
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Van Alphen on di 19-04-2016 at 12:57:22,69.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Van Alphen\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2015-08-15-202742.log	11545 bytes
C:\zoek-results2016-04-18-123746.log	61708 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.73_windows_x86_64.exe
C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.73_windows_x86_64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Van Alphen\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolwizCareFree] 

==== Deleting Files \ Folders ======================

C:\ProgramData\Avg_Update_1215av not found
C:\Program Files (x86)\ToolwizCareFree not found
"C:\Windows\tasks\1215avUpdateInfo.job" not found

==== Registry Search Results for "WSWSVCUchrome" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\WSWSVCUchrome]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\PROTOCOLS\Handler\WSWSVCUchrome]

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4009 MB
CPU Info: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
CPU Speed: 2655,0 MHz
Sound Card: Luidsprekers (Realtek High Defi | 
S22B350 (Intel(R) Display Audio | 
Realtek Digital Output (Realtek | 
Realtek Digital Output(Optical) | 
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; SyncMaster SB350_S22B350H (HDMI) | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GH22NS70
Ports: COM1 LPT1
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  244,0GB | D:  4,0GB
Hard Disks - Free: C:  124,3GB | D:  3,5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 06/16/10 | ALASKA - 1072009
Time Zone: West-Europa (standaardtijd)
Motherboard *: ASUSTeK Computer INC. V-P8H61E.
Country: Nederland 
Language: NLD 

==== System Specs (Software) ======================

AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
Internet Explorer Version: 11.0.9600.18282 
Google Chrome version: 50.0.2661.75
Sun Java version: 1.7.0_15 (32-bit) 

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2016-04-17 11:14:23	F0071C341584B1B7123E6ACAE74ABD88	1004	----a-w-	C:\Windows\CompatibilityIssues.txt
2016-04-17 10:53:43	D1E75542EC8D1B4851765A57AC63618E	1908	----a-w-	C:\Windows\diagerr.xml
2016-04-17 10:53:43	1D0323483ACC8F1896C4E0A219F6A2F1	2562	----a-w-	C:\Windows\diagwrn.xml
====== C:\Users\VANALP~1\AppData\Local\Temp ====
2016-04-18 17:40:02	D7241ACE1B65ED9EC322A3F55B9F056F	9773120	----a-w-	C:\Users\Van Alphen\AppData\Local\Temp\Foxit Reader Updater.exe
2016-04-18 10:44:04	07E0061E25DEF00CDD5B28FCCD0A1F4D	186640	----a-w-	C:\Users\Van Alphen\AppData\Local\Temp\avguirn_08704811520.exe
2016-04-17 18:26:54	E1A33C266113B7B129454BF7194E6D4E	222024	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\psuser_64.dll
2016-04-17 18:26:54	AF8A94BCB98C299C49B28CC12EBC0ED2	598344	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\npGoogleUpdate3.dll
2016-04-17 18:26:54	9DB85E3837F081F2A0183ABDB64988C7	191816	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\psmachine.dll
2016-04-17 18:26:54	81E82DDD40716A631717D8D72270C65D	191816	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\psuser.dll
2016-04-17 18:26:54	2B1D61EFAF2242D66EC00007D87E0807	222024	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\psmachine_64.dll
2016-04-17 18:26:53	F489BF87E4B3E9CCEFA102CC347F180F	95048	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateWebPlugin.exe
2016-04-17 18:26:53	E8F013079B7613637AC4D8C592E75264	1688392	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\goopdate.dll
2016-04-17 18:26:53	ABF64234F3462571E66527828040219B	252232	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleCrashHandler.exe
2016-04-17 18:26:53	A70C804C5BCC0BBFCB7E9173C32B0221	95048	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateOnDemand.exe
2016-04-17 18:26:53	A4C58EA455234AFD3B622D838CDE4C39	987728	----a-w-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateSetup.exe
2016-04-17 18:26:53	8C17EAF5E4883284A75FC560C7F021AB	137544	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateComRegisterShell64.exe
2016-04-17 18:26:53	750446ED76A5D13E902174DDDDA1A62B	154440	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdate.exe
2016-04-17 18:26:53	6A2B52268050763E4FCD4F61F8869D4C	40960	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateHelper.msi
2016-04-17 18:26:53	2E6215108125A42160A1EC17208A50F0	313672	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleCrashHandler64.exe
2016-04-17 18:26:53	1457C6AC71CAEC4D692FDD62155A9745	95048	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateBroker.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2016-04-13 13:42:01	C86AFCDD4584CFDF7B57335FEC7546E4	111616	----a-w-	C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 13:42:01	936AF75B1A7A663C24F999029A84142C	176128	----a-w-	C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 13:41:30	8007E4C5C9B40FB30F816F6E74284DF1	1240576	----a-w-	C:\Windows\SysWOW64\msxml3.dll
2016-04-13 13:41:29	D25FCA441C69C3E6E78DE1BBCBF97BBC	2048	----a-w-	C:\Windows\SysWOW64\msxml3r.dll
2016-04-13 13:41:13	F1CA4530A435A6741346A1ECF3FE10E9	3943144	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 13:41:13	E518B37F8C82A4320732352E4DA9BF41	1414144	----a-w-	C:\Windows\SysWOW64\ole32.dll
2016-04-13 13:41:13	5C47821CC760ED48EA66A28465BD35E4	3998952	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 13:41:13	40A0F37C85DFA5D6E963FFD496439661	1314112	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2016-04-13 13:41:11	B52C499A81A73E8F74938ACA42734331	275456	----a-w-	C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 13:41:11	9F55E7A647A793A4D8C89A32B9543799	644096	----a-w-	C:\Windows\SysWOW64\advapi32.dll
2016-04-13 13:41:11	6B69810EDAEBBC68B205F5BBFD625E84	553984	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2016-04-13 13:41:11	405B50ED43C2D73B32056168494DEA24	666112	----a-w-	C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 13:41:11	28B998D3ACC5AF930B78A982B4698CB8	260608	----a-w-	C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 13:41:11	2610C8EF506344326F7250691093A3B9	251392	----a-w-	C:\Windows\SysWOW64\schannel.dll
2016-04-13 13:41:11	2347F9D5227F8751527C0AA0CDBA7375	342528	----a-w-	C:\Windows\SysWOW64\certcli.dll
2016-04-13 13:41:11	19E838D8DD2CB5576707259C8281EA78	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
2016-04-13 13:41:10	F7DF39F60CCB70AD4551BAC41C18ACA1	43008	----a-w-	C:\Windows\SysWOW64\srclient.dll
2016-04-13 13:41:10	E8618EF4CB8D38462D4D8A4ED7DA9850	171520	----a-w-	C:\Windows\SysWOW64\wdigest.dll
2016-04-13 13:41:10	C8AE40931A2AC87E30E05C75E4A61796	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2016-04-13 13:41:10	B782F44A047D0D9459F0078A98AA8542	36352	----a-w-	C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 13:41:10	AAF65CD3A15EF6ECB0F4EF32F0D461B8	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 13:41:10	A3ECF0CFA0BFE509A77F0514885EA608	50688	----a-w-	C:\Windows\SysWOW64\appidapi.dll
2016-04-13 13:41:10	972332B4F1AC8EF3A42AE45BF65D3B60	141312	----a-w-	C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 13:41:10	88B9000A87883C908F927AF5036B8309	223232	----a-w-	C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 13:41:10	6B0E139FEF3B7C0061983C1502AE0CA3	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2016-04-13 13:41:10	47B6BE9CDF6888B7F9FDC5B2DB41B107	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 13:41:10	002E17D37479281C5D241A189F973C5F	1114112	----a-w-	C:\Windows\SysWOW64\kernel32.dll
2016-04-13 13:41:09	8DCFB284FC896E2F6F02134298A8F1E1	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2016-04-13 13:41:09	361F32EEFC326C7D34CD2CCF05C469FC	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
2016-04-13 13:41:08	F5042159B95FD2748F55D89E08A89B48	146432	----a-w-	C:\Windows\SysWOW64\msaudite.dll
2016-04-13 13:41:08	BCF50CD5076E765200740A97FCB4D74F	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2016-04-13 13:41:08	866254892512D27510475080EEC15748	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2016-04-13 13:41:08	6DB3EFE1174B79571A28355A732B3337	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2016-04-13 13:41:08	4DD90351DB68847F9048133E45004B2F	60416	----a-w-	C:\Windows\SysWOW64\msobjs.dll
2016-04-13 13:41:08	38958A47AEE19E4CD89A0850640217C3	690688	----a-w-	C:\Windows\SysWOW64\adtschema.dll
2016-04-13 13:41:08	1FCAFC14E7B1BA3569DD1E483E486998	6656	----a-w-	C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 13:40:32	C2E392F3CE66FE21ADB7CA1158790BAA	15360	----a-w-	C:\Windows\SysWOW64\tbs.dll
2016-04-13 13:40:09	795F356F6027FCA3FD4AD5F3CCD904B7	60416	----a-w-	C:\Windows\SysWOW64\samlib.dll
2016-04-13 13:39:45	386E748E484BA802FCCBF00FC90729C4	2048	----a-w-	C:\Windows\SysWOW64\tzres.dll
2016-04-13 13:39:14	E08CCC70F5520717E764A966A7BA22EF	47616	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 13:39:14	B49EBDC69A49D67A3F20C583DDC7BF5D	76288	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 13:39:14	55E69CE386E20BE89CB62FD5A205D5A1	91136	----a-w-	C:\Windows\SysWOW64\inseng.dll
2016-04-13 13:39:14	4949ACC87CA50A42863676CEA35147EA	30720	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2016-04-13 13:39:13	E90EF76CB74E7AECB0355AF44B6B1B78	346320	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 13:39:13	E1DEB2313E5527B721514570756A33C8	64000	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 13:39:13	DDD0F1861689EC17F8CA0CD8E46B8D5A	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 13:39:13	7A24C77D85DE57C80D300A2F241F1721	496640	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2016-04-13 13:39:13	79E4D96CCB1E68A3CE18B6E8E3F3B705	1311744	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2016-04-13 13:39:13	340F204F636FB15D8C52DC1FFBD88F51	130048	----a-w-	C:\Windows\SysWOW64\occache.dll
2016-04-13 13:39:13	145A62FF0E34A8DC81DC45954EBD7EE9	279040	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 13:39:12	8C99981E6B4209ABC8BCF887BDEBCE53	20352512	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2016-04-13 13:39:12	28009063B84E8F9C8479D34AD32BF7D2	693248	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 13:39:11	E34AB80B40980408CE370070512AB6AB	663552	----a-w-	C:\Windows\SysWOW64\jscript.dll
2016-04-13 13:39:11	B68217807ABBCA26B08D33E7315F4566	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 13:39:11	96537B3B2E17273D4B4DB5A061B5D07B	2056192	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 13:39:11	65BC52D21BBCED6B6538378E11439850	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 13:39:11	49E51E0E5A6BF6B893017578CEB42B2D	2285056	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2016-04-13 13:39:11	2AEBB3308B4AACDC0BB548EF5560AACF	62464	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2016-04-13 13:39:10	C0C84BA8E2C98159BC0847BE36B05D47	47104	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 13:39:10	A0701B16086577DD3D592AE7D28EFAB6	416256	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 13:39:10	795F250FBBC41FC616557767E4FD63EF	13811712	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2016-04-13 13:39:10	720DCF5A80B0D37865CBB58333961335	476160	----a-w-	C:\Windows\SysWOW64\ieui.dll
2016-04-13 13:39:10	2CBA7EBF49FF867C7F116BF66C0049BF	620032	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 13:39:08	39E2397EE90CBC724567B9E6906E1AFC	1155072	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 13:39:07	EE3825FFE3F31B7FCB7B4A284197361B	2121216	----a-w-	C:\Windows\SysWOW64\wininet.dll
2016-04-13 13:39:07	CBDA03CEE7784F2A3D3C3E197B5C3784	230400	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2016-04-13 13:39:07	9A94A96401F9E8D777145C4A10E2F068	4611072	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2016-04-13 13:39:07	7C06F83E73201DE87B471917E8C9BCBD	341504	----a-w-	C:\Windows\SysWOW64\html.iec
2016-04-13 13:39:07	3E816997AA0924BE8C1F957BB0B6A2AD	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 13:39:07	26597D00E5A4A022D5D4C4459967BF30	168960	----a-w-	C:\Windows\SysWOW64\msrating.dll
2016-04-08 12:18:00	0607FACB8484E48E9A0CCA7D4ADE24D0	341160	----a-w-	C:\Windows\SysWOW64\SRCOM.dll
2016-04-08 12:17:59	9573E0B62C25859955A39A69CEC13263	83632	----a-w-	C:\Windows\SysWOW64\SFCOM.dll
2016-04-08 12:17:58	FBB573808BA980C1FFABD3C95DDF441F	589080	----a-w-	C:\Windows\SysWOW64\SECOMN32.DLL
2016-04-08 12:17:55	30E5110924ED1F3E7A6B3BF456309A28	2714568	----a-w-	C:\Windows\SysWOW64\RltkAPO.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-04-13 13:42:03	A575C471CCFC7CBF32F446FA305E7341	156672	----a-w-	C:\Windows\Sysnative\mtxoci.dll
2016-04-13 13:41:31	622C96AFB07BB82C8650B47172137AC4	511488	----a-w-	C:\Windows\Sysnative\rpcss.dll
2016-04-13 13:41:30	F8A05F48B79CB5C087F089BA6C0659FB	1885696	----a-w-	C:\Windows\Sysnative\msxml3.dll
2016-04-13 13:41:29	D303AC584429678DB27DEBD4282CA1DF	2048	----a-w-	C:\Windows\Sysnative\msxml3r.dll
2016-04-13 13:41:14	6FCB62DDF2575ADFFD577A6648B25377	1464320	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2016-04-13 13:41:14	10F466EF4048CA32CAF98FE4A3A16982	2084864	----a-w-	C:\Windows\Sysnative\ole32.dll
2016-04-13 13:41:13	ADFFC3B4418247A562E8727C66DE4428	5551336	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2016-04-13 13:41:13	7BE74B8A4BA6D27137E5557229EB83E3	631176	----a-w-	C:\Windows\Sysnative\winresume.efi
2016-04-13 13:41:13	7AE8440A7C8B7E7078EE2654DDB8D21F	1732864	----a-w-	C:\Windows\Sysnative\ntdll.dll
2016-04-13 13:41:13	5817A07A72436A5658E48BF98A91137D	706280	----a-w-	C:\Windows\Sysnative\winload.efi
2016-04-13 13:41:11	EF34A098DD383766689A2F21BA2A990E	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2016-04-13 13:41:11	C9F6BB175A7392A851FD86F2A3359088	463872	----a-w-	C:\Windows\Sysnative\certcli.dll
2016-04-13 13:41:11	B46D03BABD31B23E6FCB226CB22D4D6B	1163264	----a-w-	C:\Windows\Sysnative\kernel32.dll
2016-04-13 13:41:11	B3A62D12B93A49189EA8CE51D186FC61	880640	----a-w-	C:\Windows\Sysnative\advapi32.dll
2016-04-13 13:41:11	AE9981D722DA386FBDDC78BEE6E41E56	419840	----a-w-	C:\Windows\Sysnative\KernelBase.dll
2016-04-13 13:41:11	841BF993597DCD498247684B5D3AE845	215552	----a-w-	C:\Windows\Sysnative\winsrv.dll
2016-04-13 13:41:11	7BBBB5DE05EFEEF2E45A48F9A943B6B0	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2016-04-13 13:41:11	77372D87A1A5E170C366E436990C6CB5	312320	----a-w-	C:\Windows\Sysnative\ncrypt.dll
2016-04-13 13:41:11	7407A5C092DAD554A3FC768B9859A847	210432	----a-w-	C:\Windows\Sysnative\wdigest.dll
2016-04-13 13:41:11	682586CACD78EF53EF7301B4180EB595	112640	----a-w-	C:\Windows\Sysnative\smss.exe
2016-04-13 13:41:11	54D7B147EB4E7691AA5A2FA110A38363	1212928	----a-w-	C:\Windows\Sysnative\rpcrt4.dll
2016-04-13 13:41:11	4F374ED543FC9F3BB17EC6A7C8DF39A1	344064	----a-w-	C:\Windows\Sysnative\schannel.dll
2016-04-13 13:41:11	487D19B284DAFCBAE811AE785CC8B603	731136	----a-w-	C:\Windows\Sysnative\kerberos.dll
2016-04-13 13:41:11	3D6AE177FAF7E3296251DDB05773618E	338432	----a-w-	C:\Windows\Sysnative\conhost.exe
2016-04-13 13:41:11	3B44D778B4719B1D5650FC6B1D90AA19	503808	----a-w-	C:\Windows\Sysnative\srcore.dll
2016-04-13 13:41:11	3B38C2EDA0D4854ED0E72BA3CBE8D72E	316416	----a-w-	C:\Windows\Sysnative\msv1_0.dll
2016-04-13 13:41:11	2D99A0ECE8475367798F1313197C933D	362496	----a-w-	C:\Windows\Sysnative\wow64win.dll
2016-04-13 13:41:11	0CBD4E2DBBADABB79BFB8289E6E6227F	135680	----a-w-	C:\Windows\Sysnative\sspicli.dll
2016-04-13 13:41:10	CB7E479501BC4C55328D242D41C1D074	16384	----a-w-	C:\Windows\Sysnative\ntvdm64.dll
2016-04-13 13:41:10	C47B6624AF9AEE4146743DCB133A159D	34816	----a-w-	C:\Windows\Sysnative\appidsvc.dll
2016-04-13 13:41:10	BEEC56A8B8B5707B0E7139C6D9D57217	296960	----a-w-	C:\Windows\Sysnative\rstrui.exe
2016-04-13 13:41:10	BEAD4B03B375B8F02C8C205E25A7CF0A	63488	----a-w-	C:\Windows\Sysnative\setbcdlocale.dll
2016-04-13 13:41:10	9D8F5EBE48750AF80C5EB5542BEC448B	59904	----a-w-	C:\Windows\Sysnative\appidapi.dll
2016-04-13 13:41:10	9C73710485E2E1540D869BDB8A8A68CA	43520	----a-w-	C:\Windows\Sysnative\cryptbase.dll
2016-04-13 13:41:10	97C1D81250E9E73F7FC8568EF622017A	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2016-04-13 13:41:10	81AA2961530A4F036046CC627B4A90BC	28160	----a-w-	C:\Windows\Sysnative\secur32.dll
2016-04-13 13:41:10	811D9D4242A3E53D6DA86A400CCD63D0	13312	----a-w-	C:\Windows\Sysnative\wow64cpu.dll
2016-04-13 13:41:10	7F9ADD80DE0B27B5EF2ACA7B19EAA3E5	43520	----a-w-	C:\Windows\Sysnative\csrsrv.dll
2016-04-13 13:41:10	626BE7CD27F44185AA4DCD3603830312	30720	----a-w-	C:\Windows\Sysnative\lsass.exe
2016-04-13 13:41:10	6199722CB619A0887BE81F16A4474538	190464	----a-w-	C:\Windows\Sysnative\rpchttp.dll
2016-04-13 13:41:10	59738954027D75A282D82680C8AFBC54	148480	----a-w-	C:\Windows\Sysnative\appidpolicyconverter.exe
2016-04-13 13:41:10	593BC0F0D33A1905B5DC37FA756EB2BA	50176	----a-w-	C:\Windows\Sysnative\srclient.dll
2016-04-13 13:41:10	3A2DF0CC19D68C60F434DA02E1ED01B3	28672	----a-w-	C:\Windows\Sysnative\sspisrv.dll
2016-04-13 13:41:09	1F8F134C7350EF16C79E1C42005BCDE9	64000	----a-w-	C:\Windows\Sysnative\auditpol.exe
2016-04-13 13:41:09	0E4019A26AE3DB40461B5AA0C3AD6A68	17920	----a-w-	C:\Windows\Sysnative\appidcertstorecheck.exe
2016-04-13 13:41:08	DB651F0E6AC20C42348A9F0E8E7C42D5	690688	----a-w-	C:\Windows\Sysnative\adtschema.dll
2016-04-13 13:41:08	800AA696A0A773C039D1568F5828EFDE	60416	----a-w-	C:\Windows\Sysnative\msobjs.dll
2016-04-13 13:41:08	6A019F8581D13BC1637DF9F2C92849DB	6656	----a-w-	C:\Windows\Sysnative\apisetschema.dll
2016-04-13 13:41:08	3D347AF86D2FDDEC5F30844537C355D1	146432	----a-w-	C:\Windows\Sysnative\msaudite.dll
2016-04-13 13:40:41	1D0A5FF3C7C7EA7480429D16D38B60EA	3216896	----a-w-	C:\Windows\Sysnative\win32k.sys
2016-04-13 13:40:32	D99F8968C0C5CAD46A6B93A1FA6738B2	109568	----a-w-	C:\Windows\Sysnative\fveapibase.dll
2016-04-13 13:40:32	D1035B8EFC83165612F7AAB1816A81B4	451080	----a-w-	C:\Windows\Sysnative\fveapi.dll
2016-04-13 13:40:32	8F39E301AD8B219DADF83BD7DBE9842E	20480	----a-w-	C:\Windows\Sysnative\tbs.dll
2016-04-13 13:40:17	9AD833027AF42AEFCA1FE6CD64F31B22	38120	----a-w-	C:\Windows\Sysnative\CompatTelRunner.exe
2016-04-13 13:40:17	9282C7B69C15B072A9D9F9EDE0AA9C40	1169408	----a-w-	C:\Windows\Sysnative\aeinv.dll
2016-04-13 13:40:17	6E613496CC7CFAD37FA3D1EA86229A26	76800	----a-w-	C:\Windows\Sysnative\acmigration.dll
2016-04-13 13:40:17	4AAF4B88EDABA4CA3ACA82C1A248A3F4	279040	----a-w-	C:\Windows\Sysnative\invagent.dll
2016-04-13 13:40:17	453EEF8F903DE266D9CB16313B5FA796	215040	----a-w-	C:\Windows\Sysnative\aepic.dll
2016-04-13 13:40:17	2A0822070B416170A690D5E061194907	698368	----a-w-	C:\Windows\Sysnative\generaltel.dll
2016-04-13 13:40:17	2816C405CD465CB1D3559D017284FD31	1386496	----a-w-	C:\Windows\Sysnative\appraiser.dll
2016-04-13 13:40:17	24AAC7624C0114C5DAC7DA794D38E18A	499200	----a-w-	C:\Windows\Sysnative\devinv.dll
2016-04-13 13:40:10	48AF282E07C70E053D4E3EE2C732AD0D	760320	----a-w-	C:\Windows\Sysnative\samsrv.dll
2016-04-13 13:40:09	C91E969FDEB819E63E7D6BECF5A8B8D0	106496	----a-w-	C:\Windows\Sysnative\samlib.dll
2016-04-13 13:39:45	83250E0CE090E705B826C17F3345C758	2048	----a-w-	C:\Windows\Sysnative\tzres.dll
2016-04-13 13:39:14	F734019D02F9BA24764F5D98E31B100D	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2016-04-13 13:39:14	9AB123A730E48BBEB355FDFF8A940605	34304	----a-w-	C:\Windows\Sysnative\iernonce.dll
2016-04-13 13:39:14	5A5C52E1349D8DFFB24C23715C2235DC	114688	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2016-04-13 13:39:13	6A80D021EBD77CFEF88836E796C3EF05	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2016-04-13 13:39:13	5E3FC3737471E4F9C4836EBC7F8DFFFC	77824	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2016-04-13 13:39:13	1FD2417B253AAF8D3E73A5B3F5660253	107520	----a-w-	C:\Windows\Sysnative\inseng.dll
2016-04-13 13:39:13	04AA1E7E50F9769EC7839EB76E7BA9F5	725504	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2016-04-13 13:39:11	D664D27231EC3E73A2D36811508539D3	394952	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2016-04-13 13:39:11	6526575EEFF97F225F64D80633B555A3	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2016-04-13 13:39:11	5938B49B3D83028409AC08F5979D793D	152064	----a-w-	C:\Windows\Sysnative\occache.dll
2016-04-13 13:39:11	43DD53A9F55C8FA28E78E7FEE177EE09	1547264	----a-w-	C:\Windows\Sysnative\urlmon.dll
2016-04-13 13:39:10	DC3C6F43A83BC90A1AC77E7369A24971	315392	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2016-04-13 13:39:10	876DCA7F8F58E6F5F9CA0BD2C09AF134	968704	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2016-04-13 13:39:10	2B1E9C2199882E0C3BB598DBA0FC421C	806400	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2016-04-13 13:39:09	CD397ADCD899BF08450D9EDDAC873232	66560	----a-w-	C:\Windows\Sysnative\iesetup.dll
2016-04-13 13:39:09	855B804B5CC55D371DD34614B0A1831A	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2016-04-13 13:39:08	873DFCA620963C330BC8E3E37B972A96	2131968	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2016-04-13 13:39:08	3E0CD58E1F313D3BBF58CCE38D4955DA	2892800	----a-w-	C:\Windows\Sysnative\iertutil.dll
2016-04-13 13:39:07	903C5D4331CF4B0BEB3A778B0EF7C7D4	54784	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2016-04-13 13:39:07	4E58493C10022CC28C99D7E4ABAD74EC	571904	----a-w-	C:\Windows\Sysnative\vbscript.dll
2016-04-13 13:39:06	A633F1A4D75A8435C62A77ED741D2329	615936	----a-w-	C:\Windows\Sysnative\ieui.dll
2016-04-13 13:39:06	6597570F5E74FB9B1474741678AF0003	15415808	----a-w-	C:\Windows\Sysnative\ieframe.dll
2016-04-13 13:39:06	10BDB7F57DEE499D54F94F1ED261E5FF	489984	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2016-04-13 13:39:05	EEE42684C753083B01D3F72FA252B88C	262144	----a-w-	C:\Windows\Sysnative\webcheck.dll
2016-04-13 13:39:05	8FC9C6E4F1CE587C735A06F0CFFEE619	1359360	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2016-04-13 13:39:05	8975E4521C293E751031B6EFCAA6E17A	144384	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2016-04-13 13:39:05	40FA30AE9CAEC38F3E753A934BE66AFD	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2016-04-13 13:39:04	D2E3B1DEDF6F6177D8C32B2516703A93	2596864	----a-w-	C:\Windows\Sysnative\wininet.dll
2016-04-13 13:39:04	97BC9545A72A88E6B952301AF5D22316	6052352	----a-w-	C:\Windows\Sysnative\jscript9.dll
2016-04-13 13:39:04	7D8316FE73C06E03A308BA0BFACC189F	814080	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2016-04-13 13:39:04	726A9338C34B1598422609822FE4E58A	817664	----a-w-	C:\Windows\Sysnative\jscript.dll
2016-04-13 13:39:03	E5390387D51FDA7CF4FB5F1C3C8E1049	199680	----a-w-	C:\Windows\Sysnative\msrating.dll
2016-04-13 13:39:03	472E445AB61201546ABCFF7220DCA4C5	88064	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2016-04-13 13:39:03	0DB95DBB77C611BEE1A476977A3B3DE3	417792	----a-w-	C:\Windows\Sysnative\html.iec
2016-04-13 13:39:02	31C8C489E5C51A72B52CC0F0B292FB3B	25817600	----a-w-	C:\Windows\Sysnative\mshtml.dll
2016-04-08 12:18:02	257AAFCD058DA483ACB2D83EE93BAEAC	3299832	----a-w-	C:\Windows\Sysnative\YamahaAE2.dll
2016-04-08 12:18:02	18ED92D7CFA489FA721542F0686DAC6A	2190992	----a-w-	C:\Windows\Sysnative\YamahaAE.dll
2016-04-08 12:18:00	FE65BD26FC5060BF7CA9CC1B2D6EE478	596120	----a-w-	C:\Windows\Sysnative\tosasfapo64.dll
2016-04-08 12:18:00	E9D95AC5B9BA14F60FA093ED93BB03DF	873472	----a-w-	C:\Windows\Sysnative\tadefxapo264.dll
2016-04-08 12:18:00	D7DBDB1A75ED2C52676A6AF224DD64D9	2110600	----a-w-	C:\Windows\Sysnative\WavesGUILib64.dll
2016-04-08 12:18:00	934E59423F97E82F9C57CAD6EB961EFF	1435152	----a-w-	C:\Windows\Sysnative\SRRPTR64.dll
2016-04-08 12:18:00	8BA5F47E249A9E6A925B36B031C07C7B	1382240	----a-w-	C:\Windows\Sysnative\tosade.dll
2016-04-08 12:18:00	847B045A038DB0866FDCCFF8A3A08F01	381416	----a-w-	C:\Windows\Sysnative\SRCOM64.dll
2016-04-08 12:18:00	83A7B6D6BD1035EA9B042C50EB89B649	532384	----a-w-	C:\Windows\Sysnative\SRSTSX64.dll
2016-04-08 12:18:00	65F8B8C2B731B77F2CAE325E627A630B	158704	----a-w-	C:\Windows\Sysnative\tadefxapo.dll
2016-04-08 12:18:00	65C22BA542A01C89A049372F405AB653	224264	----a-w-	C:\Windows\Sysnative\tossaemaxapo64.dll
2016-04-08 12:18:00	56DFBA5FCAFA4DB0A7A040328B28A30D	172584	----a-w-	C:\Windows\Sysnative\toseaeapo64.dll
2016-04-08 12:18:00	2FE3C0CF6BBA92B7A06C183C562716F3	221976	----a-w-	C:\Windows\Sysnative\SRSTSH64.dll
2016-04-08 12:18:00	1FBF46DB62B79BD589E643E32881FFED	75544	----a-w-	C:\Windows\Sysnative\tepeqapo64.dll
2016-04-08 12:18:00	1CA6476BB4334267A772E1AC4003FAE4	166208	----a-w-	C:\Windows\Sysnative\SRSWOW64.dll
2016-04-08 12:18:00	187243042D79A2E01EE69B8B2DF85B6C	888480	----a-w-	C:\Windows\Sysnative\tossaeapo64.dll
2016-04-08 12:18:00	1334F3C65D003683A68818CFDAF9CFC1	467168	----a-w-	C:\Windows\Sysnative\SRAPO64.dll
2016-04-08 12:18:00	0607FACB8484E48E9A0CCA7D4ADE24D0	341160	----a-w-	C:\Windows\Sysnative\SRCOM.dll
2016-04-08 12:18:00	004FA3D119140B703BFFAC38A49685AC	209536	----a-w-	C:\Windows\Sysnative\SRSHP64.dll
2016-04-08 12:17:59	9ECC47FB05198AA7206C830CA9857F98	88328	----a-w-	C:\Windows\Sysnative\SFAPO64.dll
2016-04-08 12:17:59	9039C07A46EFF4EF3152EAC0703EC13B	231920	----a-w-	C:\Windows\Sysnative\SFNHK64.dll
2016-04-08 12:17:59	832D8C1DF40B2A044863875BA9D8C59A	1330072	----a-w-	C:\Windows\Sysnative\slcnt64.dll
2016-04-08 12:17:59	746D04ED69EE66C447F4861E1425B629	965032	----a-w-	C:\Windows\Sysnative\SFSS_APO.dll
2016-04-08 12:17:59	5F35C84C7B703EA6BF3F02F71BFC989F	1022872	----a-w-	C:\Windows\Sysnative\sl3apo64.dll
2016-04-08 12:17:59	4691D75F9C89D135C609727DD1E47827	258504	----a-w-	C:\Windows\Sysnative\slprp64.dll
2016-04-08 12:17:59	3A98A66F7911A0684300A34B4036F993	1943624	----a-w-	C:\Windows\Sysnative\sltech64.dll
2016-04-08 12:17:59	221AEBFF49FFCEF8457171A62A0E5DE4	90920	----a-w-	C:\Windows\Sysnative\SFCOM64.dll
2016-04-08 12:17:58	773B92F1B1ABADF8C227DB61AF3FD70E	2894976	----a-w-	C:\Windows\Sysnative\RTSnMg64.cpl
2016-04-08 12:17:58	6BDA194E45325D8718223DB9456EC25B	3198720	----a-w-	C:\Windows\Sysnative\RtPgEx64.dll
2016-04-08 12:17:58	4919B460A5F265D4ADD4843877E2B53B	927424	----a-w-	C:\Windows\Sysnative\SEHDRA64.dll
2016-04-08 12:17:58	48803A330788D6790AC9CDC4D367E87C	343712	----a-w-	C:\Windows\Sysnative\RtlCPAPI64.dll
2016-04-08 12:17:58	3F9C0B0E95817C1B8B6324213E4DF226	716104	----a-w-	C:\Windows\Sysnative\SECOMN64.dll
2016-04-08 12:17:58	0ADEF515E847515CE63D4CEF6C0308BF	450128	----a-w-	C:\Windows\Sysnative\SEAPO64.dll
2016-04-08 12:17:57	C3B5B392E28EFA05032C59849A2797EB	23704	----a-w-	C:\Windows\Sysnative\RtkCoLDR64.dll
2016-04-08 12:17:57	8ED9102C22A7EDFCEF2B99FC7D3CF1FE	192992	----a-w-	C:\Windows\Sysnative\RtkCfg64.dll
2016-04-08 12:17:56	ED01F1E32F1FF167271940C2D3F6420B	214840	----a-w-	C:\Windows\Sysnative\RTEED64A.dll
2016-04-08 12:17:56	BC4230CB39DF74D609BEBB3EF4F82794	689888	----a-w-	C:\Windows\Sysnative\RtDataProc64.dll
2016-04-08 12:17:56	8C3CD8E302064BA8550B8D8B27644848	3283248	----a-w-	C:\Windows\Sysnative\RtkApi64.dll
2016-04-08 12:17:56	8982D2785275BB0D72B273AA4E7E4D87	387320	----a-w-	C:\Windows\Sysnative\RTEEP64A.dll
2016-04-08 12:17:56	70333104007413D08A3D50F829078408	88352	----a-w-	C:\Windows\Sysnative\RTEEG64A.dll
2016-04-08 12:17:56	61A46D53743D8F5FBA83294DFE9B85FC	110984	----a-w-	C:\Windows\Sysnative\RTEEL64A.dll
2016-04-08 12:17:56	51DAAF7348C97EC6EBC45E1E7CB8CAD9	321720	----a-w-	C:\Windows\Sysnative\RP3DHT64.dll
2016-04-08 12:17:56	1DEBF241819DE91464566052636B463D	1356512	----a-w-	C:\Windows\Sysnative\RTCOM64.dll
2016-04-08 12:17:56	0EDC1E295550F7118AC739B606B7ACD5	321720	----a-w-	C:\Windows\Sysnative\RP3DAA64.dll
2016-04-08 12:17:55	F1B3B9685B44C32F3659F2E20FC19C8D	3081808	----a-w-	C:\Windows\Sysnative\RltkAPO64.dll
2016-04-08 12:17:55	79F1F90EA9AF06C357D8937E36C81E81	2049664	----a-w-	C:\Windows\Sysnative\RCoInstII64.dll
2016-04-08 12:17:55	527B9B4856E14237E5B34E0D5D13189F	72203792	----a-w-	C:\Windows\Sysnative\RCoRes64.dat
2016-04-08 12:17:54	FA2552011BB3F9D945A40C004B769B0B	84624	----a-w-	C:\Windows\Sysnative\R4EEG64A.dll
2016-04-08 12:17:54	F137652178F7490938A6C520D39F8817	7172920	----a-w-	C:\Windows\Sysnative\R4EEP64A.dll
2016-04-08 12:17:54	ECC9A8960DFF14D9869BD6F830F8088B	151792	----a-w-	C:\Windows\Sysnative\R4EEL64A.dll
2016-04-08 12:17:54	6856C53442F90AD659F5B635E5F7F81A	134208	----a-w-	C:\Windows\Sysnative\R4EEA64A.dll
2016-04-08 12:17:54	069969BABF7E98990E17533DA1C4A7F4	447720	----a-w-	C:\Windows\Sysnative\R4EED64A.dll
2016-04-08 12:17:53	92A800BA18FB4A1CCB56DCA2E3EE4445	6343320	----a-w-	C:\Windows\Sysnative\NAHIMICV3apo.dll
2016-04-08 12:17:52	C6BAFAC35A007323C4E59758E6EA9348	1003864	----a-w-	C:\Windows\Sysnative\NahimicAPONSControl.dll
2016-04-08 12:17:52	AF80BDAAA4C2747176CF8675A3D6471B	5289952	----a-w-	C:\Windows\Sysnative\NAHIMICAPOlfx.dll
2016-04-08 12:17:52	3A74505FF8018857A344C813B0B2F6AE	5777704	----a-w-	C:\Windows\Sysnative\NAHIMICV2apo.dll
2016-04-08 12:17:52	0B62EA336BD189E2EDBBDDABF9B946E5	923752	----a-w-	C:\Windows\Sysnative\MISS_APO.dll
2016-04-08 12:17:51	C9DB86967D39A17BA01601D0E4C105E1	677680	----a-w-	C:\Windows\Sysnative\MaxxVolumeSDAPO.dll
2016-04-08 12:17:50	CEF60CD91415C9E10301F7628C43F4D2	12986528	----a-w-	C:\Windows\Sysnative\MaxxVoiceAPO4064.dll
2016-04-08 12:17:50	B9D3C3198C53E69E3E3B7AC1AEB248AB	13120760	----a-w-	C:\Windows\Sysnative\MaxxVoiceAPO3064.dll
2016-04-08 12:17:49	E6FA363217A70E2309D6D361E65E7BCC	998032	----a-w-	C:\Windows\Sysnative\MaxxVoiceAPO2064.dll
2016-04-08 12:17:49	3721334BF46E124F7E8CC3A9D44C4C67	1334384	----a-w-	C:\Windows\Sysnative\MaxxSpeechAPO64.dll
2016-04-08 12:17:48	D09839BF6297091053A025969ED48E5C	14057256	----a-w-	C:\Windows\Sysnative\MaxxAudioRealtek64.dll
2016-04-08 12:17:48	47ACBDF3895A232A02F7B8A07E132B34	2050184	----a-w-	C:\Windows\Sysnative\MaxxAudioEQ64.dll
2016-04-08 12:17:48	10E29710006BBDA3BA559BA5E7025D9F	931624	----a-w-	C:\Windows\Sysnative\MaxxAudioAPOShell64.dll
2016-04-08 12:17:47	FBFBB3393518D9427A9CBFED553EFFE4	1186168	----a-w-	C:\Windows\Sysnative\IntelSstCApoPropPage.dll
2016-04-08 12:17:47	FABDC3FA36FE69951878F51174A4D5AF	1211840	----a-w-	C:\Windows\Sysnative\MaxxAudioAPO5064.dll
2016-04-08 12:17:47	EAFFCCC68EC96BAE500F080324FCEF70	1421104	----a-w-	C:\Windows\Sysnative\MaxxAudioAPO6064.dll
2016-04-08 12:17:47	643F580504C5885D2DA94FE8DB9A263A	1164336	----a-w-	C:\Windows\Sysnative\MaxxAudioAPO4064.dll
2016-04-08 12:17:47	56226D8B9CA2E52469D8801611457B94	678192	----a-w-	C:\Windows\Sysnative\MaxxAudioAPO30.dll
2016-04-08 12:17:47	4FB1E410FB24474458BB365AD1A3FA3D	330568	----a-w-	C:\Windows\Sysnative\MaxxAudioAPO20.dll
2016-04-08 12:17:47	1EF71C8C5BF33A092E7928F67A20FD24	618192	----a-w-	C:\Windows\Sysnative\KAAPORT64.dll
2016-04-08 12:17:47	18629CD4FB3A7D809D9C37E98B2C1CDF	2823280	----a-w-	C:\Windows\Sysnative\MaxxAudioAPO7064.dll
2016-04-08 12:17:46	BE962240E23225F09C04B9C1A70C9EDB	179608	----a-w-	C:\Windows\Sysnative\HMLimiter.dll
2016-04-08 12:17:46	A8AD2FDD0AAC3C8548CEF7F206F56A43	203848	----a-w-	C:\Windows\Sysnative\HMHVS.dll
2016-04-08 12:17:46	A76217D8B9AF1CF7C573C2A7EE1CC9A7	471336	----a-w-	C:\Windows\Sysnative\ICEsoundAPO64.dll
2016-04-08 12:17:46	971DE4B217B96765483CB999AA7724D1	10521552	----a-w-	C:\Windows\Sysnative\IntelSSTAPO.dll
2016-04-08 12:17:46	87EC54406F904FF507CCAD089CC19D47	416512	----a-w-	C:\Windows\Sysnative\HMUI.dll
2016-04-08 12:17:46	705E045A76742268ACBB6704D78BA7C6	360352	----a-w-	C:\Windows\Sysnative\HMClariFi.dll
2016-04-08 12:17:46	537EF71791A78313FF182E9EA5422B1C	190944	----a-w-	C:\Windows\Sysnative\HMEQ_Voice.dll
2016-04-08 12:17:46	51B9B9017E7A738CFE070AFDE20551A4	190944	----a-w-	C:\Windows\Sysnative\HMEQ.dll
2016-04-08 12:17:46	4191F12420C8B9D7016FA8FF13ACBF6A	366128	----a-w-	C:\Windows\Sysnative\HMAPO.dll
2016-04-08 12:17:46	3D36B35B2BF2F00FC716162EAF0F2FD7	370840	----a-w-	C:\Windows\Sysnative\HiFiDAX2API.dll
2016-04-08 12:17:44	2A3DF57E6723148D23FAE5665CB5AFBA	65792	----a-w-	C:\Windows\Sysnative\HarmanAudioInterface.dll
2016-04-08 12:17:43	FF553D4BB8320485D621444C7AB83A63	441272	----a-w-	C:\Windows\Sysnative\DTSGainCompensatorDLL64.dll
2016-04-08 12:17:43	E92E5A4D714CFE2EC0AD0D91C8D361CA	504312	----a-w-	C:\Windows\Sysnative\DTSNeoPCDLL64.dll
2016-04-08 12:17:43	E8A17887454AF29C2DE6A700B908BA4B	743968	----a-w-	C:\Windows\Sysnative\DTSBassEnhancementDLL64.dll
2016-04-08 12:17:43	E2329EC175C0E947FC07B144B0BA496C	1591064	----a-w-	C:\Windows\Sysnative\DTSS2HeadphoneDLL64.dll
2016-04-08 12:17:43	E0D426EE14B5EDA65FCAC66B97B08947	252880	----a-w-	C:\Windows\Sysnative\DTSGFXAPONS64.dll
2016-04-08 12:17:43	DB5288B0D0EE71C9C5F3B0F13C58AE8D	708320	----a-w-	C:\Windows\Sysnative\DTSVoiceClarityDLL64.dll
2016-04-08 12:17:43	D67EC33940A51D0E2B892CD9945FD165	1508936	----a-w-	C:\Windows\Sysnative\DTSBoostDLL64.dll
2016-04-08 12:17:43	D23712F2CA1482A4AFB8A778586168F9	3282032	----a-w-	C:\Windows\Sysnative\FMAPO64.dll
2016-04-08 12:17:43	B3BF2267AE16440B2CC54E679088D067	428232	----a-w-	C:\Windows\Sysnative\DTSU2PREC64.dll
2016-04-08 12:17:43	B0D18ACE824495FF72CF2FE79BB3A96F	445408	----a-w-	C:\Windows\Sysnative\DTSLimiterDLL64.dll
2016-04-08 12:17:43	7E237B87A0A60982DC9083A278BAC1A9	514528	----a-w-	C:\Windows\Sysnative\DTSU2PLFX64.dll
2016-04-08 12:17:43	6A2414D2184F4B1946D9C9B6753C27EF	253904	----a-w-	C:\Windows\Sysnative\DTSGFXAPO64.dll
2016-04-08 12:17:43	5A9AE2771576CF87DF9141366D0FAB0C	500560	----a-w-	C:\Windows\Sysnative\DTSU2PGFX64.dll
2016-04-08 12:17:43	407576A2F8A0CBF9B0C0188E26C929DF	1780624	----a-w-	C:\Windows\Sysnative\DTSS2SpeakerDLL64.dll
2016-04-08 12:17:43	37305B629217E412E1AD583539DC35BC	253872	----a-w-	C:\Windows\Sysnative\DTSLFXAPO64.dll
2016-04-08 12:17:43	1BDF8CAFEE713B597A8D1F017B3E4CC3	727440	----a-w-	C:\Windows\Sysnative\DTSSymmetryDLL64.dll
2016-04-08 12:17:42	F8CE716FDB04CD63B09DB9FAC43DA900	362056	----a-w-	C:\Windows\Sysnative\DDPO64AF3.dll
2016-04-08 12:17:42	E617BB20FA4D543CDC8C0FC0CA8ED7C1	310424	----a-w-	C:\Windows\Sysnative\DDPA64F3.dll
2016-04-08 12:17:42	C86EAE862559CC520180C3935BC1972F	5338936	----a-w-	C:\Windows\Sysnative\DolbyDAX2APOv211.dll
2016-04-08 12:17:42	B9648BACDCDB75CDD5E24AF007066DCD	272720	----a-w-	C:\Windows\Sysnative\DDPA64.dll
2016-04-08 12:17:42	92B0222BD8DC1C60B189E89AD56978EB	6264640	----a-w-	C:\Windows\Sysnative\DDPP64AF3.dll
2016-04-08 12:17:42	7C70BDB156EFF58D1DB4F07D6DFDBB21	1959608	----a-w-	C:\Windows\Sysnative\DDPD64AF3.dll
2016-04-08 12:17:42	5CEFE11384D357EDF4CCAD81220A20F4	1965816	----a-w-	C:\Windows\Sysnative\DDPD64A.dll
2016-04-08 12:17:42	3FA52879E2291B114ACF119BB1E03B21	7096192	----a-w-	C:\Windows\Sysnative\DDPP64A.dll
2016-04-08 12:17:42	2EB242A30DA89547992336359EBBCEB1	2437144	----a-w-	C:\Windows\Sysnative\DolbyDAX2APOv201.dll
2016-04-08 12:17:42	18C058062D869B35F7FE0C4A3B2648A7	1060504	----a-w-	C:\Windows\Sysnative\DolbyDAX2APOProp.dll
2016-04-08 12:17:42	12FA586772A78820B093ADAD4F71CFAC	327464	----a-w-	C:\Windows\Sysnative\DDPO64A.dll
2016-04-08 12:17:41	6BB639EBF57D8B4ABEB94E8B49724DCF	1601952	----a-w-	C:\Windows\Sysnative\CX64APO.dll
2016-04-08 12:17:41	11417198C26612E6B5C13863995DC66D	122328	----a-w-	C:\Windows\Sysnative\CONEQMSAPOGUILibrary.dll
2016-04-08 12:17:40	D8C5B063BA7EF27B7B660C6B40C1E53D	574760	----a-w-	C:\Windows\Sysnative\AERTAC64.dll
2016-04-08 12:17:40	7B0A6962DB82905FADE0A52272E447E2	118600	----a-w-	C:\Windows\Sysnative\AcpiServiceVnA64.dll
2016-04-08 12:17:40	2C2E5080B63A295A3D1D16A68B62C21A	105312	----a-w-	C:\Windows\Sysnative\audioLibVc.dll
2016-04-08 12:17:40	0F0F5A65542F8CF3F405BD9DEA179643	118600	----a-w-	C:\Windows\Sysnative\AERTAR64.dll
2016-04-08 12:15:33	0C281AB4B34EC94F39FAB342E44D1F90	82544	----a-w-	C:\Windows\Sysnative\RtNicProp64.dll
====== C:\Windows\Sysnative\drivers =====
2016-04-13 13:41:12	FB4397DDCC732DB6A7B33B747C7EB708	154344	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-04-13 13:41:12	B6C2FA7F5E5BC1A488A57C6344D29D64	95464	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2016-04-13 13:41:11	ACEC16415275E1AD6F7983EF472810E3	159744	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-04-13 13:41:11	0F276F2F2018296FABC7BD2BCCAAB40B	291328	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-04-13 13:41:10	A9FB80B0BBA6F765F4E691B7AD4963A7	62464	----a-w-	C:\Windows\Sysnative\drivers\appid.sys
2016-04-13 13:41:10	1D4B7972375052F5B7877A6FD9BE33A0	129536	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-04-13 13:40:43	616387BBD83372220B09DE95F4E67BBC	73664	----a-w-	C:\Windows\Sysnative\drivers\disk.sys
2016-04-08 12:17:57	0300934A429A0C83DA6892787B787A53	4803840	----a-w-	C:\Windows\Sysnative\drivers\RTKVHD64.sys
2016-04-08 12:17:56	D084C906633567FDD403340E3EF3BD06	5576400	----a-w-	C:\Windows\Sysnative\drivers\RTAIODAT.DAT
2016-04-08 12:15:33	160EA4FA0CEF7BE1FFCAA697B2900080	1027840	----a-w-	C:\Windows\Sysnative\drivers\Rt64win7.sys
2016-03-29 12:21:11	AD0476BF351586C2B82509FBD4890A59	442104	----a-w-	C:\Windows\Sysnative\drivers\asmtxhci.sys
====== C:\Windows\Tasks ======
2016-04-09 14:45:33	49723E3E2E2C1A420677B232223EFF0D	2972	----a-w-	C:\Windows\Sysnative\Tasks\{E78686D1-A1FF-4DCC-9B93-465D7571DAC2}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Van Alphen\AppData\Roaming ======
2016-04-18 17:40:39	--------	d-----w-	C:\Users\Van Alphen\AppData\Local\CrashDumps
2016-04-17 14:43:20	--------	d-----w-	C:\Users\Default\AppData\Local\Google
2016-04-17 14:43:20	--------	d-----w-	C:\Users\Default User\AppData\Local\Google
2016-04-17 13:03:41	2ADAAD32663BB3473FD72D081D59D2F4	7609	----a-w-	C:\Users\Van Alphen\AppData\Local\Resmon.ResmonCfg
====== C:\Users\Van Alphen ======

====== C: exe-files ==
2016-04-19 10:57:09	F46812F5E660D0B0AFB64239379F8AA2	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IYOPEEV.exe
2016-04-19 10:57:09	ECB6531EF8A36984510DCBD472236617	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I8IJEIN.exe
2016-04-19 10:57:09	B34FE1EDBA30225F2163D89FEECE4E0C	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I5943JA.exe
2016-04-19 10:57:09	738955A8D1EB89C0E6407E968793C458	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IZ6YDY7.exe
2016-04-19 10:57:09	5A5691F945083274AA56CB147A7004D6	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I7T5LJ6.exe
2016-04-19 10:57:09	291FB410DCC2800AC35583B4D43503DB	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I3BLNP2.exe
2016-04-19 10:57:09	26527A538703B267330B49CDE3352AFF	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I86FLQA.exe
2016-04-19 10:56:52	B2395F8F536EF5A1EC295C3B60CCDA9C	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I04CQOE.exe
2016-04-19 10:56:52	7E678B176A2EE5D24269C5E47FA5E757	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I5P6211.exe
2016-04-19 10:56:52	4A2C6EF378FCEF9CB0688F77E9E8888F	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I5M2W6G.exe
2016-04-19 10:56:51	F6100AE50A4DC548A2C8948767F16B9F	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IL6C2AF.exe
2016-04-19 10:56:51	ED7C99ED3A3EC88E15A1D751CAF75F7C	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IUT094K.exe
2016-04-19 10:56:51	E811FD663A4866CD61AD9F2CF7AFBC7D	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IDY4L89.exe
2016-04-19 10:56:51	C84A49B7968C555FC5051E5CFABA1FE5	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IEMXPE9.exe
2016-04-19 10:56:51	B4067BB3553B4331F77D73C6508CB70F	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$INSVD14.exe
2016-04-19 10:56:51	995102F2E6181BB29C9415DCE36A4621	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$ID68QY7.exe
2016-04-19 10:56:51	8BCB6D3CAF663BE4945B3683AEABA231	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I8GOINR.exe
2016-04-19 10:56:51	7CEB36B1BB157EA160918F816468CA94	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I35LZRT.exe
2016-04-19 10:56:51	7A4CBF95AF3435876856912F16722FE0	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IZX41V3.exe
2016-04-19 10:56:51	554485F557D9E667CEB5236162FC1BC1	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IRKSZMX.exe
2016-04-19 10:56:51	2AD430C3DEF529B28479E4827AD9243C	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IJ4YPWC.exe
2016-04-19 10:56:51	278EDD66308D5730EB2872CEBBBBD35D	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IM6GQK0.exe
2016-04-19 10:56:51	268D27354324AD1E454AA9A86443F044	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I3UB16Q.exe
2016-04-19 10:56:51	1D875292E0426852196F77818597128E	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I4SF73H.exe
2016-04-19 10:56:51	10D38AAA3CC3CE47B6797A169FC8D07E	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$IRUKJYR.exe
2016-04-19 10:56:51	1032D752BA01B9EECE1FE39D67B85EAD	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$I1LFB9U.exe
2016-04-19 10:55:55	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RYOPEEV.exe
2016-04-19 10:55:55	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R7T5LJ6.exe
2016-04-19 10:55:19	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R3BLNP2.exe
2016-04-19 10:55:14	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R86FLQA.exe
2016-04-19 10:54:55	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RZ6YDY7.exe
2016-04-19 10:54:41	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R5943JA.exe
2016-04-19 10:54:40	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R8IJEIN.exe
2016-04-18 21:01:47	FCF0E237981DDA0B89CD61804607F2C0	102	----a-w-	C:\ProgramData\BOINC\slots\0\minirosetta_3.73_windows_x86_64.exe
2016-04-18 18:26:55	FCF0E237981DDA0B89CD61804607F2C0	102	----a-w-	C:\ProgramData\BOINC\slots\1\minirosetta_3.73_windows_x86_64.exe
2016-04-18 17:40:02	D7241ACE1B65ED9EC322A3F55B9F056F	9773120	----a-w-	C:\Users\Van Alphen\AppData\Local\Temp\Foxit Reader Updater.exe
2016-04-18 15:10:22	61BB991D842F89B5999C54435FDD115B	3683904	----a-w-	C:\Users\Van Alphen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Y3GDOFQ\AdwCleaner.exe
2016-04-18 15:10:19	FDA44910DEB1A460BE4AC5D56D61D837	5	----a-w-	C:\Users\Van Alphen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\12FR73JK\AdwCleaner[1].exe
2016-04-18 14:09:18	8D677EE90317A10D3369C3885C93B268	1579416	----a-w-	C:\Users\Van Alphen\AppData\Local\Google\Chrome\User Data\SwReporter\6.44.4\software_reporter_tool.exe
2016-04-18 13:19:21	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R8GOINR.exe
2016-04-18 13:18:28	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R04CQOE.exe
2016-04-18 13:18:19	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R5P6211.exe
2016-04-18 13:18:18	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R5M2W6G.exe
2016-04-18 13:17:51	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R4SF73H.exe
2016-04-18 13:17:51	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R3UB16Q.exe
2016-04-18 13:17:36	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RRUKJYR.exe
2016-04-18 13:17:26	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RL6C2AF.exe
2016-04-18 13:17:26	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R35LZRT.exe
2016-04-18 13:17:21	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$REMXPE9.exe
2016-04-18 13:17:19	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RJ4YPWC.exe
2016-04-18 13:17:13	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RZX41V3.exe
2016-04-18 13:15:07	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RDY4L89.exe
2016-04-18 13:15:06	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RM6GQK0.exe
2016-04-18 13:15:02	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$R1LFB9U.exe
2016-04-18 13:14:32	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RRKSZMX.exe
2016-04-18 13:14:02	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RNSVD14.exe
2016-04-18 13:14:01	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RUT094K.exe
2016-04-18 12:23:34	7EA0260488F304D68067A50B33A23AC2	1309184	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-3618103154-1282251522-2710838709-1000\$RD68QY7.exe
2016-04-18 10:44:04	07E0061E25DEF00CDD5B28FCCD0A1F4D	186640	----a-w-	C:\Users\Van Alphen\AppData\Local\Temp\avguirn_08704811520.exe
2016-04-18 10:40:58	E1E61C9076665694B3B4F633BDB8A3E6	686352	----a-w-	C:\Program Files (x86)\AVG\Setup\avgntdumpx.exe
2016-04-18 10:40:58	B04FDEFC00A4ED0235086EFA39E02868	2289424	----a-w-	C:\Program Files (x86)\AVG\Setup\avgsetupwrkx.exe
2016-04-18 10:40:57	4332495404D0CCEABC57422FDEBEE98E	3206416	----a-w-	C:\Program Files (x86)\AVG\Setup\avgsetupx.exe
2016-04-17 18:27:13	452D385C764992681D57C157DAB3BF3D	45342624	----a-w-	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\50.0.2661.75\50.0.2661.75_chrome_installer.exe
2016-04-17 18:26:53	F489BF87E4B3E9CCEFA102CC347F180F	95048	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateWebPlugin.exe
2016-04-17 18:26:53	ABF64234F3462571E66527828040219B	252232	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleCrashHandler.exe
2016-04-17 18:26:53	A70C804C5BCC0BBFCB7E9173C32B0221	95048	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateOnDemand.exe
2016-04-17 18:26:53	A4C58EA455234AFD3B622D838CDE4C39	987728	----a-w-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateSetup.exe
2016-04-17 18:26:53	8C17EAF5E4883284A75FC560C7F021AB	137544	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateComRegisterShell64.exe
2016-04-17 18:26:53	750446ED76A5D13E902174DDDDA1A62B	154440	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdate.exe
2016-04-17 18:26:53	2E6215108125A42160A1EC17208A50F0	313672	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleCrashHandler64.exe
2016-04-17 18:26:53	1457C6AC71CAEC4D692FDD62155A9745	95048	----atw-	C:\Users\Van Alphen\AppData\Local\Temp\{F17AA958-FA82-4540-BD43-E2B128D37A03}\GoogleUpdateBroker.exe
2016-04-15 14:11:56	F71E0250F483B6BDBE886D0C7BAD7A3C	78608	----a-w-	C:\ProgramData\AVG\Setup\av\avguirux.exe
2016-04-15 14:11:55	107C9276E9553D5E54F01B32AE53EB0A	6069152	----a-w-	C:\ProgramData\AVG\Setup\av\avgmfapx.exe
2016-04-13 13:39:13	4220C16D79E0386F9C684EEF5586699B	221184	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2016-04-13 13:39:11	A00F16DFE1661B5BC5A2AFF02ED7BB78	222720	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2016-04-13 13:39:11	3A3666314CA3CAB290DCD6C0445DDB12	815312	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2016-04-13 13:39:11	0D509AB88C513DE28EF46B434AD3B1AA	473600	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2016-04-13 13:39:09	239E4651A281DBAA5B5CA3658D94AB78	491008	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2016-04-13 13:39:08	B719287E7679AC28F5847197949D325B	814280	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
=== C: other files ==
2016-04-18 22:02:09	30EB44C13F2FD8C6285444E30693B840	3740216	----a-w-	C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\6Hc_0002312_fragments_data.zip
2016-04-18 22:02:08	B40E995FF510F2CCB0F0C1DDED90FCB5	1263	----a-w-	C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\psh_1018_data.zip
2016-04-18 21:01:47	2D4F87D76496CCA616A945FDEF247908	116	----a-w-	C:\ProgramData\BOINC\slots\0\input_rb_04_12_64499_108707__t000__ab_robetta.zip
2016-04-18 19:22:08	27A7A102D8599F8943900255E200E0CA	1754872	----a-w-	C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\input_rb_04_12_64499_108707__t000__ab_robetta.zip
2016-04-18 18:26:55	343DC72CC5C62DB6C85A1E0853C1BB8E	99	----a-w-	C:\ProgramData\BOINC\slots\1\minirosetta_database.zip
2016-04-18 18:26:55	343A3507CEBF3ED8D5FE0635772FB5B2	100	----a-w-	C:\ProgramData\BOINC\slots\1\NTF2_164_E54Q79D50_2_1_1_data.zip
2016-04-18 18:21:01	343DC72CC5C62DB6C85A1E0853C1BB8E	99	----a-w-	C:\ProgramData\BOINC\slots\0\minirosetta_database.zip
2016-04-18 17:43:11	A8C981964EABA7070AC65E8D87F55469	4512739	----a-w-	C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\NTF2_164_E54Q79D50_2_1_1_data.zip
2016-04-13 13:41:12	FB4397DDCC732DB6A7B33B747C7EB708	154344	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2016-04-13 13:41:12	B6C2FA7F5E5BC1A488A57C6344D29D64	95464	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2016-04-13 13:41:11	ACEC16415275E1AD6F7983EF472810E3	159744	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2016-04-13 13:41:11	0F276F2F2018296FABC7BD2BCCAAB40B	291328	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2016-04-13 13:41:10	A9FB80B0BBA6F765F4E691B7AD4963A7	62464	----a-w-	C:\Windows\System32\drivers\appid.sys
2016-04-13 13:41:10	1D4B7972375052F5B7877A6FD9BE33A0	129536	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys
2016-04-13 13:40:43	616387BBD83372220B09DE95F4E67BBC	73664	----a-w-	C:\Windows\System32\drivers\disk.sys
2016-04-13 13:40:41	1D0A5FF3C7C7EA7480429D16D38B60EA	3216896	----a-w-	C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3618103154-1282251522-2710838709-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="C:\Program Files\BOINC\boincmgr.exe /a /s"
"Shareaza"="C:\Program Files (x86)\Shareaza\Shareaza.exe -tray"
"BitTorrent"="C:\Users\Van Alphen\AppData\Roaming\BitTorrent\BitTorrent.exe  /MINIMIZED"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\Av\avuirunnerx.exe C:\Program Files (x86)\AVG\Av\avgui.exe"
"AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe /lps=fmw"
"DelaypluginInstall"="C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="C:\Program Files\BOINC\boincmgr.exe /a /s"
"Shareaza"="C:\Program Files (x86)\Shareaza\Shareaza.exe -tray"
"BitTorrent"="C:\Users\Van Alphen\AppData\Roaming\BitTorrent\BitTorrent.exe  /MINIMIZED"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boinctray"="C:\Program Files\BOINC\boinctray.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"GwxControlPanelMonitor"="C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe /traymode"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcSoft Connection Service"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Van Alphen\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\"  /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\boinctray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="boinctray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BOINC\\boinctray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonMyPrinter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonQuickMenu]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonQuickMenu"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\Quick Menu\\CNQMMAIN.EXE /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EEventManager"
"hkey"="HKLM"
"command"="C:\\PROGRA~2\\EPSONS~1\\EVENTM~1\\EEventManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GUDelayStartup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GUDelayStartup"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Glary Utilities 5\\StartupManager.exe\" -delayrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GwxControlPanelMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GwxControlPanelMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\UltimateOutsider\\GWX Control Panel\\GWX_control_panel.exe\" /traymode"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPreload"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MultiScreen]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MultiScreen"
"hkey"="HKCU"
"command"="C:\\Program Files\\MultiScreen\\MultiScreen.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroFilterCheck"
"hkey"="HKLM"
"command"="C:\\Windows\\SysWOW64\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SystemExplorerAutoStart]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SystemExplorerAutoStart"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\System Explorer\\SystemExplorer.exe\" /TRAY"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ToolwizCareFree]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ToolwizCareFree"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\ToolwizCareFree\\ToolwizCares.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Van Alphen\\AppData\\Roaming\\uTorrent\\uTorrent.exe\"  /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Wondershare Helper Compact.exe"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.exe.lnk]
"item"="GammaTray.exe"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GammaTray.exe.lnk"
"backup"="C:\\Windows\\pss\\GammaTray.exe.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\MAGICT~1\\GAMMAT~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk]
"item"="GammaTray"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GammaTray.lnk"
"backup"="C:\\Windows\\pss\\GammaTray.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\MAGICT~1\\GAMMAT~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PC Clone EX.LNK]
"item"="PC Clone EX"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PC Clone EX.LNK"
"backup"="C:\\Windows\\pss\\PC Clone EX.LNK.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\PCCLON~1\\PCCLON~1.EXE"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15-07-2015 14:20]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30-08-2015 18:54]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30-08-2015 18:54]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Driver Booster Scheduler" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Van Alphen)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\GlaryInitialize 5" [C:\Program Files (x86)\Glary Utilities 5\Initialize.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GU5SkipUAC" [C:\Program Files (x86)\Glary Utilities 5\Integrator.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\ToolwizCareFree" [C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Van_Alphen" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\Win Update" [C:\Users\Van Alphen\AppData\Local\Updater\winupd.exe]
"C:\Windows\SysNative\tasks\{10D79905-E515-4705-B9B7-25EB7CEBC387}" [C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE]
"C:\Windows\SysNative\tasks\{11159865-2790-4F9E-BA75-0004B5686BDC}" [C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE]
"C:\Windows\SysNative\tasks\{21EFDC14-BD01-4934-8BC1-A0C5EE6FFE9E}" [C:\Program Files (x86)\iWisoft Free Video Converter\VideoConverter.exe]
"C:\Windows\SysNative\tasks\{32217736-5AF4-46B5-9377-242FE2491D80}" [C:\Program Files (x86)\PcCloneEX\PcCloneEX.EXE]
"C:\Windows\SysNative\tasks\{3CF69292-2B83-4C80-A628-C79C6D8E5053}" [C:\Program Files (x86)\PcCloneEX\PcCloneEX.EXE]
"C:\Windows\SysNative\tasks\{50193277-E5EF-49E1-BEE8-5FAFB7747112}" [C:\Program Files (x86)\PcCloneEX\PcCloneEX.EXE]
"C:\Windows\SysNative\tasks\{AE767F5B-7FEB-444F-8828-FE31525443BC}" [C:\Program Files (x86)\Shareaza\Shareaza.exe]
"C:\Windows\SysNative\tasks\{AF45C991-5474-4F56-8889-2479F7F54654}" [C:\Program Files (x86)\PcCloneEX\PcCloneEX.EXE]
"C:\Windows\SysNative\tasks\{BCD43002-0596-411C-98AE-A7364AA61E2B}" [C:\Program Files (x86)\PcCloneEX\PcCloneEX.EXE]
"C:\Windows\SysNative\tasks\{E78686D1-A1FF-4DCC-9B93-465D7571DAC2}" [C:\Program Files (x86)\Shareaza\Shareaza.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\NCH Software\PrismSevenDays" [C:\Program Files (x86)\NCH Software\Prism\Prism.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\VANALP~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"WSVCU@Wondershare.com"="C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com" [10-02-2016 21:30]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]

Google Slides - Van Alphen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Van Alphen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Van Alphen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Rapport - Van Alphen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof
YouTube - Van Alphen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Sheets - Van Alphen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Van Alphen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Van Alphen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Van Alphen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - https://www.google.com/search?q={searchTerms}&rlz=1I7_____nl

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Wondershare Video Converter Ultimate 7.1.0 - {451C804F-C205-4F03-B48E-537EC94937BF} - C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [DelaypluginInstall] C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
O4 - HKCU\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files (x86)\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Van Alphen\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=511 folders=66 82884428 bytes)

==== EOF on di 19-04-2016 at 13:15:59,73 ======================