Logfile of random's system information tool 1.10 (written by random/random)
Run by Mandy at 2016-08-06 21:03:04
Microsoft Windows 10 Home 
System drive C: has 169 GB (64%) free of 262 GB
Total RAM: 3978 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:03:07, on 6-8-2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0494)
Boot mode: Normal

Running processes:
C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SEARCH~1\UI\bin\cltmngui.exe
C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe
C:\Windows\WebCam\S6000\S6000Mnt.exe
C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_metro.exe
C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Users\mandyyy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\trend micro\Mandy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nuesearch.com/?type=hp&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nuesearch.com/?type=hp&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nuesearch.com/?type=hp&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nuesearch.com/search/?type=ds&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nuesearch.com/search/?type=ds&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nuesearch.com/?type=hp&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\mandyyy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Google.com.url
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.hola.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{06e93ff9-5cb8-4640-8c36-e97bf9762b30}: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{433dd68e-d382-4218-aeba-b123b83540c1}: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{5bc62d4d-2bb1-4a8e-bb1a-7e0a3d095fc0}: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{b16dda32-7752-425b-a707-b04f1121b021}: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CS1\Services\Tcpip\..\{06e93ff9-5cb8-4640-8c36-e97bf9762b30}: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.171 82.163.142.173
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BugreportW - Unknown owner - C:\Program Files (x86)\SpeedSearchesbnd\Bugreportauclt.exe (file missing)
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Command Service(CommandHandler) (CommandHandler) - Unknown owner - C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EOF - Unknown owner - C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe
O23 - Service: Symantec Eraser Service (EraserSvc11520) - Unknown owner - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Update Service(FirefoxU) (FirefoxU) - Unknown owner - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Protect Service(IHeeaWA_protect) (IHeeaWA_protect) - Unknown owner - C:\ProgramData\IHeeaWA\protect\protect.exe (file missing)
O23 - Service: Update Service(IHeeaWA_update) (IHeeaWA_update) - Unknown owner - C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe (file missing)
O23 - Service: IhPul - Trend Corp. - C:\Users\mandyyy\AppData\Roaming\TSv\TSvr.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: LenovoSetSvr - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: Maxthon Core Update Service (MaxthonUpdateSvc) - Maxthon - C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SSFK - Unknown owner - C:\Program Files (x86)\SFK\SSFK.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: WFini WdMan Service (WdMan) - WFini LIMITED - C:\ProgramData\GwinpG\WFini.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: winsaber - Unknown owner - C:\Program Files (x86)\WinSaber\WinSaber.exe
O23 - Service: WinSvces - Unknown owner - C:\Program Files (x86)\WinSvces\WinSvces\WinSvces.exe (file missing)
O23 - Service: WinZiper service (winzipersvc) - ExWzp Pvt Ltd. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17299 bytes

======Listing Processes======







winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-015071fd-1147-4f3b-849e-0e4123a00d4e -SystemEventPortName:HostProcess-6372a3e9-9080-49aa-a47e-46fbe7304365 -IoCancelEventPortName:HostProcess-f904cebb-f544-4632-9ec8-a0fdcb37d03e -NonStateChangingEventPortName:HostProcess-1da18e06-1cfc-487d-8236-029669f02746 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:039663c8-5b60-4c7d-a7fc-f995a7266a61 -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\WinZipper\winzipersvc.exe"
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Users\mandyyy\AppData\Roaming\TSv\TSvr.exe
"C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe" -s
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
C:\WINDOWS\system32\WLANExt.exe 2650688335104
"C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\Bonjour\mDNSResponder.exe"

C:\WINDOWS\system32\svchost.exe -k appmodel
C:\ProgramData\GwinpG\WFini.exe -svr
C:\WINDOWS\system32\svchost.exe -k imgsvc
dashost.exe {02cf5737-5d83-4580-91f528a90d3ad892}
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
"C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe"
C:\windows\SysWOW64\NLSSRV32.EXE
"C:\Program Files (x86)\Popcorn Time\Updater.exe"
"C:\Program Files (x86)\WinSaber\WinSaber.exe"
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
"C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe"
"C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe"
"C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe"
"C:\Program Files (x86)\SFK\SSFK.exe" -s
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
sihost.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~2\SEARCH~1\UI\bin\cltmngui.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Explorer.EXE
ClassicStartMenu.exe -startup
"C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe" --set_windows_hook --dll_name="dlqwfu.dll" --dll_name_64="invalid" --dll_folder="1ea26074a12fc219940785426fea2a51\\"
igfxEM.exe 
igfxHK.exe 
igfxTray.exe 
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
"C:\Windows\WebCam\S6000\S6000Mnt.exe" 
"C:\Program Files\Lenovo\Password Manager\password_manager.exe" 
"C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe" 
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe" 
"C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe" 
"C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_metro.exe"
"C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 
"C:\Program Files\iTunes\iTunesHelper.exe" 
"C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE" 
"C:\Program Files\iPod\bin\iPodService.exe"
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe"
"C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe"
C:\WINDOWS\system32\ie4uinit.exe -ClearIconCache
 service
C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "0x1f98_0x158c_0x5b42881c"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=51.0.2704.103 --handshake-handle=0x18c
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/site-engagement-conservative/AutofillProfileOrderByFrecency/Enabled/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableMediaRouter/Enabled/ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StableNumTitleWordsControl/OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/Default/*QUIC/FlagDisabled/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/Control25PermanentB/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_54/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --type=gpu-process --channel="7328.0.755020667\1997215783" --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,13,25,46,54 --gpu-vendor-id=0x8086 --gpu-device-id=0x0f31 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.4276 --mojo-platform-channel-handle=1184 --ignored=" --type=renderer " /prefetch:2
ctfmon.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/site-engagement-conservative/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StableNumTitleWordsControl/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/Default/*QUIC/FlagDisabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentB/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_54/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsIntervention/Enabled/*WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=2833CBF930473B06C33B25EF0D2272CE --lang=nl --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7328.19.1732260451\696763577" --mojo-platform-channel-handle=4660 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="7328.20.1278864091\1457685425" --ppapi-flash-args --lang=nl --device-scale-factor=1 --mojo-platform-channel-handle=6372 --ignored=" --type=renderer " /prefetch:3
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
adb fork-server server
"C:\Users\mandyyy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"


C:\WINDOWS\system32\compattelrunner.exe
C:\Windows\System32\InstallAgent.exe -Embedding
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:m4qxvcy/7EGpLamN.1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe43_ Global\UsGthrCtrlFltPipeMssGthrPipe43 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 620 624 632 8192 628 
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\FMAPP.exe" -START
"C:\Users\mandyyy\Desktop\RSITx64.exe" 

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\LSCHardwareScan.job - C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe -diag HWScan
C:\WINDOWS\tasks\PAIOYTGGIDLLPQTS.job - C:\ProgramData\Service1291\Service1291.exe 
C:\WINDOWS\tasks\SlimCleaner Plus (Scheduled Scan - Mandy).job - C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe  /doScheduledScan

=========Mozilla firefox=========

ProfilePath - C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0bd059aa880a3593c223eg8z5q3wbtfe3b2q3bcz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll

C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\
abs@avira.com

C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\
nice.xml
trovi.xml
Web Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-06-14 229072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09 809408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2016-06-14 2348848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09 487360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-06-14 163528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09 687040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2016-06-14 1741104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09 442816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09 809408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09 687040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-04 13885696]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-04 1402624]
"RtHDVBg_LENOVO_DOLBYDRAGON"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-04 1402624]
"RtHDVBg_LENOVO_MICPKEY"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-04 1402624]
"S6000Mnt"=C:\WINDOWS\WebCam\S6000\S6000Mnt.exe [2015-08-20 516608]
"PasswordManager"=C:\Program Files\Lenovo\Password Manager\password_manager.exe [2014-01-09 1622072]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-10-09 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-10-09 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-10-09 10973168]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2015-08-09 161728]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-14 3947704]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2016-03-19 176952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-17 554184]
"Spotify Web Helper"=C:\Users\mandyyy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2016-07-11 1554032]
"Spotify"=C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe [2016-07-11 6913648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]

C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Google.com.url

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McCSPServiceHost.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mchost.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe]
"Debugger="nsjw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe]
"Debugger="nsjw.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-08-06 20:57:00 ----D---- C:\Program Files\trend micro
2016-08-06 20:56:59 ----D---- C:\rsit
2016-08-06 20:56:01 ----D---- C:\ProgramData\2a8bff15-6b33-0
2016-08-06 20:55:58 ----D---- C:\ProgramData\d7ebc893
2016-08-06 20:55:57 ----D---- C:\ProgramData\{194dadf4-012c-0}
2016-08-06 20:55:57 ----D---- C:\ProgramData\{131f6f10-212c-0}
2016-08-06 20:55:57 ----D---- C:\ProgramData\{12f31f44-312c-0}
2016-08-06 20:55:57 ----D---- C:\ProgramData\{0a0d6931-512c-0}
2016-08-06 20:55:56 ----D---- C:\ProgramData\{2d7e27e6-112c-1}
2016-08-06 20:55:56 ----D---- C:\ProgramData\{2478f618-612c-1}
2016-08-06 20:55:56 ----D---- C:\ProgramData\{1d9eb666-612c-1}
2016-08-06 20:55:56 ----D---- C:\ProgramData\{09828fea-412c-1}
2016-08-04 15:49:58 ----AD---- C:\Program Files (x86)\Firefox
2016-08-04 13:52:48 ----D---- C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f
2016-08-04 13:52:27 ----D---- C:\ProgramData\GwinpG
2016-08-01 12:19:04 ----A---- C:\Program Files (x86)\SSFK.exe
2016-07-31 10:48:04 ----D---- C:\WINDOWS\SYSWOW64\extensions
2016-07-27 16:01:35 ----D---- C:\ProgramData\uwinpu
2016-07-27 16:01:33 ----D---- C:\ProgramData\ChelfNotify
2016-07-27 16:01:30 ----D---- C:\Program Files (x86)\p4gfjgck
2016-07-27 14:37:45 ----D---- C:\Program Files (x86)\wxi5873s
2016-07-25 15:46:52 ----D---- C:\ProgramData\cwinpc
2016-07-25 15:45:31 ----A---- C:\WINDOWS\SYSWOW64\nl1.exe
2016-07-24 21:17:27 ----D---- C:\ProgramData\ec0ae56a-58f7-0
2016-07-24 21:17:16 ----D---- C:\ProgramData\ec0ae56a-03c3-0
2016-07-24 21:17:05 ----D---- C:\ProgramData\ec0ae56a-7de7-0
2016-07-24 21:16:53 ----D---- C:\ProgramData\ec0ae56a-3d27-0
2016-07-24 21:16:43 ----D---- C:\ProgramData\ec0ae56a-0505-0
2016-07-24 21:16:32 ----D---- C:\ProgramData\ec0ae56a-4a95-0
2016-07-24 21:16:22 ----D---- C:\ProgramData\ec0ae56a-63a5-0
2016-07-24 21:16:11 ----D---- C:\ProgramData\ec0ae56a-2545-0
2016-07-24 21:16:01 ----D---- C:\ProgramData\ec0ae56a-2513-0
2016-07-24 21:15:51 ----D---- C:\ProgramData\ec0ae56a-2d57-0
2016-07-24 21:15:42 ----D---- C:\ProgramData\ec0ae56a-48f7-0
2016-07-24 21:15:32 ----D---- C:\ProgramData\ec0ae56a-45d1-0
2016-07-24 21:15:21 ----D---- C:\ProgramData\ec0ae56a-20c1-0
2016-07-24 21:15:09 ----D---- C:\ProgramData\ec0ae56a-1917-0
2016-07-24 21:14:59 ----D---- C:\ProgramData\ec0ae56a-7bc7-0
2016-07-24 21:14:49 ----D---- C:\ProgramData\ec0ae56a-4921-0
2016-07-24 21:14:38 ----D---- C:\ProgramData\ec0ae56a-5c97-0
2016-07-24 21:14:28 ----D---- C:\ProgramData\ec0ae56a-3e01-0
2016-07-24 21:14:18 ----D---- C:\ProgramData\ec0ae56a-39d3-0
2016-07-24 21:14:07 ----D---- C:\ProgramData\ec0ae56a-2ef7-0
2016-07-24 21:13:57 ----D---- C:\ProgramData\ec0ae56a-1c33-0
2016-07-24 21:13:47 ----D---- C:\ProgramData\ec0ae56a-60a3-0
2016-07-24 21:13:36 ----D---- C:\ProgramData\ec0ae56a-6427-0
2016-07-24 21:13:25 ----D---- C:\ProgramData\ec0ae56a-7b57-0
2016-07-24 21:13:14 ----D---- C:\ProgramData\ec0ae56a-1ad1-0
2016-07-24 21:13:01 ----D---- C:\ProgramData\ec0ae56a-0033-0
2016-07-24 21:12:50 ----D---- C:\ProgramData\ec0ae56a-5e83-0
2016-07-24 21:12:38 ----D---- C:\ProgramData\ec0ae56a-2293-0
2016-07-24 21:12:27 ----D---- C:\ProgramData\ec0ae56a-6131-0
2016-07-24 21:12:15 ----D---- C:\ProgramData\ec0ae56a-1801-0
2016-07-24 21:12:04 ----D---- C:\ProgramData\ec0ae56a-7353-0
2016-07-24 21:11:51 ----D---- C:\ProgramData\ec0ae56a-4bb3-0
2016-07-24 21:11:39 ----D---- C:\ProgramData\ec0ae56a-3dd7-0
2016-07-24 21:11:26 ----D---- C:\ProgramData\ec0ae56a-6ad1-0
2016-07-24 21:11:15 ----D---- C:\ProgramData\ec0ae56a-1e85-0
2016-07-24 21:11:03 ----D---- C:\ProgramData\ec0ae56a-5277-0
2016-07-24 21:10:51 ----D---- C:\ProgramData\ec0ae56a-4295-0
2016-07-24 21:10:38 ----D---- C:\ProgramData\ec0ae56a-6b21-0
2016-07-24 21:10:28 ----D---- C:\ProgramData\ec0ae56a-1f97-0
2016-07-24 21:10:16 ----D---- C:\ProgramData\ec0ae56a-3297-0
2016-07-24 21:10:05 ----D---- C:\ProgramData\ec0ae56a-29d1-0
2016-07-24 21:09:54 ----D---- C:\ProgramData\ec0ae56a-5a93-0
2016-07-24 21:09:43 ----D---- C:\ProgramData\ec0ae56a-4d97-0
2016-07-24 21:09:31 ----D---- C:\ProgramData\ec0ae56a-2a61-0
2016-07-24 21:09:21 ----D---- C:\ProgramData\ec0ae56a-3157-0
2016-07-24 21:09:09 ----D---- C:\ProgramData\ec0ae56a-55f3-0
2016-07-24 21:08:58 ----D---- C:\ProgramData\ec0ae56a-3903-0
2016-07-24 21:08:47 ----D---- C:\ProgramData\ec0ae56a-6433-0
2016-07-24 21:08:34 ----D---- C:\ProgramData\ec0ae56a-62e7-0
2016-07-24 21:08:23 ----D---- C:\ProgramData\ec0ae56a-79f3-0
2016-07-24 21:08:12 ----D---- C:\ProgramData\ec0ae56a-5a53-0
2016-07-24 21:07:59 ----D---- C:\ProgramData\ec0ae56a-4d95-0
2016-07-24 21:07:45 ----D---- C:\ProgramData\ec0ae56a-29f3-0
2016-07-24 21:07:29 ----D---- C:\ProgramData\ec0ae56a-6201-0
2016-07-24 21:07:17 ----D---- C:\ProgramData\ec0ae56a-55c7-0
2016-07-24 21:07:04 ----D---- C:\ProgramData\ec0ae56a-3f47-0
2016-07-24 21:06:53 ----D---- C:\ProgramData\ec0ae56a-2a51-0
2016-07-24 21:06:41 ----D---- C:\ProgramData\ec0ae56a-11b7-0
2016-07-21 16:26:57 ----D---- C:\ProgramData\zwinpz
2016-07-13 15:56:51 ----A---- C:\WINDOWS\SYSWOW64\MosStorage.dll
2016-07-13 15:56:51 ----A---- C:\WINDOWS\SYSWOW64\MosHostClient.dll
2016-07-13 15:56:51 ----A---- C:\WINDOWS\SYSWOW64\MapsBtSvc.dll
2016-07-13 15:56:51 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2016-07-13 15:56:51 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2016-07-13 15:56:50 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2016-07-13 15:56:50 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2016-07-13 15:56:49 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2016-07-13 15:56:48 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2016-07-13 15:56:46 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2016-07-13 15:56:44 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-07-13 15:56:37 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-07-13 15:56:35 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-07-13 15:56:34 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-07-13 15:56:33 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-07-13 15:56:32 ----A---- C:\WINDOWS\system32\d2d1.dll
2016-07-13 15:56:31 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-07-13 15:56:29 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-07-13 15:56:29 ----A---- C:\WINDOWS\system32\dxgi.dll
2016-07-13 15:56:28 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-07-13 15:56:26 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-07-13 15:56:24 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-07-13 15:56:23 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-07-13 15:56:23 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2016-07-13 15:56:21 ----A---- C:\WINDOWS\system32\vbscript.dll
2016-07-13 15:56:21 ----A---- C:\WINDOWS\system32\ole32.dll
2016-07-13 15:56:20 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-07-13 15:56:19 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-07-13 15:56:19 ----A---- C:\WINDOWS\system32\d3d11.dll
2016-07-13 15:56:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-07-13 15:56:09 ----A---- C:\WINDOWS\system32\wmp.dll
2016-07-13 15:56:07 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2016-07-13 15:56:05 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-07-13 15:56:04 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2016-07-13 15:56:03 ----A---- C:\WINDOWS\system32\sppobjs.dll
2016-07-13 15:56:02 ----A---- C:\WINDOWS\system32\mfplat.dll
2016-07-13 15:56:01 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2016-07-13 15:56:00 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-07-13 15:56:00 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-07-13 15:55:59 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2016-07-13 15:55:59 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2016-07-13 15:55:59 ----A---- C:\WINDOWS\system32\msftedit.dll
2016-07-13 15:55:57 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-07-13 15:55:56 ----A---- C:\WINDOWS\system32\authui.dll
2016-07-13 15:55:55 ----A---- C:\WINDOWS\system32\provhandlers.dll
2016-07-13 15:55:55 ----A---- C:\WINDOWS\system32\provengine.dll
2016-07-13 15:55:55 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2016-07-13 15:55:55 ----A---- C:\WINDOWS\system32\localspl.dll
2016-07-13 15:55:54 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2016-07-13 15:55:52 ----A---- C:\WINDOWS\system32\mfsvr.dll
2016-07-13 15:55:51 ----A---- C:\WINDOWS\SYSWOW64\PlayToManager.dll
2016-07-13 15:55:51 ----A---- C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-07-13 15:55:51 ----A---- C:\WINDOWS\system32\provisioningcsp.dll
2016-07-13 15:55:51 ----A---- C:\WINDOWS\system32\aadtb.dll
2016-07-13 15:55:50 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2016-07-13 15:55:50 ----A---- C:\WINDOWS\system32\MFCaptureEngine.dll
2016-07-13 15:55:50 ----A---- C:\WINDOWS\system32\d3d9.dll
2016-07-13 15:55:49 ----A---- C:\WINDOWS\system32\wuuhext.dll
2016-07-13 15:55:49 ----A---- C:\WINDOWS\system32\winmde.dll
2016-07-13 15:55:49 ----A---- C:\WINDOWS\system32\sppwinob.dll
2016-07-13 15:55:48 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2016-07-13 15:55:48 ----A---- C:\WINDOWS\system32\provops.dll
2016-07-13 15:55:48 ----A---- C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-07-13 15:55:47 ----A---- C:\WINDOWS\system32\propsys.dll
2016-07-13 15:55:46 ----A---- C:\WINDOWS\system32\win32spl.dll
2016-07-13 15:55:46 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2016-07-13 15:55:45 ----A---- C:\WINDOWS\system32\dui70.dll
2016-07-13 15:55:44 ----A---- C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-07-13 15:55:44 ----A---- C:\WINDOWS\system32\twinapi.dll
2016-07-13 15:55:44 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2016-07-13 15:55:43 ----A---- C:\WINDOWS\SYSWOW64\xpsservices.dll
2016-07-13 15:55:43 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-07-13 15:55:42 ----A---- C:\WINDOWS\SYSWOW64\DWrite.dll
2016-07-13 15:55:42 ----A---- C:\WINDOWS\system32\wpdshext.dll
2016-07-13 15:55:42 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-07-13 15:55:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2016-07-13 15:55:41 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-07-13 15:55:41 ----A---- C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-07-13 15:55:41 ----A---- C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-07-13 15:55:40 ----A---- C:\WINDOWS\system32\wmpps.dll
2016-07-13 15:55:40 ----A---- C:\WINDOWS\system32\comdlg32.dll
2016-07-13 15:55:39 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2016-07-13 15:55:38 ----A---- C:\WINDOWS\system32\webio.dll
2016-07-13 15:55:38 ----A---- C:\WINDOWS\system32\StikyNot.exe
2016-07-13 15:55:38 ----A---- C:\WINDOWS\system32\SHCore.dll
2016-07-13 15:55:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2016-07-13 15:55:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2016-07-13 15:55:37 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2016-07-13 15:55:37 ----A---- C:\WINDOWS\system32\WindowsCodecsExt.dll
2016-07-13 15:55:37 ----A---- C:\WINDOWS\system32\inetpp.dll
2016-07-13 15:55:37 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2016-07-13 15:55:37 ----A---- C:\WINDOWS\system32\cdd.dll
2016-07-13 15:55:36 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2016-07-13 15:55:36 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2016-07-13 15:55:36 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-07-13 15:55:36 ----A---- C:\WINDOWS\SYSWOW64\ActionCenterCPL.dll
2016-07-13 15:55:35 ----A---- C:\WINDOWS\system32\ntprint.dll
2016-07-13 15:55:35 ----A---- C:\WINDOWS\system32\duser.dll
2016-07-13 15:55:35 ----A---- C:\WINDOWS\system32\d3d10.dll
2016-07-13 15:55:34 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2016-07-13 15:55:34 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-07-13 15:55:33 ----A---- C:\WINDOWS\SYSWOW64\wlanui.dll
2016-07-13 15:55:33 ----A---- C:\WINDOWS\SYSWOW64\rasgcw.dll
2016-07-13 15:55:33 ----A---- C:\WINDOWS\system32\WPDShServiceObj.dll
2016-07-13 15:55:33 ----A---- C:\WINDOWS\system32\winsrv.dll
2016-07-13 15:55:33 ----A---- C:\WINDOWS\system32\webcheck.dll
2016-07-13 15:55:33 ----A---- C:\WINDOWS\system32\FntCache.dll
2016-07-13 15:55:32 ----A---- C:\WINDOWS\SYSWOW64\wpdshext.dll
2016-07-13 15:55:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.Picker.dll
2016-07-13 15:55:32 ----A---- C:\WINDOWS\SYSWOW64\netplwiz.dll
2016-07-13 15:55:32 ----A---- C:\WINDOWS\SYSWOW64\netcenter.dll
2016-07-13 15:55:32 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2016-07-13 15:55:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.SmartCards.dll
2016-07-13 15:55:31 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2016-07-13 15:55:30 ----A---- C:\WINDOWS\SYSWOW64\WPDShServiceObj.dll
2016-07-13 15:55:30 ----A---- C:\WINDOWS\SYSWOW64\PlayToReceiver.dll
2016-07-13 15:55:30 ----A---- C:\WINDOWS\SYSWOW64\dot3ui.dll
2016-07-13 15:55:30 ----A---- C:\WINDOWS\system32\RADCUI.dll
2016-07-13 15:55:30 ----A---- C:\WINDOWS\system32\d3d10_1.dll
2016-07-13 15:55:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-13 15:55:29 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-07-13 15:55:26 ----A---- C:\WINDOWS\system32\RDXTaskFactory.dll
2016-07-13 15:55:26 ----A---- C:\WINDOWS\system32\RDXService.dll
2016-07-13 15:55:25 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-07-13 15:55:25 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-07-13 15:55:25 ----A---- C:\WINDOWS\system32\SharedStartModel.dll
2016-07-13 15:55:24 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-07-13 15:55:23 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-07-13 15:55:22 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2016-07-13 15:55:22 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-07-13 15:55:21 ----A---- C:\WINDOWS\system32\wininet.dll
2016-07-13 15:55:21 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-07-13 15:55:20 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-07-13 15:55:19 ----A---- C:\WINDOWS\system32\WWAHost.exe
2016-07-13 15:55:17 ----A---- C:\WINDOWS\system32\twinui.dll
2016-07-13 15:55:16 ----A---- C:\WINDOWS\system32\LockAppHost.exe
2016-07-13 15:55:16 ----A---- C:\WINDOWS\explorer.exe
2016-07-13 15:55:15 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-07-13 15:55:14 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-07-13 15:55:13 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2016-07-13 15:55:13 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2016-07-13 15:55:13 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-07-13 15:55:12 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2016-07-13 15:55:12 ----A---- C:\WINDOWS\system32\dwmcore.dll
2016-07-13 15:55:12 ----A---- C:\WINDOWS\system32\bisrv.dll
2016-07-13 15:55:10 ----A---- C:\WINDOWS\system32\Wpc.dll
2016-07-13 15:55:10 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2016-07-13 15:55:09 ----A---- C:\WINDOWS\system32\audiosrv.dll
2016-07-13 15:55:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Speech.dll
2016-07-13 15:55:08 ----A---- C:\WINDOWS\system32\PlayToManager.dll
2016-07-13 15:55:07 ----A---- C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-07-13 15:55:07 ----A---- C:\WINDOWS\system32\crypt32.dll
2016-07-13 15:55:06 ----A---- C:\WINDOWS\SYSWOW64\Wpc.dll
2016-07-13 15:55:06 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2016-07-13 15:55:05 ----A---- C:\WINDOWS\system32\WpcMon.exe
2016-07-13 15:55:05 ----A---- C:\WINDOWS\system32\samsrv.dll
2016-07-13 15:55:05 ----A---- C:\WINDOWS\system32\msxml3.dll
2016-07-13 15:55:05 ----A---- C:\WINDOWS\system32\dcomp.dll
2016-07-13 15:55:04 ----A---- C:\WINDOWS\system32\WpcWebSync.dll
2016-07-13 15:55:04 ----A---- C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-07-13 15:55:04 ----A---- C:\WINDOWS\system32\drivers\nwifi.sys
2016-07-13 15:55:03 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2016-07-13 15:55:03 ----A---- C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-07-13 15:55:02 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2016-07-13 15:55:01 ----A---- C:\WINDOWS\system32\wmpmde.dll
2016-07-13 15:55:00 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2016-07-13 15:55:00 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2016-07-13 15:55:00 ----A---- C:\WINDOWS\system32\wwanconn.dll
2016-07-13 15:55:00 ----A---- C:\WINDOWS\system32\dmcsps.dll
2016-07-13 15:54:59 ----A---- C:\WINDOWS\SYSWOW64\MbaeApiPublic.dll
2016-07-13 15:54:59 ----A---- C:\WINDOWS\system32\SettingsHandlers_Maps.dll
2016-07-13 15:54:59 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2016-07-13 15:54:58 ----A---- C:\WINDOWS\system32\WLanConn.dll
2016-07-13 15:54:57 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2016-07-13 15:54:57 ----A---- C:\WINDOWS\system32\shutdownux.dll
2016-07-13 15:54:56 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2016-07-13 15:54:56 ----A---- C:\WINDOWS\system32\DMRServer.dll
2016-07-13 15:54:55 ----A---- C:\WINDOWS\system32\winipcsecproc.dll
2016-07-13 15:54:55 ----A---- C:\WINDOWS\system32\gameux.dll
2016-07-13 15:54:54 ----A---- C:\WINDOWS\system32\ApplicationFrame.dll
2016-07-13 15:54:53 ----A---- C:\WINDOWS\system32\winipcfile.dll
2016-07-13 15:54:53 ----A---- C:\WINDOWS\system32\cdpsvc.dll
2016-07-13 15:54:52 ----A---- C:\WINDOWS\system32\OneBackupHandler.dll
2016-07-13 15:54:52 ----A---- C:\WINDOWS\system32\MiracastReceiver.dll
2016-07-13 15:54:51 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2016-07-13 15:54:51 ----A---- C:\WINDOWS\system32\hgcpl.dll
2016-07-13 15:54:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Graphics.Printing.3D.dll
2016-07-13 15:54:50 ----A---- C:\WINDOWS\system32\wcnwiz.dll
2016-07-13 15:54:50 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-07-13 15:54:50 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2016-07-13 15:54:49 ----A---- C:\WINDOWS\SYSWOW64\Windows.Graphics.dll
2016-07-13 15:54:49 ----A---- C:\WINDOWS\system32\WlanMediaManager.dll
2016-07-13 15:54:49 ----A---- C:\WINDOWS\system32\DataSenseHandlers.dll
2016-07-13 15:54:48 ----A---- C:\WINDOWS\system32\wwanmm.dll
2016-07-13 15:54:47 ----A---- C:\WINDOWS\system32\themecpl.dll
2016-07-13 15:54:47 ----A---- C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-07-13 15:54:47 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2016-07-13 15:54:46 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-07-13 15:54:46 ----A---- C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-07-13 15:54:45 ----A---- C:\WINDOWS\SYSWOW64\mssphtb.dll
2016-07-13 15:54:45 ----A---- C:\WINDOWS\system32\efswrt.dll
2016-07-13 15:54:45 ----A---- C:\WINDOWS\system32\Display.dll
2016-07-13 15:54:44 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2016-07-13 15:54:44 ----A---- C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2016-07-13 15:54:44 ----A---- C:\WINDOWS\system32\LogonController.dll
2016-07-13 15:54:43 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2016-07-13 15:54:43 ----A---- C:\WINDOWS\system32\PlayToDevice.dll
2016-07-13 15:54:42 ----A---- C:\WINDOWS\SYSWOW64\WMPhoto.dll
2016-07-13 15:54:42 ----A---- C:\WINDOWS\SYSWOW64\UserLanguagesCpl.dll
2016-07-13 15:54:42 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-07-13 15:54:41 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2016-07-13 15:54:41 ----A---- C:\WINDOWS\system32\zipfldr.dll
2016-07-13 15:54:41 ----A---- C:\WINDOWS\system32\credprovs.dll
2016-07-13 15:54:40 ----A---- C:\WINDOWS\SYSWOW64\sbe.dll
2016-07-13 15:54:40 ----A---- C:\WINDOWS\system32\WmpDui.dll
2016-07-13 15:54:40 ----A---- C:\WINDOWS\system32\wlanui.dll
2016-07-13 15:54:40 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2016-07-13 15:54:39 ----A---- C:\WINDOWS\system32\sud.dll
2016-07-13 15:54:39 ----A---- C:\WINDOWS\system32\ListSvc.dll
2016-07-13 15:54:38 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-07-13 15:54:38 ----A---- C:\WINDOWS\system32\msieftp.dll
2016-07-13 15:54:37 ----A---- C:\WINDOWS\SYSWOW64\ntprint.dll
2016-07-13 15:54:37 ----A---- C:\WINDOWS\SYSWOW64\mbsmsapi.dll
2016-07-13 15:54:37 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2016-07-13 15:54:35 ----A---- C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2016-07-13 15:54:33 ----A---- C:\WINDOWS\system32\winmsipc.dll
2016-07-13 15:54:32 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2016-07-13 15:54:31 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2016-07-13 15:54:31 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2016-07-13 15:54:31 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-07-13 15:54:31 ----A---- C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-07-13 15:54:31 ----A---- C:\WINDOWS\system32\qdvd.dll
2016-07-13 15:54:31 ----A---- C:\WINDOWS\system32\PlayToReceiver.dll
2016-07-13 15:54:30 ----A---- C:\WINDOWS\system32\mspaint.exe
2016-07-13 15:54:29 ----A---- C:\WINDOWS\system32\FingerprintEnrollment.dll
2016-07-13 15:54:28 ----A---- C:\WINDOWS\SYSWOW64\GamePanel.exe
2016-07-13 15:54:27 ----A---- C:\WINDOWS\SYSWOW64\WpcWebFilter.dll
2016-07-13 15:54:27 ----A---- C:\WINDOWS\SYSWOW64\msscntrs.dll
2016-07-13 15:54:27 ----A---- C:\WINDOWS\system32\WpcWebFilter.dll
2016-07-13 15:54:26 ----A---- C:\WINDOWS\SYSWOW64\IconCodecService.dll
2016-07-13 15:54:26 ----A---- C:\WINDOWS\SYSWOW64\AppCapture.dll
2016-07-13 15:54:26 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-07-13 15:54:25 ----A---- C:\WINDOWS\SYSWOW64\bcastdvr.exe
2016-07-13 15:54:25 ----A---- C:\WINDOWS\system32\werui.dll
2016-07-13 15:54:25 ----A---- C:\WINDOWS\system32\cdpreference.exe
2016-07-13 15:54:24 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2016-07-13 15:54:24 ----A---- C:\WINDOWS\system32\IKEEXT.DLL
2016-07-13 15:54:21 ----A---- C:\WINDOWS\SYSWOW64\LockAppHost.exe
2016-07-13 15:54:20 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2016-07-13 15:54:19 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2016-07-13 15:54:17 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-07-13 15:54:16 ----A---- C:\WINDOWS\system32\MapsStore.dll
2016-07-13 15:54:16 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2016-07-13 15:54:16 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2016-07-13 15:54:15 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2016-07-13 15:54:14 ----A---- C:\WINDOWS\system32\NMAA.dll
2016-07-13 15:54:13 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2016-07-13 15:54:13 ----A---- C:\WINDOWS\system32\BingMaps.dll
2016-07-13 15:54:08 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-07-13 15:54:06 ----A---- C:\WINDOWS\system32\mos.dll
2016-07-13 15:54:04 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2016-07-13 15:54:04 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-07-13 15:54:03 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-07-13 15:54:02 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-07-13 15:54:02 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2016-07-13 15:54:01 ----A---- C:\WINDOWS\system32\SRH.dll
2016-07-13 15:54:00 ----A---- C:\WINDOWS\system32\tquery.dll
2016-07-13 15:53:58 ----A---- C:\WINDOWS\SYSWOW64\CertEnroll.dll
2016-07-13 15:53:57 ----A---- C:\WINDOWS\SYSWOW64\msftedit.dll
2016-07-13 15:53:57 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2016-07-13 15:53:57 ----A---- C:\WINDOWS\system32\AppCapture.dll
2016-07-13 15:53:56 ----A---- C:\WINDOWS\SYSWOW64\CredProvDataModel.dll
2016-07-13 15:53:56 ----A---- C:\WINDOWS\system32\MosHostClient.dll
2016-07-13 15:53:56 ----A---- C:\WINDOWS\system32\moshost.dll
2016-07-13 15:53:56 ----A---- C:\WINDOWS\system32\mapsupdatetask.dll
2016-07-13 15:53:56 ----A---- C:\WINDOWS\system32\MapsCSP.dll
2016-07-13 15:53:56 ----A---- C:\WINDOWS\system32\MapsBtSvc.dll
2016-07-13 15:53:56 ----A---- C:\WINDOWS\system32\generaltel.dll
2016-07-13 15:53:55 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2016-07-13 15:53:55 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2016-07-13 15:53:55 ----A---- C:\WINDOWS\system32\MosStorage.dll
2016-07-13 15:53:55 ----A---- C:\WINDOWS\system32\moshostcore.dll
2016-07-13 15:53:54 ----A---- C:\WINDOWS\system32\mssrch.dll
2016-07-13 15:53:54 ----A---- C:\WINDOWS\system32\dosvc.dll
2016-07-13 15:53:53 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2016-07-13 15:53:53 ----A---- C:\WINDOWS\system32\SpeechPal.dll
2016-07-13 15:53:52 ----A---- C:\WINDOWS\system32\wpncore.dll
2016-07-13 15:53:52 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2016-07-13 15:53:51 ----A---- C:\WINDOWS\SYSWOW64\SettingSync.dll
2016-07-13 15:53:51 ----A---- C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-07-13 15:53:51 ----A---- C:\WINDOWS\system32\diagperf.dll
2016-07-13 15:53:50 ----A---- C:\WINDOWS\SYSWOW64\d3d9.dll
2016-07-13 15:53:50 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2016-07-13 15:53:49 ----A---- C:\WINDOWS\SYSWOW64\propsys.dll
2016-07-13 15:53:49 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2016-07-13 15:53:49 ----A---- C:\WINDOWS\system32\mf.dll
2016-07-13 15:53:48 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2016-07-13 15:53:48 ----A---- C:\WINDOWS\system32\MbaeApiPublic.dll
2016-07-13 15:53:47 ----A---- C:\WINDOWS\system32\Taskmgr.exe
2016-07-13 15:53:47 ----A---- C:\WINDOWS\system32\ShareHost.dll
2016-07-13 15:53:47 ----A---- C:\WINDOWS\system32\NotificationController.dll
2016-07-13 15:53:46 ----A---- C:\WINDOWS\SYSWOW64\twinapi.dll
2016-07-13 15:53:46 ----A---- C:\WINDOWS\SYSWOW64\SmartcardCredentialProvider.dll
2016-07-13 15:53:46 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2016-07-13 15:53:46 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-07-13 15:53:46 ----A---- C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-07-13 15:53:45 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2016-07-13 15:53:45 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2016-07-13 15:53:45 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2016-07-13 15:53:45 ----A---- C:\WINDOWS\system32\SettingSync.dll
2016-07-13 15:53:44 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2016-07-13 15:53:44 ----A---- C:\WINDOWS\system32\WSShared.dll
2016-07-13 15:53:43 ----A---- C:\WINDOWS\system32\wldp.dll
2016-07-13 15:53:43 ----A---- C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-07-13 15:53:43 ----A---- C:\WINDOWS\system32\rdpcore.dll
2016-07-13 15:53:43 ----A---- C:\WINDOWS\system32\mssphtb.dll
2016-07-13 15:53:43 ----A---- C:\WINDOWS\system32\APHostService.dll
2016-07-13 15:53:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.Graphics.Printing.dll
2016-07-13 15:53:42 ----A---- C:\WINDOWS\system32\SearchFolder.dll
2016-07-13 15:53:42 ----A---- C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-07-13 15:53:42 ----A---- C:\WINDOWS\system32\ClipUp.exe
2016-07-13 15:53:41 ----A---- C:\WINDOWS\SYSWOW64\winipcsecproc.dll
2016-07-13 15:53:41 ----A---- C:\WINDOWS\system32\TpmTasks.dll
2016-07-13 15:53:41 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2016-07-13 15:53:41 ----A---- C:\WINDOWS\system32\fhcfg.dll
2016-07-13 15:53:41 ----A---- C:\WINDOWS\system32\CertEnroll.dll
2016-07-13 15:53:40 ----A---- C:\WINDOWS\SYSWOW64\SyncCenter.dll
2016-07-13 15:53:40 ----A---- C:\WINDOWS\system32\phoneactivate.exe
2016-07-13 15:53:39 ----A---- C:\WINDOWS\system32\WSService.dll
2016-07-13 15:53:39 ----A---- C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-07-13 15:53:38 ----A---- C:\WINDOWS\SYSWOW64\Clipc.dll
2016-07-13 15:53:38 ----A---- C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-07-13 15:53:38 ----A---- C:\WINDOWS\system32\systemreset.exe
2016-07-13 15:53:38 ----A---- C:\WINDOWS\system32\mfpmp.exe
2016-07-13 15:53:38 ----A---- C:\WINDOWS\system32\edputil.dll
2016-07-13 15:53:38 ----A---- C:\WINDOWS\system32\apprepapi.dll
2016-07-13 15:53:37 ----A---- C:\WINDOWS\SYSWOW64\wiaaut.dll
2016-07-13 15:53:37 ----A---- C:\WINDOWS\SYSWOW64\hgcpl.dll
2016-07-13 15:53:37 ----A---- C:\WINDOWS\system32\SettingMonitor.dll
2016-07-13 15:53:37 ----A---- C:\WINDOWS\system32\sbe.dll
2016-07-13 15:53:37 ----A---- C:\WINDOWS\system32\mbsmsapi.dll
2016-07-13 15:53:36 ----A---- C:\WINDOWS\SYSWOW64\themecpl.dll
2016-07-13 15:53:36 ----A---- C:\WINDOWS\SYSWOW64\sud.dll
2016-07-13 15:53:36 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-07-13 15:53:36 ----A---- C:\WINDOWS\system32\fhsettingsprovider.dll
2016-07-13 15:53:36 ----A---- C:\WINDOWS\HelpPane.exe
2016-07-13 15:53:35 ----A---- C:\WINDOWS\SYSWOW64\OneDriveSettingSyncProvider.dll
2016-07-13 15:53:35 ----A---- C:\WINDOWS\system32\WSSync.dll
2016-07-13 15:53:35 ----A---- C:\WINDOWS\system32\WSClient.dll
2016-07-13 15:53:35 ----A---- C:\WINDOWS\system32\WMPhoto.dll
2016-07-13 15:53:34 ----A---- C:\WINDOWS\SYSWOW64\winipcfile.dll
2016-07-13 15:53:34 ----A---- C:\WINDOWS\SYSWOW64\themeui.dll
2016-07-13 15:53:34 ----A---- C:\WINDOWS\SYSWOW64\SettingMonitor.dll
2016-07-13 15:53:34 ----A---- C:\WINDOWS\SYSWOW64\licensingdiag.exe
2016-07-13 15:53:34 ----A---- C:\WINDOWS\system32\fhengine.dll
2016-07-13 15:53:34 ----A---- C:\WINDOWS\system32\ActivationManager.dll
2016-07-13 15:53:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BlockedShutdown.dll
2016-07-13 15:53:33 ----A---- C:\WINDOWS\SYSWOW64\IdCtrls.dll
2016-07-13 15:53:33 ----A---- C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-07-13 15:53:33 ----A---- C:\WINDOWS\system32\GamePanel.exe
2016-07-13 15:53:32 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2016-07-13 15:53:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BioFeedback.dll
2016-07-13 15:53:32 ----A---- C:\WINDOWS\SYSWOW64\oemlicense.dll
2016-07-13 15:53:32 ----A---- C:\WINDOWS\SYSWOW64\msieftp.dll
2016-07-13 15:53:32 ----A---- C:\WINDOWS\SYSWOW64\Display.dll
2016-07-13 15:53:32 ----A---- C:\WINDOWS\system32\mssph.dll
2016-07-13 15:53:32 ----A---- C:\WINDOWS\system32\easwrt.dll
2016-07-13 15:53:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.WiFiDirect.dll
2016-07-13 15:53:31 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2016-07-13 15:53:31 ----A---- C:\WINDOWS\system32\WUDFPlatform.dll
2016-07-13 15:53:30 ----A---- C:\WINDOWS\SYSWOW64\WmpDui.dll
2016-07-13 15:53:30 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2016-07-13 15:53:30 ----A---- C:\WINDOWS\system32\Windows.Speech.Pal.dll
2016-07-13 15:53:30 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2016-07-13 15:53:30 ----A---- C:\WINDOWS\system32\msscntrs.dll
2016-07-13 15:53:29 ----A---- C:\WINDOWS\SYSWOW64\winmsipc.dll
2016-07-13 15:53:29 ----A---- C:\WINDOWS\system32\reseteng.dll
2016-07-13 15:53:28 ----A---- C:\WINDOWS\system32\diagtrack_win.dll
2016-07-13 15:53:28 ----A---- C:\WINDOWS\system32\apprepsync.dll
2016-07-13 15:53:27 ----A---- C:\WINDOWS\system32\domgmt.dll
2016-07-13 15:53:26 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2016-07-13 15:53:21 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-07-13 15:53:20 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-07-13 15:53:20 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2016-07-13 15:53:19 ----A---- C:\WINDOWS\system32\mstscax.dll
2016-07-13 15:53:17 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2016-07-13 15:53:17 ----A---- C:\WINDOWS\SYSWOW64\dxgi.dll
2016-07-13 15:53:16 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-07-13 15:53:16 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2016-07-13 15:53:15 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2016-07-13 15:53:12 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-07-13 15:53:11 ----A---- C:\WINDOWS\SYSWOW64\SRHInproc.dll
2016-07-13 15:53:11 ----A---- C:\WINDOWS\SYSWOW64\SRH.dll
2016-07-13 15:53:10 ----A---- C:\WINDOWS\SYSWOW64\mfplat.dll
2016-07-13 15:53:10 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2016-07-13 15:53:09 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2016-07-13 15:53:08 ----A---- C:\WINDOWS\SYSWOW64\mfnetsrc.dll
2016-07-13 15:53:08 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2016-07-13 15:53:08 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-07-13 15:53:07 ----A---- C:\WINDOWS\SYSWOW64\WMPDMC.exe
2016-07-13 15:53:07 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2016-07-13 15:53:07 ----A---- C:\WINDOWS\SYSWOW64\crypt32.dll
2016-07-13 15:53:06 ----A---- C:\WINDOWS\SYSWOW64\dcomp.dll
2016-07-13 15:53:06 ----A---- C:\WINDOWS\system32\UIRibbon.dll
2016-07-13 15:53:05 ----A---- C:\WINDOWS\SYSWOW64\UIRibbon.dll
2016-07-13 15:53:05 ----A---- C:\WINDOWS\SYSWOW64\MsSpellCheckingFacility.dll
2016-07-13 15:53:04 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2016-07-13 15:53:03 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2016-07-13 15:53:03 ----A---- C:\WINDOWS\system32\Windows.Globalization.dll
2016-07-13 15:53:03 ----A---- C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2016-07-13 15:53:02 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2016-07-13 15:53:01 ----A---- C:\WINDOWS\SYSWOW64\Taskmgr.exe
2016-07-13 15:53:01 ----A---- C:\WINDOWS\system32\eappcfg.dll
2016-07-13 15:53:01 ----A---- C:\WINDOWS\system32\diagtrack.dll
2016-07-13 15:53:00 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2016-07-13 15:53:00 ----A---- C:\WINDOWS\system32\workfolderssvc.dll
2016-07-13 15:53:00 ----A---- C:\WINDOWS\system32\pnidui.dll
2016-07-13 15:52:58 ----A---- C:\WINDOWS\system32\WindowsCodecsRaw.dll
2016-07-13 15:52:55 ----A---- C:\WINDOWS\system32\wuauclt.exe
2016-07-13 15:52:54 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecsRaw.dll
2016-07-13 15:52:50 ----A---- C:\WINDOWS\SYSWOW64\SimCfg.dll
2016-07-13 15:52:50 ----A---- C:\WINDOWS\system32\SimCfg.dll
2016-07-13 15:52:49 ----A---- C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-07-13 15:52:49 ----A---- C:\WINDOWS\system32\rasapi32.dll
2016-07-13 15:52:49 ----A---- C:\WINDOWS\system32\KernelBase.dll
2016-07-13 15:52:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2016-07-13 15:52:48 ----A---- C:\WINDOWS\SYSWOW64\netshell.dll
2016-07-13 15:52:48 ----A---- C:\WINDOWS\system32\SimAuth.dll
2016-07-13 15:52:48 ----A---- C:\WINDOWS\system32\schtasks.exe
2016-07-13 15:52:47 ----A---- C:\WINDOWS\system32\usercpl.dll
2016-07-13 15:52:47 ----A---- C:\WINDOWS\system32\certcli.dll
2016-07-13 15:52:46 ----A---- C:\WINDOWS\SYSWOW64\taskeng.exe
2016-07-13 15:52:46 ----A---- C:\WINDOWS\system32\netshell.dll
2016-07-13 15:52:45 ----A---- C:\WINDOWS\SYSWOW64\WSShared.dll
2016-07-13 15:52:45 ----A---- C:\WINDOWS\SYSWOW64\SHCore.dll
2016-07-13 15:52:45 ----A---- C:\WINDOWS\system32\UIRibbonRes.dll
2016-07-13 15:52:44 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2016-07-13 15:52:44 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2016-07-13 15:52:44 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2016-07-13 15:52:44 ----A---- C:\WINDOWS\SYSWOW64\eappcfg.dll
2016-07-13 15:52:44 ----A---- C:\WINDOWS\system32\tzautoupdate.dll
2016-07-13 15:52:44 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2016-07-13 15:52:43 ----A---- C:\WINDOWS\SYSWOW64\taskcomp.dll
2016-07-13 15:52:43 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2016-07-13 15:52:43 ----A---- C:\WINDOWS\SYSWOW64\MFCaptureEngine.dll
2016-07-13 15:52:43 ----A---- C:\WINDOWS\system32\ExecModelClient.dll
2016-07-13 15:52:43 ----A---- C:\WINDOWS\system32\drivers\bthenum.sys
2016-07-13 15:52:43 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2016-07-13 15:52:43 ----A---- C:\WINDOWS\system32\Clipc.dll
2016-07-13 15:52:42 ----A---- C:\WINDOWS\SYSWOW64\schtasks.exe
2016-07-13 15:52:42 ----A---- C:\WINDOWS\system32\themeui.dll
2016-07-13 15:52:42 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2016-07-13 15:52:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Editing.dll
2016-07-13 15:52:41 ----A---- C:\WINDOWS\SYSWOW64\SimAuth.dll
2016-07-13 15:52:41 ----A---- C:\WINDOWS\system32\WebcamUi.dll
2016-07-13 15:52:41 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2016-07-13 15:52:40 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.BackgroundTransfer.dll
2016-07-13 15:52:40 ----A---- C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-07-13 15:52:40 ----A---- C:\WINDOWS\system32\licensingdiag.exe
2016-07-13 15:52:40 ----A---- C:\WINDOWS\system32\eappgnui.dll
2016-07-13 15:52:40 ----A---- C:\WINDOWS\system32\ActionCenterCPL.dll
2016-07-13 15:52:39 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecsExt.dll
2016-07-13 15:52:39 ----A---- C:\WINDOWS\SYSWOW64\apprepapi.dll
2016-07-13 15:52:39 ----A---- C:\WINDOWS\system32\Windows.Storage.Search.dll
2016-07-13 15:52:39 ----A---- C:\WINDOWS\system32\netplwiz.dll
2016-07-13 15:52:38 ----A---- C:\WINDOWS\SYSWOW64\PrintDialogs.dll
2016-07-13 15:52:37 ----A---- C:\WINDOWS\SYSWOW64\WSSync.dll
2016-07-13 15:52:37 ----A---- C:\WINDOWS\SYSWOW64\WebcamUi.dll
2016-07-13 15:52:37 ----A---- C:\WINDOWS\SYSWOW64\dlnashext.dll
2016-07-13 15:52:37 ----A---- C:\WINDOWS\system32\rdpudd.dll
2016-07-13 15:52:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryClient.dll
2016-07-13 15:52:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.Speech.Pal.dll
2016-07-13 15:52:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.AccountsControl.dll
2016-07-13 15:52:36 ----A---- C:\WINDOWS\SYSWOW64\eappprxy.dll
2016-07-13 15:52:36 ----A---- C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-07-13 15:52:36 ----A---- C:\WINDOWS\system32\oemlicense.dll
2016-07-13 15:52:36 ----A---- C:\WINDOWS\system32\eappprxy.dll
2016-07-13 15:52:35 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-07-13 15:52:35 ----A---- C:\WINDOWS\system32\PhotoScreensaver.scr
2016-07-13 15:52:35 ----A---- C:\WINDOWS\system32\ieui.dll
2016-07-13 15:52:35 ----A---- C:\WINDOWS\system32\IconCodecService.dll
2016-07-13 15:52:35 ----A---- C:\WINDOWS\system32\eapphost.dll
2016-07-13 15:52:34 ----A---- C:\WINDOWS\SYSWOW64\WSClient.dll
2016-07-13 15:52:34 ----A---- C:\WINDOWS\SYSWOW64\edputil.dll
2016-07-13 15:52:34 ----A---- C:\WINDOWS\SYSWOW64\eapphost.dll
2016-07-13 15:52:34 ----A---- C:\WINDOWS\SYSWOW64\eapp3hst.dll
2016-07-13 15:52:34 ----A---- C:\WINDOWS\system32\drivers\BTHUSB.SYS
2016-07-13 15:52:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryBroker.dll
2016-07-13 15:52:32 ----A---- C:\WINDOWS\SYSWOW64\eappgnui.dll
2016-07-13 15:52:32 ----A---- C:\WINDOWS\system32\GlobCollationHost.dll
2016-07-13 15:52:31 ----A---- C:\WINDOWS\SYSWOW64\UIRibbonRes.dll
2016-07-13 15:52:31 ----A---- C:\WINDOWS\SYSWOW64\ieui.dll
2016-07-13 15:52:31 ----A---- C:\WINDOWS\SYSWOW64\apprepsync.dll
2016-07-13 15:52:30 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-13 15:52:27 ----A---- C:\WINDOWS\system32\invagent.dll
2016-07-13 15:52:27 ----A---- C:\WINDOWS\system32\devinv.dll
2016-07-13 15:52:27 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-07-13 15:52:26 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2016-07-13 15:52:26 ----A---- C:\WINDOWS\system32\aeinv.dll
2016-07-13 15:52:24 ----A---- C:\WINDOWS\system32\CredProvDataModel.dll
2016-07-13 15:52:23 ----A---- C:\WINDOWS\system32\browserbroker.dll
2016-07-13 15:52:23 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-07-13 15:52:21 ----A---- C:\WINDOWS\system32\shell32.dll
2016-07-13 15:52:18 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-07-13 15:52:16 ----A---- C:\WINDOWS\system32\sppsvc.exe
2016-07-13 15:52:12 ----A---- C:\WINDOWS\system32\windows.storage.dll
2016-07-13 15:52:04 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-07-13 15:52:03 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2016-07-13 15:52:03 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2016-07-13 15:52:02 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2016-07-13 15:52:02 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2016-07-13 15:52:00 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 15:51:59 ----A---- C:\WINDOWS\system32\usocore.dll
2016-07-13 15:51:59 ----A---- C:\WINDOWS\system32\schedsvc.dll
2016-07-13 15:51:59 ----A---- C:\WINDOWS\system32\MusNotification.exe
2016-07-13 15:51:58 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2016-07-13 15:51:57 ----A---- C:\WINDOWS\system32\dbgeng.dll
2016-07-13 15:51:56 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2016-07-13 15:51:55 ----A---- C:\WINDOWS\system32\DWrite.dll
2016-07-13 15:51:55 ----A---- C:\WINDOWS\system32\aepic.dll
2016-07-13 15:51:54 ----A---- C:\WINDOWS\system32\twinapi.appcore.dll
2016-07-13 15:51:54 ----A---- C:\WINDOWS\system32\PrintDialogs3D.dll
2016-07-13 15:51:53 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2016-07-13 15:51:53 ----A---- C:\WINDOWS\system32\xpsservices.dll
2016-07-13 15:51:53 ----A---- C:\WINDOWS\system32\AppReadiness.dll
2016-07-13 15:51:52 ----A---- C:\WINDOWS\SYSWOW64\twinapi.appcore.dll
2016-07-13 15:51:52 ----A---- C:\WINDOWS\system32\WMPDMC.exe
2016-07-13 15:51:52 ----A---- C:\WINDOWS\system32\werconcpl.dll
2016-07-13 15:51:52 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2016-07-13 15:51:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Globalization.dll
2016-07-13 15:51:51 ----A---- C:\WINDOWS\SYSWOW64\LogonController.dll
2016-07-13 15:51:51 ----A---- C:\WINDOWS\system32\uDWM.dll
2016-07-13 15:51:50 ----A---- C:\WINDOWS\system32\wmicmiplugin.dll
2016-07-13 15:51:50 ----A---- C:\WINDOWS\system32\taskeng.exe
2016-07-13 15:51:49 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-07-13 15:51:48 ----A---- C:\WINDOWS\SYSWOW64\dui70.dll
2016-07-13 15:51:48 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2016-07-13 15:51:48 ----A---- C:\WINDOWS\system32\dlnashext.dll
2016-07-13 15:51:47 ----A---- C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-07-13 15:51:47 ----A---- C:\WINDOWS\system32\Windows.Graphics.dll
2016-07-13 15:51:47 ----A---- C:\WINDOWS\system32\UserLanguagesCpl.dll
2016-07-13 15:51:46 ----A---- C:\WINDOWS\SYSWOW64\SearchFolder.dll
2016-07-13 15:51:46 ----A---- C:\WINDOWS\system32\winload.exe
2016-07-13 15:51:46 ----A---- C:\WINDOWS\system32\ntshrui.dll
2016-07-13 15:51:46 ----A---- C:\WINDOWS\system32\netcenter.dll
2016-07-13 15:51:45 ----A---- C:\WINDOWS\SYSWOW64\mfpmp.exe
2016-07-13 15:51:45 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2016-07-13 15:51:44 ----A---- C:\WINDOWS\SYSWOW64\qdvd.dll
2016-07-13 15:51:44 ----A---- C:\WINDOWS\SYSWOW64\dmdskmgr.dll
2016-07-13 15:51:44 ----A---- C:\WINDOWS\system32\winresume.exe
2016-07-13 15:51:44 ----A---- C:\WINDOWS\system32\sdengin2.dll
2016-07-13 15:51:43 ----A---- C:\WINDOWS\SYSWOW64\ProximityCommon.dll
2016-07-13 15:51:43 ----A---- C:\WINDOWS\system32\taskcomp.dll
2016-07-13 15:51:43 ----A---- C:\WINDOWS\system32\PrintDialogs.dll
2016-07-13 15:51:43 ----A---- C:\WINDOWS\system32\dot3ui.dll
2016-07-13 15:51:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.Search.dll
2016-07-13 15:51:42 ----A---- C:\WINDOWS\SYSWOW64\ExecModelClient.dll
2016-07-13 15:51:42 ----A---- C:\WINDOWS\SYSWOW64\duser.dll
2016-07-13 15:51:42 ----A---- C:\WINDOWS\system32\rasgcw.dll
2016-07-13 15:51:42 ----A---- C:\WINDOWS\system32\LegacyNetUX.dll
2016-07-13 15:51:41 ----A---- C:\WINDOWS\system32\Windows.UI.dll
2016-07-13 15:51:41 ----A---- C:\WINDOWS\system32\LegacyNetUXHost.exe
2016-07-13 15:51:40 ----A---- C:\WINDOWS\SYSWOW64\wcnwiz.dll
2016-07-13 15:51:40 ----A---- C:\WINDOWS\SYSWOW64\credprovs.dll
2016-07-13 15:51:39 ----A---- C:\WINDOWS\SYSWOW64\WLanConn.dll
2016-07-13 15:51:39 ----A---- C:\WINDOWS\SYSWOW64\efswrt.dll
2016-07-13 15:51:38 ----A---- C:\WINDOWS\system32\sdrsvc.dll
2016-07-13 15:51:38 ----A---- C:\WINDOWS\system32\deviceaccess.dll
2016-07-13 15:51:37 ----A---- C:\WINDOWS\SYSWOW64\GlobCollationHost.dll
2016-07-13 15:51:37 ----A---- C:\WINDOWS\system32\wiaaut.dll
2016-07-13 15:51:37 ----A---- C:\WINDOWS\system32\sdshext.dll
2016-07-13 15:51:37 ----A---- C:\WINDOWS\system32\PackageStateRoaming.dll
2016-07-13 15:51:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.Shell.Search.UriHandler.dll
2016-07-13 15:51:36 ----A---- C:\WINDOWS\system32\actxprxy.dll
2016-07-11 12:24:14 ----D---- C:\ProgramData\Uncheckit
2016-07-11 12:23:58 ----D---- C:\Users\mandyyy\AppData\Roaming\Uncheckit
2016-07-11 12:23:58 ----D---- C:\ProgramData\uckt
2016-07-11 12:23:50 ----D---- C:\Program Files (x86)\SFK
2016-07-11 12:22:32 ----D---- C:\WINDOWS\SYSWOW64\_SSpm
2016-07-07 20:18:56 ----D---- C:\Users\mandyyy\AppData\Roaming\Firefox
2016-07-07 20:17:45 ----D---- C:\Program Files (x86)\WinSaber

======List of files/folders modified in the last 1 month======

2016-08-06 21:02:50 ----D---- C:\WINDOWS\Prefetch
2016-08-06 21:02:23 ----D---- C:\WINDOWS\Temp
2016-08-06 21:01:00 ----D---- C:\WINDOWS\AppReadiness
2016-08-06 21:00:32 ----HD---- C:\Program Files\WindowsApps
2016-08-06 20:57:00 ----RD---- C:\Program Files
2016-08-06 20:56:02 ----D---- C:\ProgramData\{09f9e1b4-612c-1}
2016-08-06 20:56:01 ----HD---- C:\ProgramData
2016-08-06 20:55:59 ----D---- C:\ProgramData\{08f1867f-212c-0}
2016-08-06 20:55:59 ----D---- C:\ProgramData\{05b6c88a-612c-1}
2016-08-06 20:55:58 ----D---- C:\ProgramData\{065b5e46-612c-0}
2016-08-06 20:55:43 ----D---- C:\WINDOWS\system32\sru
2016-08-06 20:55:26 ----D---- C:\Users\mandyyy\AppData\Roaming\Spotify
2016-08-06 02:39:58 ----D---- C:\WINDOWS\SysWOW64
2016-08-06 01:54:24 ----D---- C:\ProgramData\LU
2016-08-05 20:12:47 ----SHD---- C:\System Volume Information
2016-08-05 20:05:13 ----D---- C:\WINDOWS\Microsoft.NET
2016-08-05 20:02:10 ----D---- C:\WINDOWS\LiveKernelReports
2016-08-04 16:09:42 ----RD---- C:\Program Files (x86)
2016-08-04 15:52:13 ----D---- C:\Program Files (x86)\WinZipper
2016-08-04 15:43:39 ----D---- C:\WINDOWS\System32
2016-08-04 13:52:39 ----D---- C:\Users\mandyyy\AppData\Roaming\TSv
2016-07-29 23:12:27 ----D---- C:\WINDOWS\system32\NDF
2016-07-29 16:51:02 ----SHD---- C:\WINDOWS\Installer
2016-07-29 16:51:02 ----SHD---- C:\Config.Msi
2016-07-29 16:46:42 ----D---- C:\WINDOWS\Tasks
2016-07-28 20:40:53 ----D---- C:\ProgramData\Spotnet
2016-07-27 16:01:35 ----D---- C:\Program Files (x86)\SpeedSearchesbnd
2016-07-27 16:01:34 ----D---- C:\WINDOWS\system32\Tasks
2016-07-27 11:33:16 ----D---- C:\Users\mandyyy\AppData\Roaming\vlc
2016-07-26 22:24:46 ----D---- C:\WINDOWS\AppPatch
2016-07-26 22:24:44 ----D---- C:\Program Files (x86)\SearchProtect
2016-07-26 22:24:05 ----D---- C:\WINDOWS\system32\catroot2
2016-07-25 22:41:20 ----D---- C:\Users\mandyyy\AppData\Roaming\eCyber
2016-07-25 16:51:24 ----D---- C:\WINDOWS\rescache
2016-07-25 16:35:51 ----D---- C:\WINDOWS\system32\config
2016-07-25 15:36:28 ----D---- C:\ProgramData\Temp
2016-07-24 21:17:25 ----D---- C:\ProgramData\942f5d0a
2016-07-24 21:06:41 ----D---- C:\ProgramData\ec0ae56a-4377-0
2016-07-15 23:06:53 ----D---- C:\WINDOWS\system32\DriverStore
2016-07-15 20:35:29 ----D---- C:\WINDOWS\WinSxS
2016-07-15 20:13:17 ----RSD---- C:\WINDOWS\assembly
2016-07-15 20:02:33 ----D---- C:\ProgramData\Microsoft Help
2016-07-14 13:24:11 ----D---- C:\WINDOWS\INF
2016-07-14 13:18:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-14 13:12:22 ----D---- C:\WINDOWS\system32\drivers
2016-07-14 13:09:43 ----D---- C:\WINDOWS\SYSWOW64\nl-NL
2016-07-14 13:09:43 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-07-14 13:09:43 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-07-14 13:09:38 ----D---- C:\WINDOWS\system32\wbem
2016-07-14 13:09:38 ----D---- C:\WINDOWS\system32\oobe
2016-07-14 13:09:38 ----D---- C:\WINDOWS\system32\nl-NL
2016-07-14 13:09:38 ----D---- C:\WINDOWS\system32\migration
2016-07-14 13:09:38 ----D---- C:\WINDOWS\system32\en-US
2016-07-14 13:09:38 ----D---- C:\WINDOWS\system32\drivers\nl-NL
2016-07-14 13:09:38 ----D---- C:\WINDOWS\system32\drivers\en-US
2016-07-14 13:09:38 ----D---- C:\WINDOWS\system32\appraiser
2016-07-14 13:09:33 ----RD---- C:\WINDOWS\PrintDialog
2016-07-14 13:09:33 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-07-14 13:09:33 ----RD---- C:\WINDOWS\DevicesFlow
2016-07-14 13:09:33 ----D---- C:\WINDOWS\Provisioning
2016-07-14 13:09:33 ----D---- C:\WINDOWS\PolicyDefinitions
2016-07-14 13:09:33 ----D---- C:\WINDOWS\bcastdvr
2016-07-14 13:09:33 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2016-07-14 13:09:33 ----D---- C:\Program Files (x86)\Windows Mail
2016-07-14 13:09:33 ----D---- C:\Program Files (x86)\Windows Defender
2016-07-14 13:09:33 ----D---- C:\Program Files (x86)\Internet Explorer
2016-07-14 13:09:33 ----AD---- C:\Windows
2016-07-14 13:09:32 ----D---- C:\Program Files\Windows Photo Viewer
2016-07-14 13:09:32 ----D---- C:\Program Files\Windows Mail
2016-07-14 13:09:32 ----D---- C:\Program Files\Windows Journal
2016-07-14 13:09:32 ----D---- C:\Program Files\Windows Defender
2016-07-14 13:09:32 ----D---- C:\Program Files\Internet Explorer
2016-07-14 00:42:27 ----D---- C:\WINDOWS\CbsTemp
2016-07-14 00:42:13 ----D---- C:\WINDOWS\system32\MRT
2016-07-14 00:32:37 ----A---- C:\WINDOWS\system32\MRT.exe
2016-07-14 00:22:05 ----A---- C:\WINDOWS\win.ini
2016-07-13 15:17:31 ----D---- C:\WINDOWS\system32\Macromed
2016-07-13 15:17:27 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-07-13 15:17:22 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerInstaller.exe
2016-07-11 12:24:06 ----RSD---- C:\WINDOWS\Fonts
2016-07-11 12:23:35 ----D---- C:\ProgramData\RwinpR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-04-23 87552]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-10-30 47616]
R3 ACPIVPC;@oem20.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2014-10-09 35576]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;USB-stuurprogramma voor Bluetooth-radio; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-07-01 84992]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-09-09 3797416]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-06-04 4486400]
R3 IntcDAud;@oem9.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem35.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-07-20 38976]
R3 RSP2STOR;@oem32.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [2015-06-05 310528]
R3 rt640x64;@oem33.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RtkBtFilter;@oem34.inf,%BtFilt.SvcDesc%;Realtek Bluetooth Filter Driver; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [2015-03-11 593624]
R3 RTWlanE;@oem8.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter; C:\WINDOWS\System32\drivers\rtwlane.sys [2015-11-18 4772096]
R3 S6000KNT;@oem41.inf,%USBVideo.SvcDesc%;Alcor WebCam Driver; C:\WINDOWS\System32\Drivers\S6000KNT.sys [2015-08-20 901232]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-08-14 44216]
S0 is3srv;is3srv; SySWOW64\drivers\is3srv64.sys []
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S0 mfeelamk;McAfee Inc. mfeelamk; C:\WINDOWS\system32\drivers\mfeelamk.sys [2015-02-13 80160]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator-service; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-07-01 112640]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-03-29 245760]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-10-30 128512]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Stuurprogramma voor Bluetooth-poort; C:\WINDOWS\System32\drivers\BTHport.sys [2016-07-01 954368]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2015-11-22 117248]
S3 dg_ssudbus;@oem2.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2015-12-08 122160]
S3 dot4;@oem7.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem13.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
S3 dot4usb;@oem7.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 EsgScanner;EsgScanner; C:\WINDOWS\system32\DRIVERS\EsgScanner.sys [2016-04-22 22704]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 intaud_WaveExtensible;@oem14.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-07-20 50240]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-10-30 26624]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 Netaapl;@oem25.inf,%Netaapl.Service.DispName%;Apple Mobile Device Ethernet Service; C:\WINDOWS\System32\drivers\netaapl64.sys [2014-08-16 23040]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-10-30 930656]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-03-29 181248]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-03-02 83768]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CltMngSvc;Search Protect Service; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2016-06-29 3253008]
R2 CommandHandler;Command Service(CommandHandler); C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe [2016-07-28 253824]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 EOF;EOF; C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe [2016-08-04 2958336]
R2 FirefoxU;Update Service(FirefoxU); C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [2016-07-28 499072]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-09-09 330144]
R2 IhPul;IhPul; C:\Users\mandyyy\AppData\Roaming\TSv\TSvr.exe [2016-07-28 210128]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoSetSvr;LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [2014-10-09 389680]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-10-09 198192]
R2 LUService;LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [2014-02-18 38896]
R2 MaxthonUpdateSvc;Maxthon Core Update Service; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2015-11-30 1872808]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2013-12-13 230920]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\windows\SysWOW64\NLSSRV32.EXE [2013-12-13 69640]
R2 OneSyncSvc_32f23;Host synchroniseren_32f23; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-10-09 288240]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-04-24 390632]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-09-09 291736]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2016-03-19 651576]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 PimIndexMaintenanceSvc_32f23;Contact Data_32f23; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 BugreportW;BugreportW; C:\Program Files (x86)\SpeedSearchesbnd\Bugreportauclt.exe {154DFF63-3402-4815-941A-AAD63AE8B428} []
S2 EraserSvc11520;Symantec Eraser Service; C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe /h ccCommon []
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-16 154440]
S2 IHeeaWA_protect;Protect Service(IHeeaWA_protect); C:\ProgramData\IHeeaWA\protect\protect.exe []
S2 IHeeaWA_update;Update Service(IHeeaWA_update); C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe []
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_170251c;Host synchroniseren_170251c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1f24292;Host synchroniseren_1f24292; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_2ac17f8;Host synchroniseren_2ac17f8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_326da10;Host synchroniseren_326da10; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_35a4573;Host synchroniseren_35a4573; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_382c881;Host synchroniseren_382c881; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_391c3;Host synchroniseren_391c3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_39aff;Host synchroniseren_39aff; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3d64dd5;Host synchroniseren_3d64dd5; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_423ec;Host synchroniseren_423ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4363c;Host synchroniseren_4363c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4d349;Host synchroniseren_4d349; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4e546;Host synchroniseren_4e546; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_500e21e;Host synchroniseren_500e21e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_5f64726;Host synchroniseren_5f64726; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_643be53;Host synchroniseren_643be53; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_7216a;Host synchroniseren_7216a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_802287;Host synchroniseren_802287; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_88aa07;Host synchroniseren_88aa07; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_a32daee;Host synchroniseren_a32daee; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_c8a95ec;Host synchroniseren_c8a95ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_f674b2;Host synchroniseren_f674b2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13 270016]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-16 154440]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-06-03 533760]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-08-17 272424]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_170251c;MessagingService_170251c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1f24292;MessagingService_1f24292; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_2ac17f8;MessagingService_2ac17f8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_326da10;MessagingService_326da10; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_32f23;MessagingService_32f23; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_35a4573;MessagingService_35a4573; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_382c881;MessagingService_382c881; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_391c3;MessagingService_391c3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_39aff;MessagingService_39aff; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3d64dd5;MessagingService_3d64dd5; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_423ec;MessagingService_423ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4363c;MessagingService_4363c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4d349;MessagingService_4d349; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4e546;MessagingService_4e546; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_500e21e;MessagingService_500e21e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_5f64726;MessagingService_5f64726; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_643be53;MessagingService_643be53; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_7216a;MessagingService_7216a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_802287;MessagingService_802287; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_88aa07;MessagingService_88aa07; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_a32daee;MessagingService_a32daee; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_c8a95ec;MessagingService_c8a95ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_f674b2;MessagingService_f674b2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-20 146888]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 178760]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-10-09 305136]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_170251c;Contact Data_170251c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_1f24292;Contact Data_1f24292; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_2ac17f8;Contact Data_2ac17f8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_326da10;Contact Data_326da10; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_35a4573;Contact Data_35a4573; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_382c881;Contact Data_382c881; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_391c3;Contact Data_391c3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_39aff;Contact Data_39aff; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_3d64dd5;Contact Data_3d64dd5; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_423ec;Contact Data_423ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_4363c;Contact Data_4363c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_4d349;Contact Data_4d349; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_4e546;Contact Data_4e546; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_500e21e;Contact Data_500e21e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_5f64726;Contact Data_5f64726; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_643be53;Contact Data_643be53; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_7216a;Contact Data_7216a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_802287;Contact Data_802287; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_88aa07;Contact Data_88aa07; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_a32daee;Contact Data_a32daee; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_c8a95ec;Contact Data_c8a95ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_f674b2;Contact Data_f674b2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]

-----------------EOF-----------------