
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by rtull on zo 18-06-2017 at 14:05:58,44.
Microsoft Windows 10 Home 10.0.14393  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\rtull\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2017-06-18-120407.log	65912 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

. .  
. . .  
1.0.0  
Adblock Plus voor IE (32-bit en 64-bit)  
AVG  
AVG 2016  
AVG PC TuneUp  
AVG Protection  
AVS Audio Converter 8.3.2  
AVS Audio Editor 8.3.2  
AVS Disc Creator 5.2.8  
AVS Document Converter 3.1.2  
AVS Image Converter 4.1.2  
AVS Media Player 4.4.1  
AVS Photo Editor 2.3.6  
AVS Registry Cleaner 3.0.5  
AVS Video Converter 9.5.1  
AVS Video Editor 7.5.1  
AVS Video ReMaker 5.1.1  
CCleaner  
Chromium  
D3DX10  
Driver and Application Installation  
EssentialPIM  
FMW 1  
FrostWire 6.5.1  
Google Chrome  
Google Update Helper  
HP ENVY 4500 series Basissoftware van het apparaat  
HP ENVY 4500 series Help  
HP Photo Creations  
HP Update  
Intel(R) Chipset Device Software  
Intel(R) Management Engine Components  
Intel(R) ME UninstallLegacy  
Intel(R) Online Connect Software Asset Manager  
Intel(R) PRO/Wireless Driver  
Intel(R) Processor Graphics  
Intel(R) SDK for OpenCL - CPU Only Runtime Package  
Intel(R) Wireless Bluetooth(R)  
Intel© Driver Update Utility  
Intel© Online Connect  
Intel© Online Connect Access  
Intel© PROSet/Wireless Software  
Intel© PROSet/Wireless WiFi Software  
Intel© Security Assist  
Intel© Trusted Connect Service Client  
Junk Mail filter update  
Lenovo Power2Go  
Lenovo PowerDVD12  
Lenovo QuickOptimizer  
Lenovo Service Bridge  
Lenovo Silver Silk Wireless Keyboard  
Lenovo Solution Center  
Lenovo System Interface Foundation Driver  
Logitech Vid  
Logitech Webcam Software  
Malwarebytes versie 3.0.6.1469  
Manual  
Microsoft Application Error Reporting  
Microsoft ASP.NET MVC 2  
Microsoft OneDrive  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft VC++ redistributables repacked.  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501  
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215  
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215  
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215  
Movie Maker  
Mozilla Firefox 52.0.2 (x86 nl)  
Mozilla Maintenance Service  
Mozilla Thunderbird 52.2.0 (x86 nl)  
MSVCRT  
MSVCRT_amd64  
MSVCRT110  
MSVCRT110_amd64  
MSXML 4.0 SP3 Parser  
OpenOffice 4.1.3  
Photo Common  
Photo Gallery  
Photobucket Backup  
PicosmosTools 1.8.0.0  
Productverbeteringsonderzoek voor HP ENVY 4500 series  
Realtek Ethernet Controller All-In-One Windows Driver  
Realtek High Definition Audio Driver  
Recuva  
Revo Uninstaller 2.0.2  
RogueKiller version 12.11.1.0  
Security Update for CAPICOM (KB931906)  
SHAREit  
SkypeT 7.36  
Smart View  
Software voor Intel© Chipset-apparaten  
Spybot - Search & Destroy  
Twonky Server  
Unchecky v1.0.2  
Visual Studio 2012 x64 Redistributables  
Visual Studio 2012 x86 Redistributables  
VLC media player  
Vulkan Run Time Libraries 1.0.33.0  
Windows 10-upgradeassistent  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Mail  
Windows Live Messenger  
Windows Live MIME IFilter  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
Wondershare Data Recovery(Build 5.0.9.6)  
Wondershare Helper Compact 2.5.2  

==== Running Processes ======================

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\System32\DriverStore\FileRepository\ki121026.inf_amd64_d9c66a7a4ae5623d\IntelCpHeciSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\rtull\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Users\rtull\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R2 - [avgfws] - AVG Firewall - c:\program files (x86)\avg\av\avgfwsa.exe
R2 - [avgsvc] - AVG Service - c:\program files (x86)\avg\framework\common\avgsvca.exe
R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\av\avgwdsvca.exe
R2 - [EvtEng] - Intel(R) PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe
R2 - [ibtsiva] - Intel Bluetooth Service - c:\windows\system32\ibtsiva
R2 - [igfxCUIService2.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\driverstore\filerepository\ki121026.inf_amd64_d9c66a7a4ae5623d\igfxcuiservice.exe
R2 - [ImControllerService] - System Interface Foundation Service - c:\program files\lenovo\imcontroller\service\lenovo.modern.imcontroller.exe
R2 - [Intel(R) TechnologyAccessLegacyCSLoader] - Intel(R) Online Connect Access Legacy CS Loader - c:\program files\intel\intel(r) online connect access\legacycsloaderservice.exe
R2 - [Intel(R) TechnologyAccessService] - Intel(R) Online Connect Access - c:\program files\intel\intel(r) online connect access\inteltechnologyaccessservice.exe
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
R2 - [LVPrcS64] - Process Monitor - c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe
R2 - [MBAMService] - Malwarebytes Service - c:\program files\malwarebytes\anti-malware\mbamservice.exe
R2 - [RegSrvc] - Intel(R) PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe
R2 - [SDScannerService] - Spybot-S&D 2 Scanner Service - c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
R2 - [SDUpdateService] - Spybot-S&D 2 Updating Service - c:\program files (x86)\spybot - search & destroy 2\sdupdsvc.exe
R2 - [SDWSCService] - Spybot-S&D 2 Security Center Service - c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe
R2 - [TuneUp.UtilitiesSvc] - AVG PC TuneUp Service - c:\program files (x86)\avg\avg pc tuneup\tuneuputilitiesservice64.exe
R2 - [TwonkyServer] - TwonkyServer - c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe
R2 - [Unchecky] - Unchecky - c:\program files (x86)\unchecky\bin\unchecky_svc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R2 - [ZeroConfigService] - Intel(R) PROSet/Wireless Zero Configuration Service - c:\program files\intel\wifi\bin\zeroconfigservice.exe
R3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\system32\driverstore\filerepository\ki121026.inf_amd64_d9c66a7a4ae5623d\intelcphecisvc.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R3 - [Intel(R) Online Connect] - Intel(R) Online Connect - c:\program files\intel\intel(r) online connect\ioc.exe
R3 - [Intel(R) Security Assist] - Intel(R) Security Assist - c:\program files (x86)\intel\intel(r) security assist\isa.exe
S2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\av\avgidsagenta.exe
S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [Intel(R) Online Connect Helper] - Intel(R) Online Connect Helper - c:\program files\intel\intel(r) online connect\iochelperservice.exe
S2 - [isaHelperSvc] - Intel(R) Security Assist Helper - c:\program files (x86)\intel\intel(r) security assist\isahelperservice.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S2 - [SystemUsageReportSvc_QUEENCREEK] - Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - c:\program files\intel driver update utility\sur\sursvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [AvgAMPS] - AvgAMPS - c:\program files (x86)\avg\av\avgamps.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cplspcon] - Intel(R) Content Protection HDCP Service - c:\windows\system32\driverstore\filerepository\ki121026.inf_amd64_d9c66a7a4ae5623d\intelcphdcpsvc.exe
S3 - [diagnosticshub.standardcollector.service] - Microsoft(R) Diagnostics Hub Standard Collector-service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe
S3 - [ESRV_SVC_QUEENCREEK] - Energy Server Service queencreek - c:\program files\intel\sur\queencreek\esrv_svc.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
S3 - [Intel(R) Online Connect Software Asset Manager] - Intel(R) Online Connect Software Asset Manager - c:\program files (x86)\intel\intel(r) online connect access\intel(r) software asset manager\bin\intelsoftwareassetmanagerservice.exe
S3 - [LSC.Services.SystemService] - Lenovo Solution Center System Service - c:\program files\lenovo\lenovo solution center\app\lsc.services.systemservice.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe
S3 - [ShareItSvc] - ShareItSvc - c:\program files (x86)\shareit\shareit\shareit.service.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [USER_ESRV_SVC_QUEENCREEK] - User Energy Server Service queencreek - c:\program files\intel\sur\queencreek\esrv_svc.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\rtull\AppData\Roaming\Mozilla\Firefox\Profiles\u63cqylq.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_18-06-2017_1414_.backup

ProfilePath: C:\Users\rtull\AppData\Roaming\Thunderbird\Profiles\te73k114.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_18-06-2017_1414_.backup

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8103 MB
CPU Info: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
CPU Speed: 3696,5 MHz
Sound Card: Speakers (Realtek High Definiti | 
PHL 243V5 (Intel(R) Display Aud | 
Display Adapters: Intel(R) HD Graphics 530 | Intel(R) HD Graphics 530
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1536 X 864 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller | Bluetooth Device (Personal Area Network) | Intel(R) Dual Band Wireless-AC 3165 | Microsoft Wi-Fi Direct Virtual Adapter
CD / DVD Drives: 1x (G: | ) G: PLDS    DVD-RW DU8AESH
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  899,7GB
Hard Disks - Free: C:  787,6GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE |  | LENOVO - 1060
Time Zone: West-Europa (standaardtijd)
Motherboard *: LENOVO SKYBAY
Country: Nederland 
Language: NLD 

==== System Specs (Software) ======================

Internet Explorer Version: 11.1358.14393.0 
Mozilla Firefox version: 52.0.2 (x86 nl)
Google Chrome version: 58.0.3029.110

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2017-06-14 14:55:01	E8B796A523D2B63A9C7BB0576DFE793E	975872	----a-w-	C:\WINDOWS\HelpPane.exe
====== C:\Users\rtull\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2017-06-14 15:02:27	838192E7C51BA80217277169EEBC0BE3	327168	----a-w-	C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 15:02:23	615F788383682C3931D89CAC00BC9D40	306688	----a-w-	C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 15:02:19	2B2C59488185FCDD94C8077879F7D2EC	5686272	----a-w-	C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 15:02:18	613CAF12F074D723B62BCF13383EA513	709120	----a-w-	C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 15:02:17	00D5767DC76922C810EDCA01B8C23ED6	1164288	----a-w-	C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 15:02:13	DD822D3B371DA4BBAA167B9279338074	1988096	----a-w-	C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 15:02:13	804C6C0A17BC054C8FCAF3FA59C59EED	2643968	----a-w-	C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 15:02:13	66E2AA655F4E11F40362995D1E3FBE41	773120	----a-w-	C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 15:02:13	4931D908A1EBFD82A6C34CD13D5EC2BA	27136	----a-w-	C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 15:02:09	9722B441E20C9C3B34EECA660303B3B5	780640	----a-w-	C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 15:02:09	07680AD9B1ADC68B65FBF06BF0E07848	2997760	----a-w-	C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 15:02:07	EB9F8A08F96CDEE70C6E85CB530ECF5B	224256	----a-w-	C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 15:02:07	207D69F66829C89B23BB206A1DEBFF3E	285184	----a-w-	C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 15:02:07	1C5F45D0C096B30660CD6478E83340E8	95232	----a-w-	C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 15:02:06	D01B678C1B3DC6A8CEB1E5BE8C80F28A	181760	----a-w-	C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 15:02:05	D8DD468AD61EA092F0F9B9FA51AEA929	755712	----a-w-	C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 15:02:05	C09B9EC9CFED978918F7A0137D41AA92	3664384	----a-w-	C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 15:02:05	C04621FEDE5AF0F91675AF80CF3F8D16	340832	----a-w-	C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 15:02:05	AE3C94E8C7E0820AE6D014048F8E92F4	886272	----a-w-	C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 15:02:05	A325B781E64B9D02BA6B2E9E0DF13844	822784	----a-w-	C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 15:02:05	46B73619AA04C2932B72274901A00C91	635904	----a-w-	C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 15:02:05	20C0C534C203004F271585F7B8A7276E	100352	----a-w-	C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 15:02:05	1A81E067094E519882FBE65674A31DA6	20967840	----a-w-	C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 15:02:04	82933E2FC5235A185C5FB15BD1C174E7	6042624	----a-w-	C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 15:02:02	59D8A8C06114DE6E5F277B4CA6039D51	368128	----a-w-	C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 15:02:01	B7CFC1C5B3353FF0BE171E76E599B122	364544	----a-w-	C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 15:02:01	83DB1B53D6B80A8A2219DDC661DC4AF3	607072	----a-w-	C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 15:02:01	5181B7BE1B912B9AA50858C5D860E8D9	111968	----a-w-	C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 15:01:59	38CD97EABCD0989375DE31C55DB64744	1221120	----a-w-	C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 15:01:57	E31E12A238ED955FCA7505436C9EA681	1706488	----a-w-	C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 15:01:55	3264894312F31CA89EB9BAAF46DB323B	12187648	----a-w-	C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 15:01:54	EE5471ED61FCA6EBB955F69657A51E96	18364928	----a-w-	C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 15:01:54	4B4D68731C21CB4CB5313270FCC7136E	19414016	----a-w-	C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 15:01:53	820EFB58A8BE5D0D0901B42C5B87948D	2560	----a-w-	C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 15:01:50	D18BFA3288DE0F05721F3C5C0EA5ADC9	232448	----a-w-	C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 15:01:50	AFFA1FD1984250537436990FAB04A47C	295424	----a-w-	C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 15:01:50	8F638F134BEED7E1A097FF5DD4F32D33	37376	----a-w-	C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 15:01:50	7E866F728EC98B40CAC7DC3211452A16	545944	----a-w-	C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 15:01:50	17E04FC6F7004025AD303F884600B93F	1412640	----a-w-	C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 15:01:50	0F28A83057FB22765B58F58860312694	315744	----a-w-	C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 15:01:49	FBFF9BF41479031BA892670A69E94AF8	2006528	----a-w-	C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 15:01:47	91D374EB0852B8D83939AF8B44056436	1021784	----a-w-	C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 15:01:47	12D38105EF6B39287B9479A0B5D0750D	2048496	----a-w-	C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 15:01:45	C772EE3E956DA3B21549C44DD1CBA022	231936	----a-w-	C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 15:01:45	ACE32CBDDF2BE6B5151A02F30B8E7208	192856	----a-w-	C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 15:01:45	00EAA3BC620929BE3E6D24146C7CC1EE	483840	----a-w-	C:\WINDOWS\SysWOW64\CoreMessaging.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2017-06-17 10:15:36	3026360F806627EE271A80C39118C17A	2373944	----a-w-	C:\WINDOWS\Sysnative\WudfUpdate_01011.dll
2017-06-15 14:50:03	72B95E3C9DFC0CFB265ADEC536767D7C	53008	----a-w-	C:\WINDOWS\Sysnative\TURegOpt.exe
2017-06-14 14:56:26	E7F14801E038AD77A64AF30AC78B905A	903680	----a-w-	C:\WINDOWS\Sysnative\SearchIndexer.exe
2017-06-14 14:56:26	7A2CF02E4120AA5B5465D79D78C0DEC2	2538496	----a-w-	C:\WINDOWS\Sysnative\mssrch.dll
2017-06-14 14:56:26	2F5D3B6FEF24DD0824964C36FDC7E0B7	3403264	----a-w-	C:\WINDOWS\Sysnative\tquery.dll
2017-06-14 14:56:26	07716E97BCC70C9577425EB98D2B35BC	124416	----a-w-	C:\WINDOWS\Sysnative\mssprxy.dll
2017-06-14 14:55:57	FE2D97721969818E483780C9FE4333BC	1513472	----a-w-	C:\WINDOWS\Sysnative\win32kbase.sys
2017-06-14 14:55:57	12F68C1BA2D9BB2239B24E16F90246FF	3615744	----a-w-	C:\WINDOWS\Sysnative\win32kfull.sys
2017-06-14 14:55:57	0FA65256069B1B65581144F206027DE5	147456	----a-w-	C:\WINDOWS\Sysnative\winsrv.dll
2017-06-14 14:55:56	BE7696381EADA160D20D172D5881E011	857440	----a-w-	C:\WINDOWS\Sysnative\WWAHost.exe
2017-06-14 14:55:56	B306E46465689426AC31FF472607BE62	2318848	----a-w-	C:\WINDOWS\Sysnative\wuaueng.dll
2017-06-14 14:55:55	90F392BF1D30D878CA96B431741AD547	391168	----a-w-	C:\WINDOWS\Sysnative\wuuhext.dll
2017-06-14 14:55:53	C9779ED5EB5A97C652E77CBCE9CE51D3	98304	----a-w-	C:\WINDOWS\Sysnative\MusNotificationUx.exe
2017-06-14 14:55:53	9CB576709100152AC1C5E9FB223D29B7	552960	----a-w-	C:\WINDOWS\Sysnative\MusUpdateHandlers.dll
2017-06-14 14:55:52	3C64F2BE8C71B03F4C69D4C116109E1D	418304	----a-w-	C:\WINDOWS\Sysnative\Windows.UI.BlockedShutdown.dll
2017-06-14 14:55:52	29D1A548F8544222EC7C3C50F73D8003	238592	----a-w-	C:\WINDOWS\Sysnative\MusNotification.exe
2017-06-14 14:55:51	0B578557804EF663D120D63255632687	119808	----a-w-	C:\WINDOWS\Sysnative\UserDataTimeUtil.dll
2017-06-14 14:55:51	038E6D6F2C86E574556D1AAF2A99BBA6	53248	----a-w-	C:\WINDOWS\Sysnative\musdialoghandlers.dll
2017-06-14 14:55:47	908CC42EE5D8CC73D4C136B5577EA08D	22220864	----a-w-	C:\WINDOWS\Sysnative\shell32.dll
2017-06-14 14:55:46	FAD89A8156FA444E0962BC5C2A23B103	117760	----a-w-	C:\WINDOWS\Sysnative\AuthBrokerUI.dll
2017-06-14 14:55:46	B06DAED17F67FFD124F397E4353D985C	404824	----a-w-	C:\WINDOWS\Sysnative\msv1_0.dll
2017-06-14 14:55:45	B7D7188C0AD7526D5425F8F0C88C712C	353792	----a-w-	C:\WINDOWS\Sysnative\cloudAP.dll
2017-06-14 14:55:45	B7AAA1FBABF23938FF429FE7D04D9399	8125440	----a-w-	C:\WINDOWS\Sysnative\Chakra.dll
2017-06-14 14:55:45	B247CEF0A92DC1D3E377BE6AA365B01A	1121280	----a-w-	C:\WINDOWS\Sysnative\aadtb.dll
2017-06-14 14:55:45	7478F2B823BFBFF75ECF805BC03B2C83	932864	----a-w-	C:\WINDOWS\Sysnative\kerberos.dll
2017-06-14 14:55:45	2D906DD0D937EF6B3318F174DBDFF059	4744704	----a-w-	C:\WINDOWS\Sysnative\jscript9.dll
2017-06-14 14:55:45	1E287D5A69A485F23749BCE65F83018A	1600624	----a-w-	C:\WINDOWS\Sysnative\sppobjs.dll
2017-06-14 14:55:44	304AFBB7C4FB4FA26538602C02E5EA73	2510848	----a-w-	C:\WINDOWS\Sysnative\NetworkMobileSettings.dll
2017-06-14 14:55:30	AC6E9ED99F0D3814D3B35387709747EF	834048	----a-w-	C:\WINDOWS\Sysnative\win32spl.dll
2017-06-14 14:55:29	D190D4F089EACA940D5233478CD94E4F	1131008	----a-w-	C:\WINDOWS\Sysnative\localspl.dll
2017-06-14 14:55:29	749F864C24C69BE5D129C34A445F32B8	100864	----a-w-	C:\WINDOWS\Sysnative\wpninprc.dll
2017-06-14 14:55:29	3FE979055667B0E488855856ABA70BB1	456192	----a-w-	C:\WINDOWS\Sysnative\puiobj.dll
2017-06-14 14:55:28	8F176DA53E5AD6F3B9FEFDC93346EFFC	7783256	----a-w-	C:\WINDOWS\Sysnative\ntoskrnl.exe
2017-06-14 14:55:28	4EE256C1721939A0240FE8550E5B7879	38752	----a-w-	C:\WINDOWS\Sysnative\OOBEUpdater.exe
2017-06-14 14:55:26	ECB92C17AC64FF64148BE807AC29386A	337408	----a-w-	C:\WINDOWS\Sysnative\NetworkBindingEngineMigPlugin.dll
2017-06-14 14:55:26	E0981C2DA535C7D579601C967210E25E	266752	----a-w-	C:\WINDOWS\Sysnative\NetSetupSvc.dll
2017-06-14 14:55:26	9888D91E8B5679FAF3E4E57B5A59BD5C	148832	----a-w-	C:\WINDOWS\Sysnative\NetSetupApi.dll
2017-06-14 14:55:26	25B2F6E8FCA707EEE8101D20A8587FCC	441344	----a-w-	C:\WINDOWS\Sysnative\netcorehc.dll
2017-06-14 14:55:26	22A034F884D3A749C9F1E378D88866C3	857952	----a-w-	C:\WINDOWS\Sysnative\NetSetupEngine.dll
2017-06-14 14:55:25	F1B41E1EB362B1FD8A8EB6011D17D58F	489472	----a-w-	C:\WINDOWS\Sysnative\NetSetupShim.dll
2017-06-14 14:55:25	3209DC681B5F46F4CDF724C48569ED11	136024	----a-w-	C:\WINDOWS\Sysnative\ImplatSetup.dll
2017-06-14 14:55:19	D10DFA27265E6E9729AC0D5963C8B7CA	1217024	----a-w-	C:\WINDOWS\Sysnative\Windows.Media.Audio.dll
2017-06-14 14:55:16	156DA1A406F1909107E048584021B631	1490432	----a-w-	C:\WINDOWS\Sysnative\lsasrv.dll
2017-06-14 14:55:13	09788178ECBD170263A19D067DF1363B	2213760	----a-w-	C:\WINDOWS\Sysnative\KernelBase.dll
2017-06-14 14:55:11	623C8989860C6162971A240A99903410	13091840	----a-w-	C:\WINDOWS\Sysnative\ieframe.dll
2017-06-14 14:55:10	A4C55CB11E20A04531F80603C984AF76	691200	----a-w-	C:\WINDOWS\Sysnative\ieproxy.dll
2017-06-14 14:55:09	5C60B2D2144E792EC68C35DA1644C502	22569984	----a-w-	C:\WINDOWS\Sysnative\edgehtml.dll
2017-06-14 14:55:08	512FAC578366299C2DD4D94BE36F5A0D	23677440	----a-w-	C:\WINDOWS\Sysnative\mshtml.dll
2017-06-14 14:55:07	75FD10B0F7721B6548BE8D7F1F79DE04	2560	----a-w-	C:\WINDOWS\Sysnative\tzres.dll
2017-06-14 14:55:03	FB30AD7EAD9E77C61778DE7E27E30C59	351744	----a-w-	C:\WINDOWS\Sysnative\hnetcfg.dll
2017-06-14 14:55:03	597C96281C55868CDBB06E22ADAEDCA9	80078	----a-w-	C:\WINDOWS\Sysnative\normidna.nls
2017-06-14 14:55:01	C9DAA29BDD6E2C61A6603DE75F6EE761	255488	----a-w-	C:\WINDOWS\Sysnative\HNetCfgClient.dll
2017-06-14 14:55:00	A64CF9D11F695E8BE7E88DB2FF9ACBE9	379232	----a-w-	C:\WINDOWS\Sysnative\atmfd.dll
2017-06-14 14:55:00	A3E5C464520434D873BF1BD092117853	45056	----a-w-	C:\WINDOWS\Sysnative\atmlib.dll
2017-06-14 14:55:00	833B3B359F0206401810503E570EDEBC	1566552	----a-w-	C:\WINDOWS\Sysnative\gdi32full.dll
2017-06-14 14:55:00	63B6CCF24C70F16976B8AD11389B4B80	628552	----a-w-	C:\WINDOWS\Sysnative\fontdrvhost.exe
2017-06-14 14:54:55	31BFADFB13EBC9CB06D6E250FEA0FD36	856064	----a-w-	C:\WINDOWS\Sysnative\efscore.dll
2017-06-14 14:54:55	2EB64622FEB3E6790FD72D06C9BEB319	252928	----a-w-	C:\WINDOWS\Sysnative\edputil.dll
2017-06-14 14:54:54	388E910ADC7F7E8BB21514FAA4A478E2	198144	----a-w-	C:\WINDOWS\Sysnative\dpapisrv.dll
2017-06-14 14:54:53	DDD49029DA039B2D1A9E3ACA8F2E97F0	2475520	----a-w-	C:\WINDOWS\Sysnative\DWrite.dll
2017-06-14 14:54:53	5070B37B20DDC257AF93EB0BE8AB5690	1845248	----a-w-	C:\WINDOWS\Sysnative\FntCache.dll
2017-06-14 14:54:51	BA775B101B5E6C12D4A7AE9CBFA4F008	335712	----a-w-	C:\WINDOWS\Sysnative\dcntel.dll
2017-06-14 14:54:51	85898A239780D457B73AAC42B73B4CB1	7217152	----a-w-	C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2017-06-14 14:54:51	1503DA64D20DD3ECB18A27686B3FF7EA	34648	----a-w-	C:\WINDOWS\Sysnative\DeviceCensus.exe
2017-06-14 14:54:48	E863706E7D0E6061689D7721959C0437	136032	----a-w-	C:\WINDOWS\Sysnative\acmigration.dll
2017-06-14 14:54:48	AA0D47B6CC0D5D3DAD069A01F3F91E86	629088	----a-w-	C:\WINDOWS\Sysnative\generaltel.dll
2017-06-14 14:54:48	9E4231D238FF2D1F5086DC8AF934F1A2	886784	----a-w-	C:\WINDOWS\Sysnative\CPFilters.dll
2017-06-14 14:54:48	7BD6C15F1C1CB0B74FB167042F20E0C9	1564512	----a-w-	C:\WINDOWS\Sysnative\appraiser.dll
2017-06-14 14:54:48	76142A00FDA4E0B192D1057BBAECF17A	2681200	----a-w-	C:\WINDOWS\Sysnative\CoreUIComponents.dll
2017-06-14 14:54:48	32A8CD2D7B5D4F503B4F8E559FE05B13	96608	----a-w-	C:\WINDOWS\Sysnative\CompatTelRunner.exe
2017-06-14 14:54:46	063DED567D61B4CC817CF8E69D480336	1418240	----a-w-	C:\WINDOWS\Sysnative\certutil.exe
2017-06-14 14:54:42	BA247C2CCC1F037D5EF4AEB5AC23E1F5	1112416	----a-w-	C:\WINDOWS\Sysnative\AppxPackaging.dll
2017-06-14 14:54:32	A8AC0C570C3629718A6CF06BDCE53A55	334176	----a-w-	C:\WINDOWS\Sysnative\invagent.dll
2017-06-14 14:54:32	18DE0596384F02237F805BD1A352FD75	544096	----a-w-	C:\WINDOWS\Sysnative\devinv.dll
2017-06-14 14:54:32	00F9F8F9FF615D71CC178DEA0B1ED720	1214816	----a-w-	C:\WINDOWS\Sysnative\aeinv.dll
2017-06-14 14:54:31	7D4E7B74E017D343089CE49559A159D1	233824	----a-w-	C:\WINDOWS\Sysnative\aepic.dll
2017-06-14 14:54:31	0865275CF6DF73BD560C1A49600A4FA9	324608	----a-w-	C:\WINDOWS\Sysnative\Windows.ApplicationModel.LockScreen.dll
2017-06-14 14:54:28	961E25D8F68C638F42199DDD6FA96342	455520	----a-w-	C:\WINDOWS\Sysnative\securekernel.exe
2017-06-14 14:54:28	9171E680ADE30F22D78AF28F84DA27D5	764392	----a-w-	C:\WINDOWS\Sysnative\CoreMessaging.dll
2017-06-14 14:54:26	7B856A5EE257489AB7EDBC77089A836C	989024	----a-w-	C:\WINDOWS\Sysnative\hvax64.exe
2017-06-14 14:54:26	4BD676CC2DBA76D4B00C1664160F488C	1100128	----a-w-	C:\WINDOWS\Sysnative\hvix64.exe
2017-06-14 14:54:24	06C58C9B85A77AB69D9C319D690B27C8	64512	----a-w-	C:\WINDOWS\Sysnative\fdProxy.dll
2017-06-05 08:50:28	675DBE4675F77C4ED9ACC538B48E15C3	257864	----a-w-	C:\WINDOWS\Sysnative\iMDriverHelper.dll
====== C:\WINDOWS\Sysnative\drivers =====
2017-06-15 10:56:42	0D5A09B08568760AE85A801FCBC0F83D	28272	----a-w-	C:\WINDOWS\Sysnative\drivers\TrueSight.sys
2017-06-14 14:55:51	1065D7283659DC301AF94A47847616C4	128864	----a-w-	C:\WINDOWS\Sysnative\drivers\tm.sys
2017-06-14 14:55:50	A7C267671EDDF066E8CFBF897BC4B626	118112	----a-w-	C:\WINDOWS\Sysnative\drivers\tdx.sys
2017-06-14 14:55:50	4ED37041ADB4BD4BEEB1279AFA5808A9	2532192	----a-w-	C:\WINDOWS\Sysnative\drivers\tcpip.sys
2017-06-14 14:55:48	0C81E5D3E37D8D350088596D23FF21A4	509280	----a-w-	C:\WINDOWS\Sysnative\drivers\storport.sys
2017-06-14 14:55:25	A530D0C58A657BCD1629816B887661CB	1181024	----a-w-	C:\WINDOWS\Sysnative\drivers\ndis.sys
2017-06-14 14:55:16	9E407EAF1B5FFD4209C2B5F7A8B83BE5	402272	----a-w-	C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2017-06-14 14:55:16	8360BD603D3596E1D6D9BD04E69DE5E9	624048	----a-w-	C:\WINDOWS\Sysnative\drivers\cng.sys
2017-06-14 14:55:15	C867FABEFF1A553330093384D022F963	2187104	----a-w-	C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2017-06-14 14:54:10	58827BEFC54D4396D3FD191F5DD31C1D	381792	----a-w-	C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2017-06-14 14:54:10	08ED027CD8A43E3412BDD134A43B13E8	279904	----a-w-	C:\WINDOWS\Sysnative\drivers\sdbus.sys
2017-06-14 14:54:09	D515CD0012EBFF9EF255798F3A4BA1EE	187232	----a-w-	C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2017-06-14 14:54:09	72ABA6AC74F7AA9C9A4AC61BE628ADD1	41472	----a-w-	C:\WINDOWS\Sysnative\drivers\BasicRender.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2017-06-15 10:56:13	--------	dc--a-w-	C:\Program Files\RogueKiller
======= C:\PROGRA~2 =====
2017-06-15 14:50:46	--------	d---a-w-	C:\PROGRA~2\COMMON~1\Skype
2017-06-07 11:17:13	--------	dc----w-	C:\PROGRA~2\FrostWire 6
2017-06-06 12:59:33	--------	dc--a-w-	C:\PROGRA~2\Unchecky
======= C: =====
====== C:\Users\rtull\AppData\Roaming ======
2017-06-16 11:28:31	--------	d-----w-	C:\Users\rtull\AppData\Local\ZHP
2017-06-15 14:07:43	--------	d-----w-	C:\Users\rtull\AppData\Local\CrashDumps
2017-06-15 11:20:21	--------	d-----w-	C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CrashDumps
2017-06-14 15:59:22	--------	d-----w-	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2017-06-14 15:59:22	--------	d-----w-	C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2017-06-04 11:59:23	--------	d-----w-	C:\Users\rtull\AppData\Local\ESET
====== C:\Users\rtull ======
2017-06-16 11:26:15	269EC54D7A916B18D1C290676D4872BC	2794880	----a-w-	C:\Users\rtull\Desktop\ZHPCleaner.exe
2017-06-15 10:56:23	--------	d-----w-	C:\ProgramData\RogueKiller
2017-06-15 10:56:16	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-15 10:50:37	62B2FB4542763B8375635F48077E6B6A	35421992	----a-w-	C:\Users\rtull\Desktop\RogueKiller_setup_ref3.exe
2017-06-07 11:06:24	9EA47D98D1983636558EAE492F1CE23F	9551280	----a-w-	C:\Users\rtull\Downloads\ccsetup530.exe
2017-06-06 12:59:33	--------	d-----w-	C:\ProgramData\Unchecky
2017-06-06 12:59:33	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2017-06-02 09:12:38	--------	d-----w-	C:\ProgramData\firebird

====== C: exe-files ==
2017-06-16 11:28:32	269EC54D7A916B18D1C290676D4872BC	2794880	----a-w-	C:\Users\rtull\AppData\Roaming\ZHP\ZHPCleaner.exe
2017-06-16 11:26:15	269EC54D7A916B18D1C290676D4872BC	2794880	----a-w-	C:\Users\rtull\Desktop\ZHPCleaner.exe
2017-06-16 10:54:56	38ABBE01995B21847CE490700EEDFC69	12122464	----a-w-	C:\Users\rtull\AppData\Roaming\ZHP\Quarantine\epim_install.exe
2017-06-15 15:23:11	418299F70B35752CB048ED773C59002E	145088	----a-w-	C:\Users\rtull\AppData\Local\Temp\18F68C14-0626-4903-A7C9-A769FE4D1ED0\DismHost.exe
2017-06-15 14:50:18	0E6ED43728EA424A834F340CC508DB59	58128344	----a-w-	C:\Windows\Temp\AvgTuneup_ash2\Skype\SkypeSetupFull.exe
2017-06-15 14:50:03	72B95E3C9DFC0CFB265ADEC536767D7C	53008	----a-w-	C:\Windows\System32\TURegOpt.exe
2017-06-15 14:37:50	68140B8E8147DA7036FAA341346EAA47	175048	----a-w-	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
2017-06-15 10:56:16	71716AAB89E7E3853777D70EADB63876	13391432	-c--a-w-	C:\Program Files\RogueKiller\Updater.exe
2017-06-15 10:56:15	73B363D1ADB4F8A8CD1E7C8D5F8023DC	10989640	-c--a-w-	C:\Program Files\RogueKiller\RogueKillerCMD64.exe
2017-06-15 10:56:15	044B73C61CEFE8C5289BB46E7CD482B7	9395784	-c--a-w-	C:\Program Files\RogueKiller\RogueKillerCMD.exe
2017-06-15 10:56:14	98B9AA71662B8B6D095A94C8977FC53D	26384456	-c--a-w-	C:\Program Files\RogueKiller\RogueKiller64.exe
2017-06-15 10:56:13	A4CA35344D84B212115E3043266078CA	799304	-c--a-w-	C:\Program Files\RogueKiller\unins000.exe
2017-06-15 10:56:13	76E665F3E9E92BBABA875EBFE9D56A25	22025800	-c--a-w-	C:\Program Files\RogueKiller\RogueKiller.exe
2017-06-15 10:50:37	62B2FB4542763B8375635F48077E6B6A	35421992	----a-w-	C:\Users\rtull\Desktop\RogueKiller_setup_ref3.exe
2017-06-15 10:43:25	E3D7664BF9CB766D3E8A7BEAD806D644	138	-c--a-w-	C:\$Recycle.Bin\S-1-5-21-2897933121-1580215152-3316838448-1001\$IQU8O18.exe
2017-06-15 10:43:15	E053366C25F9C0D846D8F4D5E21E62C9	124	-c--a-w-	C:\$Recycle.Bin\S-1-5-21-2897933121-1580215152-3316838448-1001\$IIYZ2JG.exe
2017-06-15 09:38:08	378439DA4C448C0947152F3AA496DE9C	90	-c--a-w-	C:\$Recycle.Bin\S-1-5-21-2897933121-1580215152-3316838448-1001\$IWYMNEL.exe
2017-06-14 15:02:17	00D5767DC76922C810EDCA01B8C23ED6	1164288	----a-w-	C:\Windows\SysWOW64\certutil.exe
2017-06-14 15:02:13	66E2AA655F4E11F40362995D1E3FBE41	773120	----a-w-	C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-14 15:02:09	9722B441E20C9C3B34EECA660303B3B5	780640	----a-w-	C:\Windows\SysWOW64\WWAHost.exe
2017-06-14 15:01:50	7E866F728EC98B40CAC7DC3211452A16	545944	----a-w-	C:\Windows\SysWOW64\fontdrvhost.exe
2017-06-14 14:56:26	E7F14801E038AD77A64AF30AC78B905A	903680	----a-w-	C:\Windows\System32\SearchIndexer.exe
2017-06-14 14:55:56	BE7696381EADA160D20D172D5881E011	857440	----a-w-	C:\Windows\System32\WWAHost.exe
2017-06-14 14:55:53	C9779ED5EB5A97C652E77CBCE9CE51D3	98304	----a-w-	C:\Windows\System32\MusNotificationUx.exe
2017-06-14 14:55:52	29D1A548F8544222EC7C3C50F73D8003	238592	----a-w-	C:\Windows\System32\MusNotification.exe
2017-06-14 14:55:28	8F176DA53E5AD6F3B9FEFDC93346EFFC	7783256	----a-w-	C:\Windows\System32\ntoskrnl.exe
2017-06-14 14:55:28	4EE256C1721939A0240FE8550E5B7879	38752	----a-w-	C:\Windows\System32\OOBEUpdater.exe
2017-06-14 14:55:28	164C91A5EAB1EE29F1385E74636D6134	6394488	----a-w-	C:\Windows\UpdateAssistantV2\Windows10Upgrade.exe
2017-06-14 14:55:20	A9A9E7ECE427BDBBB166B3AD4710FD1E	7645552	----a-w-	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2017-06-14 14:55:01	E8B796A523D2B63A9C7BB0576DFE793E	975872	----a-w-	C:\Windows\HelpPane.exe
2017-06-14 14:55:00	63B6CCF24C70F16976B8AD11389B4B80	628552	----a-w-	C:\Windows\System32\fontdrvhost.exe
2017-06-14 14:54:51	1503DA64D20DD3ECB18A27686B3FF7EA	34648	----a-w-	C:\Windows\System32\DeviceCensus.exe
2017-06-14 14:54:48	32A8CD2D7B5D4F503B4F8E559FE05B13	96608	----a-w-	C:\Windows\System32\CompatTelRunner.exe
2017-06-14 14:54:46	063DED567D61B4CC817CF8E69D480336	1418240	----a-w-	C:\Windows\System32\certutil.exe
2017-06-14 14:54:44	C2F6AC0BF5163B01685318855FC4BCAF	578048	----a-w-	C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
2017-06-14 14:54:44	7474E7D8F1EBB691CFABE9501422A9BC	241664	----a-w-	C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
2017-06-14 14:54:28	961E25D8F68C638F42199DDD6FA96342	455520	----a-w-	C:\Windows\System32\securekernel.exe
2017-06-14 14:54:26	7B856A5EE257489AB7EDBC77089A836C	989024	----a-w-	C:\Windows\System32\hvax64.exe
2017-06-14 14:54:26	4BD676CC2DBA76D4B00C1664160F488C	1100128	----a-w-	C:\Windows\System32\hvix64.exe
2017-06-13 12:56:38	4ADCFEE16EE9978F06157634669D36FB	602112	----a-w-	C:\$Recycle.Bin\S-1-5-21-2897933121-1580215152-3316838448-1001\$RWYMNEL.exe
=== C: other files ==
2017-06-15 10:56:42	0D5A09B08568760AE85A801FCBC0F83D	28272	----a-w-	C:\Windows\System32\drivers\TrueSight.sys
2017-06-14 15:02:09	07680AD9B1ADC68B65FBF06BF0E07848	2997760	----a-w-	C:\Windows\SysWOW64\win32kfull.sys
2017-06-14 14:55:57	FE2D97721969818E483780C9FE4333BC	1513472	----a-w-	C:\Windows\System32\win32kbase.sys
2017-06-14 14:55:57	12F68C1BA2D9BB2239B24E16F90246FF	3615744	----a-w-	C:\Windows\System32\win32kfull.sys
2017-06-14 14:55:51	1065D7283659DC301AF94A47847616C4	128864	----a-w-	C:\Windows\System32\drivers\tm.sys
2017-06-14 14:55:50	A7C267671EDDF066E8CFBF897BC4B626	118112	----a-w-	C:\Windows\System32\drivers\tdx.sys
2017-06-14 14:55:50	4ED37041ADB4BD4BEEB1279AFA5808A9	2532192	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2017-06-14 14:55:48	0C81E5D3E37D8D350088596D23FF21A4	509280	----a-w-	C:\Windows\System32\drivers\storport.sys
2017-06-14 14:55:25	A530D0C58A657BCD1629816B887661CB	1181024	----a-w-	C:\Windows\System32\drivers\ndis.sys
2017-06-14 14:55:16	9E407EAF1B5FFD4209C2B5F7A8B83BE5	402272	----a-w-	C:\Windows\System32\drivers\dxgmms1.sys
2017-06-14 14:55:16	8360BD603D3596E1D6D9BD04E69DE5E9	624048	----a-w-	C:\Windows\System32\drivers\cng.sys
2017-06-14 14:55:15	C867FABEFF1A553330093384D022F963	2187104	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2017-06-14 14:54:10	58827BEFC54D4396D3FD191F5DD31C1D	381792	----a-w-	C:\Windows\System32\drivers\USBXHCI.SYS
2017-06-14 14:54:10	08ED027CD8A43E3412BDD134A43B13E8	279904	----a-w-	C:\Windows\System32\drivers\sdbus.sys
2017-06-14 14:54:09	D515CD0012EBFF9EF255798F3A4BA1EE	187232	----a-w-	C:\Windows\System32\drivers\dumpsd.sys
2017-06-14 14:54:09	72ABA6AC74F7AA9C9A4AC61BE628ADD1	41472	----a-w-	C:\Windows\System32\drivers\BasicRender.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2897933121-1580215152-3316838448-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\rtull\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"HP ENVY 4500 series (NET)"="C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe -deviceID CN4BK2424J05X4:NW -scfn HP ENVY 4500 series (NET) -AutoStart 1"
"Logitech Vid"="C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe -bootmode"
"EssentialPIM"="C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe /autorun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
"UpdateP2GoShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"
"Lenovo Silver Silk Wireless Keyboard"="C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe"
"AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe /lps=fmw"
"AVG_UI"="C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe /lps=av"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\rtull\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"HP ENVY 4500 series (NET)"="C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe -deviceID CN4BK2424J05X4:NW -scfn HP ENVY 4500 series (NET) -AutoStart 1"
"Logitech Vid"="C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe -bootmode"
"EssentialPIM"="C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe /autorun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_LENOVO_MICPKEY"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /LENOVO_MICPKEY"
"Malwarebytes TrayApp"="C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe"

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\AVG EUpdate Task" [avgsetupx.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\HPCustParticipation HP ENVY 4500 series" ["C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe"]
"C:\WINDOWS\SysNative\tasks\Intel PTT EK Recertification" ["C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe"]
"C:\WINDOWS\SysNative\tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7" ["C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe"]
"C:\WINDOWS\SysNative\tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe"]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe]
"C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task v2" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\SysNative\tasks\PDVDServ12 Task" [C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe]
"C:\WINDOWS\SysNative\tasks\USER_ESRV_SVC_QUEENCREEK" ["C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{AFAA4A5C-C31B-451C-B09E-6BCC6FA19ABB}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Intel\Intel Telemetry 2" [C:\Program Files\Intel\Telemetry 2.0\lrio.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program 64 35" ["%ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Solution Center Launcher" [%programfiles%\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\SHPrompt" ["C:\Program Files (x86)\SHAREit\SHAREit\ShareitPrompt.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\SHUpdate" ["C:\Program Files (x86)\SHAREit\SHAREit\ShareitUpdater.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" [%windir%\system32\sc.exe START ImControllerService]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" [%windir%\System32\reg.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\TimeBasedEvents\1c709bb8-e2af-4912-8b48-09e6542821e3" ["C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\TimeBasedEvents\2240b242-b2ab-47f9-943a-ec1105bcf151" ["C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\TimeBasedEvents\640a67aa-c4d7-4ad6-b537-130f60bb6941" ["C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2897933121-1580215152-3316838448-1001" ["C:\WINDOWS\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\rtull\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\Lenovo Solution Center Notifications" [%programfiles%\Lenovo\Lenovo Solution Center\LSCNotify.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScan" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScanPostpone" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe"]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\rtull\AppData\Roaming\Mozilla\Firefox\Profiles\u63cqylq.default
user_pref("browser.newtab.url", "about:newtab");
user_pref("keyword.URL", true);