86E280043672 147456 ----a-w- C:\WINDOWS\Sysnative\winsrv.dll 2016-10-28 11:14:55 585B1A45FF2C661A63ADFF199CA47A3D 1418312 ----a-w- C:\WINDOWS\Sysnative\msctf.dll 2016-10-28 11:14:55 11F32C85117347BB8F25D27C41B76785 8075776 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll 2016-10-28 11:14:54 9E6B76FB8F1FECB5F3A671B931CED845 982528 ----a-w- C:\WINDOWS\Sysnative\inetcomm.dll 2016-10-28 11:14:54 4EA522C8A9DEFF1B880A0DB393660DCD 3617792 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys 2016-10-28 11:14:53 867007DEFA3E68B8DE00D69FAB614B56 22224480 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2016-10-28 11:14:48 5D67D5D4CC0E50364A7A79FA66CC9DA4 509440 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_Bluetooth.dll 2016-10-28 11:14:44 E8D73CBAD80A2F4C684D80DBC8D9D854 894088 ----a-w- C:\WINDOWS\Sysnative\winresume.exe 2016-10-28 11:14:44 2191EC84CF98382CFC971AF8EA6DE67F 1051112 ----a-w- C:\WINDOWS\Sysnative\winresume.efi 2016-10-28 11:14:43 B4CB86B1629298C7DAC179BDAD012AF4 1608896 ----a-w- C:\WINDOWS\Sysnative\d3d9.dll 2016-10-28 11:14:42 B632A851F22428E3CEE286F38679469E 574976 ----a-w- C:\WINDOWS\Sysnative\energy.dll 2016-10-28 11:14:42 93630049B7E54402713B679B3FB83511 1274712 ----a-w- C:\WINDOWS\Sysnative\ole32.dll 2016-10-28 11:14:42 90262FC8018F7B58A99EB9C7E11419A9 2290176 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll 2016-10-28 11:14:42 8E64543F3A4EE52A5F9A41029F12CF48 691080 ----a-w- C:\WINDOWS\Sysnative\msvproc.dll 2016-10-28 11:14:41 C75B1B48BCAADEB0275C1EBE2EAE742D 539136 ----a-w- C:\WINDOWS\Sysnative\usocore.dll 2016-10-28 11:14:41 C02E819A0CEF6330F06509DA8EAA15ED 811416 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll 2016-10-28 11:14:40 5757459686554B784F3CCE8C3BAF6D8B 1461200 ----a-w- C:\WINDOWS\Sysnative\user32.dll 2016-10-28 11:14:40 086994F0B334B16A6896C7F9D8895FDB 186880 ----a-w- C:\WINDOWS\Sysnative\MusNotification.exe 2016-10-28 11:14:39 B3F963EBD55AEBA106342F5CBBCFEF5F 274432 ----a-w- C:\WINDOWS\Sysnative\ListSvc.dll 2016-10-28 11:14:39 4158D5AE28FE0E07146520545C230162 842240 ----a-w- C:\WINDOWS\Sysnative\ntshrui.dll 2016-10-28 11:14:39 12BBCC45F54D25603314599D7CA90B8B 43520 ----a-w- C:\WINDOWS\Sysnative\TpmTasks.dll 2016-10-28 11:14:38 436E42B41D61C2C8CB0B1339C46F4F64 89088 ----a-w- C:\WINDOWS\Sysnative\asycfilt.dll 2016-10-28 11:14:37 F3D563CF231AD62A647589A99B642262 913920 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.dll 2016-10-28 11:14:37 8C1EA3582353AF483908056CADAA7F71 211456 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe 2016-10-28 11:14:37 851CFA2D53D2356751DAE97098BC4A82 1631232 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.Resources.dll 2016-10-28 11:14:36 1F97EF33C04069DF59402F3BA6791BD8 1883784 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll 2016-10-28 11:14:35 202348B31115A1EA0CE94F9704DB52CA 744448 ----a-w- C:\WINDOWS\Sysnative\StoreAgent.dll 2016-10-28 11:14:34 F6F2D7F3A0BA9B834ADAE7C973372F85 4749312 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll 2016-10-28 11:14:34 5198CD4FA6598174AE4F02B081BF0230 7817568 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2016-10-28 11:14:33 A35CEC1EA36C5C25A907F49E53BB665C 406016 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll 2016-10-28 11:14:33 4D06D0976C0004975F8FD8B8432C4B46 701952 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.Connectivity.dll 2016-10-28 11:14:33 45E17A495E9F42D1A50F5DEF27E3BF2F 1643008 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Speech.dll 2016-10-28 11:14:32 8ACBB77704C5F1AD3B21FE491577DFB1 17188352 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2016-10-28 11:14:31 1116F03F4DFC2055CECF76A20BEE0944 9131008 ----a-w- C:\WINDOWS\Sysnative\twinui.dll 2016-10-28 11:14:27 CBBFC6299690D014FA1A0BF8892BED05 1173496 ----a-w- C:\WINDOWS\Sysnative\winload.exe 2016-10-28 11:14:27 B479624FC19C6B4768CE641753DC79DC 1354320 ----a-w- C:\WINDOWS\Sysnative\winload.efi 2016-10-28 11:14:25 CCE8B1A17831BB56BB7DDE778BBF1387 495104 ----a-w- C:\WINDOWS\Sysnative\DataSenseHandlers.dll 2016-10-28 11:14:25 A6CDBB9CDEB402BF4F9DFC21C4C18D72 558080 ----a-w- C:\WINDOWS\Sysnative\wpnprv.dll 2016-10-28 11:14:25 91793D288E1D10153A74C581A44F036B 236544 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_Flights.dll 2016-10-28 11:14:24 FF190115CBA067F58C981F0A9F43ABDF 187904 ----a-w- C:\WINDOWS\Sysnative\wscsvc.dll 2016-10-28 11:14:24 A04033DD0D90A143B95E9E97E479E18A 3400192 ----a-w- C:\WINDOWS\Sysnative\SyncCenter.dll 2016-10-28 11:14:23 ECD3A6985F7FCA050F8AE7EC61B3AFD5 828416 ----a-w- C:\WINDOWS\Sysnative\appwiz.cpl 2016-10-28 11:14:23 CBF66ABD6CA811FDB96AC599A52089A8 496128 ----a-w- C:\WINDOWS\Sysnative\SystemSettings.UserAccountsHandlers.dll 2016-10-28 11:14:23 A8F1FF5E4392B9246E9EF5FF078E4925 629248 ----a-w- C:\WINDOWS\Sysnative\hgcpl.dll 2016-10-28 11:14:23 8B2B89F540E9CC08DFE7E4DD0DB0281B 773712 ----a-w- C:\WINDOWS\Sysnative\oleaut32.dll 2016-10-28 11:14:23 7FF2BCE9A5678D979FD300889BA1AC03 81408 ----a-w- C:\WINDOWS\Sysnative\HttpsDataSource.dll 2016-10-28 11:14:23 76243E7DC953026A6548EC13A497E6C1 391168 ----a-w- C:\WINDOWS\Sysnative\wuuhext.dll 2016-10-28 11:14:22 DFC9DFE42FACD7993E7278A4BE6B640D 567296 ----a-w- C:\WINDOWS\Sysnative\DevicePairing.dll 2016-10-28 11:14:22 C57EE3C6B7A684E7DD1B9969B3F61C02 940032 ----a-w- C:\WINDOWS\Sysnative\fontext.dll 2016-10-28 11:14:22 461B249DB9DC4389B8024CD3AE17788F 2611200 ----a-w- C:\WINDOWS\Sysnative\gameux.dll 2016-10-28 11:14:22 3A66288AB3CA0D35C2F665A406A59C7F 655872 ----a-w- C:\WINDOWS\Sysnative\sud.dll 2016-10-28 11:14:22 08805138ABD2C17AA6ECD42826C1BEAD 347136 ----a-w- C:\WINDOWS\Sysnative\Display.dll 2016-10-28 11:14:21 C892022800FCC059365954F37CAE0EDF 163328 ----a-w- C:\WINDOWS\Sysnative\autoplay.dll 2016-10-28 11:14:21 B24DF87EDB9AE2F69CB156BEC7250DA1 338944 ----a-w- C:\WINDOWS\Sysnative\fhcpl.dll 2016-10-28 11:14:21 8C6D674C009759B53F03FEA0B77FB076 2512384 ----a-w- C:\WINDOWS\Sysnative\themecpl.dll 2016-10-28 11:14:21 0F406D4B0977958D29E25D4DB0AF04A6 389632 ----a-w- C:\WINDOWS\Sysnative\stobject.dll 2016-10-28 11:14:21 0C4D5B1C001E5B34C759E1A96315FC62 90112 ----a-w- C:\WINDOWS\Sysnative\powercfg.exe 2016-10-28 11:14:20 E927C800402DB05BA5B20B0F24E7B197 217088 ----a-w- C:\WINDOWS\Sysnative\DevicePairingFolder.dll 2016-10-28 11:14:20 368A8F7CB6C5D664799759AD4862C9C5 717312 ----a-w- C:\WINDOWS\Sysnative\taskbarcpl.dll 2016-10-28 11:14:19 D8F0898669C97AC14D7E48E33C804C6A 115200 ----a-w- C:\WINDOWS\Sysnative\IdCtrls.dll 2016-10-28 11:14:19 9316A9A9EE2EBDFB81562C421BD869AF 65024 ----a-w- C:\WINDOWS\Sysnative\OnDemandConnRouteHelper.dll 2016-10-28 11:14:19 520078011F9C405759556F4DA49BD803 240640 ----a-w- C:\WINDOWS\Sysnative\NetworkDesktopSettings.dll 2016-10-28 11:14:18 FE45874BB9216243CE736C9807CE4E68 32256 ----a-w- C:\WINDOWS\Sysnative\WSManHTTPConfig.exe 2016-10-28 11:14:18 DD062ACA9093121AD90D799F66EA1A0D 272384 ----a-w- C:\WINDOWS\Sysnative\mfksproxy.dll 2016-10-28 11:14:18 D876C567AB767258036F05E4766189FD 1054208 ----a-w- C:\WINDOWS\Sysnative\qmgr.dll 2016-10-28 11:14:17 FFDBA3AC392B37E97CFEC98A4A640ABD 13441024 ----a-w- C:\WINDOWS\Sysnative\wmp.dll 2016-10-28 11:14:17 AC5F1F4FEE52CFC0DDB4A02EC6A262D1 432128 ----a-w- C:\WINDOWS\Sysnative\WpAXHolder.dll 2016-10-28 11:14:17 A26570B4A21AD6F4D597148D3C22274E 2716672 ----a-w- C:\WINDOWS\Sysnative\WsmSvc.dll 2016-10-28 11:14:11 DFBB31D6490F9798A16D5F16F407AE8F 3287552 ----a-w- C:\WINDOWS\Sysnative\mispace.dll 2016-10-28 11:14:11 CAD14E0AD1F03397E9B1C8733D76BEF4 1980416 ----a-w- C:\WINDOWS\Sysnative\diagtrack.dll 2016-10-28 11:14:10 EBABE2BCCBB21BEBDD5BC6B6AE1A179A 584032 ----a-w- C:\WINDOWS\Sysnative\devinv.dll 2016-10-28 11:14:10 E02744EBE7FA55C63D30ABBA1EC91EEB 1637728 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll 2016-10-28 11:14:10 A6A29385042B7104A797C2A72A638A04 1235296 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2016-10-28 11:14:10 70AB367D6F0ED3C1478E4679087B0E53 137568 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll 2016-10-28 11:14:10 1AEBF878B8D8638EB823CD398F148EDE 78688 ----a-w- C:\WINDOWS\Sysnative\CompatTelRunner.exe 2016-10-28 11:14:10 0701B80266B6B3D110BAFEF40347FA09 595296 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll 2016-10-28 11:14:09 95E795E17E85BDD48A1574CFB59882E8 1554944 ----a-w- C:\WINDOWS\Sysnative\wsp_health.dll 2016-10-28 11:14:09 79DCE27E8C4CF6701BFE49EC2446BBF6 792064 ----a-w- C:\WINDOWS\Sysnative\spoolsv.exe 2016-10-28 11:14:09 011C9D432E756AF6A7BFEC1E32DE0605 1913344 ----a-w- C:\WINDOWS\Sysnative\wsp_fs.dll 2016-10-28 11:14:08 D9D6F747EFF5E427D4C3047A65603554 341936 ----a-w- C:\WINDOWS\Sysnative\wintrust.dll 2016-10-28 11:14:08 B456F96A00545F3F2CE5EBCEC55C17B2 2186896 ----a-w- C:\WINDOWS\Sysnative\hevcdecoder.dll 2016-10-28 11:14:06 D27086EBF2D41BBCC2672D7B3D22FB90 232800 ----a-w- C:\WINDOWS\Sysnative\aepic.dll 2016-10-28 11:14:06 BCB9F3F5C67DAF7FCA462CB7F63C4376 3054080 ----a-w- C:\WINDOWS\Sysnative\esent.dll 2016-10-28 11:14:06 90D968F1B69B0074EECFCC7AA5C23021 322912 ----a-w- C:\WINDOWS\Sysnative\invagent.dll 2016-10-28 11:14:04 8EDDDC9DC969ADFAAD6DCB88EE228A8E 1726976 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Immersive.dll 2016-10-28 11:14:04 7FD0E0A3A683A3654CC4D81B4564EE54 292872 ----a-w- C:\WINDOWS\Sysnative\wmpeffects.dll 2016-10-28 11:14:04 727F2875259DFB0A19004A3722DCDB9D 908640 ----a-w- C:\WINDOWS\Sysnative\drvstore.dll 2016-10-28 11:14:04 6BA66FE47BFAF223AEE6C98F28EB4D8E 2315264 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2016-10-28 11:14:04 260878ADE654580A3B0817004353ABAB 682816 ----a-w- C:\WINDOWS\Sysnative\wer.dll 2016-10-28 11:14:03 CDD8EDF4C35BE6D6137112F5CC7A70DA 500064 ----a-w- C:\WINDOWS\Sysnative\pcasvc.dll 2016-10-28 11:14:03 C928D4779242D32956565A4110961AD6 483328 ----a-w- C:\WINDOWS\Sysnative\twinapi.dll 2016-10-28 11:14:03 C58F08689228B307F42E4143E99F6A5E 78336 ----a-w- C:\WINDOWS\Sysnative\iscsiwmi.dll 2016-10-28 11:14:03 C18A0685310ACE5B085551677FB29955 90112 ----a-w- C:\WINDOWS\Sysnative\updatepolicy.dll 2016-10-28 11:14:03 B888C77AD1918D7D9437977B967BF7A7 93184 ----a-w- C:\WINDOWS\Sysnative\cmifw.dll 2016-10-28 11:14:03 94074A43D56655B9FE5FEF2AFD448F45 217600 ----a-w- C:\WINDOWS\Sysnative\wmpdxm.dll 2016-10-28 11:14:03 4870EA291FA02021B98B720936814F72 881664 ----a-w- C:\WINDOWS\Sysnative\authui.dll 2016-10-28 11:14:03 2DE0C12EC72BC4ABF8029E39DCF26C99 238056 ----a-w- C:\WINDOWS\Sysnative\weretw.dll 2016-10-28 11:14:02 E936902AE86AC6BE7AF7609894D74B93 126464 ----a-w- C:\WINDOWS\Sysnative\wmpshell.dll 2016-10-28 11:13:59 AF3487A721FB43C8E4EE96BB8E42BB15 130560 ----a-w- C:\WINDOWS\Sysnative\chartv.dll 2016-10-28 11:13:59 8F8F8FA35F3CED1F869673E16D8A54E4 869888 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2016-10-28 11:13:59 37929F180E10D1D277D1E3D22FF886AE 48640 ----a-w- C:\WINDOWS\Sysnative\wups.dll 2016-10-28 11:13:58 628A15E06770327358C80C2462261BA8 339968 ----a-w- C:\WINDOWS\Sysnative\esentutl.exe 2016-10-28 11:13:55 A2F1C319DE3DC001611E15226FA63BE6 1365504 ----a-w- C:\WINDOWS\Sysnative\wpncore.dll 2016-10-28 11:13:55 8BA7A3B2A791159BD5A08D32F8D30A4B 1356352 ----a-w- C:\WINDOWS\Sysnative\ClipUp.exe 2016-10-28 11:13:55 892206A0E24EA4B6134CAC2A0F6A54BF 1600632 ----a-w- C:\WINDOWS\Sysnative\sppobjs.dll 2016-10-28 11:13:55 23529A00195CE71252FEBF647E56E27D 5622088 ----a-w- C:\WINDOWS\Sysnative\sppsvc.exe 2016-10-28 11:13:54 FDEB82FC97ABBE8350AA918C7D8AFF50 882680 ----a-w- C:\WINDOWS\Sysnative\EditionUpgradeManagerObj.dll 2016-10-28 11:13:54 A0F3716738FA4A7B0719C463ED65B91D 742704 ----a-w- C:\WINDOWS\Sysnative\sppwinob.dll 2016-10-28 11:13:54 3D5F44B1137E72725BD8A37E3F003185 429568 ----a-w- C:\WINDOWS\Sysnative\SndVolSSO.dll 2016-10-28 11:13:53 094064FD67AA46A13DF65A39C9405DEC 590960 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll 2016-10-28 11:13:48 59E69B38FBB892BED6F373AE428FB256 942080 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll 2016-10-28 11:13:48 49BF5C8182C3D2D6CD9F7EEDF1CFDB66 1840640 ----a-w- C:\WINDOWS\Sysnative\FntCache.dll 2016-10-28 11:13:48 21766CDBBA69CE5C42AA3F666DF7F524 4474368 ----a-w- C:\WINDOWS\Sysnative\D3DCompiler_47.dll 2016-10-28 11:13:47 70F4E5440CEECCBC0A8071128FE89946 7654912 ----a-w- C:\WINDOWS\Sysnative\mos.dll 2016-10-28 11:13:47 018E797BA4861E98AFC7B52C471423B0 7216640 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll 2016-10-28 11:13:42 AB7A00FB1CC356DB931582E5B35E799B 1492480 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2016-10-28 11:13:42 518FE9EAE640B8CBE80FE374D7DF28B9 886784 ----a-w- C:\WINDOWS\Sysnative\CPFilters.dll 2016-10-28 11:13:41 D243745884BCBC21E91AB569A0AD514E 673792 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe 2016-10-28 11:13:41 AE598A72F00E8BD6D2C5CCCFD9659833 1267504 ----a-w- C:\WINDOWS\Sysnative\WinTypes.dll 2016-10-28 11:13:41 9EDC292CFA20432BE47F2840A5AB5C15 702464 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Playback.MediaPlayer.dll 2016-10-28 11:13:41 3BC06B2436C509172D1F13E109BAA408 720896 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.BackgroundMediaPlayback.dll 2016-10-28 11:13:40 CA80E0CE8289060D6C3157FD463DAE3D 329216 ----a-w- C:\WINDOWS\Sysnative\wc_storage.dll 2016-10-28 11:13:40 C539A88D4D53C2DE20D76B1D5C8EB77E 718848 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Playback.BackgroundMediaPlayer.dll 2016-10-28 11:13:40 B737F6FB33A6F79BCBC293A5B32C1C4E 410624 ----a-w- C:\WINDOWS\Sysnative\cdpsvc.dll 2016-10-28 11:13:40 81C56248655872C203C52E03F29DEC9F 463872 ----a-w- C:\WINDOWS\Sysnative\daxexec.dll 2016-10-28 11:13:40 4CE3CF14092DF1B265D68FDC280D6193 7792640 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll 2016-10-28 11:13:40 2531EF3423A9FE1692005A41907E3BE3 339456 ----a-w- C:\WINDOWS\Sysnative\cdpusersvc.dll 2016-10-28 11:13:39 E88D553F9AF1391D5006FEB1EF8541AF 4708864 ----a-w- C:\WINDOWS\Sysnative\ExplorerFrame.dll 2016-10-28 11:13:38 F8468E150EB55D038571F99476DD3262 2913104 ----a-w- C:\WINDOWS\Sysnative\combase.dll 2016-10-28 11:13:38 F7EFAD8D7F960B7FFF1FA5074B1ECE41 193536 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.WiFi.dll 2016-10-28 11:13:38 47E6107CA36990552608CC6316A58086 283488 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe 2016-10-28 11:13:38 39833DC1C734E08593909E7C405361E9 2827864 ----a-w- C:\WINDOWS\Sysnative\d3d11.dll 2016-10-28 11:13:37 C2A3B07F0118D61086C99BDCBAB6A6A3 817664 ----a-w- C:\WINDOWS\Sysnative\winhttp.dll 2016-10-28 11:13:37 9D541C9CAA45B118439FB9D90430370A 1060864 ----a-w- C:\WINDOWS\Sysnative\JpMapControl.dll 2016-10-28 11:13:37 9C58479C6F685B0CB9FBA560DD905B0B 1005568 ----a-w- C:\WINDOWS\Sysnative\D3D12.dll 2016-10-28 11:13:37 4C326C9D935D2F1ED904DC1715716F79 936448 ----a-w- C:\WINDOWS\Sysnative\NMAA.dll 2016-10-28 11:13:37 1A67F02D6CF159EE2BD0FEAB157F8F89 1851696 ----a-w- C:\WINDOWS\Sysnative\crypt32.dll 2016-10-28 11:13:36 D176C2BFA32EF5FB52C495600338AAF9 905216 ----a-w- C:\WINDOWS\Sysnative\MapControlCore.dll 2016-10-28 11:13:36 B2B0EB8BB0D741B798C691A9FED1B7B8 98816 ----a-w- C:\WINDOWS\Sysnative\BthRadioMedia.dll 2016-10-28 11:13:36 6FAD3704C336BF87A2543EF82C987F33 120832 ----a-w- C:\WINDOWS\Sysnative\BluetoothApis.dll 2016-10-28 11:13:36 239B9AB452DE728ABCB5E957FAE2699D 635904 ----a-w- C:\WINDOWS\Sysnative\FlightSettings.dll 2016-10-28 11:13:36 05213973D67F7FD9997BAA005FC33AB3 1029632 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll 2016-10-28 11:13:35 F9D247D75B43DD4AE6E0C72B2C815C44 1359360 ----a-w- C:\WINDOWS\Sysnative\usercpl.dll 2016-10-28 11:13:35 036D826413ED8690A0F944CEDA444403 111616 ----a-w- C:\WINDOWS\Sysnative\MDMAppInstaller.exe 2016-10-28 11:13:34 CF84B93F0193CE7788C585B1A4C555D6 40448 ----a-w- C:\WINDOWS\Sysnative\efsext.dll 2016-10-28 11:13:34 8F15AD07A36C0F9B4B825F32A8011972 313856 ----a-w- C:\WINDOWS\Sysnative\moshostcore.dll 2016-10-28 11:13:34 5FA2F33AA3E18276A5E72DBD1F33F622 534096 ----a-w- C:\WINDOWS\Sysnative\AudioEng.dll 2016-10-28 11:13:34 55C58F16ABEEB035D1D3B9DB475EDB09 241152 ----a-w- C:\WINDOWS\Sysnative\dafBth.dll 2016-10-28 11:13:34 504676BDB30DA598EC24A2BB5331987E 566784 ----a-w- C:\WINDOWS\Sysnative\ActionCenterCPL.dll 2016-10-28 11:13:34 4AD7225B1E6FC9024A1C55923C6072AD 579072 ----a-w- C:\WINDOWS\Sysnative\LockAppBroker.dll 2016-10-28 11:13:33 30A8C6FAA572A020F373DA089AD9A603 337920 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll 2016-10-28 11:13:29 D7CE49E869C7A61FF6336E6CADC8033A 161792 ----a-w- C:\WINDOWS\Sysnative\EditionUpgradeHelper.dll 2016-10-28 11:13:28 5BB95BF277A60BC0A7C397799B7C22E6 438784 ----a-w- C:\WINDOWS\Sysnative\EncDec.dll 2016-10-28 11:13:28 2ADA0B221942ED692B172B236541C392 265728 ----a-w- C:\WINDOWS\Sysnative\dhcpcore6.dll 2016-10-28 11:13:27 4D202C5C09D955C3DA7B4FFCBDC6AC9F 243712 ----a-w- C:\WINDOWS\Sysnative\shdocvw.dll 2016-10-28 11:13:23 A8DD0C0DA172F5916742D9DA7B6CE5CE 690176 ----a-w- C:\WINDOWS\Sysnative\ieproxy.dll 2016-10-28 11:13:23 1205FA5FEC074FDE107C86DAA4CE909D 956416 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.desktop.dll 2016-10-28 11:13:22 A6CCEA8AA934E09295E75D53D79F17EB 1512960 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys 2016-10-28 11:13:22 3FC194B562885E972DC003F6B4F4E2CE 1779712 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2016-10-28 11:13:21 CD2014FD556A6D52CD37AEC58F317A1D 1690112 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.onecore.dll 2016-10-28 11:13:21 4816E166BD2C0E637DB183D24765684F 805376 ----a-w- C:\WINDOWS\Sysnative\FrameServer.dll 2016-10-28 11:13:20 4602AFABC56BCA46A5BDA4EA4E6B18B8 296960 ----a-w- C:\WINDOWS\Sysnative\mfsensorgroup.dll 2016-10-28 11:13:18 66A10D67BDD2400AB74632EEB48FD63E 23680000 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2016-10-28 11:13:17 E16D62A6B83A0B260FFC81C02F426E9B 467968 ----a-w- C:\WINDOWS\Sysnative\Geolocation.dll 2016-10-28 11:13:17 9E662F3580DC5C6CECE7E51B31433536 909824 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Search.dll 2016-10-28 11:13:16 97F66EE7A8342B7707D3F438D8D808E7 2750384 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2016-10-28 11:13:15 B96109DC5B8DF54A27F3FB7CCCF09CFF 2670592 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2016-10-28 11:13:15 8FF9C45D01C50D6C1F2A9D149624E240 2266624 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll 2016-10-28 11:13:14 DF1E6557FA2D92350A0EA194523F694E 1694712 ----a-w- C:\WINDOWS\Sysnative\winmde.dll 2016-10-28 11:13:14 68CE253C68FD0A25DB4F65B03D1694FE 631296 ----a-w- C:\WINDOWS\Sysnative\NotificationController.dll 2016-10-28 11:13:13 4D2F68E0BC1F8C8DEC9DDE1DBB6D30C7 2476544 ----a-w- C:\WINDOWS\Sysnative\DWrite.dll 2016-10-28 11:13:12 4A9B24409BC87A84801BA6F9FF4963FE 22568960 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2016-10-28 11:13:02 6C159EC791FA7DE9C99DD5A099147A57 983040 ----a-w- C:\WINDOWS\Sysnative\RemoteNaturalLanguage.dll 2016-10-28 11:13:02 632E40D4B280A9B1F3666C7B59B8F960 160096 ----a-w- C:\WINDOWS\Sysnative\CloudExperienceHostBroker.dll 2016-10-28 11:13:01 583EC9BF6E31D25AE6E1CE0FDEADB1FC 523776 ----a-w- C:\WINDOWS\Sysnative\MusUpdateHandlers.dll 2016-10-28 11:13:00 EF1BB0EF8A12C32DD88C409706B8145E 945664 ----a-w- C:\WINDOWS\Sysnative\iphlpsvc.dll 2016-10-28 11:12:59 BA1AF3F03004E839BAAF9316FA96012C 227328 ----a-w- C:\WINDOWS\Sysnative\cdd.dll 2016-10-28 11:12:58 DF4022C406B86F15117E7B678E7F499A 261632 ----a-w- C:\WINDOWS\Sysnative\indexeddbserver.dll 2016-10-28 11:12:58 D2F163E37AFD3E3294AC0B71617AF6E6 323584 ----a-w- C:\WINDOWS\Sysnative\twinui.pcshell.dll 2016-10-28 11:12:58 731F7C6E4B65D50250DF25DCF532FB94 1637888 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2016-10-28 11:12:56 28AEA9AC3951A7A981FEDD50B02CCEE0 219648 ----a-w- C:\WINDOWS\Sysnative\AudioSrvPolicyManager.dll 2016-10-28 11:12:55 D484D466F4A80A77E708E32D1767A6BC 388608 ----a-w- C:\WINDOWS\Sysnative\zipfldr.dll 2016-10-28 11:12:54 7F1227FBF92744F5CE1AC05C5886631C 314880 ----a-w- C:\WINDOWS\Sysnative\FSClient.dll 2016-10-28 11:12:54 5E241274083F9DF700237065ABE2FD8F 369664 ----a-w- C:\WINDOWS\Sysnative\msinfo32.exe 2016-10-28 11:12:54 27D5AC0C9ADFAF0AC31596468C36F2B5 18432 ----a-w- C:\WINDOWS\Sysnative\stdole2.tlb 2016-10-28 11:12:53 C51C73F3BFD34D358F593F4088F4829D 88576 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2016-10-28 11:14:41 23522E5D581F7722B1B5B86737CAE39C 227328 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys 2016-10-28 11:14:25 E6D5762958A839B119C041256149AAD6 967168 ----a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2016-10-28 11:14:24 039B5A8CBD5C75D1C46DF15F7C74D136 63328 ----a-w- C:\WINDOWS\Sysnative\drivers\dam.sys 2016-10-28 11:14:23 60EB6A4CE3E21887D302350631C16F26 118272 ----a-w- C:\WINDOWS\Sysnative\drivers\capimg.sys 2016-10-28 11:14:21 C1E85B4FB08B4CCF16841B165910148B 258560 ----a-w- C:\WINDOWS\Sysnative\drivers\xboxgip.sys 2016-10-28 11:14:04 3DFBB8B3F8BC0A91297030D0E530BA37 79200 ----a-w- C:\WINDOWS\Sysnative\drivers\crashdmp.sys 2016-10-28 11:14:03 DEA44117F9EE53EAFCE555C0A9B108C6 509280 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys 2016-10-28 11:13:42 3E502EB1701CF54CF237B6250FBE38EA 619368 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-10-28 11:13:23 5BEE032780FCE432A80E58C14CDEA965 402272 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-10-28 11:13:21 72C828E0A21020FC6723A940A8F2F085 658272 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-10-28 11:13:21 101CC1FD8D48ED1EF71F0840158D0E6D 335712 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-10-28 11:13:20 4F25E481124059CC593B4C68BC485640 2537824 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2016-10-28 11:13:14 A10C7C1E69FC90620C7BF2E51302A01F 1100128 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys 2016-10-28 11:13:13 125C83C44EEE61E2ED5893F23AEF0FC9 2190688 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-10-28 11:13:12 C994DF90427103CCB80F893FFD2B1CE8 557408 ----a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys 2016-10-28 11:12:59 B23596AFC687B5256CCD7DD429E2E6FB 409952 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS 2016-10-28 11:12:59 323AA1953ED9C01E23F740FA891FE064 584032 ----a-w- C:\WINDOWS\Sysnative\drivers\afd.sys 2016-10-28 11:12:55 5157325B17E455D9DF7AFBB4B608E78A 156672 ----a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys 2016-10-25 18:21:25 D0A1E2DAC2378B5C630131C2EC2923AD 23640 ----a-w- C:\WINDOWS\Sysnative\drivers\avusbflt.sys 2016-10-24 12:27:14 E73A2960A54F83B96415BAE10E66CCB2 153392 ----a-w- C:\WINDOWS\Sysnative\drivers\avipbb.sys 2016-10-24 12:27:14 899D89FDF015BBAF628076987D74C295 78208 ----a-w- C:\WINDOWS\Sysnative\drivers\avnetflt.sys 2016-10-24 12:27:14 79F7741A773FF194EEC64A8161AE26D5 35488 ----a-w- C:\WINDOWS\Sysnative\drivers\avkmgr.sys 2016-10-24 12:27:14 5BAD6576E9DB51C6FB1AA4F74A1491F0 151352 ----a-w- C:\WINDOWS\Sysnative\drivers\avgntflt.sys 2016-10-11 18:53:26 25D32BE04FE0A23FDF57FD5382757672 143872 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys 2016-10-11 18:53:02 2CF0CB2A0ED68C5455371E84C16F9627 64352 ----a-w- C:\WINDOWS\Sysnative\drivers\MegaSas2i.sys 2016-10-11 18:52:14 0D1D392ED2597F295956D058D33BD7C3 144896 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys 2016-10-11 18:52:13 E5E5D9E317739CEE510EAF46C88A7C38 128864 ----a-w- C:\WINDOWS\Sysnative\drivers\tm.sys 2016-10-11 18:52:12 D5564FC81350458ED570528C4E3B1CCF 1181536 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2016-10-11 18:51:49 7C3D10BEC8B0DBA00A78C78EB10B3AE2 279904 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2016-10-11 18:51:46 FFFBB40B9C7AD811AA6EA74A0A6168B1 187232 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2016-10-11 18:51:45 224BA1CB1F3C702F0D001D2AFC9793B1 128512 ----a-w- C:\WINDOWS\Sysnative\drivers\bthpan.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2016-10-24 12:27:12 -------- d-----w- C:\PROGRA~2\Avira ======= C: ===== ====== C:\Users\Ewoud\AppData\Roaming ====== ====== C:\Users\Ewoud ====== 2016-11-01 17:27:09 E40EAF0B16B1AE4DD8F0313C9ACAE8FA 2478592 ----a-w- C:\Users\Ewoud\Downloads\ZHPCleaner.exe 2016-11-01 16:20:57 121F06C1DA71965212F3B6C13C17C514 3910208 ----a-w- C:\Users\Ewoud\Downloads\AdwCleaner.exe 2016-11-01 10:15:53 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ewoud\Downloads\RSITx64 (1).exe 2016-10-24 12:27:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira ====== C: exe-files == 2016-11-01 17:29:13 445628416AC69213158D248E8DDE52AC 419560 ----a-w- C:\ProgramData\Adobe\ARM\S\533\AdobeARMHelper.exe 2016-11-01 16:46:39 445628416AC69213158D248E8DDE52AC 419560 ----a-w- C:\ProgramData\Adobe\ARM\S\24960\AdobeARMHelper.exe 2016-11-01 16:28:24 9F1AE66D7954FE2E0909A5EBC6B94798 67072 ----a-w- C:\AdwCleaner\quarantine\files\hjyxtxtfcbmzchwxdahjtnatmrgczqkw\Engine\wow_helper.exe 2016-11-01 16:28:24 86B849A6AA0CF711F500528A964C33F2 3084616 ----a-w- C:\AdwCleaner\quarantine\files\hjyxtxtfcbmzchwxdahjtnatmrgczqkw\Engine\StartMenuIndexer.exe 2016-11-01 16:28:21 2C7746812F87526BED12C32E30364BA4 7521608 ----a-w- C:\AdwCleaner\quarantine\files\hjyxtxtfcbmzchwxdahjtnatmrgczqkw\Engine\HostAppService.exe 2016-11-01 16:28:19 8FD6BF5142CF6F209C78597E40A9E934 1651806 ----a-w- C:\AdwCleaner\quarantine\files\hjyxtxtfcbmzchwxdahjtnatmrgczqkw\Uninstall.exe 2016-11-01 16:27:55 9BB6863C76CBC29AEB37D0F66081B6D7 1923984 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\vToolbarUpdater\40.2.3\ToolbarUpdater.exe 2016-11-01 16:27:54 C4B5B632405768AE113B03CDA14D023C 168336 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\vToolbarUpdater\40.1.6\loggingserver.exe 2016-11-01 16:27:54 9C7303E6CE54EBAD89E6B9980E716993 1875856 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\vToolbarUpdater\40.1.8\ToolbarUpdater.exe 2016-11-01 16:27:54 569F7B9651AFCC9D4F5B7609BA85CB61 192912 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\vToolbarUpdater\40.2.3\loggingserver.exe 2016-11-01 16:27:54 179B9E35E4F705D4D646B05E7916F605 1874320 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\vToolbarUpdater\40.1.6\ToolbarUpdater.exe 2016-11-01 16:27:54 0DE7798BCEEEF7F24F82A809C6B12882 168336 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\vToolbarUpdater\40.1.8\loggingserver.exe 2016-11-01 16:27:53 38E739B52CBAEFE78CC31DAACA541DBF 1874320 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\vToolbarUpdater\18.8.0\ToolbarUpdater.exe 2016-11-01 16:27:53 0ACCB81916A1C1A1925A7FAFFE77275D 168336 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\vToolbarUpdater\18.8.0\loggingserver.exe 2016-11-01 16:27:52 DDB736399CBA4EE5792836C86215005D 2524560 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\ScriptHelperInstaller\40.2.4\ScriptHelper.exe 2016-11-01 16:27:51 F7B7E2391DC3D9B94C088FAABD19341D 2485648 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\ScriptHelperInstaller\40.1.8\ScriptHelper.exe 2016-11-01 16:27:51 8E9E3C5CD1C588391DB2675973710A96 2525072 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\ScriptHelperInstaller\40.2.3\ScriptHelper.exe 2016-11-01 16:27:50 C4E4AFD1779608D9E4055892CF6F02D2 2484112 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\ScriptHelperInstaller\40.1.6\ScriptHelper.exe 2016-11-01 16:27:50 9453F659823154F0C0E7D1DF7840572E 2484112 ----a-w- C:\AdwCleaner\quarantine\files\apmgsfluzvxsbvagbxhdjhmejjairflk\ScriptHelperInstaller\18.8.0\ScriptHelper.exe 2016-11-01 16:27:46 E8E9AF3F304E16DE0E747985CDD048E7 341776 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\TcpService\2.3.4.7\LavasoftLSPInstaller.exe 2016-11-01 16:27:46 8FB6D64CB42E660C4534D38013D64A03 2751760 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\TcpService\2.3.4.7\LavasoftTcpService.exe 2016-11-01 16:27:46 872C4B405A0109EA046E1BCD627F6B38 422672 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\TcpService\2.3.4.7\LavasoftLSPInstaller64.exe 2016-11-01 16:27:44 C8C489B40129ACD414585E8A7406A767 290576 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\Application\WebCompanionInstaller.exe 2016-11-01 16:27:44 A6F08D3FB926EAA91004B1277C5A96A1 372224 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\Application\WebCompanionWebUI.exe 2016-11-01 16:27:43 D0EF673A6FE12EB720CF9B39BE69EAFD 20480 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\Application\RegisterExtensionDotNet40.exe 2016-11-01 16:27:43 8658BEDD11B13C56607EE0BE437693E5 17168 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\Application\Lavasoft.SearchProtect.WinService.exe 2016-11-01 16:27:43 41D6405D7055B8E8D7C853840D874D54 16384 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\Application\RestartExplorer.exe 2016-11-01 16:27:43 2AB653E11A18FB6E88A3E8974C2E084D 1409296 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\Application\WebCompanion.exe 2016-11-01 16:27:42 F8F34EC5D4A08A2BB8175CC37EA91023 120080 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\Application\Ad-Aware Web Companion.exe 2016-11-01 16:27:42 8C025FD3E5C9D3001981B3AF9CD79B80 52496 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\Application\AASearchCompanion.exe 2016-11-01 16:27:42 404D87A1ADF8B1AAC2A12F36FDF72431 39696 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\Application\Lavasoft.ArrowHelper.UI.exe 2016-11-01 16:27:37 BADEAA354D916EE307FAB259F59B63D4 2814864 ----a-w- C:\AdwCleaner\quarantine\files\gihphiialrbkzsypitpjnivzvoobhyut\vprot.exe 2016-11-01 16:27:37 3432C83C55A19B713459140BE7BAF0DC 1164688 ----a-w- C:\AdwCleaner\quarantine\files\gihphiialrbkzsypitpjnivzvoobhyut\WtuSystemSupport.exe 2016-11-01 16:27:36 DE8A7C7D03DDC9429DFB36382338BF18 1017232 ----a-w- C:\AdwCleaner\quarantine\files\gihphiialrbkzsypitpjnivzvoobhyut\lip.exe 2016-11-01 16:27:36 B44A2353FE2594958043E7883A3D94CC 3000208 ----a-w- C:\AdwCleaner\quarantine\files\gihphiialrbkzsypitpjnivzvoobhyut\Uninstall.exe 2016-11-01 16:27:35 E2F252FA5124B28DC5343380C129F693 1125776 ----a-w- C:\AdwCleaner\quarantine\files\gihphiialrbkzsypitpjnivzvoobhyut\BundleInstall.exe 2016-11-01 16:27:35 144CDF28A7E052770B1952EC5F540BA6 1393040 ----a-w- C:\AdwCleaner\quarantine\files\gihphiialrbkzsypitpjnivzvoobhyut\CefHost.exe 2016-11-01 16:27:31 A14BB8571CFD93FBF3283FB3CDE90FA1 3582888 ----a-w- C:\AdwCleaner\quarantine\files\ialkfyccwnqkvwqibdyflibwopqidxnu\CrashReport\avgdiagex.exe 2016-11-01 16:27:31 73C8E66AA30F40F2D113D8B1EC859FB5 739304 ----a-w- C:\AdwCleaner\quarantine\files\ialkfyccwnqkvwqibdyflibwopqidxnu\CrashReport\avgdumpx.exe 2016-11-01 16:27:29 65D17FF9559C0AA2F3B292E8F1A4C1B3 1394544 ----a-w- C:\AdwCleaner\quarantine\files\obpprwhxqnbvirhykkvcsvwroazsdoaf\installer.exe 2016-11-01 16:27:28 4FEDD1B12D0AA7B5782D4BF7A9700939 29728 ----a-w- C:\AdwCleaner\quarantine\files\jeqxffoxzdsuidmjkqfqzacisjftiuxw\StartURL.exe 2016-11-01 16:27:24 56E850DBC3099BFC2336A79099332537 2854064 ----a-w- C:\AdwCleaner\quarantine\files\hlrddnebddhojdjyfrwxbpduhbpzxgnr\app\image\Hola-Setup-x64-1.15.577.exe 2016-11-01 16:27:22 56E850DBC3099BFC2336A79099332537 2854064 ----a-w- C:\AdwCleaner\quarantine\files\hlrddnebddhojdjyfrwxbpduhbpzxgnr\app\image\Hola-Setup-x64-1.15.577.1.exe 2016-11-01 16:27:21 56E850DBC3099BFC2336A79099332537 2854064 ----a-w- C:\AdwCleaner\quarantine\files\hlrddnebddhojdjyfrwxbpduhbpzxgnr\app\hola_setup.exe 2016-11-01 16:27:19 9F59C6480341CBC5080E19C038DF1458 307448 ----a-w- C:\AdwCleaner\quarantine\files\yyjmnjjjvsaxyotksdnwjpophfbkofyd\1E798CE13F7B4B24B95FC022C1D3D21D\WcInstaller.exe 2016-11-01 16:26:20 7738E0C44B83860C2682BF97C8C06047 4043464 ----a-w- C:\AdwCleaner\quarantine\files\jcswfdocfcjbbgiewelpnktoauwklkht\Setup\slweblbg\WinServicesUpdater.exe 2016-11-01 16:25:33 9F1AE66D7954FE2E0909A5EBC6B94798 67072 ----a-w- C:\AdwCleaner\quarantine\files\jcswfdocfcjbbgiewelpnktoauwklkht\Engine\wow_helper.exe 2016-11-01 16:25:29 45A3E508CB6812E2FF34433501705542 4048200 ----a-w- C:\AdwCleaner\quarantine\files\jcswfdocfcjbbgiewelpnktoauwklkht\Uninstall.exe 2016-11-01 16:24:14 1891573CDB8DB42AA8A129292A03C8D6 5494400 ----a-w- C:\AdwCleaner\quarantine\files\nlrzfptbudxxsptzyqiusxroakjajhsi\firefox_hola\app\hola_plugin.exe 2016-11-01 16:23:36 B2C91E27DFE08162B6351C76E74CDE09 2784656 ----a-w- C:\AdwCleaner\quarantine\files\morczhsmloecxtauuliubnxbbyelmgqw\1215avz_AVG-Secure-Search-Update.exe 2016-11-01 16:23:35 093E08B26995AF473577E5C87DEDBC0E 2782096 ----a-w- C:\AdwCleaner\quarantine\files\mavwbvtoadwclzihiwomlxjrsxoyxspg\1015av_AVG-Secure-Search-Update.exe 2016-11-01 15:30:10 B0780914936D0E2855E639C11194FA3C 470552 ----a-w- C:\EEK\Start Emergency Kit Scanner.exe 2016-11-01 15:30:10 1A37C12134DC2762DA13AB445B9D8264 467928 ----a-w- C:\EEK\Start Commandline Scanner.exe 2016-11-01 15:30:09 F9443F131BD98E06F593CDA36C8EC9E1 7689472 ----a-w- C:\EEK\bin32\a2emergencykit.exe 2016-11-01 15:30:09 F8CF26A1EE207172A323A9BFB16DBA6D 4617656 ----a-w- C:\EEK\bin32\a2cmd.exe 2016-11-01 15:30:09 F6870D687CAD101E3AFB84574E4AD746 7078080 ----a-w- C:\EEK\bin64\a2cmd.exe 2016-11-01 15:30:09 B517C322400FAE683A54BB0BD2484B12 11118112 ----a-w- C:\EEK\bin64\a2emergencykit.exe 2016-11-01 13:12:21 445628416AC69213158D248E8DDE52AC 419560 ----a-w- C:\ProgramData\Adobe\ARM\S\15739\AdobeARMHelper.exe 2016-11-01 10:08:33 445628416AC69213158D248E8DDE52AC 419560 ----a-w- C:\ProgramData\Adobe\ARM\S\12495\AdobeARMHelper.exe 2016-10-30 11:14:40 445628416AC69213158D248E8DDE52AC 419560 ----a-w- C:\ProgramData\Adobe\ARM\S\18213\AdobeARMHelper.exe 2016-10-30 09:00:04 445628416AC69213158D248E8DDE52AC 419560 ----a-w- C:\ProgramData\Adobe\ARM\S\24608\AdobeARMHelper.exe 2016-10-30 07:46:16 445628416AC69213158D248E8DDE52AC 419560 ----a-w- C:\ProgramData\Adobe\ARM\S\10148\AdobeARMHelper.exe 2016-10-30 05:23:06 753D75B8D5BD6FDFC426ECD1CD5167CC 335264 ----a-w- C:\ProgramData\Acer\updater2\Download\selfupgrade\Setup.exe 2016-10-29 17:32:46 445628416AC69213158D248E8DDE52AC 419560 ----a-w- C:\ProgramData\Adobe\ARM\S\6758\AdobeARMHelper.exe 2016-10-28 11:14:02 21E5561A3B3B7A9A32E84C15D1E4F7A4 90112 ----a-w- C:\Program Files\Windows Media Player\wmlaunch.exe 2016-10-28 11:14:02 13C398101A5ED0CE80ADBEBA857314A8 1842176 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe 2016-10-28 11:14:00 C4B56C14C70B324FCF50AA857733A0B0 1810944 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe 2016-10-28 11:13:59 08D16561E6724637D887F451A896F7F0 73216 ----a-w- C:\Program Files (x86)\Windows Media Player\wmlaunch.exe 2016-10-28 11:12:54 617EBC7797E4A5F84B204199AE9CDE7D 336896 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe 2016-10-28 11:12:54 5E241274083F9DF700237065ABE2FD8F 369664 ----a-w- C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 2016-10-28 08:26:22 445628416AC69213158D248E8DDE52AC 419560 ----a-w- C:\ProgramData\Adobe\ARM\S\10769\AdobeARMHelper.exe 2016-10-27 18:09:12 B90B48EC45364F53BB6C0394148DF8C5 44295032 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\54.0.2840.71\54.0.2840.71_chrome_installer.exe 2016-10-27 13:00:12 445628416AC69213158D248E8DDE52AC 419560 ----a-w- C:\ProgramData\Adobe\ARM\S\11653\AdobeARMHelper.exe 2016-10-27 12:49:42 BFDE72F81CC53184D5932B60E1C94AF0 2205688 ----a-w- C:\Users\Ewoud\AppData\Local\Google\Chrome\User Data\SwReporter\12.77.0\software_reporter_tool.exe === C: other files == 2016-11-01 16:29:25 5539EEBC66CEF4F653DF04342E120D22 6679 ----a-w- C:\Users\Ewoud\AppData\Local\Temp\DeleteOnReboot.bat 2016-11-01 16:27:44 93965A6E013F3EE85FB8351FB1636374 16657 ----a-w- C:\AdwCleaner\quarantine\files\fhzmexpbqefdgclczwtebgyohrwjpxrv\Application\Extension\@wcextensionff.xpi 2016-11-01 16:27:35 567B5EC265B26994AFB11DB13F53B07A 147960 ----a-w- C:\AdwCleaner\quarantine\files\gihphiialrbkzsypitpjnivzvoobhyut\data.zip 2016-11-01 16:27:33 C89E853BBC257EA1606B6F1C66A3E071 2486 ----a-w- C:\AdwCleaner\quarantine\files\tvrckokdqljteaqvlivempmmgvwxghbf\Options\ActiveFeatures.zip 2016-11-01 16:27:32 C9500927D17AA684765843EE9618E75B 216767 ----a-w- C:\AdwCleaner\quarantine\files\tvrckokdqljteaqvlivempmmgvwxghbf\Definitions\MaliciousUrlDaily.zip 2016-11-01 16:27:32 34A2A0DD7F1291667991CAFA315E1C6C 1574754 ----a-w- C:\AdwCleaner\quarantine\files\tvrckokdqljteaqvlivempmmgvwxghbf\Definitions\MaliciousUrlWeekly.zip 2016-11-01 16:27:31 6507BF8862FDF79EC71A529E817DE12E 179339 ----a-w- C:\AdwCleaner\quarantine\files\ialkfyccwnqkvwqibdyflibwopqidxnu\FireFoxExt\4.2.4.155\avg@toolbar.xpi 2016-11-01 16:27:17 567B5EC265B26994AFB11DB13F53B07A 147960 ----a-w- C:\AdwCleaner\quarantine\files\zjlktebsrhhdgfcpeaonljztrkwbovcc\Paypal\data.zip 2016-11-01 15:30:12 FEFA44FADD6C4BAC432F4953FD582CCF 97128 ----a-w- C:\EEK\bin32\epp.sys 2016-11-01 15:30:12 8783EDE26F315555EFE697239D337910 116944 ----a-w- C:\EEK\bin64\epp.sys 2016-10-30 05:23:06 B3EE87E94F5985A3C33E8A966B26CD6F 47 ----a-w- C:\ProgramData\Acer\updater2\Download\selfupgrade\FpInstall.bat 2016-10-28 11:14:54 4EA522C8A9DEFF1B880A0DB393660DCD 3617792 ----a-w- C:\Windows\System32\win32kfull.sys 2016-10-28 11:14:41 23522E5D581F7722B1B5B86737CAE39C 227328 ----a-w- C:\Windows\System32\drivers\ahcache.sys 2016-10-28 11:14:25 E6D5762958A839B119C041256149AAD6 967168 ----a-w- C:\Windows\System32\drivers\bthport.sys 2016-10-28 11:14:24 039B5A8CBD5C75D1C46DF15F7C74D136 63328 ----a-w- C:\Windows\System32\drivers\dam.sys 2016-10-28 11:14:23 60EB6A4CE3E21887D302350631C16F26 118272 ----a-w- C:\Windows\System32\drivers\capimg.sys 2016-10-28 11:14:21 C1E85B4FB08B4CCF16841B165910148B 258560 ----a-w- C:\Windows\System32\drivers\xboxgip.sys 2016-10-28 11:14:13 FAA16FBC6711E6DB2DB50D37FBF19D1E 2999808 ----a-w- C:\Windows\SysWOW64\win32kfull.sys 2016-10-28 11:14:04 3DFBB8B3F8BC0A91297030D0E530BA37 79200 ----a-w- C:\Windows\System32\drivers\crashdmp.sys 2016-10-28 11:14:03 DEA44117F9EE53EAFCE555C0A9B108C6 509280 ----a-w- C:\Windows\System32\drivers\storport.sys 2016-10-28 11:13:42 3E502EB1701CF54CF237B6250FBE38EA 619368 ----a-w- C:\Windows\System32\drivers\cng.sys 2016-10-28 11:13:23 5BEE032780FCE432A80E58C14CDEA965 402272 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2016-10-28 11:13:22 A6CCEA8AA934E09295E75D53D79F17EB 1512960 ----a-w- C:\Windows\System32\win32kbase.sys 2016-10-28 11:13:21 72C828E0A21020FC6723A940A8F2F085 658272 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys 2016-10-28 11:13:21 101CC1FD8D48ED1EF71F0840158D0E6D 335712 ----a-w- C:\Windows\System32\drivers\pci.sys 2016-10-28 11:13:20 4F25E481124059CC593B4C68BC485640 2537824 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2016-10-28 11:13:14 A10C7C1E69FC90620C7BF2E51302A01F 1100128 ----a-w- C:\Windows\System32\drivers\http.sys 2016-10-28 11:13:13 125C83C44EEE61E2ED5893F23AEF0FC9 2190688 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2016-10-28 11:13:12 C994DF90427103CCB80F893FFD2B1CE8 557408 ----a-w- C:\Windows\System32\drivers\spaceport.sys 2016-10-28 11:12:59 B23596AFC687B5256CCD7DD429E2E6FB 409952 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2016-10-28 11:12:59 323AA1953ED9C01E23F740FA891FE064 584032 ----a-w- C:\Windows\System32\drivers\afd.sys 2016-10-28 11:12:55 5157325B17E455D9DF7AFBB4B608E78A 156672 ----a-w- C:\Windows\System32\drivers\hidclass.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1854223093-3483252176-3228169965-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "OneDrive"="C:\Users\Ewoud\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Google Update"="C:\Users\Ewoud\AppData\Local\Google\Update\GoogleUpdate.exe /c" "gflauncher"="C:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe --autostart" "Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "EaseUS Cleanup"="C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\CleanUpUI.exe 10 300" "avgnt"="C:\Program Files (x86)\Avira\Antivirus\avgnt.exe /min" "Avira SystrayStartTrigger"="C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "OneDrive"="C:\Users\Ewoud\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Google Update"="C:\Users\Ewoud\AppData\Local\Google\Update\GoogleUpdate.exe /c" "gflauncher"="C:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe --autostart" "Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe " "WindowsDefender"=""%ProgramFiles%\Windows Defender\MSASCuiL.exe"" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22-06-2015 19:52] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22-06-2015 19:52] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1854223093-3483252176-3228169965-1001Core.job --a-------- C:\Users\Ewoud\AppData\Local\Google\Update\GoogleUpdate.exe [14-05-2016 14:22] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1854223093-3483252176-3228169965-1001UA.job --a-------- C:\Users\Ewoud\AppData\Local\Google\Update\GoogleUpdate.exe [14-05-2016 14:22] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\AcerCloud" [C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe] "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\WINDOWS\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\WINDOWS\SysNative\tasks\BacKGroundAgent" [C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1854223093-3483252176-3228169965-1001Core" [C:\Users\Ewoud\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1854223093-3483252176-3228169965-1001UA" [C:\Users\Ewoud\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Launch Manager" ["C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe"] "C:\WINDOWS\SysNative\tasks\MegaBackupUpdater" [C:\Program Files\MegaBackup Corp\MegaBackup\Current\Installer.exe] "C:\WINDOWS\SysNative\tasks\Open Chrome" [c:\program files (x86)\Google\Chrome\Application\chrome.exe] "C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe"] "C:\WINDOWS\SysNative\tasks\Private Internet Access Startup" ["C:\Program Files\pia_manager\pia_manager.exe"] "C:\WINDOWS\SysNative\tasks\UbtFrameworkService" ["C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe"] "C:\WINDOWS\SysNative\tasks\USER_ESRV_SVC_WILLAMETTE" ["C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{BFD12E45-2831-45B0-86CC-3DD59EAA5ED4}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Intel\Intel Telemetry 2 (x86)" [C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-07-16 10:34:48 -------- d-----w- C:\PROGRA~3\Samsung 2016-07-16 11:47:48 -------- d-----w- C:\PROGRA~3\USOPrivate 2016-07-16 11:47:48 -------- d---a-w- C:\PROGRA~3\regid.1991-06.com.microsoft 2016-07-16 11:47:48 -------- d-s---w- C:\PROGRA~3\Microsoft 2016-08-13 12:43:16 -------- d-----w- C:\PROGRA~3\GFACE 2016-08-13 14:31:55 -------- d-sh--we C:\PROGRA~3\Application Data 2016-08-13 14:33:42 -------- d-----w- C:\PROGRA~3\USOShared 2016-08-13 14:37:26 -------- d-----w- C:\PROGRA~3\Microsoft OneDrive 2016-08-27 07:53:55 -------- d-----w- C:\PROGRA~3\Spotnet 2016-08-30 13:54:51 -------- d-----w- C:\PROGRA~3\MegaBackup Corp 2016-09-20 17:37:29 -------- d-----w- C:\PROGRA~3\Avira ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Search Page"="https://www.google.com/search?bcutc=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?bcutc=sp-006" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="https://www.google.com/search?bcutc=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?bcutc=sp-006" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="https://www.google.com/search?bcutc=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?bcutc=sp-006" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{81DD5ED1-CE2C-4829-8E2D-144EDF846379}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{81DD5ED1-CE2C-4829-8E2D-144EDF846379} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB HKLM\Wow6432Node\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{81DD5ED1-CE2C-4829-8E2D-144EDF846379} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB HKLM\Wow6432Node\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?bcutc=sp-006&q={searchTerms} ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\02F6486B12843E11F869800002C0A966 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{bde0db80-4deb-444d-b33a-44bf96cd1478} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6846F20-4821-11E3-8F96-0800200C9A66} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\02F6486B12843E11F869800002C0A966 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [EaseUS Cleanup] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\CleanUpUI.exe" 10 300 O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ewoud\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Ewoud\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [gflauncher] "C:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe" --autostart O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000 O9 - Extra button: @C:\WINDOWS\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\WINDOWS\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe O23 - Service: DokanMb Service (DokanMbMounter) - MegaBackup Corp - C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ewoud\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Ewoud\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Ewoud\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Ewoud\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=56 folders=32 160825744 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Ewoud\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 01-11-2016 at 21:28:03,82 ======================