Suspected Matrix Ransomware. Need help in removing it.

Alright, after running the next three tools and posting the logs, please tell me what issues remain.

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 20.03.2017 12:18:41
Path starting: C:\Users\183-k\AppData\Local\Temp\SecurityCheck\SecurityCheck.e xe
Log directory: C:\SecurityCheck
IsAdmin: True
User: 183-k
VersionXML: 4.04is-19.03.2017

---

Windows 8.1(6.3.9600) (x64) CoreSingleLanguage Lang: English(0409)
Installation date OS: 28.07.2014 15:47:16
LicenseStatus: Windows(R), CoreSingleLanguage edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: Internet Explorer (C:\Program Files\Internet Explorer\iexplore.exe)
SystemDrive: C: FS: [NTFS] Capacity: [455.7 Gb] Used: [119.4 Gb] Free: [336.3 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18618
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2017-03-17 05:26:28
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.4518.1014
Microsoft Office 2013 x86 v.15.0.4569.1506
---------------------------- [ Antivirus_WMI ] ----------------------------
Kaspersky Total Security (enabled and up to date)
Windows Defender (disabled and up to date)
Malwarebytes (disabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Kaspersky Total Security (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (disabled and up to date)
Kaspersky Total Security (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Online Scanner v3
Kaspersky Secure Connection v.17.0.0.611
Kaspersky Total Security v.17.0.0.611
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.0.6.1469 v.3.0.6.1469
Zemana AntiMalware v.2.72.0.176
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.10 (64-bit) v.5.10.0 Warning! Download Update
Picasa 3 v.3.9.141.259 Warning! This software is no longer supported.
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.30 v.7.30.105 Warning! Download Update
^Optional update.[1]
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 25 (64-bit) v.8.0.250 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-x64.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Shockwave Player 12.0 v.12.0.4.144 Warning! Download Update
Adobe Reader XI (11.0.19) v.11.0.19
------------------------------- [ Browser ] -------------------------------
Google Chrome v.57.0.2987.98 Warning! Download Update
Mozilla Firefox (3.5.7) v.3.5.7 (en-US) Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.57.0.2987.98
------------------ [ AntivirusFirewallProcessServices ] -------------------
Kaspersky Anti-Virus Service 17.0.0 (AVP17.0.0) - The service is running
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe v.17.0.0.611
klvssbrigde64 (klvssbrigde64) - The service has stopped
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe v.17.0.0.643
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe v.17.0.0.611
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe v.17.0.0.643
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.912
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.415
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.72.0.176
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.8.5.0.9167 Warning! Browser’s toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------

---

1. /b ↩︎

I ran the Adware Tool Removal Scanner and even removed the threats, but no Log was generated. Where can I find the log?

With 9-lab Removal I am getting the following error (twice).
[ATTACH]1866[/ATTACH]

Reboot the machine and then run the tool again, make sure and push the update button prior to running it.

[ATTACH]1867[/ATTACH]

C:\Program Files (x86)\Adware Removal Tool by TSA

Overall how is the machine performing now?

9-lab Removal Tool 1.0.0.39 BETA

[/quote]

---

Adware Removal Tool 5.1
Time: 2017_03_20_12_22_37
OS: Windows 8.1 Single Language - x64 Bit
Account Name: 183-k
Adware Definition: 03192017.1
Elapsed time: 11:12
Repair Status:- Automatic Done
\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\

[-] Deleted ->> File ->> C:\Windows\Prefetch\SYNTPHELPER.EXE-878378AE.pf

[-] Deleted ->> Folder ->> C:\Users\183-k\Appdata\Roaming\ZHP\Quarantine\Pokki

[-] Deleted ->> Folder ->> C:\Users\183-k\Appdata\Roaming\ZHP\Quarantine\Pokki\Pokki

[-] Deleted ->> Folder ->> C:\Users\183-k\AppData\Local\Profiles

When the ransomware hit my computer, there were two issues that I was facing: continuous encryption of files (even if I downloaded or created a new file, it would automatically get encrypted) and second was the popup window that appeared each time I rebooted my computer. Both are gone now, so I am guessing that the problem is solved. But could you please reassure me, or is there something that would confirm that the malware has left my computer?

Should be gone, but lets double check to make sure…


Make sure and update the programs as suggested.

WinRAR 5.10 (64-bit) v.5.10.0 Warning! Download Update
Picasa 3 v.3.9.141.259 Warning! This software is no longer supported.
Skype™ 7.30 v.7.30.105 Warning! Download Update
Java 8 Update 25 (64-bit) v.8.0.250 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-x64.exe).
Adobe Shockwave Player 12.0 v.12.0.4.144 Warning! Download Update
Google Chrome v.57.0.2987.98 Warning! Download Update
Mozilla Firefox (3.5.7) v.3.5.7 (en-US) Warning! Download Update

Quick Diag Scan.

Download Quick Diag to your desktop.
Very Important Disable your Antivirus/Antispyware prior to scanning. Make sure program is on your desktop.
Right Click Run as Administrator.
Select the Quick Scan.


Post the log that is generated in your next post.

--------------- QuickDiag | g3n-h@ckm@n | V3_31.01.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 20/03/2017 16:00:52

Updated 31/01/2017 | 13.00 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi
[183-k (Administrator)] - [HP] (S-1-5-21-1605944295-1278072363-3366277582-1005)

System: Microsoft Windows 8.1 Single Language - - (6.3.9600) - BuildType: Multiprocessor Free - OSLanguage: 1033 (4009)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 8.1 Single Language|C:\Windows|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: HP Pavilion 15 Notebook PC - Hewlett-Packard - IdNumber: 5CD42147XD - UUID: 34444335-3132-3734-5844-A02BB859A5C2
Processor : X64 - 1896 Mhz - Intel(R) Core™ i3-4030U CPU @ 1.90GHz
F.02 - en|US|iso8859-1 - Insyde - S/N: 5CD42147XD - F.02 - HPQOEM - 1
CoreTemp : 51 Celsius

----------| Quick

---------- | SoundDevice

Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0290&SUBSYS_103C227E& REV_1000\4&34C4037&0&0001

---------- | Video

Intel(R) HD Graphics Family - Resolution: 1366x768 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd umdim32,igd10iumd32,igd10iumd32 - PNPDeviceID: PCI\VEN_8086&DEV_0A16&SUBSYS_227E103C&REV_0B\3&115 83659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 2144415744
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics Family - DriverVersion: 10.18.10.3496 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25312 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82432 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 52736 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 41880 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26624 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35664 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34088 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37888 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 15872 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:20 %
CPU #2 value:20 %
CPU #3 value:8 %
CPU #4 value:14 %
Total Overall CPU Usage value:16 %

---------- | Network

Realtek PCIe FE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
Broadcom BCM43142 802.11 bgn Wi-Fi Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall → SEND Maxium:16 bytes/sec, / RECEIVE Maximum:0 bytes/sec

Broadcom BCM43142 802.11 bgn Wi-Fi Adapter - Ethernet 802.3 - Broadcom - Status: - PnPID : PCI\VEN_14E4&DEV_4365&SUBSYS_2230103C&REV_01\4&147 7ABB7&0&00E2
Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek PCIe FE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_227E103C&REV_08\4&4E0 4B57&0&00E3
Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&3006D1A2&0&01
Microsoft Hosted Network Virtual Adapter - - - Status: - PnPID :
Kaspersky Security Data Escort Adapter - Ethernet 802.3 - Kaspersky Security Data Escort Provider - Status: - PnPID : ROOT\NET\0000
BlackBerry Virtual Private Network - Ethernet 802.3 - Research In Motion - Status: - PnPID : ROOT\NET\0001
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT
WAN Miniport (IP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH

---------- | Memory

RAM = Total (MB) : 4123 | Free (MB) : 1756
Pagefile = Total (MB) : 7662 | Free (MB) : 4655
Virtual = Total (MB) : 4194 | Free (MB) : 3972

Physical Memory 0 : Capacity: 4294967296 - Bottom-Slot 1(left) - Posit.: 1 - Manufacturer: A-DATA Technology - PartNumber: AM1L16BC4R1-B1PS - S/N: 000005E7

---------- | SID Users

183-k : [S-1-5-21-1605944295-1278072363-3366277582-1005]
Administrator : [S-1-5-21-1605944295-1278072363-3366277582-500]
Guest : [S-1-5-21-1605944295-1278072363-3366277582-501]
HomeGroupUser$ : [S-1-5-21-1605944295-1278072363-3366277582-1003]
HP-PC : [S-1-5-21-1605944295-1278072363-3366277582-1001]
shrey : [S-1-5-21-1605944295-1278072363-3366277582-1004]
Administrators : [S-1-5-32-544]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Remote Management Users : [S-1-5-32-580]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-1605944295-1278072363-3366277582-1002]
WinRMRemoteWMIUsers__ : [S-1-5-21-1605944295-1278072363-3366277582-1000]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ → [Fixed] | [Windows] | Total : 455.69 Go | Free : 335.96 Go → NTFS [SATA]
D:\ → [Fixed] | [RECOVERY] | Total : 20.21 Go | Free : 2 Go → NTFS [SATA]
F:\ → [Fixed] | [New Volume] | Total : 454.59 Go | Free : 452.6 Go → NTFS [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:, F:, D:] : Read:0 bytes/sec, Written:886,466 bytes/sec Max Read:0 bytes/sec, Max Write:886,466 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:886,466 bytes/sec

DeviceID: \.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 5 Part. - PnPID : SCSI\DISK&VEN_HGST&PROD_HTS541010A9E6800\4&762C4CC &0&000000

---------- | Windows updates

Last detection : 2017-03-19 23:34:44
Downloaded last ones : 2017-03-19 09:08:07
Installed last ones : 2017-03-17 05:26:28
Next search : 2017-03-20 18:36:12

Windows Is Activated

---------- | Browsers

IE : 11.0.9600.18124 (© Microsoft Corporation.)
FF : 1.9.1.3642 (©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.)
GC : 57.0.2987.98 (Copyright 2016 Google Inc.)

Default : “C:\Program Files\Internet Explorer\iexplore.exe” %1

---------- | FlashPlayer

FlashPlayer ActiveX : 25.0.0.127

---------- | Security

AV : Malwarebytes Disabled
AS : Windows Defender Disabled
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

492 | [Owner : SYSTEM | Parent : 4(System) | ???] - (.Microsoft Corporation - Windows Session Manager.) - (6.3.9600.17031) = C:\Windows\System32\smss.exe [18/03/2014 15:24:39] CPU Usage:0 %
728 | [Owner : | Parent : 664() | ???] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.3.9600.18577) = C:\Windows\System32\wininit.exe [16/03/2017 00:28:53] CPU Usage:0 %
800 | [Owner : | Parent : 740() | ???] - (.Microsoft Corporation - Windows Logon Application.) - (6.3.9600.18188) = C:\Windows\System32\winlogon.exe [27/03/2016 10:18:13] CPU Usage:0 %
840 | [Owner : | Parent : 728(wininit.exe) | ???] - (.Microsoft Corporation - Services and Controller app.) - (6.3.9600.17793) = C:\Windows\System32\services.exe [17/05/2015 14:58:03] CPU Usage:0 %
848 | [Owner : | Parent : 728(wininit.exe) | ???] - (.Microsoft Corporation - Local Security Authority Process.) - (6.3.9600.17415) = C:\Windows\System32\lsass.exe [07/03/2015 17:35:17] CPU Usage:0 %
928 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
972 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
376 | [Owner : | Parent : 840(services.exe) | ???] - (.Softex Inc. - HP SimplePass Service.) - (8.0.1.11) = C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [29/03/2014 02:09:10] CPU Usage:0 %
760 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
888 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1004 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1068 | [Owner : | Parent : 840(services.exe) | ???] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.3496) = C:\Windows\System32\igfxCUIService.exe [18/03/2014 22:59:30] CPU Usage:0 %
1096 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1224 | [Owner : | Parent : 840(services.exe) | ???] - (.Hewlett-Packard Company - HpService.) - (6.0.5.1) = C:\Windows\System32\hpservice.exe [23/07/2013 22:58:56] CPU Usage:0 %
1272 | [Owner : | Parent : 840(services.exe) | ???] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.55) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [13/05/2014 08:53:53] CPU Usage:0 %
1292 | [Owner : | Parent : 1272(RtkAudioService64.exe) | ???] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.192) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [13/05/2014 08:53:49] CPU Usage:0 %
1300 | [Owner : | Parent : 1272(RtkAudioService64.exe) | ???] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.192) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [13/05/2014 08:53:49] CPU Usage:0 %
1400 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1432 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1516 | [Owner : | Parent : 1096(svchost.exe) | ???] - (.Microsoft Corporation - Windows Wireless LAN 802.11 Extensibility Framework.) - (6.3.9600.17415) = C:\Windows\System32\wlanext.exe [07/03/2015 17:26:50] CPU Usage:0 %
1524 | [Owner : | Parent : 1516(wlanext.exe) | ???] - (.Microsoft Corporation - Console Window Host.) - (6.3.9600.17415) = C:\Windows\System32\conhost.exe [07/03/2015 17:29:57] CPU Usage:0 %
1652 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.3.9600.17415) = C:\Windows\System32\spoolsv.exe [07/03/2015 17:25:26] CPU Usage:0 %
1752 | [Owner : | Parent : 840(services.exe) | ???] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.1354) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [19/12/2016 22:38:14] CPU Usage:0 %
1768 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1920 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1992 | [Owner : | Parent : 840(services.exe) | ???] - (.Shanghai DS-Mobile Technology Co., Ltd. - Driver Service for EDGE MODEM Data Card.) - (0.2009.9.19) = C:\Program Files\Micromax 200G USB Modem\EdgeModem-DrvSrv.exe [30/07/2014 00:11:32] CPU Usage:0 %
2028 | [Owner : | Parent : 840(services.exe) | ???] - (.- Everything.) - (1.3.4.686) = C:\Program Files\Everything\Everything.exe [19/03/2017 23:48:10] CPU Usage:0 %
940 | [Owner : | Parent : 840(services.exe) | ???] - (.Hewlett-Packard Development Company, L.P. - HP WMI Service.) - (1.1.1.0) = C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [27/03/2014 04:05:26] CPU Usage:0 %
1740 | [Owner : | Parent : 840(services.exe) | ???] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe [28/08/2013 03:02:14] CPU Usage:0 %
1792 | [Owner : | Parent : 840(services.exe) | ???] - (.- ISCT Agent Application.) - (4.2.41.2710) = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [04/12/2013 21:14:08] CPU Usage:0 %
2100 | [Owner : | Parent : 840(services.exe) | ???] - (.Apple Inc. - RIM MDNS Service.) - (3.0.0.17) = C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [19/03/2015 12:37:42] CPU Usage:0 %
2168 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
2184 | [Owner : | Parent : 840(services.exe) | ???] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (18.1.5.2) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [13/03/2014 22:20:02] CPU Usage:0 %
2272 | [Owner : | Parent : 840(services.exe) | ???] - (.Copyright 2017. - ZAM.) - (2.72.0.176) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [20/03/2017 00:10:48] CPU Usage:0 %
2556 | [Owner : | Parent : 840(services.exe) | ???] - (.BlackBerry Limited - BlackBerry Link Communication Manager.) - (2.0.0.100) = C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [19/03/2015 12:37:46] CPU Usage:0 %
3956 | [Owner : | Parent : 840(services.exe) | ???] - (.BlackBerry Limited - BlackBerry Device Manager.) - (4.2.0.52) = C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [31/10/2014 15:56:04] CPU Usage:0 %
1776 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
4932 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.7903) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe [02/04/2014 15:20:06] CPU Usage:0 %
4952 | [Owner : HP-PC | Parent : 2184(SynTPEnhService.exe) | 13.66 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (18.1.5.2) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [13/03/2014 22:20:02] CPU Usage:0 %
5040 | [Owner : HP-PC | Parent : 888(svchost.exe) | 9.68 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.3.9600.17415) = C:\Windows\System32\taskhostex.exe [07/03/2015 17:32:26] CPU Usage:0 %
1908 | [Owner : HP-PC | Parent : 4176() | 9.24 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.3496) = C:\Windows\System32\igfxEM.exe [18/03/2014 22:59:32] CPU Usage:0 %
5056 | [Owner : HP-PC | Parent : 4176() | 6.53 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.3496) = C:\Windows\System32\igfxHK.exe [18/03/2014 22:59:32] CPU Usage:0 %
5172 | [Owner : HP-PC | Parent : 4176() | 8.92 Mo] - (.Intel Corporation - igfxTray Module.) - (6.15.10.3496) = C:\Windows\System32\igfxTray.exe [18/03/2014 22:59:34] CPU Usage:0 %
5404 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
5452 | [Owner : HP-PC | Parent : 1804() | 2.79 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (18.1.5.2) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [13/03/2014 22:20:04] CPU Usage:0 %
5744 | [Owner : | Parent : 528() | ???] - (.-.) - (0.0.0.0) = C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe [29/03/2014 02:06:30] CPU Usage:0 %
5852 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.9600.17787) = C:\Windows\System32\SearchIndexer.exe [13/06/2015 19:42:54] CPU Usage:0 %
1204 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 3.76 Mo] - (.Shanghai DS-Mobile Technology Co., Ltd. - AutoRun for EDGE MODEM Data Card.) - (0.2009.9.19) = C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe [30/07/2014 00:11:32] CPU Usage:0 %
828 | [Owner : HP-PC | Parent : 888(svchost.exe) | 0.72 Mo] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) - (2.2.0.31) = C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [02/11/2013 02:38:50] CPU Usage:0 %
6240 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 12.51 Mo] - (.RescueTime, Inc. - RescueTime.) - (2.12.5.1490) = C:\Users\HP-PC\AppData\Local\RescueTime\RescueTime.exe [28/01/2017 04:27:17] CPU Usage:0 %
6428 | [Owner : | Parent : 840(services.exe) | ???] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) - (6.1.16.1) = C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [02/11/2013 02:38:52] CPU Usage:0 %
6712 | [Owner : HP-PC | Parent : 5816() | 1.64 Mo] - (.Hewlett-Packard Company - Hp Accelerometer System Tray.) - (6.0.18.1) = C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe [14/02/2014 04:36:06] CPU Usage:0 %
1888 | [Owner : | Parent : 840(services.exe) | ???] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.5.2.18) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [13/01/2014 20:32:24] CPU Usage:0 %
6508 | [Owner : | Parent : 3948() | ???] - (.Google Inc. - Google Installer.) - (1.3.32.7) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/03/2017 01:23:09] CPU Usage:0 %
5324 | [Owner : | Parent : 840(services.exe) | ???] - (.Intel Corporation - IAStorDataSvc.) - (12.8.9.1000) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [08/11/2013 23:52:20] CPU Usage:0 %
4612 | [Owner : | Parent : 840(services.exe) | ???] - (.Intel Corporation - Intel(R) ME Service.) - (9.5.10.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [13/05/2014 08:49:43] CPU Usage:0 %
4628 | [Owner : | Parent : 840(services.exe) | ???] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (9.5.12.1682) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [13/05/2014 08:49:42] CPU Usage:0 %
1876 | [Owner : | Parent : 840(services.exe) | ???] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.611) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [28/06/2016 01:54:28] CPU Usage:0 %
5132 | [Owner : | Parent : 840(services.exe) | ???] - (.Intel Corporation - Intel(R) Local Management Service.) - (9.5.10.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [13/05/2014 08:48:36] CPU Usage:0 %
4824 | [Owner : HP-PC | Parent : 1876(ksde.exe) | 2.81 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.643) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe [28/06/2016 01:51:00] CPU Usage:0 %
5428 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.9600.17415) = C:\Program Files\Windows Media Player\wmpnetwk.exe [07/03/2015 17:23:02] CPU Usage:0 %
5608 | [Owner : | Parent : 760(svchost.exe) | ???] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (6.3.9600.17415) = C:\Windows\System32\audiodg.exe [14/01/2015 21:36:46] CPU Usage:2 %
4940 | [Owner : HP-PC | Parent : 5752() | 162.98 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.98) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [14/03/2017 01:25:49] CPU Usage:0 %
4948 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 4.95 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.98) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [14/03/2017 01:25:49] CPU Usage:0 %
6724 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 5.87 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.98) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [14/03/2017 01:25:49] CPU Usage:0 %
6632 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 41.11 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.98) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [14/03/2017 01:25:49] CPU Usage:0 %
4276 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 73.19 Mo] - (.Microsoft Corporation - Microsoft Office Word.) - (12.0.4518.1014) = C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [27/10/2006 15:23:04] CPU Usage:0 %
3028 | [Owner : HP-PC | Parent : 4276(WINWORD.EXE) | 7.9 Mo] - (.Microsoft Corporation - Print driver host for applications.) - (6.3.9600.17415) = C:\Windows\splwow64.exe [07/03/2015 17:34:48] CPU Usage:0 %
3216 | [Owner : HP-PC | Parent : 800(winlogon.exe) | 118.54 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.3.9600.18460) = C:\Windows\explorer.exe [12/10/2016 11:53:29] CPU Usage:0 %
3204 | [Owner : 183-k | Parent : 3216(explorer.exe) | 25.99 Mo] - (.SosVirus - QuickDiag.) - (31.1.17.1) = C:\Users\HP-PC\Downloads\quickdiag_3_31.01.17.1.exe [20/03/2017 15:57:01] CPU Usage:0 %
5528 | [Owner : | Parent : 840(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %

---------- | MD5

[MD5.ED6B4C95E2A6D67480B9DBB8A8E7D9B4] - [12/10/2016 11:53:29] - (.© Microsoft Corporation. - Windows Explorer.) - [2690.92 Ko] - (6.3.9600.18460) : C:\Windows\Explorer.exe
[MD5.F5AE03DE0AD60F5B17B82F2CD68402FE] - [07/03/2015 17:29:57] - (.© Microsoft Corporation. - Windows Command Processor.) - [349 Ko] - (6.3.9600.17415) : C:\Windows\System32\cmd.exe
[MD5.B2D3F07F5E8A13AF988A8B3C0A800880] - [22/08/2013 18:55:40] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [16.72 Ko] - (6.3.9600.16384) : C:\Windows\System32\csrss.exe
[MD5.9361355721F51E3A25DF53702D10E9DE] - [07/03/2015 17:36:43] - (.© Microsoft Corporation. - COM Surrogate.) - [18.81 Ko] - (6.3.9600.17415) : C:\Windows\System32\dllhost.exe
[MD5.4F455778B6CDA2FD61D4F8B0A3E0543C] - [07/03/2015 17:30:31] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [1279.05 Ko] - (6.3.9600.17415) : C:\Windows\System32\Kernel32.dll
[MD5.382100E75B6F4668AEAEF228C6CEFFAD] - [07/03/2015 17:35:17] - (.© Microsoft Corporation. - Local Security Authority Process.) - [45.92 Ko] - (6.3.9600.17415) : C:\Windows\System32\lsass.exe
[MD5.7830CEA509693DE0817DF2F3F2D80E89] - [11/08/2016 11:40:51] - (.© Microsoft Corporation. - Distributed COM Services.) - [797 Ko] - (6.3.9600.18302) : C:\Windows\System32\rpcss.dll
[MD5.6C308D32AFA41D26CE2A0EA8F7B79565] - [07/03/2015 17:36:23] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [53.5 Ko] - (6.3.9600.17415) : C:\Windows\System32\rundll32.exe
[MD5.E0C7813A97CA7947FF5C18A8F3B61A45] - [17/05/2015 14:58:03] - (.© Microsoft Corporation. - Services and Controller app.) - [400.52 Ko] - (6.3.9600.17793) : C:\Windows\System32\services.exe
[MD5.E3A2AD05E24105B35E986CF9CB38EC47] - [07/03/2015 17:36:57] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [37.88 Ko] - (6.3.9600.17415) : C:\Windows\System32\svchost.exe
[MD5.421B695412FE0D5B0C0DB00C51EABA1B] - [14/12/2016 13:54:02] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1505.12 Ko] - (6.3.9600.18535) : C:\Windows\System32\user32.dll
[MD5.5C131534A3EA4A461A793FB507A8004F] - [07/03/2015 17:31:23] - (.© Microsoft Corporation. - Userinit Logon Application.) - [25.5 Ko] - (6.3.9600.17415) : C:\Windows\System32\userinit.exe
[MD5.D9516405E05F24EDCD90B1988FAF3948] - [16/03/2017 00:28:53] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [143.5 Ko] - (6.3.9600.18577) : C:\Windows\System32\Wininit.exe
[MD5.B1102BBDDD9C87B3D609D6C08F7A3DBD] - [27/03/2016 10:18:13] - (.© Microsoft Corporation. - Windows Logon Application.) - [557.5 Ko] - (6.3.9600.18188) : C:\Windows\System32\Winlogon.exe
[MD5.A460C3AF3755A2A79A3C8EFE72E147B5] - [15/11/2015 22:40:08] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [546.5 Ko] - (6.3.9600.18089) : C:\Windows\System32\Drivers\afd.sys
[MD5.74B14192CF79A72F7536B27CB8814FBD] - [22/08/2013 17:52:57] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [25.84 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\atapi.sys
[MD5.38E1F4E0148A24C65D215F14D57B0711] - [22/08/2013 17:52:57] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [194.84 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\ataport.sys
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - [22/08/2013 17:10:20] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [86.5 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - [22/08/2013 14:16:35] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [160.5 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.FBFF94FC1FE0699A6BC5ACE270AB9EA1] - [12/10/2016 12:47:05] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [135 Ko] - (6.3.9600.18469) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - [29/09/2014 22:03:12] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [75 Ko] - (6.3.9600.17238) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - [16/07/2015 17:10:23] - (.© Microsoft Corporation. - i8042 Port Driver.) - [106 Ko] - (6.3.9600.17480) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - [18/03/2014 15:24:55] - (.© Microsoft Corporation. - IP Network Address Translator.) - [139.5 Ko] - (6.3.9600.16477) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.708F7D4C1EDCC5891A5F63AA48277132] - [16/03/2017 00:28:56] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [392.5 Ko] - (6.3.9600.18581) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.97DC5967F65503213FD1F1B3E4A6F983] - [03/09/2015 16:27:50] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1087.84 Ko] - (6.3.9600.17931) : C:\Windows\System32\Drivers\ndis.sys
[MD5.9DC17B7D9D84C37C102D379FCC7D4942] - [15/06/2016 23:03:24] - (.© Microsoft Corporation. - MBT Transport driver.) - [274.5 Ko] - (6.3.9600.18340) : C:\Windows\System32\Drivers\netbt.sys
[MD5.9980B262DBE439AE6BDC91AA985F19EE] - [27/03/2016 10:20:11] - (.© Microsoft Corporation. - NT File System Driver.) - [1970.34 Ko] - (6.3.9600.18183) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.57DCE4FB0467986AE78E1C6FC5240D32] - [12/10/2016 12:47:01] - (.© Microsoft Corporation. - Parallel Port Driver.) - [94 Ko] - (6.3.9600.18437) : C:\Windows\System32\Drivers\parport.sys
[MD5.235624C147E3CB4C288D5D3D8E8D64A2] - [13/04/2016 11:54:24] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [110 Ko] - (6.3.9600.18226) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - [18/03/2014 15:07:57] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [191 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\rdpdr.sys
[MD5.2F10C145F517419E17203632FCDA0A13] - [14/12/2016 13:54:11] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2404.34 Ko] - (6.3.9600.18478) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.E0BD2D83875464FEEEB242CBA8B7E073] - [15/11/2015 22:40:08] - (.© Microsoft Corporation. - TDI Translation Driver.) - [105.5 Ko] - (6.3.9600.18089) : C:\Windows\System32\Drivers\tdx.sys
[MD5.17F7B0F2298D97F4B6C7A69511033D3D] - [21/05/2016 17:14:02] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [309.34 Ko] - (6.3.9600.18265) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications

---------- | Explorer.exe component call (Microsoft Files Whitelisted)

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneNote 2007 Screen Clipper and Launcher - (OneNote 2007 Screen Clipper and Launcher.lnk [Startup]) - User: HP\HP-PC
RescueTime - (RescueTime.lnk [Startup]) - User: HP\HP-PC
RIMDeviceManager - (C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE...\Run]) - User: HP\HP-PC
ApowersoftScreenRecorder - (C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe /autoStart [HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE...\Run]) - User: HP\183-k
Skype - (“C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun [HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE...\Run]) - User: HP\183-k
CCleaner - (“C:\Program Files\CCleaner\CCleaner64.exe” /AUTO [HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE...\Run]) - User: HP\183-k
ISCTSystray - (C:\PROGRA~1\Intel\INTEL(~2\ISCTSY~1.EXE [Common Startup]) - User: Public
RTHDVCPL - (“C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe” -s [HKLM\SOFTWARE...\Run]) - User: Public
SimplePass - (C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui [HKLM\SOFTWARE...\Run]) - User: Public
OPBHOBroker - (C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [HKLM\SOFTWARE...\Run]) - User: Public
OPBHOBrokerDesktop - (C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [HKLM\SOFTWARE...\Run]) - User: Public
SynTPEnh - (%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [HKLM\SOFTWARE...\Run]) - User: Public
EdgeModem-AutoRun - (C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe -start [HKLM\SOFTWARE...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE...\Run]) - User: Public
Everything - (“C:\Program Files\Everything\Everything.exe” -startup [HKLM\SOFTWARE...\Run]) - User: Public
ZAM - (“C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /minimized [HKLM\SOFTWARE...\Run]) - User: Public

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Command Processor]
“PathCompletionChar”=9
“EnableExtensions”=1
“CompletionChar”=9
“DefaultColor”=0

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Run]
“RIMDeviceManager”=C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“Google Update”=0x020000000000000000000000
“Skype”=0x020000000000000000000000
“RESTART_STICKY_NOTES”=0x020000000000000000000000
“Jing”=0x020000000000000000000000
“RIMDeviceManager”=0x020000000000000000000000
“AZ3Tq5k16l3MBynp”=0x020000000000000000000000
“GoogleChromeAutoLaunch_7F0416C691E452253BB89BC2BE 6D7727”=0x020000000000000000000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\RunMRU]
“a”=notepad\1
“MRUList”=jihabgfedc
“b”=cmd\1
“c”=winword\1
“d”=temp\1
“e”=%temp%\1
“f”=\192.168.0.16\1
“g”=mstsc\1
“h”=ping 10.30.64.1 -t\1
“i”=devmgmt.msc\1
“j”=explorer.exe\1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“!Do not use this registry key”=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
“AppData”=C:\Users\HP-PC\AppData\Roaming [28/07/2014 21:17:26]
“Local AppData”=C:\Users\HP-PC\AppData\Local [28/07/2014 21:17:26]
“My Video”=C:\Users\HP-PC\Videos [28/07/2014 21:17:26]
“{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}”=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Libraries [28/07/2014 21:18:27]
“My Pictures”=C:\Users\HP-PC\Pictures [28/07/2014 21:17:26]
“Desktop”=C:\Users\HP-PC\Desktop [28/07/2014 21:17:26]
“History”=C:\Users\HP-PC\AppData\Local\Microsoft\Windows\History [28/07/2014 21:17:26]
“NetHood”=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts [28/07/2014 21:17:26]
“{56784854-C6CB-462B-8169-88E350ACB882}”=C:\Users\HP-PC\Contacts [28/07/2014 21:18:27]
“{00BCFC5A-ED94-4E48-96A1-3F6217F21990}”=C:\Users\HP-PC\AppData\Local\Microsoft\Windows\RoamingTiles [28/07/2014 21:18:01]
“Cookies”=C:\Users\HP-PC\AppData\Local\Microsoft\Windows\INetCookies [28/07/2014 21:17:26]
“Favorites”=C:\Users\HP-PC\Favorites [28/07/2014 21:17:26]
“SendTo”=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\SendTo [28/07/2014 21:17:26]
“Start Menu”=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu [28/07/2014 21:17:26]
“My Music”=C:\Users\HP-PC\Music [28/07/2014 21:17:26]
“Programs”=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [28/07/2014 21:17:26]
“Recent”=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Recent [28/07/2014 21:17:26]
“CD Burning”=C:\Users\HP-PC\AppData\Local\Microsoft\Windows\Burn\Burn [28/07/2014 21:18:40]
“PrintHood”=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [28/07/2014 21:17:26]
“{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}”=C:\Users\HP-PC\Searches [28/07/2014 21:18:28]
“{374DE290-123F-4565-9164-39C4925E467B}”=C:\Users\HP-PC\Downloads [28/07/2014 21:17:26]
“{A520A1A4-1780-4FF6-BD18-167343C5AF16}”=C:\Users\HP-PC\AppData\LocalLow [28/07/2014 21:17:57]
“Startup”=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [28/07/2014 21:18:28]
“Administrative Tools”=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [28/07/2014 21:18:28]
“Personal”=C:\Users\HP-PC\Documents [28/07/2014 21:17:26]
“{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}”=C:\Users\HP-PC\Links [28/07/2014 21:17:26]
“Cache”=C:\Users\HP-PC\AppData\Local\Microsoft\Windows\INetCache [28/07/2014 21:17:26]
“Templates”=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Templates [28/07/2014 21:17:26]
“{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}”=C:\Users\HP-PC\Saved Games [28/07/2014 21:17:26]
“Fonts”=C:\Windows\Fonts [22/08/2013 19:06:15]

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“Desktop”=%USERPROFILE%\Desktop
“Local AppData”=%USERPROFILE%\AppData\Local
“Startup”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup
“Cookies”=%USERPROFILE%\AppData\Local\Microsoft\Wi ndows\INetCookies
“SendTo”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\SendTo
“Personal”=%USERPROFILE%\Documents
“Recent”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\Recent
“Favorites”=%USERPROFILE%\Favorites
“My Pictures”=%USERPROFILE%\Pictures
“Start Menu”=%USERPROFILE%\AppData\Roaming\Microsoft\Wind ows\Start Menu
“NetHood”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Network Shortcuts
“My Music”=%USERPROFILE%\Music
“My Video”=%USERPROFILE%\Videos
“Cache”=%USERPROFILE%\AppData\Local\Microsoft\Wind ows\INetCache
“Programs”=%USERPROFILE%\AppData\Roaming\Microsoft \Windows\Start Menu\Programs
“History”=%USERPROFILE%\AppData\Local\Microsoft\Wi ndows\History
“{374DE290-123F-4565-9164-39C4925E467B}”=%USERPROFILE%\Downloads
“Templates”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Templates
“AppData”=%USERPROFILE%\AppData\Roaming
“PrintHood”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Printer Shortcuts
“{B7BEDE81-DF94-4682-A7D8-57A52620B86F}”=%USERPROFILE%\Pictures\Screenshots

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“UserSelectedDefault”=1
“Device”=HP LaserJet M1319f MFP Class Driver,winspool,Ne02:

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Command Processor]
“PathCompletionChar”=9
“EnableExtensions”=1
“CompletionChar”=9
“DefaultColor”=0

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Run]
“ApowersoftScreenRecorder”=C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe /autoStart
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
“CCleaner”=“C:\Program Files\CCleaner\CCleaner64.exe” /AUTO

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Run Once]
“Report”=\AdwCleaner\AdwCleaner[C0].txt [19/03/2017 15:04:17]

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“ApowersoftScreenRecorder”=0x0300000000D0FCA581A0D 201
“Skype”=0x03000000D07E61A981A0D201
“CCleaner”=0x020000000000000000000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“!Do not use this registry key”=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
“AppData”=C:\Users\183-k\AppData\Roaming [02/08/2014 09:06:00]
“Local AppData”=C:\Users\183-k\AppData\Local [02/08/2014 09:06:00]
“My Video”=C:\Users\183-k\Videos [02/08/2014 09:06:00]
“{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}”=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Libraries [30/08/2014 11:44:38]
“My Pictures”=C:\Users\183-k\Pictures [02/08/2014 09:06:00]
“Desktop”=C:\Users\183-k\Desktop [02/08/2014 09:06:00]
“History”=C:\Users\183-k\AppData\Local\Microsoft\Windows\History [02/08/2014 09:06:00]
“NetHood”=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Network Shortcuts [02/08/2014 09:06:00]
“{56784854-C6CB-462B-8169-88E350ACB882}”=C:\Users\183-k\Contacts [30/08/2014 11:44:38]
“{00BCFC5A-ED94-4E48-96A1-3F6217F21990}”=C:\Users\183-k\AppData\Local\Microsoft\Windows\RoamingTiles [13/08/2014 17:15:09]
“Cookies”=C:\Users\183-k\AppData\Local\Microsoft\Windows\INetCookies [02/08/2014 09:06:00]
“Favorites”=C:\Users\183-k\Favorites [02/08/2014 09:06:00]
“SendTo”=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\SendTo [02/08/2014 09:06:00]
“Start Menu”=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu [02/08/2014 09:06:00]
“My Music”=C:\Users\183-k\Music [02/08/2014 09:06:00]
“Programs”=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [02/08/2014 09:06:00]
“Recent”=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Recent [02/08/2014 09:06:00]
“CD Burning”=C:\Users\183-k\AppData\Local\Microsoft\Windows\Burn\Burn [30/08/2014 11:45:08]
“PrintHood”=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [02/08/2014 09:06:00]
“{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}”=C:\Users\183-k\Searches [30/08/2014 11:44:38]
“{374DE290-123F-4565-9164-39C4925E467B}”=C:\Users\183-k\Downloads [02/08/2014 09:06:00]
“{A520A1A4-1780-4FF6-BD18-167343C5AF16}”=C:\Users\183-k\AppData\LocalLow [02/08/2014 09:06:28]
“Startup”=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [30/08/2014 11:44:38]
“Administrative Tools”=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/08/2014 11:44:38]
“Personal”=C:\Users\183-k\Documents [02/08/2014 09:06:00]
“{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}”=C:\Users\183-k\Links [02/08/2014 09:06:00]
“Cache”=C:\Users\183-k\AppData\Local\Microsoft\Windows\INetCache [02/08/2014 09:06:00]
“Templates”=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Templates [02/08/2014 09:06:00]
“{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}”=C:\Users\183-k\Saved Games [02/08/2014 09:06:00]
“Fonts”=C:\Windows\Fonts [22/08/2013 19:06:15]

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“Desktop”=%USERPROFILE%\Desktop
“Local AppData”=%USERPROFILE%\AppData\Local
“Startup”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup
“Cookies”=%USERPROFILE%\AppData\Local\Microsoft\Wi ndows\INetCookies
“SendTo”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\SendTo
“Personal”=%USERPROFILE%\Documents
“Recent”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\Recent
“Favorites”=%USERPROFILE%\Favorites
“My Pictures”=%USERPROFILE%\Pictures
“Start Menu”=%USERPROFILE%\AppData\Roaming\Microsoft\Wind ows\Start Menu
“NetHood”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Network Shortcuts
“My Music”=%USERPROFILE%\Music
“My Video”=%USERPROFILE%\Videos
“Cache”=%USERPROFILE%\AppData\Local\Microsoft\Wind ows\INetCache
“Programs”=%USERPROFILE%\AppData\Roaming\Microsoft \Windows\Start Menu\Programs
“History”=%USERPROFILE%\AppData\Local\Microsoft\Wi ndows\History
“{374DE290-123F-4565-9164-39C4925E467B}”=%USERPROFILE%\Downloads
“Templates”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Templates
“AppData”=%USERPROFILE%\AppData\Roaming
“PrintHood”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Printer Shortcuts

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“Device”=HP ePrint,winspool,LPT1:
“UserSelectedDefault”=0

[HKLM\Software\Microsoft\Command Processor]
“PathCompletionChar”=64
“EnableExtensions”=1
“CompletionChar”=64
“DefaultColor”=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
“RTHDVCPL”=“C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe” -s
“SimplePass”=C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui
“OPBHOBroker”=C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [29/03/2014 02:18:38]
“OPBHOBrokerDesktop”=C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [29/03/2014 02:18:40]
“SynTPEnh”=%ProgramFiles%\Synaptics\SynTP\SynTPEnh .exe
“EdgeModem-AutoRun”=C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe -start
“Malwarebytes TrayApp”=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [13/03/2017 23:41:22]
“Everything”=“C:\Program Files\Everything\Everything.exe” -startup
“ZAM”=“C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /minimized

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once]
“*EmptyTemp”=cmd /c rd /q/s C:\FRST\Temp

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“!DiskInfo”=0x040000000000000000000000
“RUNFBI”=0x040000000000000000000000
“DisableStartScreen”=0x040000000000000000000000
“RTHDVCPL”=0x03000000303C66B481A0D201
“SimplePass”=0x03000000D0DBCBB481A0D201
“OPBHOBroker”=0x03000000E0FD52B081A0D201
“OPBHOBrokerDesktop”=0x03000000D08F3DB281A0D201
“SynTPEnh”=0x060000000000000000000000
“EdgeModem-AutoRun”=0x020000000000000000000000
“Connectify Hotspot”=0x020000000000000000000000
“AccelerometerSysTrayApplet”=0x03000000E05169AA81A 0D201

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32]
“AccelerometerSysTrayApplet”=0x0600000000000000000 00000
“mcpltui_exe”=0x040000000000000000000000
“HPMessageService”=0x0300000000ADBDAD81A0D201
“GrooveMonitor”=0x03000000709ACAAC81A0D201
“SunJavaUpdateSched”=0x03000000A0B43BB581A0D201
“RIM PeerManager”=0x03000000902CEFB281A0D201
“RIMBBLaunchAgent.exe”=0x03000000E084E6B381A0D201
“QuickTime Task”=0x020000000000000000000000
“EdgeModem-AutoRun”=0x030000009071CFAB81A0D201
“Malwarebytes TrayApp”=0x020000000000000000000000
“SynTPEnh”=0x03000000C02D1AB681A0D201

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“OEM Links”=C:\ProgramData\OEM\Links
“CommonVideo”=C:\Users\Public\Videos [22/08/2013 21:06:30]
“Common Documents”=C:\Users\Public\Documents [22/08/2013 21:06:30]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [22/08/2013 21:06:30]
“Common AppData”=C:\ProgramData [22/08/2013 19:06:15]
“CommonPictures”=C:\Users\Public\Pictures [22/08/2013 21:06:30]
“Common Desktop”=C:\Users\Public\Desktop [22/08/2013 21:06:30]
“CommonMusic”=C:\Users\Public\Music [22/08/2013 21:06:30]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [22/08/2013 21:06:30]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [22/08/2013 21:06:30]
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [22/08/2013 21:06:30]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/08/2013 21:06:30]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads
“Common Documents”=%PUBLIC%\Documents
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common AppData”=%ProgramData%
“CommonPictures”=%PUBLIC%\Pictures
“Common Desktop”=%PUBLIC%\Desktop
“CommonMusic”=%PUBLIC%\Music
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“Spooler”=yes
“DeviceNotSelectedTimeout”=15
“TransmissionRetryTimeout”=90
“EnableDwmInputProcessing”=7
“ShutdownWarningDialogTimeout”=4294967295
“USERProcessHandleQuota”=10000
“LoadAppInit_DLLs”=0
“IconServiceLib”=IconCodecService.dll
“DesktopHeapLogging”=1
“DdeSendTimeout”=0
“DwmInputUsesIoCompletionPort”=1
“USERPostMessageLimit”=10000
“USERNestedWindowLimit”=50
“AppInit_DLLs”=
“NaturalInputHandler”=Ninput.dll
“ThreadUnresponsiveLogTimeout”=500
“GDIProcessHandleQuota”=10000
“Win32kLastWriteTime”=1D283D1360882E2

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
“PathCompletionChar”=64
“EnableExtensions”=1
“CompletionChar”=64
“DefaultColor”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run]
“AccelerometerSysTrayApplet”=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [14/02/2014 04:36:06]
“HPMessageService”=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [27/03/2014 04:05:26]
“GrooveMonitor”=“C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
“RIMBBLaunchAgent.exe”=C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [31/10/2014 15:52:14]
“RIM PeerManager”=“C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe”

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\RunOnce]
“DeleteOnReboot”=C:\Users\183-k\AppData\Local\Temp\DeleteOnReboot.bat

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Shell Folders]
“OEM Links”=C:\ProgramData\OEM\Links
“CommonVideo”=C:\Users\Public\Videos [22/08/2013 21:06:30]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/08/2013 21:06:30]
“Common Documents”=C:\Users\Public\Documents [22/08/2013 21:06:30]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [22/08/2013 21:06:30]
“Common AppData”=C:\ProgramData [22/08/2013 19:06:15]
“CommonPictures”=C:\Users\Public\Pictures [22/08/2013 21:06:30]
“Common Desktop”=C:\Users\Public\Desktop [22/08/2013 21:06:30]
“CommonMusic”=C:\Users\Public\Music [22/08/2013 21:06:30]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [22/08/2013 21:06:30]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [22/08/2013 21:06:30]
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [22/08/2013 21:06:30]

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\User Shell Folders]
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads
“Common Documents”=%PUBLIC%\Documents
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common AppData”=%ProgramData%
“CommonPictures”=%PUBLIC%\Pictures
“Common Desktop”=%PUBLIC%\Desktop
“CommonMusic”=%PUBLIC%\Music
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“Spooler”=yes
“DeviceNotSelectedTimeout”=15
“TransmissionRetryTimeout”=90
“EnableDwmInputProcessing”=7
“ShutdownWarningDialogTimeout”=4294967295
“USERProcessHandleQuota”=10000
“LoadAppInit_DLLs”=0
“IconServiceLib”=IconCodecService.dll
“DesktopHeapLogging”=1
“DdeSendTimeout”=0
“DwmInputUsesIoCompletionPort”=1
“USERPostMessageLimit”=10000
“USERNestedWindowLimit”=50
“AppInit_DLLs”=
“NaturalInputHandler”=Ninput.dll
“ThreadUnresponsiveLogTimeout”=500
“GDIProcessHandleQuota”=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
“WebCheck”={E6FB5E20-DE35-11CF-9C87-00AA005127ED}

---------- | Win.ini :

---------- | System.ini :

---------- | Startings up registry ¦ Folder

---------- | Other keys

[HKLM\System\CurrentControlSet\Control\SecurityProv iders]
“SecurityProviders”=credssp.dll

[HKLM\System\CurrentControlSet\Control\Terminal Server]
“StartRCM”=0
“DeleteTempDirsOnExit”=1
“fSingleSessionPerUser”=1
“TSUserEnabled”=0
“RCDependentServices”=CertPropSvc
SessionEnv
“SnapshotMonitors”=1
“DelayConMgrTimeout”=0
“NotificationTimeOut”=0
“PerSessionTempDir”=0
“AllowRemoteRPC”=0
“ProductVersion”=5.1
“fDenyTSConnections”=1
“InstanceID”=8031e255-b2d9-42e9-b578-9783ef8
“GlassSessionId”=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
“GlobalFlag”=0
“HeapDeCommitTotalFreeThreshold”=0
“HeapSegmentCommit”=0
“HeapDeCommitFreeBlockThreshold”=0
“ResourceTimeoutCount”=648000
“ObjectDirectories”=\Windows
\RPC Control
“ProtectionMode”=1
“CriticalSectionTimeout”=2592000
“ProcessorControl”=2
“HeapSegmentReserve”=0
“ExcludeFromKnownDlls”=
“BootExecute”=autocheck autochk *
“BootShell”=%SystemRoot%\system32\bootim.exe
“NumberOfInitialSessions”=2
“RunLevelExecute”=WinInit
ServiceControlManager
“AutoChkTimeout”=1
“RunLevelValidate”=ServiceControlManager
“SETUPEXECUTE”=
“PendingFileRenameOperations”=??\C:\Program Files\WindowsApps\57405F7AB8904.MathLogicalTest_1. 0.0.0_neutral__b55ywndse5f8y\App2.exe

[HKLM\System\CurrentControlSet\Control]
“PreshutdownOrder”=wuauserv
gpsvc
trustedinstaller
“EarlyStartServices”=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
“BootDriverFlags”=28
“CurrentUser”=USERNAME
“WaitToKillServiceTimeout”=200
“ServiceControlManagerExtension”=%systemroot%\syst em32\scext.dll
“SystemStartOptions”= NOEXECUTE=OPTIN NOVGA
“SystemBootDevice”=multi(0)disk(0)rdisk(0)partitio n(4)
“FirmwareBootDevice”=multi(0)disk(0)rdisk(0)partit ion(2)
“LastBootSucceeded”=1
“LastBootShutdown”=1
“DirtyShutdownCount”=68

[HKLM\System\CurrentControlSet\Control\lsa]
“Bounds”=0x0030000000200000
“auditbasedirectories”=0
“fullprivilegeauditing”=0x00
“crashonauditfail”=0
“auditbaseobjects”=0
“Security Packages”=“” [28/07/2014 21:17:26]
“LimitBlankPasswordUse”=0
“NoLmHash”=1
“Notification Packages”=scecli
“Authentication Packages”=msv1_0
“LsaPid”=848
“SecureBoot”=1
“ProductType”=3
“disabledomaincreds”=0
“everyoneincludesanonymous”=0
“forceguest”=0
“restrictanonymous”=0
“restrictanonymoussam”=1
“SamConnectedAccountsExist”=1

---------- | .LNK

c:\hp\hpqware\dtshortcuts\de-de\aut\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_at) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\che\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_de_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\deu\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_de) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\gbr\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_gb) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\irl\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ie) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\aus\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_au) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\can\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ca) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\gbr\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_gb) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\irl\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ie) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\nzl\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_nz) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\usa\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_us) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es-es\usa\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_us) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\can\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr_ca) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\che\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\fra\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\che\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_it_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\ita\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_it_it) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\zh-cn\chn\惠普喀嚓鱼.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_cn) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\aut\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_at) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\che\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_de_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\deu\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_de) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\gbr\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_gb) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\irl\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ie) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\aus\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_au) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\can\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ca) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\gbr\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_gb) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\irl\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ie) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\nzl\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_nz) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\usa\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_us) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es-es\usa\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_us) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\can\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr_ca) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\che\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\fra\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\che\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_it_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\ita\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_it_it) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\zh-cn\chn\music, photos and videos\惠普喀嚓鱼.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_cn) - Hidden: False - Status: OK

---------- | AppCertDlls

---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll → OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll → OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Control Panel\Desktop]
“DragHeight”=4
“CoolSwitchColumns”=7
“ActiveWndTrackTimeout”=0
“MouseCornerClipLength”=6
“MouseMonitorEscapeSpeed”=0
“DragWidth”=4
“WallpaperStyle”=6
“ScreenSaveActive”=1
“TileWallpaper”=0
“WheelScrollLines”=5
“FontSmoothingType”=2
“WindowArrangementActive”=1
“BlockSendInputResets”=0
“MenuShowDelay”=400
“ClickLockTime”=1200
“CaretWidth”=1
“FocusBorderWidth”=1
“WallpaperOriginX”=0
“WallpaperOriginY”=0
“DragFullWindows”=1
“CoolSwitchRows”=3
“ForegroundFlashCount”=7
“LeftOverlapChars”=3
“ForegroundLockTimeout”=10436368
“FontSmoothingGamma”=0
“DragFromMaximize”=1
“FontSmoothing”=2
“FocusBorderHeight”=1
“WheelScrollChars”=3
“DockMoving”=1
“SnapSizing”=1
“CursorBlinkRate”=530
“MouseWheelRouting”=1
“RightOverlapChars”=3
“FontSmoothingOrientation”=1
“PaintDesktopVersion”=0
“Win8DpiScaling”=0
“UserPreferencesMask”=0x9E1E078012000000
“AutoColorization”=0
“Wallpaper”=C:\Windows\Web\Wallpaper\Hewlett-Packard Backgrounds\Birth_Of_An_Idea.jpg [13/05/2014 09:26:44]
“MaxVirtualDesktopDimension”=2646
“MaxMonitorDimension”=1366
“TranscodedImageCount”=1
“LastUpdated”=4294967295
“TranscodedImageCache”=0x7AC30100B59E0B00560500000 0030000FAE52F5B5F6ECF0143003A005C00570069006E00640 06F00770073005C005700650062005C00570061006C006C007 00061007000650072005C004800650077006C0065007400740 02D005000610063006B0061007200640020004200610063006 B00670072006F0075006E00640073005C00420069007200740 068005F004F0066005F0041006E005F0049006400650061002 E006A007000670000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000000000000000000
“ImageColor”=2940857331
“Pattern Upgrade”=TRUE
“LockScreenAutoLockActive”=0
“PreferredUILanguages”=en-US

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\ClassicStartMenu]
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1
“{59031A47-3F72-44A7-89C5-5595FE6B30EE}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ExplorerStartupTraceRecorded”=1
“ShellState”=0x24000000372800000000000000000000000 0000001000000130000000000000062000000
“UserSignedIn”=1
“SIDUpdatedOnLibraries”=1
“LastClockSize”=0x270000000F000000460000000F000000 490000000F000000
“AppReadinessLogonComplete”=1
“GlobalAssocChangedCounter”=521
“Browse For Folder Width”=695
“Browse For Folder Height”=479
“Reason Setting”=255
“link”=0x1D000000
“ScreenshotIndex”=310

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_SearchFiles”=2
“StoreAppsOnTaskbar”=1
“ServerAdminUI”=0
“Hidden”=1
“ShowCompColor”=1
“HideFileExt”=0
“DontPrettyPath”=0
“ShowInfoTip”=1
“HideIcons”=0
“MapNetDrvBtn”=0
“WebView”=1
“Filter”=0
“ShowSuperHidden”=0
“SeparateProcess”=0
“AutoCheckSelect”=0
“IconsOnly”=0
“ShowTypeOverlay”=1
“ShowStatusBar”=1
“ListviewAlphaSelect”=1
“ListviewShadow”=1
“TaskbarAnimations”=1
“StartMenuInit”=6
“ReindexedProfile”=1
“RTStartMenuNotificationDisplayCount”=0

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\WordWheelQuery]
“MRUListEx”=0x3C0000005200000055000000540000005D00 00003B0000005300000049000000120000002E0000004D0000 004C0000004A0000002B000000460000004500000043000000 420000005B00000041000000400000003F0000003A0000004F 00000039000000320000000300000020000000480000001D00 0000300000002F000000370000004E00000034000000330000 002D000000260000002A0000002C0000002700000029000000 25000000240000002100000022000000080000001F00000000 0000001E0000005600000028000000380000001C0000001A00 000019000000230000001800000017000000160000000D0000 0011000000510000000E00000015000000500000005C000000 4B0000000B0000000C00000005000000040000001400000013 00000058000000100000005F000000470000000F0000000A00 000063000000070000000900000006000000610000003E0000 00350000000200000001000000440000006200000060000000 1B0000005E000000360000005A000000590000003D00000031 00000057000000FFFFFFFF
“10”=0x74006800650072006D006F000000
“12”=0x61006B006900720061000000
“21”=0x2E00670062000000
“34”=0x640070002D007300740061007400690073007400690 0630061006C002D00620075006C006C006500740069006E002 D006D00610079002D0032003000310036002D0065006E002E0 07000640066000000
“78”=0x2E007400650078000000
“83”=0x7300650061007200630068002E006A0073006F006E0 00000
“87”=0x460069006E0061006C0020005000610070006500720 00000
“49”=0x460069006E0061006C0020005000610070006500720 02E0064006F0063000000
“61”=0x4D0061006A006F0072002000500072006F006A00650 0630074000000
“89”=0x69006E006400690061006E002000720065006300000 0
“90”=0x69006E006400690061006E0020007200650063006F0 067006E00690074000000
“54”=0x69006E006400690061006E0020007200650063006F0 00000
“94”=0x69006E006400690061006E0020007200650063006F0 067006E006900740069006F006E000000
“27”=0x70006900310039000000
“96”=0x4F00780066006F00720064000000
“98”=0x7400750074006F007200690061006C000000
“68”=0x5300770061000000
“1”=0x700061007000650072000000
“2”=0x6D0065007200670065000000
“53”=0x6D0061007400680065006D006100740069006300690 061006E000000
“62”=0x480061007200640079000000
“97”=0x480041004D000000
“6”=0x6C006900630065006E00730065000000
“9”=0x47006F0064000000
“7”=0x47004F004400530048005200450059000000
“99”=0x5300770061007200740068006D006F0072006500000 0
“15”=0x6D006F00720061006C000000
“71”=0x440061006E000000
“95”=0x52004500530055004D0045000000
“16”=0x53004F00500020004F00580046004F0052004400000 0
“88”=0x5200650073006500610072006300680020005000610 07000650072000000
“19”=0x54000000
“20”=0x540068006500200062006F0078000000
“4”=0x5400680065000000
“5”=0x52006900630065000000
“11”=0x6D0061007400680065006D006100740069006300610 06C002000650063006F006E006F006D006900630073000000
“75”=0x2E006A007000650067000000
“92”=0x690073006A006F0073000000
“80”=0x660052004F004D000000
“14”=0x2E006700620062000000
“81”=0x690073000000
“17”=0x690073006A000000
“13”=0x690073006A006F000000
“22”=0x6D0061007200740069006E002000680061006900720 0650072000000
“23”=0x630076000000
“24”=0x450063006F006C006500200050006F006C007900740 06500630068006E0069007100750065000000
“35”=0x2E0070007000740078000000
“25”=0x2E007000700074000000
“26”=0x68004F005700200054004F002000540045005300540 00000
“28”=0x7A006F006F006D000000
“56”=0x720065007300650061007200630068000000
“40”=0x7200650073006500610072006300680020007000720 06F006A006500630074000000
“86”=0x500072006F006A006500630074000000
“30”=0x3000370034003600380033003400320033003600350 0380032002E00610070003000350030003000300032002E003 00035006100300030003100350030002E00700064006600300 03700340036003800330034003200330036003500380032002 E00610070003000350030003000300032002E0030003500610 0300030003100350030002E007000640066000000
“0”=0x30003700340036003800330034003200330036003500 380032002E00610070003000350030003000300032002E0030 0035006100300030003100350030002E007000640066000000
“31”=0x54006800650020006D0061007400680065000000
“8”=0x6D006100740068000000
“33”=0x640070002D007300740061007400690073007400690 0630061006C002D00620075006C006C006500740069006E002 D006D00610079002D0032003000310036002D0065006E002E0 0700064006600640070002D007300740061007400690073007 4006900630061006C002D00620075006C006C0065007400690 06E002D006D00610079002D0032003000310036002D0065006 E002E007000640066000000
“36”=0x69006E006400690061000000
“37”=0x49006E0064006900610020007200650063006F00670 06E006900740069006F006E000000
“41”=0x7400610078002000720065007400750072006E00000 0
“39”=0x5300630068006F006C0061007200730068006900700 02000670075006900640065000000
“44”=0x46006100730074002C00200075006E00690066006F0 072006D0020007300630061006C006100720020006D0075006 C007400690070006C00690063006100740069006F006E00200 066006F0072002000670065006E00750073002000320020004 A00610063006F006200690061006E007300200077006900740 068002000660061007300740020004B0075006D006D0065007 20073000000
“42”=0x4E00530044004C000000
“38”=0x420069006E00640069006E0067000000
“45”=0x4100700070006C00690063006100740069006F006E0 00000
“51”=0x75006E0064006500720067007200610064007500610 074006500200073007500700070006F00720074000000
“52”=0x32003000310036002000750067000000
“55”=0x630076002E007400650078000000
“47”=0x410064006D000000
“48”=0x610064006D0069007300730069006F006E000000
“29”=0x6C006F0079006F006C0061000000
“72”=0x6D0079002D00700061007300730070006F007200740 00000
“32”=0x6D0079002D0070006100730073000000
“3”=0x2E006A00700067000000
“50”=0x6E00650077000000
“57”=0x65007800630065006C000000
“79”=0x63006F006D007000750074006500720020007300630 0690065006E00630065002000630061006D006200720069006 400670065000000
“58”=0x74007200690070006F0073000000
“63”=0x47006E007500200045006D006100630073000000
“64”=0x6A0061007600610063000000
“65”=0x4A006100760061000000
“91”=0x2E007000640066000000
“66”=0x610062007300700072000000
“67”=0x6B00720061006E0074007A000000
“69”=0x2E006D00700033000000
“70”=0x67006C006F00620061006C000000
“43”=0x49005400520056000000
“74”=0x660069006C00650065007800740065006E007300690 06F006E003A006500780065000000
“76”=0x6D006F006400690066006900650064003A0032002F0 031002F00320030003100360020002E002E00200032002F003 20030002F0032003000310036000000
“77”=0x6D006F006400690066006900650064003A0033002F0 0310033002F0032003000310037000000
“46”=0x64006100740065006D006F006400690066006900650 064003A007900650073007400650072006400610079000000
“18”=0x700072006500660073002E006A0073000000
“73”=0x68007400740070005F00680070002E006D007900770 0610079002E0063006F006D005F0030002E006C006F0063006 1006C00730074006F0072006100670065000000
“59”=0x6A0079007200710066006A00780037002E006400650 06600610075006C0074000000
“93”=0x5300650063007500720065002000500072006500660 06500720065006E000000
“84”=0x2E006500780065000000
“85”=0x53007900730057004F005700360034000000
“82”=0x45007300650074000000
“60”=0x2E007400780074000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Control Panel\Desktop]
“DragHeight”=4
“CoolSwitchColumns”=7
“ActiveWndTrackTimeout”=0
“MouseCornerClipLength”=6
“MouseMonitorEscapeSpeed”=0
“DragWidth”=4
“WallpaperStyle”=10
“ScreenSaveActive”=1
“TileWallpaper”=0
“WheelScrollLines”=3
“Pattern”=0
“FontSmoothingType”=2
“WindowArrangementActive”=1
“BlockSendInputResets”=0
“MenuShowDelay”=400
“ClickLockTime”=1200
“CaretWidth”=1
“FocusBorderWidth”=1
“WallpaperOriginX”=0
“WallpaperOriginY”=0
“DragFullWindows”=1
“CoolSwitchRows”=3
“ForegroundFlashCount”=7
“LeftOverlapChars”=3
“ForegroundLockTimeout”=200000
“FontSmoothingGamma”=0
“DragFromMaximize”=1
“FontSmoothing”=2
“FocusBorderHeight”=1
“WheelScrollChars”=3
“DockMoving”=1
“SnapSizing”=1
“CursorBlinkRate”=530
“MouseWheelRouting”=1
“RightOverlapChars”=3
“FontSmoothingOrientation”=1
“PaintDesktopVersion”=0
“Win8DpiScaling”=0
“UserPreferencesMask”=0x9E1E078012000000
“AutoColorization”=1
“Wallpaper”=C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg [13/05/2014 09:26:44]
“MaxVirtualDesktopDimension”=1366
“MaxMonitorDimension”=1366
“TranscodedImageCount”=2
“LastUpdated”=4294967295
“TranscodedImageCache”=0x7AC301003D321200560500000 003000066341F5B5F6ECF0143003A005C00570069006E00640 06F00770073005C007700650062005C00770061006C006C007 00061007000650072005C004800650077006C0065007400740 02D005000610063006B0061007200640020004200610063006 B00670072006F0075006E00640073005C006200610063006B0 0670072006F0075006E006400440065006600610075006C007 4002E006A00700067000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000000000000000000
“ImageColor”=2654369459
“WaitToKillAppTimeout”=200

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ExplorerStartupTraceRecorded”=1
“ShellState”=0x240000003D2800000000000000000000000 0000001000000130000000000000062000000
“UserSignedIn”=1
“SIDUpdatedOnLibraries”=1
“LastClockSize”=0x270000000F000000460000000F000000 490000000F000000
“AppReadinessLogonComplete”=1
“GlobalAssocChangedCounter”=25
“Browse For Folder Width”=318
“Browse For Folder Height”=288

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_SearchFiles”=2
“StoreAppsOnTaskbar”=1
“ServerAdminUI”=0
“Hidden”=1
“ShowCompColor”=1
“HideFileExt”=1
“DontPrettyPath”=0
“ShowInfoTip”=1
“HideIcons”=0
“MapNetDrvBtn”=0
“WebView”=1
“Filter”=0
“ShowSuperHidden”=0
“SeparateProcess”=0
“AutoCheckSelect”=0
“IconsOnly”=0
“ShowTypeOverlay”=1
“ShowStatusBar”=1
“ListviewAlphaSelect”=1
“ListviewShadow”=1
“TaskbarAnimations”=1
“StartMenuInit”=6
“ReindexedProfile”=1
“RTStartMenuNotificationDisplayCount”=0

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer\WordWheelQuery]
“MRUListEx”=0x03000000020000000100000000000000FFFF FFFF
“0”=0x2A002E006A00700067000000
“1”=0x2E006D00700034000000
“2”=0x2E006100760069000000
“3”=0x2E006D006B0076000000

[HKLM\Software\Policies\Microsoft\Windows\System]
“DisableCMD”=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System]
“EnableVirtualization”=1
“EnableInstallerDetection”=1
“PromptOnSecureDesktop”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“ConsentPromptBehaviorAdmin”=5
“ValidateAdminCodeSignatures”=0
“EnableUIADesktopToggle”=0
“EnableCursorSuppression”=1
“ConsentPromptBehaviorUser”=3
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“FilterAdministratorToken”=0
“DisableTaskMgr”=0
“DisableRegistryTools”=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktopChanges”=1
“NoActiveDesktop”=1
“NoRun”=0
“NoFolderOptions”=0
“NoControlPanel”=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\ActiveDesktop]
“NoComponents”=1
“NoAddingComponents”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{8E74D236-7F35-4720-B138-1FED0B85EA75}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\ClassicStartMenu]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“HKeyRoot”=2147483649
“DefaultValue”=2
“ValueName”=Hidden
“Text”=@shell32.dll,-30500
“Type”=radio

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“GlobalAssocChangedCounter”=26
“DoNotCleanTaskBar”=1
“SmartScreenEnabled”=RequireAdmin
“MultipleInvokePromptMinimum”=10000

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“TaskbarSizeMove”=0
“HideFileExt”=0
“SuperHidden”=1
“ShowSuperHidden”=1
“Hidden”=1

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations]
“Application”= open %s file - Search

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windo ws\System]
“DisableCMD”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\System]
“EnableVirtualization”=1
“EnableInstallerDetection”=1
“PromptOnSecureDesktop”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“ConsentPromptBehaviorAdmin”=5
“ValidateAdminCodeSignatures”=0
“EnableUIADesktopToggle”=0
“EnableCursorSuppression”=1
“ConsentPromptBehaviorUser”=3
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“FilterAdministratorToken”=0
“DisableTaskMgr”=0
“DisableRegistryTools”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktopChanges”=1
“NoActiveDesktop”=1
“NoRun”=0
“NoFolderOptions”=0
“NoControlPanel”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\ActiveDesktop]
“NoComponents”=1
“NoAddingComponents”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\NewStartPanel]
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{8E74D236-7F35-4720-B138-1FED0B85EA75}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\ClassicStartMen u]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“HKeyRoot”=2147483649
“DefaultValue”=2
“ValueName”=Hidden
“Text”=@shell32.dll,-30500
“Type”=radio

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer]
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“GlobalAssocChangedCounter”=77

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced]
“TaskbarSizeMove”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Associations]
“Application”= open %s file - Search

---------- | Winlogon

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ExcludeProfileDirs”=AppData\Local;AppData\LocalLo w;$Recycle.Bin;SkyDrive;Work Folders
“BuildNumber”=9600
“FirstLogon”=0
“ParseAutoexec”=1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ExcludeProfileDirs”=AppData\Local;AppData\LocalLo w;$Recycle.Bin;SkyDrive;Work Folders
“BuildNumber”=9600
“FirstLogon”=0
“ParseAutoexec”=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=C:\Windows\system32\userinit.exe,
“LegalNoticeText”=
“Shell”=explorer.exe
“LegalNoticeCaption”=
“DebugServerCommand”=no
“ForceUnlockLogon”=0
“ReportBootOk”=1
“VMApplet”=SystemPropertiesPerformance.exe /pagefile
“AutoRestartShell”=1
“PowerdownAfterShutdown”=0
“ShutdownWithoutLogon”=0
“Background”=0 0 0
“PasswordExpiryWarning”=5
“CachedLogonsCount”=10
“WinStationsDisabled”=0
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“scremoveoption”=0
“DisableCAD”=1
“ShutdownFlags”=2147483687
“EnableFirstLogonAnimation”=1
“AutoLogonSID”=S-1-5-32
“LastUsedUsername”=

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=userinit.exe,
“Shell”=explorer.exe
“VMApplet”=SystemPropertiesPerformance.exe /pagefile
“DefaultDomainName”=
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“DefaultUserName”=

---------- | Associations

[HKLM\Software\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\Classes.com]
“”=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.reg]
“”=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
“”=regedit.exe “%1”

[HKLM\Software\Classes.scr]
“”=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
“”=“%1” /S

[HKLM\Software\Classes.bat]
“”=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.cmd]
“”=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.pif]
“”=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.inf]
“”=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes.url]
“”=InternetShortcut

[HKLM\Software\Classes.lnk]
“”=lnkfile

[HKLM\Software\Classes.hta]
“”=htafile
“PerceivedType”=text
“Content Type”=application/hta

[HKLM\Software\Classes\htafile\Shell\Open\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\Classes\InternetShortcut]
“NeverShowExt”=
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“EditFlags”=2
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“IsShortcut”=
“FriendlyTypeName”=@C:\Windows\System32\ieframe.dl l,-10046
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment

[HKLM\Software\Classes\Application.Manifest]
“”=Application Manifest
“EditFlags”=4259840
“BrowserFlags”=4096
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\Classes\Application.Reference]
“”=Application Reference
“NeverShowExt”=
“EditFlags”=131072
“IsShortcut”=
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201

[HKLM\Software\Classes\Folder]
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeLayoutPatternForBrowse”=delta
“”=Folder
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“ThumbnailCutoff”=0
“NoRecentDocs”=
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKLM\Software\WOW6432Node\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Op en\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.com]
“”=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.reg]
“”=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Op en\Command]
“”=regedit.exe “%1”

[HKLM\Software\WOW6432Node\Classes.scr]
“”=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Op en\Command]
“”=“%1” /S

[HKLM\Software\WOW6432Node\Classes.bat]
“”=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.cmd]
“”=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.pif]
“”=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.inf]
“”=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Op en\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes.url]
“”=InternetShortcut

[HKLM\Software\WOW6432Node\Classes.lnk]
“”=lnkfile

[HKLM\Software\WOW6432Node\Classes.hta]
“”=htafile
“PerceivedType”=text
“Content Type”=application/hta

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Op en\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
“NeverShowExt”=
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“EditFlags”=2
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“IsShortcut”=
“FriendlyTypeName”=@C:\Windows\System32\ieframe.dl l,-10046
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment

[HKLM\Software\WOW6432Node\Classes\Application.Mani fest]
“”=Application Manifest
“EditFlags”=4259840
“BrowserFlags”=4096
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\WOW6432Node\Classes\Application.Refe rence]
“”=Application Reference
“NeverShowExt”=
“EditFlags”=131072
“IsShortcut”=
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201

[HKLM\Software\WOW6432Node\Classes\Folder]
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeLayoutPatternForBrowse”=delta
“”=Folder
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“ThumbnailCutoff”=0
“NoRecentDocs”=
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Clients\StartMenuInternet\FIREFOX.EX E\Shell\open\Command]
“”=
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Clients\StartMenuInternet\FIREFOX.EX E\InstallInfo]
“ReinstallCommand”=

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EX E\Shell\open\Command]
“”=C:\Program Files (x86)\Mozilla Firefox\firefox.exe [28/07/2014 21:46:33]
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EX E\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [10/12/2015 00:34:25]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\FIREFOX.EXE\Shell\open\Command]
“”=C:\Program Files (x86)\Mozilla Firefox\firefox.exe [28/07/2014 21:46:33]
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\FIREFOX.EXE\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [10/12/2015 00:34:25]
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

---------- | AppcompatFlags

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
“C:\Program Files\Synaptics\SynTP\SynTPHelper.exe”=0x534143500 1000000000000000700000028000000F0100300E14C0300010 00000000000000000030600210000B395E7CF049FCE0100000 00000000000020000002800000000000000000000400000000 0000000000000000000000000FFE693B800000000570000005 7000000
“C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe”=0x534143500100 000000000000070000002800000038560600E13D0700010000 00000000000000030673220000B395E7CF049FCE0100000000 00000000020000002800000000000000000000400000000000 0000000000000000000000FBC593B800000000130100001301 0000
“C:\Users\HP-PC\AppData\Local\Pokki\Engine\StartMenuIndexer.exe ”=0x534143500100000000000000070000002800000048532F 005531300001000000000000000000030673220000B395E7CF 049FCE01000000000000000002000000280000000000000000 00000000000000000000000000000000000000750CE6280000 00000500000005000000
“C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE”=0x534143500100000000 0000000700000028000000A83E0E000CD70E00010000000000 00000000030671200000975FD891C99ECE0100000000000000 00020000002800000000000000000000000000000000000000 0000000000000000BF664417000000000B0000000B000000
“C:\Program Files (x86)\Connected Music powered by Universal Music Group\Connected Music powered by Universal Music Group.exe”=0x5341435001000000000000000700000028000 00000C2060000000000010000000000000000000106F102000 0975FD891C99ECE01000000000000000002000000280000000 000000000000000000000000000000000000000000000007D7 D0000000000000800000008000000
“SIGN.MEDIA=E3A507E5 winrar-x64-510.exe”=0x534143500100000000000000070000002800000 0983B1D00D6951D0001000000000000000000020600010000B 395E7CF049FCE0100000000000000000200000028000000000 0000000000040000000000000000000000000000000007F2C0 000000000000100000001000000
“C:\Users\HP-PC\Desktop\Ms Office-2007\setup.exe”=0x53414350010000000000000007000000 2800000030110700C7F8070001000000000000000000000671 020000975FD891C99ECE010000000000000000020000002800 00000000000000000040000000000000000000000000000000 00D7140500000000000200000002000000
“SIGN.MEDIA=E3A507E5 picasa39-setup.exe”=0x5341435001000000000000000700000028000 00068F7E200D76DE3000100000000000000000001067122000 0975FD891C99ECE01000000800000000002000000280000000 00000000000000000000000000000000000000000000000F58 A0100000000000100000001000000
“SIGN.MEDIA=E3A507E5 photoshop_cs4_micro_setup BY PRATEEK.exe”=0x53414350010000000000000007000000280 00000181853030000000001000000000000000000020641220 000975FD891C99ECE010000000000000000020000002800000 00000000000000000000000000000000000000000000000009 87D0100000000000100000001000000
“C:\Program Files\WinRAR\WinRAR.exe”=0x53414350010000000000000 0070000002800000058981600F3B3160001000000000000000 000020600010000B395E7CF049FCE010000000000000000020 00000280000000000000000000010000000000000000000000 000000000002AF35928000000005200000052000000
“SIGN.MEDIA=E3A507E5 Firefox Setup 3.5.7.exe”=0x5341435001000000000000000700000028000 00038677B0037C57B000100000000000000000000067102000 0975FD891C99ECE01000000000000000002000000280000000 000000000000000000000000000000000000000000000007F6 00000000000000100000001000000
“C:\Program Files\Hewlett-Packard\HP Utility Center\HPUC.exe”=0x5341435001000000000000000700000 02800000038CD0600DFD006000100000000000000000003067 3220000B395E7CF049FCE01000000000000000002000000280 00000000000000000000000000000000000000000000000000 000E5560603000000000A0000000A000000
“C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Eula.exe”=0x53414350010000000000000007 00000028000000804E0100CD80010001000000000000000000 010671220000975FD891C99ECE010000000000000000020000 00280000000000000000000000000000000000000000000000 00000000F10C0000000000000100000001000000
“C:\Users\HP-PC\Desktop\BlueJ\bluej.exe”=0x53414350010000000000 0000070000002800000000D60800A0E6080001000000000000 000000010671220000975FD891C99ECE010000000000000000 02000000280000000000000000000000000002000000000000 000000000000009F57AD23000000001F0000001F000000
“C:\Users\HP-PC\Desktop\BlueJ\jdk1.7.0_15\jre\lib\launcher.exe” =0x5341435001000000000000000700000028000000A0AF000 0E823010001000000000000000000010600010000B395E7CF0 49FCE010000000000000000020000002800000000000000000 00000000000000000000000000000000000003F00000000000 0000100000001000000
“C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video. exe”=0x534143500100000000000000070000002800000008B F02001FC3020001000000000000000000030671220000975FD 891C99ECE01000000000000000002000000280000000000000 000000000100000000000000000000000000000007AAC678F0 00000002200000022000000
“G:\kanpur\fifa 09\EA Sports\FIFA 09 Demo\FIFA09.exe”=0x5341435001000000000000000700000 02800000008E56000253C61000100000000000000000000067 1200000975FD891C99ECE01000000000000000002000000280 00000000000000000000000000200000000000000000000000 000817F0000000000000400000004000000
“C:\Program Files\7-Zip\7zFM.exe”=0x5341435001000000000000000700000028 000000004C0B00000000000100000000000000000001067320 0000B395E7CF049FCE01000000000000000002000000280000 00000000000000001000000000000000000000000000000000 5ED0FB12000000006000000060000000
“C:\Program Files (x86)\Microsoft Office\Office12\MSACCESS.EXE”=0x534143500100000000 000000070000002800000028439E00ED5C9E00010000000000 00000000000671020000975FD891C99ECE0100000010000000 00020000002800000000000000000000100400000000000000 0000000000000000EE2E0700000000000200000002000000
“C:\Users\HP-PC\Desktop\Ms Office-2007\Word.en-us\WordMUI.msi”=0x53414350010000000000000007000000 2800000000F400008396010001000000000000000000010500 300000B395E7CF049FCE010000000000000000020000002800 00000000000000000000000000000000000000000000000000 00A7130000000000000100000001000000
“C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE”=0x5341435001000000000 000000700000028000000284D0500AAA805000100000000000 0000000000671020000975FD891C99ECE01000000010000000 0
“C:\Program Files (x86)\WildGames\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe”=0x5341435001000000000000000700000028000000 801E0900404709000100000000000000000002067100000097 5FD891C99ECE01000000000000000002000000280000000000 000000000000001000000000000000000000000000005E5600 00000000000100000001000000
“C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe”=0x534143500 1000000000000000700000028000000D88E7300F0297400010 00000000000000000030600210000B395E7CF049FCE0100000 00000000000020000002800000000000000000000000000000 0000000000000000000000000D501000000000000030000000 3000000
“C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe”=0x5341435 001000000000000000700000028000000084729008F9C29000 1000000000000000000030600210000975FD891C99ECE01000 00000000000000200000028000000000000000000000000000 000000000000000000000000000156F0000000000000100000 001000000
“G:\Karan passport pic\New folder\New folder\quicksnooker.exe”=0x53414350010000000000000 0070000002800000004701C00687E1C0001000000000000000 000010671200000975FD891C99ECE010000000000000000020 00000280000000000000000000000000000000000000000000 000000000001E080000000000000100000001000000
“SIGN.MEDIA=582BB4 AutoRun.exe”=0x53414350010000000000000007000000280 000000050010066F5010001000000000000000000000671000 000975FD891C99ECE010000000000000000020000002800000 0000000008000000000000000000000000000000000000000F DC68001000000000200000002000000
“C:\Program Files (x86)\CyberLink\Media Suite\PS.exe”=0x5341435001000000000000000700000028 00000008C702006A2803000100000000000000000003067122 0000975FD891C99ECE01000000000000000002000000280000 00000000000000000000000010000000000000000000000000 AE3AA344000000000B0000000B000000
“C:\Program Files\Micromax 200G USB Modem\EdgeModem.exe”=0x534143500100000000000000070 000002800000000440F00D2EE0F00010000000000000000000 00673000000B395E7CF049FCE0100000000000000000200000 02800000000000000000000000000000000000000000000000 000000033EE0100000000000100000001000000
“C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE”=0x534143500100000000 0000000700000028000000301907002F590700010000000000 00000000000671020000975FD891C99ECE0100000001000000 00
“C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE”=0x534143500100000000000 000070000002800000028FF1001D2281101010000000000000 00000000671020000975FD891C99ECE010000000100000000
“C:\Program Files (x86)\Adobe\Photoshop CS4\Photoshop.exe”=0x53414350010000000000000007000 0002800000030C507031567080301000000000000000000000 671220000975FD891C99ECE010000000000000000020000002 80000000000000000000000000000000000000000000000000 00000974F0000000000001100000011000000
“E:\Games\Saints Row IV\SaintsRowIV.exe”=0x5341435001000000000000000700 00002800000000642601000000000100000000000000000002 0671220000975FD891C99ECE01000000000000000002000000 28000000000000000000000000000000000000000000000000 0000001D100000000000000100000001000000
“E:\Games\Need for Speed Most Wanted\NFS13.exe”=0x534143500100000000000000070000 00280000000010DC00E88ACF00010000000000000000000106 71020000975FD891C99ECE0100000000000000000200000028 00000000000000000000000000000000000000000000000000 000030050000000000000100000001000000
“E:\Games\Need for Speed Most Wanted (old)\speed.exe”=0x5341435001000000000000000700000 02800000000005C00000000000100000000000000000001057 1200000975FD891C99ECE01000000000000000002000000280 00000000000000000000000000000000000000000000000000 000E8030000000000000100000001000000
“E:\Games\GTA.San.Andreas\gta_sa.exe”=0x5341435001 000000000000000700000028000000007ADB00EA5BDC000100 0000000000000000010571200000975FD891C99ECE01000000 00000000000200000028000000000000000000001000000000 0000000000000000000000009CB10000000000000100000001 000000
“C:\Program Files\mcafee.com\agent\mcagent.exe”=0x534143500100 00000000000007000000280000008835080037460800010000 00000000000000030600210000B395E7CF049FCE0100000000 00000000020000002800000000000000000000000000000000 0000000000000000000000C706000000000000010000000100 0000
“C:\Program Files (x86)\Autograph 3.3\agraph.exe”=0x53414350010000000000000007000000 2800000000A07500F41D760001000000000000000000010671 200000975FD891C99ECE010000000000000000020000002800 00000000000000000000000002000000000000000000000000 00698A46B6000000002400000024000000
“C:\Users\HP-PC\Desktop\BlueJ\jre7\bin\java.exe”=0x534143500100 0000000000000700000028000000A0DF0200D57F0300010000 00000000000000010600010000B395E7CF049FCE0100000000 00000000020000002800000000000000000000000000000000 00000000000000000000006307000000000000010000000100 0000
“C:\Users\HP-PC\Desktop\IB Question Banks\Physics\welcome.exe”=0x534143500100000000000 0000700000028000000A005220000000000010000000000000 00000010641200000975FD891C99ECE0100000000000000000 20000002800000000000000000000000000000000000000000 000000000000029FB0000000000000200000002000000
“C:\Program Files (x86)\IB Questionbank32\IB Questionbank32.exe”=0x5341435001000000000000000700 00002800000000921300000000000100000000000000000000 0641200000975FD891C99ECE01000000000000000002000000 28000000000000000000000000000000000000000000000000 00000020F54E49000000004B0000004B000000
“C:\Users\HP-PC\Desktop\IB Question Banks\Mathematics\welcome.exe”=0x53414350010000000 0000000070000002800000064E622000000000001000000000 000000000020641200000975FD891C99ECE010000000000000 00002000000280000000000000000000000000000000000000 00000000000000000C46A0900000000000100000001000000
“C:\Users\HP-PC\Desktop\IB Question Banks\Mathematics\welcome (2).exe”=0x534143500100000000000000070000002800000 064E6220000000000010000000000000000000206412000009 75FD891C99ECE0100000000000000000200000028000000000 00000000000000000000000000000000000000000000029010 000000000000100000001000000
“C:\Users\HP-PC\Desktop\IB Question Banks\Physics\welcome (2).exe”=0x534143500100000000000000070000002800000 0A005220000000000010000000000000000000106412000009 75FD891C99ECE0100000000000000000200000028000000000 0000000000000400000000000000000000000000000007A590 000000000000100000001000000
“C:\Program Files (x86)\Microsoft Office\Office12\OIS.EXE”=0x53414350010000000000000 0070000002800000038310400914C040001000000000000000 000000671020000975FD891C99ECE010000000000000000020 00000280000000000000000000010000000000000000000000 0000000000079F36900000000000400000004000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\39.0.21 71.65\delegate_execute.exe”=0x53414350010000000000 0000070000002800000048651F007E6D1F0001000000000000 000000030600210000975FD891C99ECE010000000000000000 02000000280000000000000000000000000000000000000000 00000000000000E8030000000000000100000001000000
“C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe”=0 x5341435001000000000000000700000028000000083F05004 49B050001000000000000000000020671020000975FD891C99 ECE01000000000000000002000000280000000000000080000 000000000000000000000000000000000000690B91C0000000 00300000003000000
“C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe”=0x53414 3500100000000000000070000002800000018B4050048D3050 001000000000000000000030671220000975FD891C99ECE010 00000000000000002000000280000000000000000000010000 00000000000000000000000000000BB2F5B150000000002000 00002000000
“SIGN.MEDIA=AA179C SAT_2400.exe”=0x5341435001000000000000000700000028 000000A017AA00D7E37B000100000000000000000001067122 0000975FD891C99ECE01000000000000000002000000280000 00000000008000000000000000000000000000000000000000 5F620100000000000100000001000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\39.0.21 71.95\delegate_execute.exe”=0x53414350010000000000 0000070000002800000048651F00C7E81F0001000000000000 000000030600210000975FD891C99ECE010000000000000000 02000000280000000000000000000000000000000000000000 000000000000006834DB23000000000400000004000000
“SIGN.MEDIA=3D2C8 start.exe”=0x5341435001000000000000000700000028000 00000740000000000000100000000000000000001067120000 0975FD891C99ECE01000000000000000002000000280000000 0000000800000000000000000000000000000000000000018F D0100000000000100000001000000
“SIGN.MEDIA=3D2C8 IB HL OPTION - CALCULUS.EXE”=0x5341435001000000000000000700000028 00000000740000000000000100000000000000000001067120 0000975FD891C99ECE01000000000000000002000000280000 00000000000000000000000000000000000000000000000000 BA12D701000000000100000001000000
“SIGN.IE=0765C0 FortiClientOnlineInstaller.exe”=0x5341435001000000 000000000700000028000000C06507003DCE07000100000000 0000000000030600210000975FD891C99ECE01000000000000 0000
“C:\Program Files (x86)\Evernote\Evernote\Evernote.exe”=0x5341435001 00000000000000070000002800000060F5EF00E335F0000100 0000000000000000030600210000975FD891C99ECE01000000 00000000000200000028000000000000000000001000000000 0000000000000000000000003C2B0200000000000100000001 000000
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”=0x534143500100000000000000070 0000028000000D8DB0D0090950E00010000000000000000000 00671020000975FD891C99ECE010000000100000000
“C:\Program Files (x86)\Vernier Software\Logger Pro 3\LoggerPro.exe”=0x5341435001000000000000000700000 028000000001073008F8E73000100000000000000000000067 1200000975FD891C99ECE01000000000000000002000000280 00000000000000000000000000000000000000000000000000 000845D0E19000000003A0100003A010000
“F:\iCare Data Recovery Free\iCareDataRecoveryFree.exe”=0x5341435001000000 000000000700000028000000008C0A00E4950A000100000000 0000000000030671220000975FD891C99ECE01000000000000 00000200000028000000000000000000000000000000000000 0000000000000000003C9A0000000000000100000001000000
“C:\Program Files (x86)\Fortinet\FortiClient\FortiClient.exe”=0x5341 43500100000000000000070000002800000050986600EB3267 0001000000000000000000030671220000975FD891C99ECE01 00000000000000000200000028000000000000000000000000 00000000000000000000000000000011400100000000000600 000006000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\41.0.22 72.118\delegate_execute.exe”=0x5341435001000000000 00000070000002800000048190A00AFE70A000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 0000000000000007B080000000000000100000001000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\43.0.23 57.124\delegate_execute.exe”=0x5341435001000000000 00000070000002800000048810A0064AD0A000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 00000000000000010050000000000000100000001000000
“C:\Users\HP-PC\AppData\Local\Pokki\Engine\HostAppService.exe”= 0x534143500100000000000000070000002800000000D67700 A47F780001000000000000000000030600210000975FD891C9 9ECE0100000000000000000200000028000000000000000000 000000000000000000000000000000000000405BEF04000000 000200000002000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\43.0.23 57.130\delegate_execute.exe”=0x5341435001000000000 000000700000028000000488F0A0041730B000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 0000000000000006C080000000000000100000001000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\43.0.23 57.132\delegate_execute.exe”=0x5341435001000000000 000000700000028000000488F0A003E2F0B000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 0000000000000009A030000000000000100000001000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\44.0.24 03.89\delegate_execute.exe”=0x53414350010000000000 00000700000028000000489B0A0017BD0A0001000000000000 000000030600210000975FD891C99ECE010000000000000000 02000000280000000000000000000000000000000000000000 00000000000000A06BFE03000000000300000003000000
“E:\SetupGraph-4.3.exe”=0x534143500100000000000000070000002800000 09DBC310000000000010000000000000000000306412200009 75FD891C99ECE0100000000000000000200000028000000000 0000000000000000000000000000000000000000000004B660 000000000000100000001000000
“C:\Program Files (x86)\Graph\Graph.exe”=0x5341435001000000000000000 70000002800000000365700000000000100000000000000000 0000671200000975FD891C99ECE01000000000000000002000 00028000000000000000000000000000000000000000000000 000000000411B530A000000000C0000000C000000
“SIGN.MEDIA=F7AA250D software\bluej-bundled-314 (1).msi”=0x534143500100000000000000070000002800000 000FE0000B780010001000000000000000000010500100000B 395E7CF049FCE0100000000000000000200000028000000000 0000000000000000000000000000000000000000000003D460 400000000000100000001000000
“C:\Program Files (x86)\BlueJ\BlueJ.exe”=0x5341435001000000000000000 70000002800000000DE0800F95109000100000000000000000 0030671220000975FD891C99ECE01000000000000000002000 00028000000000000000000000000000000000000000000000 0000000001CCB732C000000005100000051000000
“C:\Users\HP-PC\Downloads\python-2.7.9.msi”=0x5341435001000000000000000700000028000 00000FE0000B78001000100000000000000000001050010000 0B395E7CF049FCE01000000000000000002000000280000000 00000000000000000000000000000000000000000000000B12 E0000000000000100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOA822.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 00000020200000000000000000000000000730700000000000 00100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOB37D.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 00000020200000000000000000000000000E40100000000000 00100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOB812.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 00000020200000000000000000000000000472300000000000 00100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOB95B.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 00000020200000000000000000000000000B62800000000000 00100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOBAA4.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 00000020200000000000000000000000000BB2F00000000000 00100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOBC0D.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 00000020200000000000000000000000000C03600000000000 00100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOBD46.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 00000020200000000000000000000000000BB3C00000000000 00100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOBEFD.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 00000020200000000000000000000000000884200000000000 00100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOC007.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 00000020200000000000000000000000000B14800000000000 00100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOC19F.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 000000202000000000000000000000000003A0600000000000 00100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zOC2C8.tmp_generator.exe”=0 x534143500100000000000000070000002800000062B408000 000000001000000000000000000010571200000975FD891C99 ECE01000000000000000002000000280000000000000000000 000000202000000000000000000000000000D0300000000000 00100000001000000
“C:\Users\HP-PC\GeoGebra 5.0\GeoGebra.exe”=0x534143500100000000000000070000 0028000000302C020000000000010000000000000000000106 00010000975FD891C99ECE0100000000000000000200000028 00000000000000000000000000000000000000000000000000 000017B66539000000001C0000001C000000
“C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe”=0x53414350010 0000000000000070000002800000030257500A704760001000 000000000000000000671200000975FD891C99ECE010000000 00000000002000000280000000000000000000010000000000 00000000000000000000000F13EBC240000000002000000020 00000
“C:\Users\HP-PC\AppData\Local\Pokki\Engine\ServiceHostApp.exe”= 0x534143500100000000000000070000002800000000207800 FDAC780001000000000000000000030600210000975FD891C9 9ECE0100000000000000000200000028000000000000000000 0000000000000000000000000000000000003249590D000000 000100000001000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\46.0.24 90.86\delegate_execute.exe”=0x53414350010000000000 0000070000002800000048A50A00B58D0B0001000000000000 000000030600210000975FD891C99ECE010000000000000000 02000000280000000000000000000000000000000000000000 000000000000006B030000000000000100000001000000
“C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\BigBang\Runtime\ CLUpdater.exe”=0x534143500100000000000000070000002 8000000082F0600C0ED0600010000000000000000000206710 20000975FD891C99ECE0100000080000000000200000028000 00000000000000000000000000000000000000000000000000 0D3530200000000000100000001000000
“C:\Users\HP-PC\Downloads\netbeans-8.1-javase-windows.exe”=0x53414350010000000000000007000000280 00000A85EE5051636E60501000000000000000000030671220 000975FD891C99ECE010000000000000000020000002800000 0000000000000004000000000000000000000000000000000D 0131500000000000200000002000000
“C:\Program Files\NetBeans 8.1\bin\netbeans.exe”=0x53414350010000000000000007 00000028000000EF0B0A0064AA0A0001000000000000000000 030671220000975FD891C99ECE010000000000000000020000 00280000000000000000000000000000000000000000000000 000000002C51220D000000000400000004000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\47.0.25 26.73\delegate_execute.exe”=0x53414350010000000000 00000700000028000000481F0B00FD590B0001000000000000 000000030600210000975FD891C99ECE010000000000000000 02000000280000000000000000000000000000000000000000 00000000000000FF070000000000000100000001000000
“C:\Users\HP-PC\Downloads\Ginger.exe”=0x53414350010000000000000 00700000028000000E8B10D0026340E0001000000000000000 000010600010000975FD891C99ECE010000000000000000020 00000280000000000000000000040000000000000000000000 00000000000A1C75701000000000100000001000000
“C:\Program Files (x86)\InstallShield Installation Information{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}\setup.exe”=0x53414350010000000000000 00700000028000000006413000000000003000000000000000 000030600210000975FD891C99ECE010000000000000000020 00000280000000000000000000000000000000000000000000 00000000000213A0200000000000100000001000000
“C:\Users\HP-PC\Downloads\SkypeSetup.exe”=0x5341435001000000000 00000070000002800000080F2160043AD17000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000004000000000000000000 0000000000000006E062300000000000100000001000000
“C:\Users\HP-PC\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe”=0x534143500100 0000000000000700000028000000002878008B467800010000 00000000000000030600210000975FD891C99ECE0100000000 00000000020000002800000000000000000000000000000000 00000000000000000000005012000000000000010000000100 0000
“C:\Users\HP-PC\Downloads\code2flowchart.exe”=0x534143500100000 00000000007000000280000005DCE260000000000010000000 00000000000030641220000975FD891C99ECE0100000000000 00000020000002800000000000000000000400000000000000 00000000000000000000838000000000000010000000100000 0
“C:\Program Files\NetBeans 8.1\uninstall.exe”=0x53414350010000000000000007000 0002800000045601F009209060003000000000000000000030 671220000975FD891C99ECE010000000000000000020000002 80000000000000000000000000000000000000000000000000 00000AF520100000000000100000001000000
“C:\Program Files (x86)\StarUML\StarUML.exe”=0x534143500100000000000 000070000002800000000B81000279C1100010000000000000 00000030671220000975FD891C99ECE0100000000000000000 20000002800000000000000000000000000000000000000000 000000000000056422800000000000100000001000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\47.0.25 26.106\delegate_execute.exe”=0x5341435001000000000 000000700000028000000481F0B0012150C000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 000000000000000A1070000000000000100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\Rar$EXb0.694\Men Of Mathematics Downloader__3687_i1831514230_il2046321.exe”=0x5341 43500100000000000000070000002800000000001300500113 0001000000000000000000020600010000975FD891C99ECE01 00000000000000000200000028000000000000000000004000 000000000000000000000000000000F4245E00000000000100 000001000000
“C:\Users\HP-PC\AppData\Local\Temp\5B60.exe”=0x5341435001000000 00000000070000002800000098854400423445000100000000 0000000000030600210000975FD891C99ECE01000000000000 00000200000028000000000000000000004000000000000000 0000000000000000008AAB8200000000000200000002000000
“C:\Users\HP-PC\Downloads\MovaviScreenCaptureSetupC.exe”=0x5341 4350010000000000000007000000280000004873F304226AF4 0401000000000000000000010600010000975FD891C99ECE01 00000000000000000200000028000000000000000000004000 00000000000000000000000000000004710100000000000100 000001000000
“C:\Program Files (x86)\Movavi Screen Capture Studio 7\uninst.exe”=0x5341435001000000000000000700000028 00000098116700B21B67000300000000000000000001060001 0000975FD891C99ECE01000000000000000002000000280000 00000000000000000000000000000000000000000000000000 F03B0000000000000100000001000000
“C:\Users\HP-PC\AppData\Local\Temp\7zO11DD.tmp\TinyTakeSetup_v_ 4_0_1.exe”=0x5341435001000000000000000700000028000 00030F96A012E2C6B010100000000000000000003060021000 0975FD891C99ECE01000000000000000002000000280000000 0000000000000000000000000000000000000000000000096D 6350B000000000100000001000000
“C:\Users\HP-PC\Downloads\FreeScreenToVideoSetup-r0-n-bc.exe”=0x5341435001000000000000000700000028000000 4824130069A413000100000000000000000001060001000097 5FD891C99ECE01000000000000000005000000100000000000 00000000000000000000000000000200000028000000000000 000000004000000000000000000000000000000000FBCD0400 000000000100000001000000
“E:\setup.exe”=0x534143500100000000000000070000002 8000000B8060D00211B143E010000000000000000000306002 10000975FD891C99ECE0100000000000000000500000010000 00000000000000000000000000000000000020000002800000 00000000000000000000000000000000000000000000000005 B46F919000000000200000002000000
“C:\Users\HP-PC\Downloads\ezvid1.002b03.exe”=0x5341435001000000 000000000700000028000000704A0F00C24510000100000000 0000000000020600010000975FD891C99ECE01000000000000 00000200000028000000000000000000004000000000000000 00000000000000000030F81600000000000100000001000000
“C:\Program Files (x86)\ezvid\ezvid.exe”=0x5341435001000000000000000 70000002800000008075300DA2553000100000000000000000 00306F1220000975FD891C99ECE01000000000000000002000 00028000000000000000000000000000000000000000000000 000000000A73B4400000000000100000001000000
“C:\Users\HP-PC\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe”=0x534143500100000000000000070000002 800000058880500A9960500010000000000000000000306F12 00000975FD891C99ECE0100000000000000000200000028000 00000000000000000000000000000000000000000000000000 0DD0A0000000000000100000001000000
“C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDRW.exe”=0x53414350010000000000 0000070000002800000058050500609A050001000000000000 000000030673220000B395E7CF049FCE010000000000000000 02000000280000000000000000000000000000000000000000 000000000000005C2A0D00000000000200000002000000
“C:\Program Files (x86)\Autograph 3.3\Autograph Virtual Keyboard.exe”=0x5341435001000000000000000700000028 000000007C00002FE400000100000000000000000001067120 0000975FD891C99ECE01000000000000000002000000280000 00000000000000000000000000000000000000000000000000 C0140000000000000100000001000000
“C:\SmartDraw CI\Messages.exe”=0x5341435001000000000000000700000 028000000446E0500000000000100000000000000000001067 1000000975FD891C99ECE01000000000000000002000000280 00000000000000000000000000000000000000000000000000 00009010000000000000100000001000000
“C:\SmartDraw CI\SD.exe”=0x5341435001000000000000000700000028000 000C1BF3F00000000000100000000000000000001067100000 0975FD891C99ECE01000000000000000002000000280000000 00000000000000000000000000000000000000000000000340 70000000000000100000001000000
“C:\SmartDraw CI\SDUI.exe”=0x53414350010000000000000007000000280 00000F0A036000000000001000000000000000000010671000 000975FD891C99ECE010000000000000000020000002800000 00000000000000000000000000000000000000000000000006 F050000000000000100000001000000
“C:\SmartDraw CI\DLLs.exe”=0x53414350010000000000000007000000280 00000EFF033000000000001000000000000000000010671000 000975FD891C99ECE010000000000000000020000002800000 0000000000000000000000000000000000000000000000000D 0070000000000000100000001000000
“C:\SmartDraw CI\Tooltips.exe”=0x5341435001000000000000000700000 028000000E8AB0600B94507000100000000000000000001067 1000000975FD891C99ECE01000000000000000002000000280 00000000000000000000000000000000000000000000000000 000B50E0000000000000100000001000000
“C:\SmartDraw CI\Filters.exe”=0x53414350010000000000000007000000 28000000D8101000E254100001000000000000000000010671 000000975FD891C99ECE010000000000000000020000002800 00000000000000000000000000000000000000000000000000 006B030000000000000100000001000000
“C:\SmartDraw CI\Ribbons.exe”=0x53414350010000000000000007000000 280000003E8108000000000001000000000000000000010671 000000975FD891C99ECE010000000000000000020000002800 00000000000000000000000000000000000000000000000000 0042020000000000000100000001000000
“C:\SmartDraw CI\Spelling.exe”=0x5341435001000000000000000700000 028000000501D0700C64F07000100000000000000000001067 1000000975FD891C99ECE01000000000000000002000000280 00000000000000000000000000000000000000000000000000 000EA000000000000000100000001000000
“C:\SmartDraw CI\Dialog7.exe”=0x53414350010000000000000007000000 28000000E8A904000000000001000000000000000000010671 000000975FD891C99ECE010000000000000000020000002800 00000000000000000000000000000000000000000000000000 00DB000000000000000100000001000000
“C:\SmartDraw CI\LibraryPreviews.exe”=0x534143500100000000000000 0700000028000000D84E590000000000010000000000000000 00010671000000975FD891C99ECE0100000000000000000200 00002800000000000000000000000000000000000000000000 0000000000C2190000000000000100000001000000
“C:\SmartDraw CI\Templates\2010.exe”=0x5341435001000000000000000 700000028000000D8B8290054DD29000100000000000000000 0010671000000975FD891C99ECE01000000000000000002000 00028000000000000000000000000000000000000000000000 000000000F10C0000000000000100000001000000
“C:\SmartDraw CI\Templates\Categories.exe”=0x5341435001000000000 0000007000000280000000FAC1000000000000100000000000 0000000010671000000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 0000000000000004F0D0000000000000100000001000000
“C:\SmartDraw CI\SmartDraw.exe”=0x534143500100000000000000070000 0028000000E0376C009B306D00010000000000000000000306 71200000975FD891C99ECE0100000000000000000200000028 00000000000000000000000000000000000000000000000000 000054EF3E00000000000300000003000000
“C:\Users\HP-PC\AppData\Local\Temp\Jing_Setup\Jing_Setup_Releas e.msi”=0x53414350010000000000000007000000280000000 0EA0000AA51010001000000000000000000010500100000975 FD891C99ECE010000000000000000020000002800000000000 00000000000000000000000000000000000000000003DD8070 0000000000200000002000000
“C:\Program Files (x86)\TechSmith\Jing\Jing.exe”=0x53414350010000000 00000000700000028000000F86B2C00FA272D0001000000000 0000000000306F1220000975FD891C99ECE010000000000000 00002000000280000000000000000000050000000000000000 00000000000000000B51C0983000000001800000018000000
“C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe”=0x53414350010000000000000007000000280000009 8AA3200C2DA320001000000000000000000030680210000975 FD891C99ECE010000000000000000020000002800000000000 00000000000000000000000000000000000000000003B9B4E0 0000000000200000002000000
“C:\SYSTEM.SAV\Util\HPCPDesktopIcon.exe”=0x5341435 001000000000000000700000028000000001E0000000000000 10000000000000000000306F1220000975FD891C99ECE01000 00000000000000200000028000000000000000000000000000 000000000000000000000000000454D0000000000000100000 001000000
“C:\Users\183-k\Desktop\bin\java.exe”=0x534143500100000000000000 0700000028000000A8E90200B83A0300010000000000000000 00030600210000B395E7CF049FCE0100000000000000000200 00002800000000000000000000000000000000000000000000 0000000000A01C0000000000000400000004000000
“C:\Users\183-k\Desktop\bin\javacpl.exe”=0x534143500100000000000 0000700000028000000A82D0100987B0100010000000000000 00000010600010000B395E7CF049FCE0100000000000000000 20000002800000000000000000000000010000000000000000 0000000000000B388730F000000000200000002000000
“C:\Users\183-k\Desktop\bin\javaws.exe”=0x5341435001000000000000 000700000028000000A8E50400BA7805000100000000000000 0000010600010000B395E7CF049FCE01000000000000000002 00000028000000000000000000000000100000000000000000 000000000000E8CC0600000000000100000001000000
“C:\Program Files (x86)\slitherlink\SLITHERLINK.EXE”=0x5341435001000 00000000000070000002800000000000E00D4B90E000100000 0000000000000020671200000975FD891C99ECE01000000000 00000000200000028000000000000000000000000100000000 00000000000000000000066880400000000000100000001000 000
“C:\Program Files (x86)\Texmaker\texmaker.exe”=0x5341435001000000000 0000007000000280000000040590036B659000100000000000 0000000020671200000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 0000000000000002EC2C134000000006700000067000000
“C:\Users\HP-PC\AppData\Local\Programs\MiKTeX 2.9\miktex\bin\mpm_mfc.exe”=0x53414350010000000000 0000070000002800000000460300A94A030001000000000000 000000030600210000975FD891C99ECE010000000000000000 02000000280000000000000000000000000000000000000000 00000000000000D7610000000000000100000001000000
“C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe”=0x53414350010000000000000 00700000028000000F8821600CDD2160001000000000000000 0000306F1220000975FD891C99ECE010000000000000000020 00000280000000000000000000000000000000000000000000 000000000005D591000000000000100000001000000
“C:\Program Files (x86)\BlackBerry\BlackBerry Blend\Blend.exe”=0x5341435001000000000000000700000 028000000F83A4F003C0850000100000000000000000003067 1220000975FD891C99ECE010000000000000000
“SIGN.MEDIA=228BEF19 StartModem.exe”=0x53414350010000000000000007000000 280000003019080058FD080001000000000000000000020671 200000975FD891C99ECE010000000000000000020000002800 00000000000000000000000000000000000000000000000000 000D53284F000000000200000002000000
“C:\Users\HP-PC\Downloads\python-2.7.9 (1).msi”=0x534143500100000000000000070000002800000 000FE00002CDB010001000000000000000000010500100000B 395E7CF049FCE0100000000000000000200000028000000000 000000000000000000000000000000000000000000000403C0 300000000000200000002000000
“C:\Python27\pythonw.exe”=0x5341435001000000000000 000700000028000000006A0000AC8800000100000000000000 0000030671220000975FD891C99ECE01000000000000000002 00000028000000000000000000000000000000000000000000 000000000000406EB010000000000A0000000A000000
“C:\Python27\python.exe”=0x53414350010000000000000 007000000280000000068000081A8000001000000000000000 000030671220000975FD891C99ECE010000000000000000020 00000280000000000000000000000000000000000000000000 000000000001F4C2700000000002600000026000000
“C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe”=0x5341435001000000000000000700 000028000000384508005D0C09000100000000000000000003 06F5220000B395E7CF049FCE01000000000000000002000000 28000000000000000000000000000000000000000000000000 00000048459700000000000300000003000000
“C:\Program Files (x86)\LizardTech\DjVu Solo 3.1\DjVuSolo.exe”=0x534143500100000000000000070000 002800000000E0200000000000010000000000000000000105 71200000975FD891C99ECE0100000000000000000200000028 00000000000000000000000004000000000000000000000000 0000E3950400000000000400000004000000
“C:\Program Files\WinDjView\WinDjView.exe”=0x53414350010000000 00000000700000028000000005E31000000000001000000000 000000000010673200000B395E7CF049FCE010000000000000 00002000000280000000000000000000000000000000000000 00000000000000000B0110D2C000000001E0000001E000000
“SIGN.IE=08F1960 Connectify2016Installer.exe”=0x5341435001000000000 00000070000002800000060198F00EE4E8F000100000000000 0000000030600210000975FD891C99ECE01000000000000000 0
“C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe”=0x5341 43500100000000000000070000002800000048594900FB354A 0001000000000000000000030671220000975FD891C99ECE01 00000000000000000200000028000000000000000000000000 000000000000000000000000000000C600420A000000001100 000011000000
“C:\Program Files (x86)\Google\Picasa3\Picasa3.exe”=0x53414350010000 0000000000070000002800000048099B00A3279B0001000000 000000000000030671220000975FD891C99ECE010000000000 00000002000000280000000000000000000010000000000000 00000000000000000000F38103000000000001000000010000 00
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”=0x53414350010000 00000000000700000028000000D8B41100C199120001000000 000000000000030671220000975FD891C99ECE010000000000 00000002000000280000000000000000000000000000000000 000000000000000000004565EA1300000000C5000000C50000 00
“C:\Users\HP-PC\AppData\Roaming\Zoom\bin\Zoom.exe”=0x5341435001 000000000000000700000028000000B0D2060067D406000100 0000000000000000030671220000975FD891C99ECE01000000 00000000000200000028000000000000000000000000000000 0000000000000000000000005C030000000000000200000002 000000
“C:\Users\HP-PC\Downloads\Zoom_launcher.exe”=0x5341435001000000 00000000070000002800000048090200B31402000100000000 0000000000030671220000975FD891C99ECE01000000000000 00000200000028000000000000008000000000000000000000 00000000000000000058010000000000000200000002000000
“C:\Program Files (x86)\Skype\Phone\Skype.exe”=0x5341435001000000000 000000700000028000000D8579F011141A0010100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 0000000000000001E080000000000000100000001000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\chrome. exe”=0x5341435001000000000000000700000028000000586 D0E005DC80E0001000000000000000000030600210000975FD 891C99ECE010000000100000000
“C:\Users\HP-PC\AppData\Roaming\Zoom\uninstall\Installer.exe”=0 x5341435001000000000000000700000028000000B0160800D 763080003000000000000000000030600210000975FD891C99 ECE01000000000000000002000000280000000000000000000 00000000000000000000000000000000000962300000000000 00100000001000000
“C:\Users\HP-PC\Downloads\basic-miktex.exe”=0x534143500100000000000000070000002800 000008915C0B33058B00010000000000000000000306002100 00975FD891C99ECE0100000000000000000200000028000000 0000000000000000000000000000000000000000000000000B DB0400000000000300000003000000
“C:\Users\HP-PC\AppData\Local\Programs\MiKTeX 2.9\miktex\bin\miktex-texworks.exe”=0x5341435001000000000000000700000028 000000007469001FFE69000100000000000000000003060021 0000975FD891C99ECE01000000000000000002000000280000 00000000000000000000000000000000000000000000000000 130C0400000000000300000003000000
“C:\Users\HP-PC\Desktop\Mathematics\Computer Science\EMACS\smlnj-110.80.msi”=0x534143500100000000000000070000002800 000000FE00002CDB0100010000000000000000000105001000 00B395E7CF049FCE0100000000000000000200000028000000 0000000000000000000000000000000000000000000000009C 3E0400000000000600000006000000
“C:\Users\HP-PC\Desktop\Mathematics\Computer Science\EMACS\libexec\emacs\24.5\i686-pc-mingw32\profile.exe”=0x534143500100000000000000070 0000028000000FB9E0900A8F30900010000000000000000000 30671200000975FD891C99ECE0100000000000000000200000 02800000000000000000000000000000000000000000000000 0000000111F0000000000000100000001000000
“C:\Users\HP-PC\Desktop\Mathematics\Computer Science\EMACS\bin\addpm.exe”=0x5341435001000000000 00000070000002800000069020900D11509000100000000000 0000000030671200000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 000000000000000A7200000000000000700000007000000
“C:\Users\HP-PC\Desktop\Mathematics\Computer Science\EMACS\bin\emacs.exe”=0x5341435001000000000 0000007000000280000000E708C00FDB18C000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 000000000000000E3C74200000000000C0000000C000000
“C:\Program Files (x86)\SMLNJ\bin.run\run.x86-win32.exe”=0x5341435001000000000000000700000028000 00000BE0500000000000100000000000000000003067120000 0975FD891C99ECE01000000000000000002000000280000000 00000000000000000000000000000000000000000000000F57 D0100000000000400000004000000
“C:\Users\HP-PC\Desktop\Mathematics\Computer Science\EMACS\bin\emacs-24.5.exe”=0x53414350010000000000000007000000280000 000E708C00FDB18C0001000000000000000000030600210000 975FD891C99ECE010000000000000000020000002800000000 00000000000000000000000000000000000000000000007218 0500000000000300000003000000
“C:\Users\HP-PC\Desktop\smlnj-110.80.msi”=0x534143500100000000000000070000002800 000000FE00002CDB0100010000000000000000000105001000 00B395E7CF049FCE0100000000000000000200000028000000 000000000000000000000000000000000000000000000000E4 570000000000000100000001000000
“C:\Users\HP-PC\Desktop\bin\addpm.exe”=0x5341435001000000000000 00070000002800000069020900D11509000100000000000000 0000030671200000975FD891C99ECE01000000000000000002 00000028000000000000000000000000000000000000000000 000000000000CD0A0000000000000100000001000000
“C:\Users\HP-PC\Desktop\bin\emacs.exe”=0x5341435001000000000000 0007000000280000000E708C00FDB18C000100000000000000 0000030600210000975FD891C99ECE01000000000000000002 00000028000000000000000000000000000000000000000000 0000000000006AD60A00000000000500000005000000
“C:\Users\HP-PC\Desktop\emacs.exe”=0x53414350010000000000000007 000000280000000E708C00FDB18C0001000000000000000000 030600210000975FD891C99ECE010000000000000000020000 00280000000000000000000000000000000000000000000000 00000000CF290000000000000200000002000000
“C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE”=0x5341435001000000000 000000700000028000000288B0F00E0940F000100000000000 0000000000671020000975FD891C99ECE01000000010000000 0
“C:\Users\HP-PC\AppData\Local\Package Cache{26f1a2e1-0974-440e-9f5b-092c573b659f}\GrammarlyAddInSetup6.5.87.exe”=0x534 143500100000000000000070000002800000020AD3100C83D3 20003000000000000000000030600210000975FD891C99ECE0 10000000000000000020000002800000000000000000000000 0000000000000000000000000000000EF71010000000000010 0000001000000
“C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe”=0x5341435001000000000000000 700000028000000D0030600738C06000100000000000000000 0030671220000975FD891C99ECE01000000000000000002000 00028000000000000000000000000000000000000000000000 000000000C9030000000000000100000001000000
“C:\Program Files\AVAST Software\Avast\avastui.exe”=0x53414350010000000000 0000070000002800000020F68F00B7DF900001000000000000 000000030600210000975FD891C99ECE010000000000000000 02000000280000000000000000000000000000000000000000 0000000000000055E50C00000000000300000003000000
“C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\56.0.29 24.87\Installer\setup.exe”=0x534143500100000000000 000070000002800000058E31400D4931500010000000000000 00000030600210000975FD891C99ECE010000000000000000
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”=0x5341 435001000000000000000700000028000000585F0E0077AC0E 0001000000000000000000030600210000975FD891C99ECE01 0000000100000000
“C:\Users\HP-PC\Downloads\kts17.0.0.611en_10761.exe”=0x53414350 010000000000000007000000280000002008990AC4A8990A01 000000000000000000030600210000975FD891C99ECE010000 00000000000002000000280000000000000000000000000000 00000000000000000000000000F21100000000000007000000 07000000
“C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe”=0x534143500100000000000000070000 0028000000D8690300411F0400010000000000000000000306 00210000975FD891C99ECE010000000000000000
“C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\Insta ller\setup.exe”=0x53414350010000000000000007000000 280000005823140048CB140001000000000000000000030600 210000975FD891C99ECE010000000000000000020000002800 00000000000000000000000000000000000000000000000000 00D3A7D604000000000100000001000000
“C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\Insta ller\chrmstp.exe”=0x534143500100000000000000070000 00280000005823140048CB1400010000000000000000000306 00210000975FD891C99ECE0100000000000000000200000028 00000000000000000000000000000000000000000000000000 00000F6B0000000000000100000001000000
“C:\Users\HP-PC\Downloads\SysInfo.exe”=0x5341435001000000000000 000700000028000000A06A0B0074C40B000100000000000000 0000030671220000975FD891C99ECE01000000000000000002 00000028000000000000000000000000000000000000000000 000000000000DEC70800000000000400000004000000
“C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe”=0x5341435001000000000000000700 00002800000000180000000000000100000000000000000003 0673220000B395E7CF049FCE01000000000000000002000000 28000000000000000000000000000000000000000000000000 00000010000000000000000100000001000000
“C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe”=0x5341435001000000000000 000700000028000000789A1700397F18000100000000000000 0000010600010000975FD891C99ECE010000000100000000
“C:\Program Files (x86)\MathType\MathType.exe”=0x5341435001000000000 000000700000028000000B8471F0060C21F000100000000000 0000000010600210000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 00000000000000055D00900000000000100000001000000
“C:\Users\HP-PC\Downloads\FRST64.exe”=0x53414350010000000000000 00700000028000000000025002BFD240001000000000000000 000030600210000B395E7CF049FCE010000000000000000020 00000280000000000000000000000000000000000000000000 0000000000098DC4B00000000000400000004000000
“C:\Program Files (x86)\Connectify\Connectify.exe”=0x534143500100000 0000000000700000028000000380A3F00EA783F00010000000 00000000000030680210000975FD891C99ECE0100000000000 00000020000002800000000000000000000000000000000000 00000000000000000009A10000000000000010000000100000 0
“C:\Program Files (x86)\Connectify\DispatchUI.exe”=0x534143500100000 0000000000700000028000000386C24000CF42400010000000 00000000000030680210000975FD891C99ECE0100000080000 00000020000002800000000000000000000000000000000000 00000000000000000006913000000000000010000000100000 0
“C:\Users\HP-PC\Downloads\Everything-1.3.4.686.x64.Multilingual-Setup.exe”=0x5341435001000000000000000700000028000 00046790F00000000000100000000000000000001060001000 0975FD891C99ECE01000000000000000002000000280000000 00000000000000000000000000000000000000000000000E40 E0000000000000200000002000000
“C:\Program Files\Everything\Everything.exe”=0x534143500100000 00000000007000000280000000000160017411600010000000 00000000000030673220000B395E7CF049FCE0100000000000 00000020000002800000000000000000000000000000000000 0000000000000000000407F9B0000000000060000000600000 0
“C:\Users\HP-PC\Desktop\FRST64.exe”=0x5341435001000000000000000 700000028000000000025002BFD24000100000000000000000 0030600210000B395E7CF049FCE01000000000000000002000 00028000000000000000000000000000000000000000000000 0000000006A120100000000000100000001000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
“C:\Program Files (x86)\WildGames\Uninstall.exe”=0x53414350010000000 00000000700000028000000B0020A00F71A0A0003000000000 000000000010671020000975FD891C99ECE010000000000000 00002000000280000000000000000000000000000000000000 00000000000000000A7EF0500000000000100000001000000
“SIGN.MEDIA=3D1D0 software\Autograph3.3.10\Autograph3.3.10\setup.exe ”=0x534143500100000000000000070000002800000000500E 005B900E0001000000000000000000010600210000975FD891 C99ECE01000000000000000002000000280000000000000000 00004000000000000000000000000000000000519E07000000 00000100000001000000
“C:\Program Files\Synaptics\SynTP\SynTPHelper.exe”=0x534143500 1000000000000000700000028000000F0100300E14C0300010 00000000000000000030600210000B395E7CF049FCE0100000 00000000000020000002800000000000000000000400000000 00000000000000000000000008FFAB507000000000E0000000 E000000
“C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe”=0x534143500100 000000000000070000002800000038560600E13D0700010000 00000000000000030673220000B395E7CF049FCE0100000000 00000000020000002800000000000000000000400000000000 000000000000000000000034C3B507000000001F0000001F00 0000
“C:\Users\183-k\AppData\Local\Pokki\Engine\StartMenuIndexer.exe” =0x534143500100000000000000070000002800000048532F0 05531300001000000000000000000030673220000B395E7CF0 49FCE010000000000000000020000002800000000000000000 000000000000000000000000000000000000012B9B50700000 0000900000009000000
“C:\Program Files (x86)\Autograph 3.3\agraph.exe”=0x53414350010000000000000007000000 2800000000A07500F41D760001000000000000000000010671 200000975FD891C99ECE010000000000000000020000002800 00000000000000000000000000000000000000000000000000 0034AF0500000000000200000002000000
“C:\Program Files\mcafee\msc\mcuihost.exe”=0x53414350010000000 00000000700000028000000D85A0E00B7200F0003000000000 000000000030600210000B395E7CF049FCE010000000000000 00002000000280000000000000000000000000000000000000 000000000000000002DA20300000000000100000001000000
“C:\Users\HP-PC\Downloads\jre-8u25-windows-x64.exe”=0x534143500100000000000000070000002800000 0A8D985058635860501000000000000000000030673220000B 395E7CF049FCE0100000000000000000200000028000000000 00000000000400000000000000000000000000000000000010 200000000000300000003000000
“SIGN.MEDIA=E5CF7E8C loger\LoggerPro361\setup.exe”=0x534143500100000000 0000000700000028000000D80507006BAF0700010000000000 00000000000671220000975FD891C99ECE0100000000000000 00020000002800000000000000000000400000000000000000 00000000000000003C5B0400000000000100000001000000
“C:\Program Files (x86)\Vernier Software\Logger Pro 3\LoggerPro.exe”=0x5341435001000000000000000700000 028000000001073008F8E73000100000000000000000000067 1200000975FD891C99ECE01000000000000000002000000280 00000000000000000000000000000000000000000000000000 000BF1C0000000000000100000001000000
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”=0x534143500100000000000000070 0000028000000D8DB0D0090950E00010000000000000000000 00671020000975FD891C99ECE010000000100000000
“SIGN.IE=014B3F1 icarefree.exe”=0x534143500100000000000000070000002 8000000F1B3140000000000010000000000000000000306002 10000975FD891C99ECE0100000000000000000200000028000 00000000000000000000000000000000000000000000000000 06C182700000000000200000002000000
“C:\Program Files (x86)\iCare Data Recovery Free\iCareDataRecoveryFree.exe”=0x5341435001000000 000000000700000028000000008C0A00E4950A000100000000 0000000000030671220000975FD891C99ECE01000000000000 00000200000028000000000000000000004000000000000000 0000000000000000008C8C0100000000000200000002000000
“C:\Program Files (x86)\iCare Data Recovery Free\unins000.exe”=0x53414350010000000000000007000 00028000000C94A12000000000003000000000000000000030 600210000975FD891C99ECE010000000000000000020000002 80000000000000000000000000000000000000000000000000 00000A83A0000000000000100000001000000
“F:\iCare Data Recovery Free\unins000.exe”=0x53414350010000000000000007000 00028000000C94A12000000000003000000000000000000030 600210000975FD891C99ECE010000000000000000020000002 80000000000000000000000000000000000000000000000000 00000462B0000000000000100000001000000
“C:\Users\HP-PC\Downloads\InstallMTW6.9a.exe”=0x534143500100000 0000000000700000028000000A0D69E0021299F00010000000 00000000000010600010000975FD891C99ECE0100000000000 00000020000002800000000000000000000400000000000000 00000000000000000004E01020000000000010000000100000 0
“C:\Users\HP-PC\Downloads\CorelDRAW_X7_EN (1).exe”=0x534143500100000000000000070000002800000 010E90900F0940A00010000000000000000000306002100009 75FD891C99ECE0100000000000000000200000028000000000 000000000004000000000000000000000000000000000A3A83 800000000000100000001000000
“E:\software school\SkypeSetupFull.exe”=0x534143500100000000000 0000700000028000000B018BF01EB1DBF01010000000000000 00000010600010000975FD891C99ECE0100000000000000000 20000002800000000000000000000400000000000000000000 0000000000000E3880100000000000100000001000000
“SIGN.MEDIA=5DCE754 SkypeSetup for Desktop.exe”=0x53414350010000000000000007000000280 0000080DC9A021FF59A0201000000000000000000030600210 000975FD891C99ECE010000000000000000020000002800000 00000000000000040000000000000000000000000000000004 2D50000000000000100000001000000
“C:\Users\183-k\AppData\Local\Temp\certutil.exe”=0x5341435001000 00000000000070000002800000000600100000000000100000 0000000000000010571000000975FD891C99ECE01000000000 00000000200000028000000000000000000000000040000000 00000000000000000000096280000000000000600000006000 000
“C:\Users\HP-PC\Downloads\screen-recorder-pro.exe”=0x534143500100000000000000070000002800000 0A0830501C7BC0501010000000000000000000306002100009 75FD891C99ECE0100000000000000000200000028000000000 00000000000400000000000000000000000000000000094180 100000000000100000001000000
“C:\ProgramData\Package Cache{cbb7c584-20c0-4426-9921-ac1cc52ff54d}\TinyTakeSetup.exe”=0x534143500100000 000000000070000002800000000430900FD790900030000000 00000000000030600210000975FD891C99ECE0100000000000 00000020000002800000000000000000000000000000000000 00000000000000000006FF2030000000000010000000100000 0
“C:\Users\HP-PC\Downloads\WebSudokuDeluxeSetup.exe”=0x534143500 1000000000000000700000028000000F0A1140070781500010 00000000000000000030641200000975FD891C99ECE0100000 00000000000020000002800000000000000000800400000000 00000000000000000000000004EC44E0000000000010000000 1000000
“C:\Users\HP-PC\Downloads\slitherlink-1.0-setup.exe”=0x5341435001000000000000000700000028000 00010C90E00000000000100000000000000000003064120000 0975FD891C99ECE01000000000000000002000000280000000 00000000008004000000000000000000000000000000000792 D0000000000000100000001000000
“C:\Users\HP-PC\Downloads\texmakerwin32_install.exe”=0x53414350 01000000000000000700000028000000EED234030000000001 000000000000000000000671000000975FD891C99ECE010000 00000000000002000000280000000000000000080040000000 00000000000000000000000000789000000000000002000000 02000000
“C:\Program Files (x86)\Texmaker\uninstall.exe”=0x534143500100000000 000000070000002800000041E9000000000000030000000000 00000000000671000000975FD891C99ECE0100000000000000 00020000002800000000000000000800000000000000000000 00000000000000004F1A0000000000000100000001000000
“SIGN.MEDIA=1AD567 Start.exe”=0x5341435001000000000000000700000028000 000F8B00600AD4E07000100000000000000000001060001000 0975FD891C99ECE01000000000000000002000000280000000 00000000000004000000000000000000000000000000000AA2 69900000000000200000002000000
“C:\Program Files (x86)\WebSudokuDeluxe\unins000.exe”=0x534143500100 0000000000000700000028000000BC460A0000000000030000 00000000000000030641200000975FD891C99ECE0100000000 00000000020000002800000000000000000800000000000000 0000000000000000000000C613000000000000010000000100 0000
“C:\Program Files\44fd47e702288e1fbe38f8612f4e569d\3ebb3b69564 83bce3d8535d9165edfaf.exe”=0x534143500100000000000 000070000002800000038390E0061010200030000000000000 00000030671200000975FD891C99ECE0100000000000000000 20000002800000000000000000800000000000000000000000 000000000000034C30600000000000100000001000000
“C:\Users\HP-PC\Downloads\adwcleaner_5.200.exe”=0x5341435001000 00000000000070000002800000040823800848438000100000 0000000000000030600210000975FD891C99ECE01000000000 00000000500000010000000000000000000000000000000000 00000020000002800000000000000000000400000000000000 000000000000000000066ED080000000000010000000100000 0
“C:\Users\183-k\AppData\Roaming\WeatherChickn\Uninstall.exe”=0x5 3414350010000000000000007000000280000008C4F0100000 0000003000000000000000000010600010000975FD891C99EC E0100000000000000000500000010000000000000000000000 00000000000000000020000002800000000000000000000000 0008000000000000000800000000000D014000000000000010 0000001000000010000000400000001000000
“C:\Windows\unins000.exe”=0x5341435001000000000000 000700000028000000B7800B00000000000300000000000000 0000020600010000975FD891C99ECE01000000000000000002 00000028000000000000000000000000000000000000000000 00000000000049350000000000000100000001000000
“C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Setup\SetupARP.exe”=0x5341435001000000000000000 7000000280000006087300009D030000300000000000000000 0020600010000B395E7CF049FCE01000000000000000002000 00028000000000000000000000000000000000000000000000 000000000D8BBAA02000000000100000001000000
“C:\Users\HP-PC\Downloads\SHAREitLENOVOSUPPORT.exe”=0x534143500 1000000000000000700000028000000C8104F000A214F00010 00000000000000000030600210000975FD891C99ECE0100000 00000000000020000002800000000000000000000400000000 00000000000000000000000001A22010000000000010000000 1000000
“C:\Users\HP-PC\Downloads\VPython-Win-32-Py2.7-6.11.exe”=0x53414350010000000000000007000000280000 00F75A68020000000001000000000000000000020600010000 975FD891C99ECE010000000000000000020000002800000000 0000000000004000000000000000000000000000000000FFE8 0200000000000100000001000000
“C:\Users\HP-PC\Downloads\Tracker-4.94-windows-installer.exe”=0x534143500100000000000000070000002 800000079B1DA01C0932B00010000000000000000000306002 10000975FD891C99ECE0100000000000000000200000028000 00000000000000000400000000000000000000000000000000 0751CDE04000000000100000001000000
“C:\Users\HP-PC\Downloads\DjVuSolo3.1-noncom.exe”=0x534143500100000000000000070000002800 000070002200DBAE2200010000000000000000000105710000 00975FD891C99ECE0100000000000000000200000028000000 00000000000800400000000000000000000000000000000018 CF0000000000000100000001000000
“SIGN.IE=014F600 VirtualRouterInstaller.msi”=0x53414350010000000000 0000070000002800000000FE00002CDB010001000000000000 000000010500100000B395E7CF049FCE010000000000000000 02000000280000000000000000000000000000000000000000 00000000000000AA660000000000000100000001000000
“C:\Users\183-k\Downloads\setup.exe”=0x5341435001000000000000000 700000028000000B54F2100000000000100000000000000000 0030600210000975FD891C99ECE01000000000000000002000 00028000000000000000000000000000000000000000000000 000000000F8110200000000000100000001000000
“C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Eula.exe”=0x53414350010000000000000007 00000028000000804E0100CD80010001000000000000000000 010671220000975FD891C99ECE010000000000000000020000 00280000000000000000000000000000000000000000000000 000000001A0E0000000000000100000001000000
“C:\Program Files (x86)\Hotspoter\Hotspoter.exe”=0x53414350010000000 0000000070000002800000000E01E000000000001000000000 0000000000306F5220000B395E7CF049FCE010000000000000 00002000000280000000000000000000040000000000000000 00000000000000000FB42B20E000000000600000006000000
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”=0x53414350010000 00000000000700000028000000D8A611005CCE110001000000 000000000000030671220000975FD891C99ECE010000000000 00000002000000280000000000000000000000000000000000 0000000000000000000059D10A000000000002000000020000 00
“SIGN.IE=08CF2F8 Connectify2016Installer.exe”=0x5341435001000000000 000000700000028000000F8F28C00D0638D000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 000000000000000A9B00200000000000100000001000000
“C:\Users\HP-PC\Downloads\WinDjView-2.0.1-Setup.exe”=0x5341435001000000000000000700000028000 000E2F8E300000000000100000000000000000001060001000 0975FD891C99ECE01000000000000000002000000280000000 00000000000004000000000000000000000000000000000BA3 C0000000000000100000001000000
“C:\Program Files (x86)\Connectify\Connectify.exe”=0x534143500100000 0000000000700000028000000380A3F00EA783F00010000000 00000000000030680210000975FD891C99ECE0100000000000 00000020000002800000000000000000000000000000000000 0000000000000000000769FAA0700000000030000000300000 0
“C:\Users\HP-PC\LJM1130_M1210_MFP_Full_Solution.exe”=0x53414350 01000000000000000700000028000000E0059B0DB89C9B0D01 000000000000000000010600010000975FD891C99ECE010000 00000000000002000000280000000000000000000040000000 00000000000000000000000000433F4A000000000003000000 03000000
“C:\Program Files (x86)\Hotspoter\unins000.exe”=0x534143500100000000 0000000700000028000000DE960D0000000000030000000000 00000000030600210000975FD891C99ECE0100000000000000 00020000002800000000000000000000000000000000000000 0000000000000000DC120000000000000100000001000000
“C:\Program Files (x86)\athtek\CodeToFlowchart\unins000.exe”=0x53414 3500100000000000000070000002800000019910A000000000 003000000000000000000030641220000975FD891C99ECE010 00000000000000002000000280000000000000000000000000 00000000000000000000000000000171100000000000001000 00001000000
“C:\Users\HP-PC\Downloads\antimalwaresetup.exe”=0x5341435001000 000000000000700000028000000F0740D0055660E000100000 0000000000000030600210000975FD891C99ECE01000000000 00000000200000028000000000000000000004000000000000 000000000000000000000A4F61400000000000100000001000 000
“C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\uninstall.exe”=0x5341435001000000000000000 7000000280000005B030300C6CA51010300000000000000000 0010600010000975FD891C99ECE01000000000000000002000 00028000000000000000000000000000000000000000000000 000000000631B0100000000000100000001000000
“C:\Users\HP-PC\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe”=0x53414350010000000000000007000000280000 00A8C16703EE57680301000000000000000000030600210000 975FD891C99ECE010000000000000000020000002800000000 0000000000004000000000000000000000000000000000415F 0100000000000100000001000000
“C:\Users\HP-PC\Downloads\BDAntiRansomwareSetup.exe”=0x53414350 0100000000000000070000002800000010C447008E28480001 000000000000000000030600210000975FD891C99ECE010000 00000000000002000000280000000000000000000040000000 0000000000000000000000000030FA03000000000001000000 01000000
“C:\Users\HP-PC\Downloads\avast_free_antivirus_setup_online.exe ”=0x5341435001000000000000000700000028000000A0A960 0056C3600001000000000000000000030600210000975FD891 C99ECE01000000000000000002000000280000000000000000 0000400000000000000000000000000000000020B508000000 00000100000001000000
“C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRan somware.exe”=0x53414350010000000000000007000000280 00000581E140030E0140001000000000000000000030673220 000B395E7CF049FCE010000000000000000020000002800000 0000000000000004000000000000000000000000000000000E 9C10000000000000100000001000000
“C:\Users\HP-PC\Downloads\kts17.0.0.611en_10761.exe”=0x53414350 010000000000000007000000280000002008990AC4A8990A01 000000000000000000030600210000975FD891C99ECE010000 00000000000002000000280000000000000000000040000000 00000000000000000000000000C34F11000000000001000000 01000000
“C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8B0481A9A34 D47CD.exe”=0x5341435001000000000000000700000028000 00070DA10000D0211000300000000000000000001060001000 0975FD891C99ECE01000000000000000002000000280000000 00000000000000000000000000000000000000000000000ED5 90C00000000000100000001000000
“C:\Users\HP-PC\Downloads\InstallMTW6.9b.exe”=0x534143500100000 0000000000700000028000000F8F19E00884A9F00010000000 00000000000010600010000975FD891C99ECE0100000000000 00000020000002800000000000000000000400000000000000 0000000000000000000E50B070000000000010000000100000 0
“C:\Program Files (x86)\MathType\Setup.exe”=0x5341435001000000000000 00070000002800000040AB08007B6309000300000000000000 0000010600010000975FD891C99ECE01000000000000000002 00000028000000000000000000000000000000000000000000 000000000000990D0400000000000100000001000000
“C:\Users\HP-PC\Downloads\MTW6.7a.exe”=0x5341435001000000000000 000700000028000000D06C5F00504560000100000000000000 0000010600010000975FD891C99ECE01000000000000000002 00000028000000000000000000004000000000000000000000 000000000000D0B80000000000000100000001000000
“C:\Users\HP-PC\Downloads\MASetup.exe”=0x5341435001000000000000 00070000002800000068B06900EB1E6A000100000000000000 0000010571000000975FD891C99ECE01000000000000000002 00000028000000000000008009004000000000000000000000 0000000000008FB60300000000000200000002000000
“C:\Users\HP-PC\Downloads\aswmbr.exe”=0x53414350010000000000000 00700000028000000005A4F000000000001000000000000000 000030671220000975FD891C99ECE010000000000000000020 00000280000000000000000000040000000000000000000000 00000000000BB692000000000000200000002000000
“C:\Program Files (x86)\Connectify\Uninstall.exe”=0x5341435001000000 000000000700000028000000C7960400D0228E000300000000 0000000000030600210000975FD891C99ECE01000000000000 00000200000028000000000000000000000000000000000000 000000000000000000C3DE0100000000000100000001000000
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”=0x5341 435001000000000000000700000028000000585F0E0077AC0E 0001000000000000000000030600210000975FD891C99ECE01 0000000100000000
“C:\Users\HP-PC\Downloads\FRST64.exe”=0x53414350010000000000000 00700000028000000000025002BFD240001000000000000000 000030600210000B395E7CF049FCE010000000000000000020 00000280000000000000000000040000000000000000000000 00000000000EDEC2500000000000100000001000000
“C:\Program Files (x86)\Texmaker\texmaker.exe”=0x5341435001000000000 0000007000000280000000040590036B659000100000000000 0000000020671200000975FD891C99ECE01000000000000000 00200000028000000000000000000000000000000000000000 000000000000000B9A20300000000000100000001000000
“C:\Program Files\AVAST Software\Avast\setup\instup.exe”=0x534143500100000 000000000070000002800000018F9130000000000030000000 00000000000030600210000975FD891C99ECE0100000000000 00000020000002800000000000000000000000000000000000 0000000000000000000569C020000000000010000000100000 0
“C:\Program Files\AVAST Software\Avast\VisthAux.exe”=0x5341435001000000000 00000070000002800000040530300435403000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000008000004000000000000000000 0000000000000002D030000000000000100000001000000
“C:\Users\HP-PC\Downloads\ccsetup528.exe”=0x5341435001000000000 000000700000028000000F0848D0037BB8D000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000004000000000000000000 00000000000000032D90500000000000100000001000000
“C:\Users\HP-PC\Downloads\ZHPCleaner.exe”=0x5341435001000000000 00000070000002800000000F6290060922A000100000000000 0000000030600210000975FD891C99ECE01000000000000000 00200000028000000000000000000004000000000000000000 000000000000000FC602E00000000000300000003000000
“C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe”=0x5341435001000000000000000 700000028000000D0030600738C06000100000000000000000 0030671220000975FD891C99ECE01000000000000000002000 00028000000000000000000004000000000000000000000000 0000000001A4F0000000000000600000006000000
“C:\Users\HP-PC\Downloads\setup.exe”=0x534143500100000000000000 0700000028000000F0B4150270341602010000000000000000 00030600210000975FD891C99ECE0100000000000000000200 00002800000000000000000000400000000000000000000000 00000000004F680000000000000100000001000000
“C:\Program Files\RogueKiller\RogueKiller64.exe”=0x53414350010 0000000000000070000002800000048BC8E0166DF8E0101000 000000000000000030600210000B395E7CF049FCE010000000 00000000002000000280000000000000000000040000000000 00000000000000000000000B11E28000000000001000000010 00000
“C:\Users\HP-PC\Downloads\JRT.exe”=0x53414350010000000000000007 00000028000000A0631900416D190001000000000000000000 010671020000975FD891C99ECE010000000000000000020000 00280000000000000000000040000000000000000000000000 000000000A2A0400000000000200000002000000
“C:\Users\HP-PC\Downloads\adwcleaner_6.044.exe”=0x5341435001000 000000000000700000028000000D0833D00422A3E000100000 0000000000000030600210000975FD891C99ECE01000000000 0000000
“C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe”=0x5341435 001000000000000000700000028000000C8CE2B00B9E72B000 1000000000000000000030671200000975FD891C99ECE01000 00000000000000200000028000000000000000008004000000 000000000000000000000000000A0B0C600000000000200000 002000000
“C:\Users\HP-PC\Downloads\Zemana.AntiMalware.Setup.exe”=0x53414 3500100000000000000070000002800000090D0570002521D3 901000000000000000000030600210000975FD891C99ECE010 00000000000000002000000280000000000000000000040000 00000000000000000000000000000040192000000000001000 00001000000
“C:\Users\HP-PC\Downloads\ZHPDiag3.exe”=0x534143500100000000000 000070000002800000000622900D1E92900010000000000000 00000030600210000975FD891C99ECE0100000000000000000 20000002800000000000000000000400000000000000000000 000000000000066730100000000000300000003000000
“C:\Users\HP-PC\Desktop\FRST64.exe”=0x5341435001000000000000000 700000028000000000025002BFD24000100000000000000000 0030600210000B395E7CF049FCE01000000000000000002000 00028000000000000000000004000000000000000000000000 000000000C3840600000000000100000001000000
“C:\Users\HP-PC\Downloads\SecurityCheck.exe”=0x5341435001000000 0000000007000000280000003ACC070065BC01000100000000 0000000000010600010000975FD891C99ECE01000000000000 00000200000028000000000000000000004000000000000000 000000000000000000FE440200000000000100000001000000
“C:\Users\HP-PC\Downloads\Adware Removal Tool by TSA.exe”=0x534143500100000000000000070000002800000 0A87A0B0004E60B00010000000000000000000306F12200009 75FD891C99ECE0100000000000000000200000028000000000 0000000000040000000000000000000000000000000005D7C1 F00000000000100000001000000
“C:\Users\HP-PC\Downloads\rmtool-setup-x64.exe”=0x534143500100000000000000070000002800000 060AA620074EC6200010000000000000000000106000100009 75FD891C99ECE0100000000000000000200000028000000000 00000000000400000000000000000000000000000000033450 E00000000000100000001000000
“C:\Program Files\9-lab\Removal Tool\rmtool.exe”=0x5341435001000000000000000700000 028000000C0D1800016FD80000100000000000000000003067 3220000B395E7CF049FCE01000000000000000002000000280 00000000000000000004000000000000000000000000000000 00015772E00000000000200000002000000
“C:\Users\HP-PC\Downloads\quickdiag_3_31.01.17.1.exe”=0x5341435 001000000000000000700000028000000A8212500CE0126000 1000000000000000000030600210000975FD891C99ECE01000 0000000000000

---------- | IFEO

---------- | Mountpoints2

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“DragFullWindows”=USR:Control Panel\Desktop
“”=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
“Spooler”=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“DoubleClickHeight”=#USR:Control Panel\Mouse
“MouseSpeed”=#USR:Control Panel\Mouse
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“MouseThreshold2”=#USR:Control Panel\Mouse
“SwapMouseButtons”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“CoolSwitch”=USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DoubleClickWidth”=#USR:Control Panel\Mouse
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“Beep”=#USR:Control Panel\Sound
“ScreenSaveActive”=#USR:Control Panel\Desktop
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“ScreenSaverActive”=USR:Control Panel\Desktop

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“DoubleClickHeight”=#USR:Control Panel\Mouse
“MouseSpeed”=#USR:Control Panel\Mouse
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“MouseThreshold2”=#USR:Control Panel\Mouse
“SwapMouseButtons”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“CoolSwitch”=USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DoubleClickWidth”=#USR:Control Panel\Mouse
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“Beep”=#USR:Control Panel\Sound
“ScreenSaveActive”=#USR:Control Panel\Desktop
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“ScreenSaverActive”=USR:Control Panel\Desktop

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
“windows”=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows Defender]
“LastKnownGoodProxy”=1

[HKLM\SOFTWARE\Microsoft\Security Center]
“cval”=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
“VistaSp1”=130216565553372332
“AntiVirusOverride”=0
“AntiSpywareOverride”=0
“FirewallOverride”=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
“ProductIcon”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
“RemediationExe”=%ProgramFiles%\Windows Defender\MSASCui.exe
“ProductLocalizedName”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
“DisableAntiSpyware”=1
“ProductType”=2
“ProductStatus”=0
“TrustedImageIdentifier”=758211-372
“DisableAntiVirus”=1
“InstallTime”=0x657507E61AC4CF01
“OneTimeSqmDataSent”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall”=1

---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)

---------- | Hosts
[HEADING=1]127.0.0.1 localhost[/HEADING]
---------- | Ping

---------- | @

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Internet Explorer\Main]
“Start Page”= http://www.google.com/
“Default_Page_URL”= MSN
“Anchor Underline”=yes
“Cache_Update_Frequency”=Once_Per_Session
“Display Inline Images”=yes
“Do404Search”=0x01000000
“Local Page”=C:\Windows\system32\blank.htm
“Save_Session_History_On_Exit”=no
“Show_FullURL”=no
“Show_StatusBar”=yes
“Show_ToolBar”=yes
“Show_URLinStatusBar”=yes
“Show_URLToolBar”=yes
“Use_DlgBox_Colors”=yes
“Search Page”= Search - Microsoft Bing
“XMLHTTP”=1
“NoUpdateCheck”=1
“Disable Script Debugger”=yes
“DisableScriptDebuggerIE”=yes
“UseClearType”=no
“Enable Browser Extensions”=yes
“Play_Background_Sounds”=yes
“Play_Animations”=yes
“OperationalData”=13
“CompatibilityFlags”=0
“IE10TourNoShow”=1
“FullScreen”=no
“Window_Placement”=0x2C0000000000000001000000FFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFF0A020000000000000403000 09F000000
“ImageStoreRandomFolder”=h17qkcu
“IE10RunOncePerInstallCompleted”=1
“IE10RunOnceCompletionTime”=0xAEE228C18363D201
“Use FormSuggest”=no
“AutoHide”=yes
“DownloadWindowPlacement”=0x2C00000000000000000000 00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2000000054000000 A002000034020000
“SuppressScriptDebuggerDialog”=0
“UseSWRender”=0
“Expand Alt Text”=no
“Move System Caret”=no
“PlaySounds”=0
“NscSingleExpand”=0
“Error Dlg Displayed On Every Error”=no
“UseThemes”=1
“GotoIntranetSiteForSingleWordEntry”=0
“NotifyDownloadComplete”=yes
“Friendly http errors”=yes
“Check_Associations”=no
“SmoothScroll”=1
“EnableAlternativeCodec”=yes
“Enable AutoImageResize”=yes
“Show image placeholders”=0
“MixedContentBlockImages”=0
“Isolation64Bit”=0
“DOMStorage”=1
“Isolation”=PMIL
“DoNotTrack”=1
“Start Page_TIMESTAMP”=0xBA1DFB9C264ED201
“SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy”=0x010000001A0000009A5354EE9DFF58E6D E2182C16075EE6711DBDE682CD7070C8539020000000E00000 04D4C4243555250666D4D55253364

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“User Agent”=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
“IE5_UA_Backup_Flag”=5.0
“ZonesSecurityUpgrade”=0xC6E8DA507BAACF01
“EmailName”=User@
“AutoConfigProxy”=wininet.dll
“MimeExclusionListForCache”=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
“WarnOnPost”=0x01000000
“UseSchannelDirectly”=0x01000000
“EnableHttp1_1”=1
“UrlEncoding”=0
“SecureProtocols”=2688
“PrivacyAdvanced”=0
“DisableCachingOfSSLPages”=0
“WarnonZoneCrossing”=0
“CertificateRevocation”=1
“EnableNegotiate”=1
“MigrateProxy”=1
“EnableAutodial”=0
“ProxyHttp1.1”=1
“EnableSPDY3_0”=1
“ShowPunycode”=0
“EnablePunycode”=1
“DisableIDNPrompt”=0
“EnforceP3PValidity”=0
“WarnonBadCertRecving”=1
“WarnOnPostRedirect”=1
“ProxyEnable”=0

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Internet Explorer\Main]
“Start Page”= MSN
“Default_Page_URL”= MSN
“OperationalData”=13
“Anchor Underline”=yes
“Cache_Update_Frequency”=Once_Per_Session
“Display Inline Images”=yes
“Do404Search”=0x01000000
“Local Page”=C:\Windows\system32\blank.htm
“Save_Session_History_On_Exit”=no
“Show_FullURL”=no
“Show_StatusBar”=yes
“Show_ToolBar”=yes
“Show_URLinStatusBar”=yes
“Show_URLToolBar”=yes
“Use_DlgBox_Colors”=yes
“Search Page”= Search - Microsoft Bing
“XMLHTTP”=1
“NoUpdateCheck”=1
“Disable Script Debugger”=yes
“DisableScriptDebuggerIE”=yes
“UseClearType”=no
“Enable Browser Extensions”=yes
“Play_Background_Sounds”=yes
“Play_Animations”=yes
“CompatibilityFlags”=0
“FullScreen”=no
“Window_Placement”=0x2C0000000000000001000000FFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFF05010000520000005A04000 0AA020000
“ImageStoreRandomFolder”=lovazcl
“IE10RunOncePerInstallCompleted”=1
“IE10RunOnceCompletionTime”=0xA299FF678BA0D201
“IE10TourNoShow”=1
“DownloadWindowPlacement”=0x0000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000000000
“Use FormSuggest”=yes
“FormSuggest Passwords”=yes
“FormSuggest PW Ask”=yes
“Start Page_TIMESTAMP”=0x414A4DC0FCD2D101
“SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy”=

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“User Agent”=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
“IE5_UA_Backup_Flag”=5.0
“ZonesSecurityUpgrade”=0xE30F369319C4CF01
“EmailName”=User@
“AutoConfigProxy”=wininet.dll
“MimeExclusionListForCache”=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
“WarnOnPost”=0x01000000
“UseSchannelDirectly”=0x01000000
“EnableHttp1_1”=1
“UrlEncoding”=0
“SecureProtocols”=2688
“PrivacyAdvanced”=0
“DisableCachingOfSSLPages”=0
“WarnonZoneCrossing”=0
“CertificateRevocation”=1
“EnableNegotiate”=1
“MigrateProxy”=1
“ProxyEnable”=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
“AutoHide”=yes
“Security Risk Page”=about:SecurityRisk
“Extensions Off Page”=about:NoAdd-ons
“Default_Search_URL”= Search - Microsoft Bing
“Default_Page_URL”= MSN
“Anchor_Visitation_Horizon”=0x01000000
“Cache_Percent_of_Disk”=0x0A000000
“Placeholder_Width”=0x1A000000
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
“Placeholder_Height”=0x1A000000
“Default_Secondary_Page_URL”=
“Use_Async_DNS”=yes
“Start Page”= MSN
“Local Page”=C:\Windows\System32\blank.htm
“Search Page”= Search - Microsoft Bing
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“FormSuggest PW Ask”=no
“FormSuggest Passwords”=no
“DoNotTrack”=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“Home”=270
“PostNotCached”=res://ieframe.dll/repost.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm
“Compat”=res://mshtml.dll/compat.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix]
“”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes]
“mosaic”=http://
“www”=http://
“home”=http://
“ftp”=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“WarnOnIntranet”=1
“MinorVersion”=0
“ActiveXCache”=C:\Windows\Downloaded Program Files

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
“AutoHide”=yes
“Security Risk Page”=about:SecurityRisk
“Extensions Off Page”=about:NoAdd-ons
“Default_Search_URL”= Search - Microsoft Bing
“Default_Page_URL”= MSN
“Anchor_Visitation_Horizon”=0x01000000
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“Cache_Percent_of_Disk”=0x0A000000
“Placeholder_Width”=0x1A000000
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
“Placeholder_Height”=0x1A000000
“Default_Secondary_Page_URL”=
“Use_Async_DNS”=yes
“Start Page”= MSN
“Local Page”=C:\Windows\SysWOW64\blank.htm
“Search Page”= Search - Microsoft Bing
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“FormSuggest PW Ask”=no
“FormSuggest Passwords”=no
“DoNotTrack”=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“Home”=270
“PostNotCached”=res://ieframe.dll/repost.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm
“Compat”=res://mshtml.dll/compat.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\DefaultPrefix]
“”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\Prefixes]
“mosaic”=http://
“www”=http://
“home”=http://
“ftp”=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Internet settings]
“CodeBaseSearchPath”=CODEBASE
“WarnOnIntranet”=1
“EnablePunycode”=1
“MinorVersion”=0
“ActiveXCache”=C:\Windows\Downloaded Program Files

---------- | reparsepoint

---------- | Detection of offsets

---------- | Notify

---------- | Execution FileExts

---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\EnhancedStorageS hell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} – C:\Windows\System32\EhStorShell.dll [07/03/2015 17:40:05]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Groo ve Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} – C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [27/10/2006 00:48:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Groo ve Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} – C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [27/10/2006 00:48:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Groo ve Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} – C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [27/10/2006 00:48:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Groo ve Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} – C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [27/10/2006 00:48:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Groo ve Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} – C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [27/10/2006 00:48:42]

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellExecuteHooks]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=Groove GFS Stub Execution Hook

---------- | Toolbar

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“Locked”=1
“ShowDiscussionButton”=Yes

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“ITBar7Height”=0
“ITBar7Layout”=0x130000000000000000000000200000001 00000001500000001000000000700005E01000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
“KnownProvidersUpgradeTime”=0xE564ACBD8363D201
“DownloadRetries”=15
“Version”=4
“UpgradeTime”=0x00A68DBF8363D201
“DefaultPackCorrection”=1
“DefaultPackNTCorrection”=1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“Locked”=1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“ITBar7Height”=0
“ITBar7Layout”=0x130000000000000000000000200000001 00000001500000001000000000700005E01000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
“KnownProvidersUpgradeTime”=0x509E83678BA0D201
“DownloadRetries”=6
“DefaultPackCorrection”=1
“Version”=4
“UpgradeTime”=0xD20E15688BA0D201
“DefaultPackNTCorrection”=1
“ShowSearchSuggestionsInAddressGlobal”=0

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP luginx64.dll,-102) -
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll,-102) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (S&end to OneNote) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101) -

---------- | SearchScopes

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS :
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}] - (Google) - Google {searchTerms}&sourceid=ie7&rls=com.microsoft:{lang uage}:{referrer:source}&ie={inputEncoding?}&oe={ou tputEncoding?} :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}] - (Google) - Google {searchTerms}&sourceid=ie7&rls=com.microsoft:{lang uage}:{referrer:source}&ie={inputEncoding?}&oe={ou tputEncoding?} :

---------- | Browser Helper Objects

---------- | Chrome

[HKLM\Software\WOW6432Node\Google\Chrome\Extensions \lifbcibllhkdhoafpjfnlhfpfgnpldfl]

---------- | Opera

---------- | Firefox

[HKLM\Software\mozilla\Firefox\Extensions]
“light_plugin_F6F079488B53499DB99380A...asp ersky.com”=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensio ns]
“light_plugin_F6F079488B53499DB99380A...asp ersky.com”=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=11.25.2] - (Java™ Deployment Toolkit) : C:\Users\183-k\Desktop\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\MozillaPlugins@java.com/JavaPlugin,version=11.25.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Users\183-k\Desktop\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) : C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144 .dll
[HKLM\Software\WOW6432Node\MozillaPlugins@autograph-maths.com/Autograph Player Plugin] - (Autograph Plugin for Firefox) : C:\Program Files (x86)\Autograph 3.3\WebPlayer\npagraph.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@google.com/npPicasa3,version=3.0.0] - (Picasa3 plugin) : C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@RIM.com/WebSLLauncher,version=1.0] - (BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers) : C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

---------- | DNS

[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{D8CDCD34-1927-4308-BFA6-CD78629C69FD}]
“DhcpNameServer”=192.168.0.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{D8CDCD34-1927-4308-BFA6-CD78629C69FD}]
“DhcpNameServer”=192.168.0.1

---------- | Applications

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Classes\Applications::{52205FD8-5DFB-447D-801A-D0B52F2E83E1}] : “::{52205FD8-5DFB-447D-801A-D0B52F2E83E1}” %1
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Classes\Applications\AcroRd32.exe] : “C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe” “%1”
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Classes\Applications\WinDjView.exe] : “C:\Program Files\WinDjView\WinDjView.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : “C:\Program Files\Internet Explorer\iexplore.exe” %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen “%1”
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\PicasaPhotoView er.exe] : “C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iex plore.exe] : “C:\Program Files\Internet Explorer\iexplore.exe” %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\not epad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois .exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\pho toviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Pic asaPhotoViewer.exe] : “C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmp layer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wor dpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”

---------- | SvcHost

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
“RPCSS”=RpcEptMapper
RpcSs
“LocalService”=nsi
WdiServiceHost
w32time
EventSystem
WinHttpAutoProxySvc
SstpSvc
netprofm
lltdsvc
THREADORDER
FontCache
fdphost
bthserv
WebClient
workfolderssvc
RemoteRegistry
“WepHostSvcGroup”=WepHostSvc
“defragsvc”=defragsvc
“LocalServiceAndNoImpersonation”=TimeBroker
SSDPSRV
upnphost
SCardSvr
BthHFSrv
QWAVE
fdrespub
wcncsvc
SensrSvc
“DcomLaunch”=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
“LocalSystemNetworkRestricted”=WdiSystemHost
ScDeviceEnum
WiaRpc
trkwks
AudioEndpointBuilder
WUDFSvc
hidserv
dot3svc
NcbService
svsvc
sysmain
StorSvc
TabletInputService
fhsvc
PcaSvc
DeviceAssociationService
homegrouplistener
wlansvc
WPDBusEnum
vmickvpexchange
vmicshutdown
vmicvss
vmicguestinterface
irmon
Netman
UmRdpService
“netsvcs”=AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
iphlpsvc
seclogon
AppInfo
msiscsi
EapHost
schedule
winmgmt
MMCSS
browser
ProfSvc
SessionEnv
wercplsupport
hkmsvc
BDESVC
lfsvc
wlidsvc
Themes
DsmSvc
NcaSvc
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
“WerSvcGroup”=wersvc
“WbioSvcGroup”=WbioSrvc
“LocalServiceNoNetwork”=DPS
PLA
BFE
mpssvc
NcdAutoSetup
WwanSvc
“imgsvc”=StiSvc
“termsvcs”=TermService
“swprv”=swprv
“wsappx”=WSService
AppXSvc
“smphost”=smphost
“ICService”=vmicheartbeat
vmicrdv
“LocalServiceNetworkRestricted”=DHCP
eventlog
AudioSrv
wscsvc
LmHosts
AppIDSvc
wcmsvc
homegroupprovider
WPCSvc
vmictimesync
“LocalServicePeerNet”=PNRPSvc
p2pimsvc
p2psvc
PnrpAutoReg
“NetworkServiceAndNoImpersonation”=KtmRm
“regsvc”=RemoteRegistry
“wcssvc”=WcsPlugInService
“NetworkServiceNetworkRestricted”=PolicyAgent
“AxInstSVGroup”=AxInstSV
“AppReadiness”=AppReadiness
“NetworkService”=CryptSvc
nlasvc
lanmanworkstation
NapAgent
WinRM
WECSVC
DNSCache
Tapisrv
DHCP
TermService
“print”=PrintNotify
“apphost”=apphostsvc
w3logsvc
“iissvcs”=w3svc
was
“utcsvc”=DiagTrack
“bthaudiosvc”=BthHFSrv

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
“netsvcs”=CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
iphlpsvc
msiscsi
schedule
winmgmt
SessionEnv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
“LocalSystemNetworkRestricted”=ScDeviceEnum
WiaRpc
AudioEndpointBuilder
dot3svc
StorSvc
Netman
DeviceAssociationService
WPDBusEnum
wlansvc
“LocalService”=WinHttpAutoProxySvc
netprofm
RemoteRegistry
WebClient
“imgsvc”=StiSvc
“LocalServiceNoNetwork”=PLA
“smphost”=smphost
“rpcss”=RpcSs
“LocalServiceNetworkRestricted”=AudioSrv
wscsvc
LmHosts
WPCSvc
“wcssvc”=WcsPlugInService
“LocalServiceAndNoImpersonation”=SSDPSRV
upnphost
SCardSvr
BthHFSrv
QWAVE
wcncsvc
“DcomLaunch”=PlugPlay
DcomLaunch
DeviceInstall
“NetworkService”=CryptSvc
NapAgent
WinRM
WECSVC
DHCP
TermService
DNSCache
Tapisrv
“apphost”=apphostsvc
w3logsvc
“iissvcs”=w3svc
was

---------- | SvcHost - Netsvcs (Whitelisted)

---------- | Software

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\3rd Eye Solutions]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\7-Zip]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\9-lab]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Adobe]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Andrew Zhezherun]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Apowersoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\AppDataLow]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\AT&T Labs]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\BlackBerry]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\BlueJ]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Bytescout]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Chromium]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\clCI75RGsstX0Gr]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Clients]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Config]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Corel]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\CyberLink]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Design Science]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\DjVuSolo]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Eastmond Publishing Ltd.]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Evernote]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Extended Systems]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Google]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Grammarly]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Hewlett-Packard]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\IM Providers]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Install Options]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Intel]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Ivan]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\JavaSoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\KasperskyLab]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Lagarith]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Locky]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Macromedia]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Malwarebytes]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\MangoApps]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\McAfee]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\MiKTeX.org]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Mine]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Mirage]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\MOVAVI]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Mozilla]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\MozillaPlugins]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Netscape]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\ODBC]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Piriform]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Policies]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\QtProject]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Realtek]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Research In Motion]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Skype]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\SmartDraw.com]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Softex]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\StarUML]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Synaptics]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\SystemQQX]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\TUG]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Vernier Software]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Web Sudoku]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\WinRAR]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Wow6432Node]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\xm1]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\ZoomUMX]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\AppDataLow\Software\Adobe]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\9-lab]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Adobe]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Apowersoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\AppDataLow]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Bitdefender]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\BlackBerry]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\clCI75RGsstX0Gr]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Config]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\CyberLink]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Design Science]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Eastmond Publishing Ltd.]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\ESET]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Google]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Hewlett-Packard]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\IM Providers]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\InstallPath]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Intel]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Ivan]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\JavaSoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\KasperskyLab]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Locky]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Mine]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Mirage]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Mozilla]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Netscape]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Northcode Inc]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Piriform]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Policies]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Realtek]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\RegisteredApplications]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Research In Motion]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\SHAREit]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Skype]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Softex]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Synaptics]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\sysinternals]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Vernier Software]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Web Sudoku]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Wow6432Node]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\xm1]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Zemana]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\ZHP]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\应用程序向导生成的本地应用程序]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\AppDataLow\Software\Adobe]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Broadcom]
[HKLM\Software\Clients]
[HKLM\Software\Corel]
[HKLM\Software\CyberLink]
[HKLM\Software\Design Science]
[HKLM\Software\ESET]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IM Providers]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\PortNameSetting]
[HKLM\Software\Protexis64]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\Softex]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Zemana]
[HKLM\Software\ZmnGlobalSDK]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnosti cs]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnostic sProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Adware Removal Tool by TSA]
[HKLM\Software\WOW6432Node\AppDataLow]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\BlueJ]
[HKLM\Software\WOW6432Node\bmModem]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\Corel]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\DDD5473C62677ECE24054A6D 47DD272F]
[HKLM\Software\WOW6432Node\Design Science]
[HKLM\Software\WOW6432Node\DivXNetworks]
[HKLM\Software\WOW6432Node\Eastmond Publishing Ltd.]
[HKLM\Software\WOW6432Node\Eset]
[HKLM\Software\WOW6432Node\Evernote]
[HKLM\Software\WOW6432Node\Extended Systems]
[HKLM\Software\WOW6432Node\Funk Software, Inc.]
[HKLM\Software\WOW6432Node\Ginger]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Hewlett-Packard]
[HKLM\Software\WOW6432Node\HewlettPackard]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\Install Options]
[HKLM\Software\WOW6432Node\Insyde]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Ivan]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\KasperskyLab]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Lake]
[HKLM\Software\WOW6432Node\LizardTech]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\McAfee]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\MOVAVI]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Open Source Physics]
[HKLM\Software\WOW6432Node\Piriform]
[HKLM\Software\WOW6432Node\Python]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Research In Motion]
[HKLM\Software\WOW6432Node\SHAREit]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\Software]
[HKLM\Software\WOW6432Node\Vernier Software]
[HKLM\Software\WOW6432Node\Vernier Software & Technology]
[HKLM\Software\WOW6432Node\WildTangent]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStor age]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Script edDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

---------- | Drives

C:

D:

[01/03/2016 11:01:00] - |A| - (.-.) - [468] - (0.0.0.0) - D:\New Volume (F) - Shortcut.lnk
[13/05/2014 11:18:55] - |RASH| - (.-.) - [55] - (0.0.0.0) - D:\RP.ini

F:

---------- | C:\Windows

[22/08/2013 21:06:30] - |D| - [802] - C:\Windows\addins
[22/08/2013 21:06:31] - |D| - [1175552] - C:\Windows\ADFS
[22/08/2013 21:06:30] - |D| - [45022563] - C:\Windows\AppCompat
[22/08/2013 21:06:31] - |D| - [11868960] - C:\Windows\apppatch
[22/08/2013 21:06:30] - |D| - [0] - C:\Windows\AppReadiness
[22/08/2013 21:06:30] - |RSD| - [1130817459] - C:\Windows\assembly
[MD5.FA78F9739F8F0239A539A06B10D354C7] - [22/08/2013 16:51:53] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [56832] - (6.3.9600.16384) - C:\Windows\bfsvc.exe
[22/08/2013 21:06:31] - |D| - [36950530] - C:\Windows\Boot
[MD5.0709B491145279E2DC26FB3D1E2D72B9] - [22/08/2013 20:16:23] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[22/08/2013 21:06:31] - |D| - [2295864] - C:\Windows\Branding
[22/08/2013 21:06:30] - |D| - [7220496] - C:\Windows\Camera
[22/08/2013 20:50:01] - |D| - [10770] - C:\Windows\CbsTemp
[MD5.0505315076F50DE128B8256927B94722] - [18/03/2014 15:08:12] - |A| - (.-.) - [35851] - (0.0.0.0) - C:\Windows\CoreConnectedSingleLanguage.xml
[MD5.315BC3A000AE8C15A29F280D2F01EE1F] - [13/05/2014 09:40:35] - |A| - (.-.) - [35397] - (0.0.0.0) - C:\Windows\CoreSingleLanguage.xml
[MD5.3C7CF33D66642B5CF0314C71A0B213EF] - [08/05/2014 06:59:46] - |A| - (.-.) - [12] - (0.0.0.0) - C:\Windows\CSUP.txt
[22/08/2013 21:06:30] - |D| - [4503720] - C:\Windows\Cursors
[22/08/2013 21:06:31] - |D| - [3325066] - C:\Windows\debug
[22/08/2013 21:06:30] - |RD| - [22590] - C:\Windows\DesktopTileResources
[22/08/2013 21:06:30] - |D| - [3495466] - C:\Windows\diagnostics
[22/08/2013 21:13:29] - |D| - [0] - C:\Windows\DigitalLocker
[22/08/2013 21:06:31] - |SD| - [65] - C:\Windows\Downloaded Program Files
[MD5.300E65BFAF25856869C9053580B7171C] - [13/05/2014 08:48:04] - |A| - (.-.) - [22776] - (0.0.0.0) - C:\Windows\DPINST.LOG
[MD5.E3BFE4D0BB7CCD091F80F0C28A788B42] - [22/08/2013 21:07:25] - |A| - (.-.) - [6055] - (0.0.0.0) - C:\Windows\DtcInstall.log
[22/08/2013 21:06:31] - |HD| - [28792] - C:\Windows\ELAMBKUP
[22/08/2013 21:13:29] - |D| - [97792] - C:\Windows\en-US
[MD5.CF61F70AF2179EFE62A8332F66AFFF73] - [22/10/2014 20:46:41] - |A| - (.-.) - [573] - (0.0.0.0) - C:\Windows\exampro32.ini
[MD5.ED6B4C95E2A6D67480B9DBB8A8E7D9B4] - [12/10/2016 11:53:29] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [2755504] - (6.3.9600.18460) - C:\Windows\explorer.exe
[22/08/2013 21:06:30] - |D| - [14532137] - C:\Windows\FileManager
[22/08/2013 19:06:15] - |RSD| - [598678832] - C:\Windows\Fonts
[22/08/2013 21:06:30] - |D| - [93324848] - C:\Windows\Globalization
[22/08/2013 21:06:31] - |D| - [2023950] - C:\Windows\Help
[MD5.7C549E06CA1F45806B940641991EE8DE] - [16/03/2017 00:28:54] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [1001472] - (6.3.9600.18589) - C:\Windows\HelpPane.exe
[13/05/2014 09:01:32] - |D| - [30573772] - C:\Windows\Hewlett-Packard
[MD5.B934411DFE7DEACFA95A1255A48133C9] - [07/03/2015 17:36:33] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [17408] - (6.3.9600.17415) - C:\Windows\hh.exe
[MD5.B509BFF02A576F28EE1440F2D022D56F] - [22/10/2014 20:48:06] - |A| - (.-.) - [197] - (0.0.0.0) - C:\Windows\IB_MH.LOG
[MD5.C5E091BF50875FFBC9FAC6CFC6FC8975] - [22/10/2014 20:46:32] - |A| - (.-.) - [192] - (0.0.0.0) - C:\Windows\IB_PH.LOG
[MD5.7D2754BE054D57961BF76BA4DADFDF4B] - [02/04/2014 15:22:09] - |A| - (.-.) - [10342] - (0.0.0.0) - C:\Windows\iis.log
[22/08/2013 21:06:30] - |D| - [152843668] - C:\Windows\IME
[22/08/2013 21:06:31] - |RD| - [7298012] - C:\Windows\ImmersiveControlPanel
[22/08/2013 19:06:15] - |D| - [159052989] - C:\Windows\Inf
[22/08/2013 21:06:31] - |D| - [119175822] - C:\Windows\InputMethod
[22/08/2013 21:06:31] - |SHD| - [1317271721] - C:\Windows\Installer
[MD5.515E4684008E955DE0C81E6A7AEA1C2A] - [22/09/2016 02:10:25] - |A| - (.Copyright InstallShield Corporation, Inc. 1990-1997 - InstallShield® unInstaller.) - [306688] - (5.51.138.0) - C:\Windows\IsUninst.exe
[22/08/2013 21:06:31] - |D| - [61417] - C:\Windows\L2Schemas
[22/08/2013 21:06:31] - |D| - [9638054] - C:\Windows\LiveKernelReports
[22/08/2013 19:06:15] - |D| - [605796000] - C:\Windows\Logs
[22/08/2013 21:06:30] - |RSD| - [19944453] - C:\Windows\Media
[22/08/2013 21:06:31] - |D| - [18917376] - C:\Windows\MediaViewer
[MD5.EA1419F961CC179B7747973EFE8DF7E4] - [14/08/2014 05:31:12] - |A| - (.-.) - [666846546] - (0.0.0.0) - C:\Windows\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [22/08/2013 12:31:23] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[22/08/2013 21:06:30] - |D| - [705990145] - C:\Windows\Microsoft.NET
[25/06/2015 11:36:09] - |D| - [1263] - C:\Windows\Migration
[14/08/2014 05:31:22] - |D| - [23918712] - C:\Windows\Minidump
[22/08/2013 21:06:31] - |D| - [4956] - C:\Windows\ModemLogs
[MD5.D84209D3FB6FC9A1FD1519CAE28DC9E7] - [28/01/2010 15:55:34] - |A| - (.-.) - [53478] - (0.0.0.0) - C:\Windows\mvtcpui.ini
[MD5.FC2EA5BD5307D2CFA5AAA38E0C0DDCE9] - [01/09/2015 21:42:31] - |A| - (.© Microsoft Corporation. - Notepad.) - [221184] - (6.3.9600.17930) - C:\Windows\notepad.exe
[MD5.3B9A62A1BF28E18D7EE90CF414FE69F5] - [14/03/2017 02:22:14] - |A| - (.-.) - [219360] - (0.0.0.0) - C:\Windows\ntbtlog.txt
[22/08/2013 21:06:30] - |RD| - [65] - C:\Windows\Offline Web Pages
[02/04/2014 15:55:28] - |D| - [4427186] - C:\Windows\Panther
[28/07/2014 21:35:52] - |D| - [0] - C:\Windows\PCHEALTH
[22/08/2013 21:06:30] - |D| - [45240617] - C:\Windows\Performance
[MD5.86EF9331AB187A6391BB5C76B901BD98] - [18/03/2014 15:14:06] - |A| - (.-.) - [820278] - (0.0.0.0) - C:\Windows\PFRO.log
[22/08/2013 21:06:30] - |D| - [1121834] - C:\Windows\PLA
[22/08/2013 21:06:30] - |D| - [2337170] - C:\Windows\PolicyDefinitions
[13/05/2014 08:43:20] - |D| - [37711548] - C:\Windows\Prefetch
[MD5.B67DB709F5FDAA89CA6C2CB6C1E39B3B] - [07/03/2015 17:36:22] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [154624] - (6.3.9600.17415) - C:\Windows\regedit.exe
[22/08/2013 21:06:30] - |D| - [22588] - C:\Windows\Registration
[22/08/2013 21:06:30] - |D| - [7466180] - C:\Windows\rescache
[22/08/2013 21:06:31] - |D| - [2578755] - C:\Windows\Resources
[MD5.A8F0B315F67842060906A301108CDAB0] - [13/05/2014 08:53:44] - |A| - (.Copyright (C) 2014 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2080472] - (1.0.5.4) - C:\Windows\RtlExUpd.dll
[22/08/2013 21:06:31] - |D| - [0] - C:\Windows\SchCache
[22/08/2013 21:06:30] - |D| - [118561] - C:\Windows\schemas
[22/08/2013 21:06:31] - |D| - [1069964] - C:\Windows\security
[22/08/2013 20:15:15] - |D| - [102162977] - C:\Windows\ServiceProfiles
[22/08/2013 19:06:15] - |D| - [204071063] - C:\Windows\servicing
[22/08/2013 20:15:23] - |D| - [42] - C:\Windows\Setup
[MD5.A6C258876B3EB153B461ABC968E038D3] - [22/08/2013 20:16:17] - |A| - (.-.) - [1860178] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/08/2013 20:16:17] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[18/03/2014 15:08:02] - |D| - [95758] - C:\Windows\ShellNew
[18/03/2014 15:08:02] - |D| - [31373168] - C:\Windows\SKB
[28/07/2014 21:17:13] - |D| - [136619864] - C:\Windows\SoftwareDistribution
[22/08/2013 21:06:30] - |D| - [125808437] - C:\Windows\Speech
[MD5.4D9DA155B7B449964E14FC32124CC601] - [07/03/2015 17:34:48] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [128512] - (6.3.9600.17415) - C:\Windows\splwow64.exe
[MD5.A77E65831A152C8FCA5B822749E2624D] - [22/08/2013 20:49:59] - |A| - (.-.) - [35891] - (0.0.0.0) - C:\Windows\Starter.xml
[MD5.D9BD45F470C2C9E1EC641435766D5E18] - [13/05/2014 08:48:03] - |A| - (.-.) - [1344] - (0.0.0.0) - C:\Windows\Synaptics.log
[22/08/2013 21:06:30] - |D| - [31039] - C:\Windows\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 18:55:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[22/08/2013 19:06:16] - |D| - [4785925734] - C:\Windows\System32
[22/08/2013 21:06:30] - |D| - [8393192] - C:\Windows\SystemResources
[22/08/2013 19:06:16] - |D| - [1369816316] - C:\Windows\SysWOW64
[22/08/2013 21:06:31] - |D| - [0] - C:\Windows\TAPI
[22/08/2013 21:06:30] - |D| - [344] - C:\Windows\Tasks
[22/08/2013 19:06:16] - |D| - [0] - C:\Windows\Temp
[22/08/2013 21:06:30] - |RD| - [22151] - C:\Windows\ToastData
[22/08/2013 21:06:31] - |D| - [13702409] - C:\Windows\tracing
[22/08/2013 21:06:31] - |D| - [7680] - C:\Windows\twain_32
[MD5.727B4519FE9919447108CBEC4768F34A] - [07/03/2015 17:33:48] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [54272] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.2A07CFC6BEB8CE6DC22CFDD6CAE8CC52] - [22/08/2013 20:16:17] - |A| - (.-.) - [5446] - (0.0.0.0) - C:\Windows\vmgcoinstall.log
[22/08/2013 21:06:30] - |D| - [15651986] - C:\Windows\vpnplugins
[22/08/2013 21:06:30] - |D| - [12420] - C:\Windows\Vss
[22/08/2013 21:06:31] - |D| - [10772006] - C:\Windows\Web
[MD5.E711DE76EF8430545C6052E2B98B81C0] - [22/08/2013 18:55:43] - |A| - (.-.) - [199] - (0.0.0.0) - C:\Windows\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [22/08/2013 12:23:50] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.A0B051A32CA4E1EEBA439E45E9C92050] - [28/07/2014 21:17:13] - |A| - (.-.) - [1389479] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.335C38783B3F1B383ECAC17DB3705895] - [07/03/2015 17:37:41] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.3.9600.17415) - C:\Windows\winhlp32.exe
[22/08/2013 21:06:31] - |D| - [1798774] - C:\Windows\WinStore
[22/08/2013 19:06:16] - |D| - [8584321878] - C:\Windows\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [22/08/2013 12:22:18] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.73E19BE0E0ECD88616B5762F621B0226] - [07/03/2015 17:32:25] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (6.3.9600.17415) - C:\Windows\write.exe
[MD5.1892E20FF40790407D9627A20841CFA4] - [20/03/2017 00:10:55] - |A| - (.-.) - [139496] - (0.0.0.0) - C:\Windows\ZAM.krnl.trace
[MD5.72557DAF180D51ED268D9C92F5332FFD] - [20/03/2017 00:10:55] - |A| - (.-.) - [67209] - (0.0.0.0) - C:\Windows\ZAM_Guard.krnl.trace

---------- | C:\Windows\System32\GroupPolicy

[19/03/2017 14:37:12] - |D| - [0] - C:\Windows\System32\GroupPolicy\Machine
[19/03/2017 14:37:12] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[22/10/2014 20:20:22] - C:\Windows\Installer\11b62b1.msi : (Java SE Runtime Environment 8.0 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/10/2014 20:22:21] - C:\Windows\Installer\11b62b7.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/03/2014 05:46:44] - C:\Windows\Installer\13feb.msi : ( - © 2008-2014 Hewlett-Packard Development Compay, L.P.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/02/2016 13:10:05] - C:\Windows\Installer\15033bd8.msi : (Shell Extensions - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/02/2016 13:09:48] - C:\Windows\Installer\15033bde.msi : (64BitKeys - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/02/2016 13:28:01] - C:\Windows\Installer\15033c81.msi : (Blank Project Template - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2015 16:10:40] - C:\Windows\Installer\17106394.msi : (BlackBerry Link Remover - BlackBerry Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2015 10:14:40] - C:\Windows\Installer\1710639a.msi : (BlackBerry Device Drivers - BlackBerry Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2015 10:14:40] - C:\Windows\Installer\171063a0.msi : (BlackBerry Communication Drivers - BlackBerry Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2015 16:10:38] - C:\Windows\Installer\171063a6.msi : (BlackBerry Link - BlackBerry) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2015 16:10:36] - C:\Windows\Installer\171063ac.msi : (BlackBerry Blend - BlackBerry Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/09/2011 21:09:44] - C:\Windows\Installer\19cd3712.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/09/2012 09:17:27] - C:\Windows\Installer\1ceff4.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/03/2014 21:43:10] - C:\Windows\Installer\1f710.msi : (HP SimplePass - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/03/2014 21:43:10] - C:\Windows\Installer\1f71b.msi : (Softex OmniPass Graphical Password Authentication Installer - Softex Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/03/2014 21:42:44] - C:\Windows\Installer\1f721.msi : (Softex OmniPass wbf Plugin Installer - Softex Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/09/2013 15:15:54] - C:\Windows\Installer\1f72b.msi : (swMSM - Adobe Systems, Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/05/2014 06:25:03] - C:\Windows\Installer\1f730.msi : (Evernote v. 5.2 - Evernote Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/11/2013 03:44:48] - C:\Windows\Installer\1f735.msi : ( - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/03/2014 05:35:54] - C:\Windows\Installer\1f73a.msi : ( - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/05/2014 06:25:57] - C:\Windows\Installer\1f740.msi : (HP Support Assistant - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/08/2013 00:33:14] - C:\Windows\Installer\1f745.msi : (Blank Project Template - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/05/2014 06:26:57] - C:\Windows\Installer\1f74a.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/02/2013 02:23:16] - C:\Windows\Installer\27989b.msi : ( - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2014 15:45:16] - C:\Windows\Installer\28b03.msi : (HP Documentation - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/10/2012 06:57:56] - C:\Windows\Installer\28b07.msi : ( - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/02/2014 00:00:42] - C:\Windows\Installer\28b0f.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/03/2014 04:13:00] - C:\Windows\Installer\28b17.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/11/2012 16:01:25] - C:\Windows\Installer\31ccd0c7.msi : ( - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/03/2017 01:40:00] - C:\Windows\Installer\33a7f.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2013 20:57:38] - C:\Windows\Installer\3fdf6.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/12/2013 14:48:36] - C:\Windows\Installer\3fdfa.msi : (Intel Smart Connect Technology enables your computer to periodically wake from sleep to keep your content fresh - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/11/2013 23:55:08] - C:\Windows\Installer\3fdfe.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/05/2014 08:57:40] - C:\Windows\Installer\3fe06.msi : ( - Cisco Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/05/2014 08:57:40] - C:\Windows\Installer\3fe0a.msi : ( - Cisco Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/05/2014 08:57:40] - C:\Windows\Installer\3fe0e.msi : ( - Cisco Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/05/2014 08:59:04] - C:\Windows\Installer\3fe13.msi : (HP Wireless Button Driver - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/05/2014 09:00:01] - C:\Windows\Installer\3fe20.msi : (HP 3D DriveGuard - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/01/2014 06:54:16] - C:\Windows\Installer\3fe28.msi : (Broadcom Bluetooth Drivers - Broadcom Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/08/2013 13:22:22] - C:\Windows\Installer\3fe31.msi : (HP Postscript Converter - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/09/2016 17:34:29] - C:\Windows\Installer\6071fb71.msi : (Python 2.7.9 - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/01/2017 08:36:42] - C:\Windows\Installer\6118627b.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/03/2017 19:20:57] - C:\Windows\Installer\6316c41b.msi : (SML of New Jersey. - University of Chicago) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/03/2017 01:27:41] - C:\Windows\Installer\7cb51.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/01/2014 06:58:12] - C:\Windows\Installer\b746b.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/02/2014 01:55:44] - C:\Windows\Installer\b746f.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/12/2013 00:28:30] - C:\Windows\Installer\b7473.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/12/2013 01:18:08] - C:\Windows\Installer\b7479.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/03/2014 23:25:38] - C:\Windows\Installer\b747d.msi : ( - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/02/2014 17:47:04] - C:\Windows\Installer\b7481.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2017 21:38:27] - C:\Windows\Installer\cae3adbf.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/03/2017 20:03:31] - C:\Windows\Installer\e8cf24.msi : (Kaspersky Total Security - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/03/2017 20:03:13] - C:\Windows\Installer\e8cf2b.msi : (Kaspersky Secure Connection - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%*.in*

[22/08/2013 21:06:48] - [75] - C:\Windows\System32\desktop.ini
[16/04/2015 20:24:41] - [16303] - C:\Windows\System32\ieuinit.inf
[18/03/2014 15:23:28] - [958356] - C:\Windows\System32\PerfStringBackup.INI
[22/08/2013 12:26:03] - [60124] - C:\Windows\System32\tcpmon.ini
[18/03/2014 15:24:48] - [2255] - C:\Windows\System32\WimBootCompress.ini
[22/10/2014 20:46:39] - [478] - C:\Windows\Syswow64\ic32.ini
[16/04/2015 20:24:27] - [16303] - C:\Windows\Syswow64\ieuinit.inf
[02/04/2014 15:22:15] - [974698] - C:\Windows\Syswow64\PerfStringBackup.INI
[18/03/2014 15:25:05] - [2255] - C:\Windows\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64
[MD5.BE452D7BF880125D2832F99BFDBFD1AE] - |A| - [22/08/2013 12:27:05] - (.-.) - [6.83 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\pcamain.sdb
[MD5.3F668EB300F67E3BFA6ED02B0E04C720] - |A| - [13/04/2016 11:54:47] - (.-.) - [423.33 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:51] - [0 Ko] - C:\Windows\System32\0409
[MD5.104B5349ABBA7E990B43E8E835045415] - |A| - [14/12/2016 13:53:27] - (.-.) - [435.42 Ko] - (0.0.0.0) - C:\Windows\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [13/12/2014 12:28:03] - [2463.71 Ko] - C:\Windows\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [553.94 Ko] - C:\Windows\System32\ar-SA
[MD5.D638E3AD81E149A75EEF59E9C743E27C] - |A| - [22/08/2013 21:06:38] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\AutoWorkplace.exe.config
[MD5.A5F320FFE96F6939D2FF39360ADA9B5A] - |A| - [07/03/2015 17:32:41] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [94 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [0.93 Ko] - C:\Windows\System32\Bthprops
[MD5.6E14F444A2506049EEC25CB5EDFE0905] - |A| - [13/05/2014 08:53:45] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [110.91 Ko] - (1.0.0.4) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [466097.53 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 21:06:31] - [19.02 Ko] - C:\Windows\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [365.9 Ko] - C:\Windows\System32\cs-CZ
[MD5.59075B2A63DF6A568123218BF4DC2696] - |A| - [18/03/2014 22:59:04] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\CustomModeApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/03/2014 22:59:04] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\CustomModeAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [362.4 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [389.4 Ko] - C:\Windows\System32\de-DE
[MD5.08750A50CF027F93070C8BB78E27C3B7] - |SH| - [22/08/2013 21:06:48] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [18/03/2014 15:25:23] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\Windows\System32\dfpinc.dat
[MD5.59075B2A63DF6A568123218BF4DC2696] - |A| - [18/03/2014 22:59:06] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/03/2014 22:59:06] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [82992.5 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:01:28] - [1208769.18 Ko] - C:\Windows\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [13/05/2014 09:17:55] - [101.77 Ko] - C:\Windows\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 21:06:30] - [83.5 Ko] - C:\Windows\System32\dsc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [391.9 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:51] - [1680 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [305.91 Ko] - C:\Windows\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [36137.2 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [396.18 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [306.4 Ko] - C:\Windows\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [365.4 Ko] - C:\Windows\System32\fi-FI
[MD5.0C71AC33C7E2281E914CBECFE4BBCB95] - |A| - [31/12/2011 14:16:38] - (.- Microsoft® Forms DLL.) - [1552.78 Ko] - (15.0.3628.1000) - C:\Windows\System32\FM20.DLL
[MD5.B062F368280585276C5B01A9B812CB86] - |A| - [31/12/2011 14:16:38] - (.- Microsoft® Forms International DLL.) - [31.31 Ko] - (15.0.3628.1000) - C:\Windows\System32\FM20enu.DLL
[MD5.50D204892F8E657C551B52E90F1109EB] - |A| - [22/08/2013 20:14:50] - (.-.) - [766.25 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [431.4 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.55158C8F4CFAB021134137B68BBFD01F] - |A| - [22/08/2013 12:28:31] - (.-.) - [72.53 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/03/2014 22:59:06] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxv2_0.exe.config
[MD5.59075B2A63DF6A568123218BF4DC2696] - |A| - [18/03/2014 22:59:08] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxv4_0.exe.config
[MD5.00000000000000000000000000000000] - |HD| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [334.4 Ko] - C:\Windows\System32\he-IL
[MD5.7B22F443577847796E4BB70D3BDBB612] - |A| - [13/05/2014 09:02:42] - (.© Copyright 2013 HPDC - Port Monitor Server DLL.) - [395.5 Ko] - (0.3.1282.12202) - C:\Windows\System32\hpbprtmon.dll
[MD5.205DA90FEF81EEA38948F70A784E1A4E] - |A| - [13/05/2014 09:02:42] - (.© Copyright 2013 HPDC - Port Monitor UI DLL.) - [221.5 Ko] - (0.3.1282.12202) - C:\Windows\System32\hpbprtmonui.dll
[MD5.0028C9BB7E220D951E0EAE196949B108] - |A| - [13/05/2014 09:02:42] - (.© Copyright 2013 HPDC - Real Port Monitor DLL.) - [415 Ko] - (0.3.1282.12202) - C:\Windows\System32\hpbrprtmon.dll
[MD5.1A4695BDC5017B37E6D23A88CFEC0760] - |A| - [08/05/2014 06:15:23] - (.Copyright (C) 2011 -.) - [114.5 Ko] - (1.3.0.0) - C:\Windows\System32\HPMUIDir.exe
[MD5.105CFE016CCB20175BEACEC146F175AB] - |A| - [18/03/2014 22:59:08] - (.-.) - [92 Ko] - (0.0.0.0) - C:\Windows\System32\IccLibDll_x64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.EEB2021309E12BE3C385E9E1DEDB7110] - |A| - [18/03/2014 22:59:20] - (.-.) - [156.5 Ko] - (0.0.0.0) - C:\Windows\System32\igdail64.dll
[MD5.F32B25EC22A8DA5B144D95693E315441] - |A| - [18/03/2014 22:59:22] - (.-.) - [218.5 Ko] - (0.0.0.0) - C:\Windows\System32\igdde64.dll
[MD5.0FCC6FB236A4F4A8C5C8230946985C5E] - |A| - [18/03/2014 22:59:24] - (.-.) - [415.88 Ko] - (0.0.0.0) - C:\Windows\System32\igdmd64.dll
[MD5.3BD3E8D9EE91C375BEE2E4FEB4CD5678] - |A| - [18/03/2014 22:59:28] - (.Copyright (C) 2012-2013 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [178.5 Ko] - (3.0.0.1054) - C:\Windows\System32\igfx11cmrt64.dll
[MD5.FE22ABD1CBFB680536730E8E04FFEF7A] - |A| - [18/03/2014 22:59:30] - (.Copyright (C) 2010 - 2013 - MDF(CM) JIT Dynamic Link Library.) - [1973.5 Ko] - (3.0.0.1054) - C:\Windows\System32\igfxcmjit64.dll
[MD5.CFE95077F05DF23FDC6FB52F59D0939D] - |A| - [18/03/2014 22:59:30] - (.Copyright (C) 2010 - 2013 - MDF(CM) Runtime Dynamic Link Library.) - [183.02 Ko] - (3.0.0.1054) - C:\Windows\System32\igfxcmrt64.dll
[MD5.4D5ECFF6828D35EFCA24F01322827DBB] - |A| - [18/03/2014 22:59:30] - (.-.) - [249 Ko] - (0.0.0.0) - C:\Windows\System32\igfxCPL.cpl
[MD5.5E7A2E92BE847FDC4DDE2318A544FB59] - |A| - [18/03/2014 22:59:30] - (.-.) - [67 Ko] - (0.0.0.0) - C:\Windows\System32\igfxCUIServicePS.dll
[MD5.2F0D6C6E6D67B0996DDF6AC07CF94523] - |A| - [18/03/2014 22:59:30] - (.-.) - [56 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDHLib.dll
[MD5.87A80F1E9D216B8A11A7242B2D031624] - |A| - [18/03/2014 22:59:32] - (.-.) - [68 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDHLibv2_0.dll
[MD5.842F60D24BBB75885651DF33388F589D] - |A| - [18/03/2014 22:59:32] - (.-.) - [10.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDILib.dll
[MD5.434BC703A32D9D527E6C1D1CC5BBC33D] - |A| - [18/03/2014 22:59:32] - (.-.) - [10 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDILibv2_0.dll
[MD5.AD5600379309077BD06D0DF2E1964FC5] - |A| - [18/03/2014 22:59:32] - (.-.) - [10 Ko] - (1.0.0.0) - C:\Windows\System32\igfxEMLib.dll
[MD5.58BD76DD19C87F21983D521C2FEE5E16] - |A| - [18/03/2014 22:59:32] - (.-.) - [10 Ko] - (1.0.0.0) - C:\Windows\System32\igfxEMLibv2_0.dll
[MD5.14D0F63B2A95681A99FCC1F290B567DC] - |A| - [18/03/2014 22:59:32] - (.-.) - [78.43 Ko] - (0.0.0.0) - C:\Windows\System32\igfxexps.dll
[MD5.0C9B9DD960AE1483094B9093331DC8D8] - |A| - [18/03/2014 22:59:34] - (.-.) - [5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxLHMLib.dll
[MD5.6C88F01DF0DF66F634C1DA428C8B8E66] - |A| - [18/03/2014 22:59:34] - (.-.) - [5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxLHMLibv2_0.dll
[MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [18/03/2014 22:59:34] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.cpa
[MD5.2FCCF7939D4D3F392AB3C0F5F40039DD] - |A| - [18/03/2014 22:59:34] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.vp
[MD5.B226B85123619EF1394339C1B5EB5A8D] - |A| - [18/03/2014 22:59:34] - (.-.) - [42.47 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64.vp
[MD5.55C71EDC47B57E5115B40095EEC9E205] - |A| - [18/03/2014 22:59:34] - (.-.) - [42.79 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64_dev.vp
[MD5.94ED4F871997E5DFC610DC1649C38911] - |A| - [18/03/2014 22:59:34] - (.-.) - [42.24 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64.vp
[MD5.04590E9E52E13EF34B2AA02C7EA2431B] - |A| - [18/03/2014 22:59:34] - (.-.) - [42.28 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64_dev.vp
[MD5.3B6EF4F03F2DE75A3B7DDF627A3EC146] - |A| - [18/03/2014 22:59:36] - (.-.) - [42.99 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64.vp
[MD5.715DBDBED4599E798F94EDF6003F75B6] - |A| - [18/03/2014 22:59:36] - (.-.) - [41.09 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64_dev.vp
[MD5.2DC14883590068EF3446B0F12B14214C] - |A| - [18/03/2014 22:59:36] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs64.vp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [23310.67 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [4084.83 Ko] - C:\Windows\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [4637.5 Ko] - C:\Windows\System32\InputMethod
[MD5.E446AA183E6344CF84A98730098D3D46] - |A| - [18/03/2014 22:59:40] - (.Copyright © The Khronos Group Inc 2011 - OpenCL Client DLL.) - [62.5 Ko] - (1.2.11.0) - C:\Windows\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [384.9 Ko] - C:\Windows\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [302.4 Ko] - C:\Windows\System32\ja-JP
[MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [14/03/2017 20:15:26] - (.Copyright © Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\Windows\System32\klfphc.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [301.4 Ko] - C:\Windows\System32\ko-KR
[MD5.FAFA8B2317AABF4EBDC94D74CDB73394] - |A| - [22/08/2013 12:29:51] - (.-.) - [11741.31 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [92.9 Ko] - C:\Windows\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [17450.48 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [313.4 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [313.4 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [29878.74 Ko] - C:\Windows\System32\Macromed
[MD5.3774B5C0E0BBA8C8EE54DF3606AB815C] - |A| - [22/08/2013 12:23:23] - (.-.) - [1.14 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [23/08/2014 10:48:12] - [15.98 Ko] - C:\Windows\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [45.5 Ko] - C:\Windows\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [4148.28 Ko] - C:\Windows\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [5.5 Ko] - C:\Windows\System32\MUI
[MD5.3E1902A89DDBE35C1D676293665A1B66] - |A| - [16/02/2017 10:47:23] - (.Copyright (C) 2008-2009 Marvell Semiconductor - Marvell High Level EWS Interface DLL (64 bit).) - [342.5 Ko] - (2012.929.1.58769) - C:\Windows\System32\mvhlewsi.dll
[MD5.5E2B43AD018D109DFDB30A9F8BB5478B] - |A| - [28/01/2010 16:10:00] - (.Copyright © 2007-2008 Marvell Semiconductor, Inc. - Advanced TCP/IP Port Monitor DLL.) - [528.5 Ko] - (2010.128.1.16416) - C:\Windows\System32\mvtcpmon.dll
[MD5.986C097413830747F7B50E58B40EF973] - |A| - [28/01/2010 16:10:38] - (.Copyright © 2007-2008 Marvell Semiconductor, Inc. - Network Port Monitor Resource DLL.) - [848.5 Ko] - (2010.128.1.16416) - C:\Windows\System32\mvtcpui.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [357.4 Ko] - C:\Windows\System32\nb-NO
[MD5.8BE808553EB7339A6212EB978D9AE832] - |A| - [13/05/2014 09:50:36] - (.-.) - [0.06 Ko] - (0.0.0.0) - C:\Windows\System32\ndCPrepLog
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [960 Ko] - C:\Windows\System32\NDF
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [22/08/2013 12:28:31] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [51 Ko] - C:\Windows\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [376.9 Ko] - C:\Windows\System32\nl-NL
[MD5.37239924826E3DF833D1527B5339D222] - |AT| - [22/08/2013 21:06:38] - (.-.) - [4.77 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [22/08/2013 12:22:33] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [20136.39 Ko] - C:\Windows\System32\oobe
[MD5.24F14EE64F4792FE6D5936C257748A3B] - |A| - [09/10/2012 22:09:52] - (.Softex Inc. - OmniPass PBA Driver.) - [5 Ko] - (1.0.0.0) - C:\Windows\System32\oprom.sys
[MD5.BCE5EFCB04968C3C050DD91E38E3A47F] - |A| - [22/08/2013 21:09:08] - (.-.) - [162.08 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [22/08/2013 21:09:08] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.615B03A53A84BDF53689A55FBA71C4B9] - |A| - [22/08/2013 21:09:08] - (.-.) - [782.66 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.4E10778E94D1E3A3AE7BEFD49B3F81A2] - |A| - [18/03/2014 15:23:28] - (.-.) - [935.89 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [374.4 Ko] - C:\Windows\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:50] - [413.88 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [22/08/2013 14:47:09] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [389.38 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [409.56 Ko] - C:\Windows\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\RasToast
[MD5.17047D24F02F8A8FD3050290DB03B7A7] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [157.49 Ko] - (0.0.0.0) - C:\Windows\System32\resARA.cui
[MD5.7C64F98778D1CEDE9B127D5B08A2D1A2] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [142.16 Ko] - (0.0.0.0) - C:\Windows\System32\resCHS.cui
[MD5.689D71AD257584E9485EC07C0D009586] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [142.97 Ko] - (0.0.0.0) - C:\Windows\System32\resCHT.cui
[MD5.60ACAF7287B507C99B42F02019746A89] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [148.96 Ko] - (0.0.0.0) - C:\Windows\System32\resCSY.cui
[MD5.C3CA8DAFE878973F888004D8A0D5BCCB] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [145.98 Ko] - (0.0.0.0) - C:\Windows\System32\resDAN.cui
[MD5.F952A06650E1E00FF920A831368DE135] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [150.67 Ko] - (0.0.0.0) - C:\Windows\System32\resDEU.cui
[MD5.C4ACB4987AA0560AEE6ED0AD3F74D764] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [175.3 Ko] - (0.0.0.0) - C:\Windows\System32\resELL.cui
[MD5.F0962922D46C060E00510E65EA463614] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [144.7 Ko] - (0.0.0.0) - C:\Windows\System32\resENU.cui
[MD5.C2FE01C84FD18E0186D1F72CD1B4B290] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [150.43 Ko] - (0.0.0.0) - C:\Windows\System32\resESN.cui
[MD5.8D4530712673464C8183AA053240AB89] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [148.43 Ko] - (0.0.0.0) - C:\Windows\System32\resFIN.cui
[MD5.97F2071B652D9D166AECB18549A4E8D5] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [152.45 Ko] - (0.0.0.0) - C:\Windows\System32\resFRA.cui
[MD5.06D37B4DE7F466C183F9F3B44203D5E4] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [156.95 Ko] - (0.0.0.0) - C:\Windows\System32\resHEB.cui
[MD5.656228EB61B135FB5600B1F5B9EEF03A] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [148 Ko] - (0.0.0.0) - C:\Windows\System32\resHRV.cui
[MD5.1DFE9B79228C1B6576E030C28AC09F32] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [152.43 Ko] - (0.0.0.0) - C:\Windows\System32\resHUN.cui
[MD5.A3BF3AAC7B20BA92139E9D6789AC1CE3] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [150.7 Ko] - (0.0.0.0) - C:\Windows\System32\resITA.cui
[MD5.CB675854B81535EED9474ABA81AF3B21] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [156.93 Ko] - (0.0.0.0) - C:\Windows\System32\resJPN.cui
[MD5.F06723DFF5F186B8C664F1A757E6C698] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [150.76 Ko] - (0.0.0.0) - C:\Windows\System32\resKOR.cui
[MD5.2A2B52E12B6164D95E18A15BB36E3426] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [149.67 Ko] - (0.0.0.0) - C:\Windows\System32\resNLD.cui
[MD5.8034A7326E3E489196ACF0876B9511DC] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [146.49 Ko] - (0.0.0.0) - C:\Windows\System32\resNOR.cui
[MD5.13EA22E443CC20B286ABE6C15484C299] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [150 Ko] - (0.0.0.0) - C:\Windows\System32\resPLK.cui
[MD5.A4A91B5A7A276193FB531DEEA202310D] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [149.12 Ko] - (0.0.0.0) - C:\Windows\System32\resPTB.cui
[MD5.475523329454470D5F03AE0F20F61320] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [148.84 Ko] - (0.0.0.0) - C:\Windows\System32\resPTG.cui
[MD5.E6403DF04D68E9580BA868FB3BC85E4F] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [150.54 Ko] - (0.0.0.0) - C:\Windows\System32\resROM.cui
[MD5.377BFCB95D9162704C9A09C86E6BCE5C] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [171.28 Ko] - (0.0.0.0) - C:\Windows\System32\resRUS.cui
[MD5.C1305107CA0496D729E6D99DB80A6EAB] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [149.86 Ko] - (0.0.0.0) - C:\Windows\System32\resSKY.cui
[MD5.359669C896A7E4553259E1835A9DA10A] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [147.39 Ko] - (0.0.0.0) - C:\Windows\System32\resSLV.cui
[MD5.237C25164DD5BC4BF7CB5B33F5320788] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [147.56 Ko] - (0.0.0.0) - C:\Windows\System32\resSVE.cui
[MD5.777E5775AC577F3D95CF5CA856835E2B] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [182.26 Ko] - (0.0.0.0) - C:\Windows\System32\resTHA.cui
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.EC1F88FA3BF50F1800DBF0297D222C55] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [148.97 Ko] - (0.0.0.0) - C:\Windows\System32\resTRK.cui
[MD5.E187E9A4F7A32C1733189E24DAA2F797] - |A| - [13/05/2014 09:04:27] - (.-.) - [15.57 Ko] - (0.0.0.0) - C:\Windows\System32\results.xml
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [13/05/2014 08:53:53] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [13/05/2014 08:53:53] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [13/05/2014 08:53:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [13/05/2014 08:53:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [13/05/2014 08:53:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [13/05/2014 08:53:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [22/08/2013 16:24:19] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [6.92 Ko] - C:\Windows\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [22/08/2013 12:25:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [318.9 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [315.4 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:51] - [45.92 Ko] - C:\Windows\System32\slmgr
[MD5.76828701F4D8884C320A52B2D881C374] - |A| - [28/01/2010 16:08:00] - (.- libslp Dynamic Link Library.) - [141.5 Ko] - (1.0.0.1) - C:\Windows\System32\slp64.dll
[MD5.B3F04DA097AB0A4047A73B461D96C9E5] - |A| - [28/01/2010 15:55:30] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\Windows\System32\SLPConf.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [20445.02 Ko] - C:\Windows\System32\SMI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [7791.31 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [157378.23 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [5043.5 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [23.63 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [224.5 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [350.49 Ko] - C:\Windows\System32\sr-Latn-RS
[MD5.B7CC32E00C5C5152D221DF182827F58E] - |A| - [19/08/2014 15:04:30] - (.-.) - [49.56 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [13/05/2014 08:54:06] - [2144.28 Ko] - C:\Windows\System32\SRSLabs
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [13/05/2014 08:53:55] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [13/05/2014 08:53:55] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [40272 Ko] - C:\Windows\System32\sru
[MD5.00000000000000000000000000000000] - |D| - [29/06/2016 17:36:16] - [0 Ko] - C:\Windows\System32\SSL
[MD5.B59958CD06C9F89C39281FB12F1BB233] - |A| - [22/08/2013 12:27:09] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\Windows\System32\staticurllist.bin
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [363.4 Ko] - C:\Windows\System32\sv-SE
[MD5.F5ACDA673D2054B980E144A45BBB0505] - |A| - [13/03/2014 22:20:06] - (.Copyright (C) Synaptics Incorporated 1996-2014 - SynCOM.) - [732.23 Ko] - (18.1.5.2) - C:\Windows\System32\SynCOM.dll
[MD5.D5899DDBE376F921B67BD1DD0B11EB6E] - |A| - [13/03/2014 22:20:10] - (.Copyright (C) Synaptics Incorporated 1996-2014 - SynTPAPI.) - [249.23 Ko] - (18.1.5.2) - C:\Windows\System32\SynTPAPI.dll
[MD5.07920D810A69C0875509D41206EED228] - |A| - [13/03/2014 22:20:12] - (.Copyright (C) Synaptics Incorporated 1996-2014 - Synaptics Pointing Device Driver Co-Installer.) - [203.73 Ko] - (18.1.5.2) - C:\Windows\System32\SynTPCo20.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [5014.96 Ko] - C:\Windows\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [1074.49 Ko] - C:\Windows\System32\SystemResetPlatform
[MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] - |A| - [18/03/2014 15:24:48] - (.-.) - [136.33 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [449.91 Ko] - C:\Windows\System32\Tasks
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [22/08/2013 12:26:03] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.60CE51972E0A06217C52202F7208EB9A] - |A| - [22/08/2013 15:48:00] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\TelemetrySampleManifest.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [574.52 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [397.57 Ko] - C:\Windows\System32\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [568.63 Ko] - C:\Windows\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [67038.56 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:51] - [0 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [96234.39 Ko] - C:\Windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [22/08/2013 13:59:44] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [64 Ko] - C:\Windows\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [46 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.1738AF59D7E2D56078A35CD2D2E1D5F4] - |A| - [22/10/2014 20:22:16] - (.Copyright © 2014 - Java™ Platform SE binary.) - [108.41 Ko] - (8.0.25.18) - C:\Windows\System32\WindowsAccessBridge-64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [14.53 Ko] - C:\Windows\System32\WindowsInternal.Inbox.Media.Sh ared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [27.59 Ko] - C:\Windows\System32\WindowsInternal.Inbox.Shared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [7304.32 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [210864 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [1928.5 Ko] - C:\Windows\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:51] - [100.11 Ko] - C:\Windows\System32\winrm
[MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |A| - [22/08/2013 12:27:09] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\Windows\System32\WpcNBModel.bin
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [407.56 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [278.9 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [278.9 Ko] - C:\Windows\System32\zh-TW
[MD5.F7424D6CF244922D045D00F3EF111535] - |A| - [13/05/2014 09:04:19] - (.-.) - [0.24 Ko] - (0.0.0.0) - C:\Windows\System32{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
[MD5.E47A844AC4B2A85B1E4EAE78C6E40FD9] - |A| - [28/07/2014 21:18:02] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\Windows\System32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:53] - [0 Ko] - C:\Windows\SysWOW64\0409
[MD5.00000000000000000000000000000000] - |D| - [08/05/2014 06:22:24] - [32051.05 Ko] - C:\Windows\SysWOW64\Adobe
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [2228.5 Ko] - C:\Windows\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [537.94 Ko] - C:\Windows\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [302.4 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0.93 Ko] - C:\Windows\SysWOW64\Bthprops
[MD5.FDEF330575C8C8EAD815F58BB7A93ED3] - |A| - [13/05/2014 08:47:12] - (.Copyright 2011 - CSVer.) - [52 Ko] - (9.4.0.1026) - C:\Windows\SysWOW64\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [344.9 Ko] - C:\Windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [369.4 Ko] - C:\Windows\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [4706.67 Ko] - C:\Windows\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [327.5 Ko] - C:\Windows\SysWOW64\downlevel
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [3653.6 Ko] - C:\Windows\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [370.9 Ko] - C:\Windows\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:53] - [1653.5 Ko] - C:\Windows\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [288.41 Ko] - C:\Windows\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [31453.51 Ko] - C:\Windows\SysWOW64\en-US
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/06/2016 23:07:09] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\err.txt
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [376.68 Ko] - C:\Windows\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [289.4 Ko] - C:\Windows\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [346.9 Ko] - C:\Windows\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [410.9 Ko] - C:\Windows\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp
[MD5.8787CA206DF4E6B2B0F559284A6DB6A8] - |A| - [13/10/2015 15:54:00] - (.© 2004-2011 Google Inc. - Google Photos Screensaver.) - [4480 Ko] - (3.9.141.259) - C:\Windows\SysWOW64\GPhotos.scr
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [318.9 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [297.4 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [349.9 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.7CFDED2F98FA26D76F5D20448B203640] - |A| - [22/10/2014 20:46:39] - (.Copyright © The Imaging Source Europe GmbH - IC Image Control.) - [100 Ko] - (10.1.302.500) - C:\Windows\SysWOW64\ic32.dll
[MD5.4A651624A6F9B5B98F2938B9137F1617] - |A| - [22/10/2014 20:46:39] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ic32.ini
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.132EAB84538E2BEC8D362C9F012C6D86] - |A| - [18/03/2014 22:59:20] - (.-.) - [139.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igdail32.dll
[MD5.C9E041530F1B907B2303972455146603] - |A| - [18/03/2014 22:59:24] - (.-.) - [334.91 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igdmd32.dll
[MD5.D823A6ED12810DC4FBA9184B5922E5AD] - |A| - [18/03/2014 22:59:40] - (.Copyright © The Khronos Group Inc 2011 - OpenCL Client DLL.) - [59 Ko] - (1.2.11.0) - C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [365.4 Ko] - C:\Windows\SysWOW64\it-IT
[MD5.FA2E1F09ED6C4C221E4513A7E815E13D] - |A| - [28/08/2013 02:30:08] - (.-.) - [1.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\IusEventLog.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [290.4 Ko] - C:\Windows\SysWOW64\ja-JP
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [289.9 Ko] - C:\Windows\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [92.9 Ko] - C:\Windows\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [295.4 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [295.4 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [24331.67 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [3306 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [789 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [52.28 Ko] - C:\Windows\SysWOW64\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [5.5 Ko] - C:\Windows\SysWOW64\MUI
[MD5.F18ED7DB109DFEF2D031BB8023583FD5] - |A| - [18/07/2016 12:40:18] - (.© 2005-2006 by Thesycon GmbH - Generic Class Co-Installer.) - [101 Ko] - (2.0.0.0) - C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [340.4 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [51 Ko] - C:\Windows\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [357.9 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [636.5 Ko] - C:\Windows\SysWOW64\oobe
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/06/2016 23:07:09] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\out.txt
[MD5.C7F7DD54FCCD385E4FD33BFB03E83699] - |A| - [02/04/2014 15:22:15] - (.-.) - [951.85 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [354.4 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:52] - [413.88 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [370.38 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [390.56 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.8A9982FB956104DFD6E0ECFB34F30FFE] - |A| - [10/12/2014 12:25:00] - (.Copyright © 2001-2014 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. - Python Core.) - [2401.5 Ko] - (2.7.9150.1013) - C:\Windows\SysWOW64\python27.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0.76 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [299.4 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.435C017922F8A896EC4900778E889AE9] - |A| - [13/03/2014 22:20:08] - (.Copyright (C) Synaptics Incorporated 1996-2014 - SynCOM.) - [397.23 Ko] - (18.1.5.2) - C:\Windows\SysWOW64\SynCom.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:53] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [557.52 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [380.07 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.88B7CCB0743F852706CC45E2F0D96DAC] - |A| - [22/10/2014 20:46:39] - (.-.) - [524 Ko] - (10.1.1010.500) - C:\Windows\SysWOW64\Tx32.dll
[MD5.D1983E8DF260EE0797C5CCF27AC71B23] - |A| - [22/10/2014 20:46:39] - (.Copyright © The Imaging Source Europe GmbH - TX TextControl Custom OLE Control.) - [328 Ko] - (10.0.150.500) - C:\Windows\SysWOW64\Tx4ole.ocx
[MD5.5897E1144454629C9854F45B93228E11] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control OLE container library.) - [320 Ko] - (9.0.114.500) - C:\Windows\SysWOW64\txobj32.dll
[MD5.DF893AA4C19336528102CF84010DE5D8] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Tool Bars for TX Text Control.) - [112 Ko] - (10.1.212.500) - C:\Windows\SysWOW64\txtls32.dll
[MD5.C913143F3B9765636D86C317D93A1CCD] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Image Filter for Windows Bitmaps.) - [52 Ko] - (10.0.200.500) - C:\Windows\SysWOW64\tx_bmp32.flt
[MD5.B2937D91582B495CA1C95FE521D1CBFE] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Filter for CSS Format.) - [348 Ko] - (10.1.130.500) - C:\Windows\SysWOW64\tx_css.dll
[MD5.702A08C4CEE705FCFE2DEF5D67D67826] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Filter for HTML Format.) - [196 Ko] - (10.1.201.500) - C:\Windows\SysWOW64\tx_htm32.dll
[MD5.F2F69C484F33207E8BD3851AF98897DC] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Image Filter for JPEG Format.) - [168 Ko] - (10.0.110.500) - C:\Windows\SysWOW64\tx_jpg32.flt
[MD5.D64C855AC40265BF97A075DCAA6FFC41] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Export Filter for PDF Format.) - [460 Ko] - (10.1.110.500) - C:\Windows\SysWOW64\tx_pdf.dll
[MD5.EB96F375DAA86B5F73415A117583FBF5] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Image Filter for Portable Network Graphics.) - [184 Ko] - (10.0.110.500) - C:\Windows\SysWOW64\tx_png32.flt
[MD5.E7FDCF7BDD0E88025526AD9556909F19] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Filter for Rich Text Format.) - [156 Ko] - (10.1.322.500) - C:\Windows\SysWOW64\tx_rtf32.dll
[MD5.00CB8C43DF5F4231F962088010BBAA0D] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Image Filter for TIFF files.) - [60 Ko] - (10.0.243.503) - C:\Windows\SysWOW64\tx_tif32.flt
[MD5.BE105DAB8AA57EAFF8C588D66FD59C8F] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Image Filter for Windows Metafiles.) - [48 Ko] - (10.0.112.503) - C:\Windows\SysWOW64\tx_wmf32.flt
[MD5.33020A1ADFF58592CF745BF3C36D76B5] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Filter for Word Format.) - [364 Ko] - (10.1.210.500) - C:\Windows\SysWOW64\tx_word.dll
[MD5.36A7AD0C476EBB6129E2691CA44E06B7] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Filter for XML Format.) - [372 Ko] - (10.1.120.500) - C:\Windows\SysWOW64\tx_xml.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [550.13 Ko] - C:\Windows\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [13259.08 Ko] - C:\Windows\SysWOW64\wbem
[MD5.1AE0A91052EAB8728F44129B439639F3] - |A| - [22/10/2014 20:46:40] - (.-.) - [2685.6 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\wccav.zip
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:52] - [0 Ko] - C:\Windows\SysWOW64\WCN
[MD5.F3202FCD811A1322F3BC9BEEB3CFF281] - |A| - [27/03/2015 15:09:25] - (.Copyright © Jungo 2002 - 2006 - wdapi 8.11.) - [100 Ko] - (8.1.1.0) - C:\Windows\SysWOW64\wdapi811.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [158.1 Ko] - C:\Windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [6040.69 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [1928.5 Ko] - C:\Windows\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:53] - [100.11 Ko] - C:\Windows\SysWOW64\winrm
[MD5.F932617C8CD7079EFB531ED323E66F49] - |A| - [22/10/2014 20:46:41] - (.Copyright © The Imaging Source Europe GmbH - Control Window Management Tool.) - [52 Ko] - (10.1.141.500) - C:\Windows\SysWOW64\wndtls32.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [398.06 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [268.9 Ko] - C:\Windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [268.9 Ko] - C:\Windows\SysWOW64\zh-TW

---------- | [183-k]

[02/08/2014 09:06:00] - |D| - [300810661] - C:\Users\183-k\AppData\Local
[02/08/2014 09:06:28] - |D| - [92207251] - C:\Users\183-k\AppData\LocalLow
[02/08/2014 09:06:00] - |D| - [14774109] - C:\Users\183-k\AppData\Roaming
[15/11/2016 21:43:55] - |D| - [258119] - C:\Users\183-k\AppData\Local\Adobe
[27/03/2015 15:10:23] - |D| - [0] - C:\Users\183-k\AppData\Local\Apple
[02/08/2014 09:06:28] - |SHD| - [0] - C:\Users\183-k\AppData\Local\Application Data
[19/03/2017 11:57:30] - |D| - [0] - C:\Users\183-k\AppData\Local\CEF
[15/11/2016 21:31:25] - |D| - [477] - C:\Users\183-k\AppData\Local\Chris_Pietschmann_(http__
[24/11/2016 08:18:13] - |D| - [1302870] - C:\Users\183-k\AppData\Local\CrashDumps
[30/08/2014 11:47:23] - |D| - [156] - C:\Users\183-k\AppData\Local\CyberLink
[16/11/2016 08:18:15] - |D| - [9890268] - C:\Users\183-k\AppData\Local\Diagnostics
[04/09/2016 14:55:03] - |D| - [3951942] - C:\Users\183-k\AppData\Local\ElevatedDiagnostics
[03/02/2015 01:20:13] - |SHD| - [0] - C:\Users\183-k\AppData\Local\EmieBrowserModeList
[30/08/2014 11:45:16] - |SHD| - [0] - C:\Users\183-k\AppData\Local\EmieSiteList
[30/08/2014 11:45:16] - |SHD| - [0] - C:\Users\183-k\AppData\Local\EmieUserList
[10/12/2016 22:10:35] - |D| - [76773824] - C:\Users\183-k\AppData\Local\Google
[01/02/2016 11:29:30] - |D| - [71] - C:\Users\183-k\AppData\Local\GWX
[30/08/2014 11:45:58] - |D| - [2868] - C:\Users\183-k\AppData\Local\Hewlett-Packard
[02/08/2014 09:06:28] - |SHD| - [0] - C:\Users\183-k\AppData\Local\History
[17/07/2016 20:35:03] - |D| - [0] - C:\Users\183-k\AppData\Local\Lenovo
[02/08/2014 09:06:00] - |D| - [141312748] - C:\Users\183-k\AppData\Local\Microsoft
[08/04/2015 12:36:19] - |D| - [0] - C:\Users\183-k\AppData\Local\Mozilla
[30/08/2014 11:43:46] - |D| - [9645279] - C:\Users\183-k\AppData\Local\Packages
[08/04/2015 12:40:43] - |D| - [0] - C:\Users\183-k\AppData\Local\Programs
[23/06/2016 23:07:19] - |D| - [2134804] - C:\Users\183-k\AppData\Local\Research In Motion
[06/09/2016 21:15:06] - |D| - [0] - C:\Users\183-k\AppData\Local\Skype
[02/08/2014 09:06:00] - |D| - [0] - C:\Users\183-k\AppData\Local\Temp
[02/08/2014 09:06:28] - |SHD| - [0] - C:\Users\183-k\AppData\Local\Temporary Internet Files
[30/08/2014 11:43:47] - |D| - [654] - C:\Users\183-k\AppData\Local\VirtualStore
[20/03/2017 00:10:39] - |D| - [55536581] - C:\Users\183-k\AppData\Local\Zemana
[15/11/2016 21:43:55] - |D| - [116840] - C:\Users\183-k\AppData\LocalLow\Adobe
[27/03/2015 15:10:09] - |D| - [8796] - C:\Users\183-k\AppData\LocalLow\Apple Computer
[03/02/2015 01:18:21] - |SHD| - [0] - C:\Users\183-k\AppData\LocalLow\EmieBrowserModeList
[30/08/2014 11:45:13] - |SHD| - [0] - C:\Users\183-k\AppData\LocalLow\EmieSiteList
[30/08/2014 11:46:00] - |SHD| - [0] - C:\Users\183-k\AppData\LocalLow\EmieUserList
[30/08/2014 11:29:38] - |SD| - [1663026] - C:\Users\183-k\AppData\LocalLow\Microsoft
[22/10/2014 20:17:07] - |D| - [913408] - C:\Users\183-k\AppData\LocalLow\Oracle
[22/10/2014 20:16:09] - |D| - [89505181] - C:\Users\183-k\AppData\LocalLow\Sun
[20/03/2017 13:32:03] - |D| - [36393] - C:\Users\183-k\AppData\Roaming\9-lab
[30/08/2014 11:43:51] - |D| - [80637] - C:\Users\183-k\AppData\Roaming\Adobe
[20/02/2016 23:39:38] - |D| - [93829] - C:\Users\183-k\AppData\Roaming\Apowersoft
[30/08/2014 11:51:14] - |D| - [987027] - C:\Users\183-k\AppData\Roaming\Autograph
[19/03/2017 23:48:10] - |D| - [13521] - C:\Users\183-k\AppData\Roaming\Everything
[30/08/2014 11:49:09] - |D| - [1657] - C:\Users\183-k\AppData\Roaming\Hewlett-Packard
[01/02/2016 11:27:46] - |D| - [0] - C:\Users\183-k\AppData\Roaming\Identities
[27/03/2015 15:06:38] - |D| - [0] - C:\Users\183-k\AppData\Roaming\InstallShield
[08/04/2015 13:40:57] - |D| - [506] - C:\Users\183-k\AppData\Roaming\Macromedia
[02/08/2014 09:06:00] - |SD| - [692120] - C:\Users\183-k\AppData\Roaming\Microsoft
[08/04/2015 12:36:19] - |D| - [513966] - C:\Users\183-k\AppData\Roaming\Mozilla
[06/09/2016 21:14:33] - |D| - [6643631] - C:\Users\183-k\AppData\Roaming\Skype
[30/08/2014 11:43:35] - |D| - [0] - C:\Users\183-k\AppData\Roaming\Synaptics
[02/08/2014 09:09:23] - |D| - [104] - C:\Users\183-k\AppData\Roaming\WildTangent
[19/03/2017 11:53:40] - |D| - [21625] - C:\Users\183-k\AppData\Roaming\xm1
[19/03/2017 13:05:31] - |D| - [5689093] - C:\Users\183-k\AppData\Roaming\ZHP
[30/08/2014 11:44:38] - |ASH| - [174] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[02/08/2014 09:06:00] - |RD| - [16012] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[02/08/2014 09:06:00] - |RD| - [3888] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[02/08/2014 09:06:00] - |RD| - [1486] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[30/08/2014 11:44:38] - |RD| - [174] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[02/08/2014 09:06:00] - |ASH| - [564] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[02/08/2014 09:06:00] - |A| - [369] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[19/03/2017 23:48:10] - |D| - [2091] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[30/08/2014 11:43:51] - |A| - [1453] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[02/08/2014 09:06:00] - |D| - [170] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[02/08/2014 09:06:00] - |A| - [369] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[30/08/2014 11:44:38] - |RD| - [174] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[02/08/2014 09:06:00] - |RD| - [5274] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[16/06/2016 03:02:06] - |D| - [0] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[30/08/2014 11:44:38] - |ASH| - [174] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [HP-PC]

[28/07/2014 21:17:26] - |D| - [3329714468] - C:\Users\HP-PC\AppData\Local
[28/07/2014 21:17:57] - |D| - [48002915] - C:\Users\HP-PC\AppData\LocalLow
[28/07/2014 21:17:26] - |D| - [710501056] - C:\Users\HP-PC\AppData\Roaming
[20/02/2016 15:41:12] - |D| - [88] - C:\Users\HP-PC\AppData\System
[28/07/2014 23:13:07] - |D| - [544921] - C:\Users\HP-PC\AppData\Local\Adobe
[27/01/2016 11:46:41] - |D| - [54051002] - C:\Users\HP-PC\AppData\Local\Apowersoft
[30/03/2015 20:00:26] - |D| - [0] - C:\Users\HP-PC\AppData\Local\Apple
[28/07/2014 21:17:57] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\Application Data
[16/01/2016 11:23:19] - |D| - [0] - C:\Users\HP-PC\AppData\Local\Apps
[23/06/2016 23:10:30] - |D| - [951580] - C:\Users\HP-PC\AppData\Local\BlackBerry
[14/03/2017 01:15:51] - |D| - [0] - C:\Users\HP-PC\AppData\Local\CEF
[16/11/2016 21:41:45] - |D| - [473] - C:\Users\HP-PC\AppData\Local\Chris_Pietschmann_(http__
[28/07/2014 22:53:14] - |D| - [186726429] - C:\Users\HP-PC\AppData\Local\CrashDumps
[28/07/2014 21:20:46] - |D| - [168769523] - C:\Users\HP-PC\AppData\Local\CyberLink
[27/01/2016 10:49:10] - |A| - [8192] - C:\Users\HP-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[16/01/2016 11:23:18] - |D| - [0] - C:\Users\HP-PC\AppData\Local\Deployment
[29/07/2014 00:09:51] - |D| - [23855025] - C:\Users\HP-PC\AppData\Local\Diagnostics
[12/12/2014 09:33:12] - |D| - [0] - C:\Users\HP-PC\AppData\Local\ElevatedDiagnostics
[17/11/2014 23:02:52] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\EmieBrowserModeList
[28/07/2014 21:24:31] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\EmieSiteList
[28/07/2014 21:24:31] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\EmieUserList
[03/02/2015 09:46:45] - |D| - [773] - C:\Users\HP-PC\AppData\Local\Evernote
[27/01/2016 10:49:11] - |D| - [438] - C:\Users\HP-PC\AppData\Local\ezvid,_inc
[29/07/2014 02:57:37] - |A| - [238880] - C:\Users\HP-PC\AppData\Local\GDIPFONTCACHEV1.DAT
[28/07/2014 21:33:37] - |D| - [822238904] - C:\Users\HP-PC\AppData\Local\Google
[13/03/2017 22:06:22] - |D| - [0] - C:\Users\HP-PC\AppData\Local\Grammarly
[09/07/2015 23:31:52] - |D| - [1230] - C:\Users\HP-PC\AppData\Local\GWX
[28/07/2014 21:19:52] - |D| - [8825] - C:\Users\HP-PC\AppData\Local\Hewlett-Packard
[28/07/2014 21:17:57] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\History
[14/03/2017 15:05:46] - |AH| - [0] - C:\Users\HP-PC\AppData\Local\IconCache.db
[17/07/2016 20:35:04] - |D| - [0] - C:\Users\HP-PC\AppData\Local\Lenovo
[06/11/2014 23:29:22] - |D| - [0] - C:\Users\HP-PC\AppData\Local\MediaShow
[28/07/2014 21:17:26] - |D| - [513933155] - C:\Users\HP-PC\AppData\Local\Microsoft
[28/07/2014 21:33:21] - |D| - [276356] - C:\Users\HP-PC\AppData\Local\Microsoft Help
[16/06/2016 01:54:01] - |D| - [48572614] - C:\Users\HP-PC\AppData\Local\MiKTeX
[27/01/2016 09:08:43] - |D| - [59121] - C:\Users\HP-PC\AppData\Local\Movavi
[19/08/2014 23:20:06] - |D| - [82948056] - C:\Users\HP-PC\AppData\Local\Mozilla
[08/12/2015 19:31:54] - |D| - [0] - C:\Users\HP-PC\AppData\Local\NetBeans
[28/07/2014 21:18:07] - |D| - [589613132] - C:\Users\HP-PC\AppData\Local\Packages
[27/01/2016 10:24:01] - |D| - [697961490] - C:\Users\HP-PC\AppData\Local\Programs
[28/01/2017 04:27:17] - |D| - [3611178] - C:\Users\HP-PC\AppData\Local\RescueTime
[28/01/2017 04:27:20] - |D| - [1482235] - C:\Users\HP-PC\AppData\Local\RescueTime.com
[23/06/2016 23:07:20] - |D| - [21151144] - C:\Users\HP-PC\AppData\Local\Research In Motion
[27/01/2016 09:09:42] - |D| - [0] - C:\Users\HP-PC\AppData\Local\screencapture
[27/01/2016 09:08:40] - |D| - [0] - C:\Users\HP-PC\AppData\Local\ScreenCaptureStudio
[17/07/2016 20:34:58] - |D| - [67791] - C:\Users\HP-PC\AppData\Local\SHAREit
[01/01/2015 13:21:52] - |D| - [5535651] - C:\Users\HP-PC\AppData\Local\Skype
[20/02/2016 15:41:12] - |D| - [0] - C:\Users\HP-PC\AppData\Local\SmartDraw
[20/02/2016 22:52:49] - |D| - [135313] - C:\Users\HP-PC\AppData\Local\TechSmith
[28/07/2014 21:17:26] - |D| - [2411087] - C:\Users\HP-PC\AppData\Local\Temp
[28/07/2014 21:17:57] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\Temporary Internet Files
[28/07/2014 21:18:21] - |D| - [54087304] - C:\Users\HP-PC\AppData\Local\VirtualStore
[20/03/2017 12:04:18] - |D| - [50472647] - C:\Users\HP-PC\AppData\Local\Zemana
[28/07/2014 23:13:06] - |D| - [36102671] - C:\Users\HP-PC\AppData\LocalLow\Adobe
[28/03/2015 14:30:56] - |D| - [47131] - C:\Users\HP-PC\AppData\LocalLow\Apple Computer
[17/11/2014 23:02:07] - |SHD| - [0] - C:\Users\HP-PC\AppData\LocalLow\EmieBrowserModeList
[28/07/2014 21:23:59] - |SHD| - [0] - C:\Users\HP-PC\AppData\LocalLow\EmieSiteList
[28/07/2014 22:38:21] - |SHD| - [0] - C:\Users\HP-PC\AppData\LocalLow\EmieUserList
[03/02/2015 09:46:45] - |D| - [0] - C:\Users\HP-PC\AppData\LocalLow\Evernote
[28/07/2014 21:18:27] - |D| - [9780187] - C:\Users\HP-PC\AppData\LocalLow\Microsoft
[22/10/2014 20:16:56] - |D| - [2072926] - C:\Users\HP-PC\AppData\LocalLow\Sun
[22/03/2016 09:29:19] - |D| - [0] - C:\Users\HP-PC\AppData\LocalLow\Temp
[07/03/2017 20:54:00] - |A| - [1417] - C:\Users\HP-PC\AppData\Roaming.emacs
[07/03/2017 20:41:18] - |D| - [195073] - C:\Users\HP-PC\AppData\Roaming.emacs.d
[28/07/2014 21:18:21] - |D| - [10307514] - C:\Users\HP-PC\AppData\Roaming\Adobe
[27/01/2016 11:46:51] - |D| - [233234] - C:\Users\HP-PC\AppData\Roaming\Apowersoft
[31/08/2014 22:01:13] - |D| - [990975] - C:\Users\HP-PC\AppData\Roaming\Autograph
[05/02/2016 13:36:07] - |D| - [12652437] - C:\Users\HP-PC\AppData\Roaming\Corel
[28/07/2014 23:40:38] - |D| - [10672] - C:\Users\HP-PC\AppData\Roaming\CyberLink
[27/10/2015 14:47:43] - |D| - [140416] - C:\Users\HP-PC\AppData\Roaming\Design Science
[20/03/2017 00:00:32] - |D| - [9925336] - C:\Users\HP-PC\AppData\Roaming\Everything
[01/11/2015 12:11:19] - |D| - [60884242] - C:\Users\HP-PC\AppData\Roaming\GeoGebra 5.0
[28/07/2014 21:20:50] - |D| - [619] - C:\Users\HP-PC\AppData\Roaming\Hewlett-Packard
[28/07/2014 21:20:24] - |D| - [0] - C:\Users\HP-PC\AppData\Roaming\hpqlog
[13/07/2015 00:25:21] - |D| - [0] - C:\Users\HP-PC\AppData\Roaming\Identities
[28/07/2014 23:40:59] - |D| - [14777] - C:\Users\HP-PC\AppData\Roaming\Macromedia
[27/01/2016 09:41:56] - |D| - [577] - C:\Users\HP-PC\AppData\Roaming\MangoApps
[28/07/2014 21:17:26] - |SD| - [483929770] - C:\Users\HP-PC\AppData\Roaming\Microsoft
[16/06/2016 01:54:01] - |D| - [23231] - C:\Users\HP-PC\AppData\Roaming\MiKTeX
[19/08/2014 23:20:06] - |D| - [1007282] - C:\Users\HP-PC\AppData\Roaming\Mozilla
[08/12/2015 19:31:54] - |D| - [36] - C:\Users\HP-PC\AppData\Roaming\NetBeans
[23/06/2016 23:10:05] - |D| - [5999450] - C:\Users\HP-PC\AppData\Roaming\Research In Motion
[01/01/2015 13:21:44] - |D| - [65217090] - C:\Users\HP-PC\AppData\Roaming\Skype
[20/02/2016 15:41:12] - |D| - [1951573] - C:\Users\HP-PC\AppData\Roaming\SmartDraw
[16/01/2016 11:36:37] - |D| - [7025605] - C:\Users\HP-PC\AppData\Roaming\StarUML
[28/07/2014 21:18:03] - |D| - [0] - C:\Users\HP-PC\AppData\Roaming\Synaptics
[27/01/2016 09:41:47] - |D| - [29893243] - C:\Users\HP-PC\AppData\Roaming\TinyTake by MangoApps
[29/07/2014 04:01:09] - |D| - [209] - C:\Users\HP-PC\AppData\Roaming\WildTangent
[28/07/2014 21:45:24] - |D| - [12] - C:\Users\HP-PC\AppData\Roaming\WinRAR
[23/06/2016 23:10:31] - |D| - [0] - C:\Users\HP-PC\AppData\Roaming\XCPCSync.OEM
[16/06/2016 00:36:49] - |D| - [22172] - C:\Users\HP-PC\AppData\Roaming\xm1
[15/01/2017 20:17:34] - |D| - [20074094] - C:\Users\HP-PC\AppData\Roaming\Zoom
[28/07/2014 21:18:27] - |SH| - [174] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[28/07/2014 21:17:26] - |RD| - [47279] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[28/07/2014 21:17:26] - |RD| - [3888] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[28/07/2014 21:17:26] - |RD| - [1486] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[28/07/2014 21:18:28] - |RD| - [174] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[13/10/2016 22:51:05] - |D| - [2499] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[28/07/2014 21:17:26] - |SH| - [678] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[28/07/2014 21:17:26] - |A| - [369] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[17/04/2016 18:25:46] - |A| - [793] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
[28/10/2015 10:10:59] - |D| - [3987] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 5
[07/03/2017 13:04:46] - |D| - [634] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnu Emacs
[28/07/2014 21:47:48] - |A| - [2276] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[28/07/2014 21:18:21] - |A| - [1453] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[28/07/2014 21:17:26] - |D| - [170] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[16/06/2016 01:59:12] - |D| - [10420] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[28/07/2014 21:17:26] - |A| - [369] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[28/01/2017 04:27:19] - |D| - [2429] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RescueTime
[20/02/2016 15:41:05] - |D| - [1316] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw CI
[07/03/2017 14:33:43] - |A| - [1201] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SML of New Jersey (2).lnk
[07/03/2017 19:25:06] - |A| - [1201] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SML of New Jersey.lnk
[28/07/2014 21:18:28] - |RD| - [2533] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[28/07/2014 21:17:26] - |RD| - [5274] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[28/07/2014 21:31:41] - |D| - [4129] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[28/07/2014 21:18:28] - |SH| - [174] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[08/03/2017 11:04:20] - |A| - [1283] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[28/01/2017 04:27:20] - |A| - [1076] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk

---------- | [Public]

---------- | [shrey]

[02/08/2014 08:57:23] - |D| - [490200962] - C:\Users\shrey\AppData\Local
[02/08/2014 08:58:08] - |D| - [3569873] - C:\Users\shrey\AppData\LocalLow
[02/08/2014 08:57:23] - |D| - [3819451] - C:\Users\shrey\AppData\Roaming
[21/09/2014 21:12:34] - |D| - [542380] - C:\Users\shrey\AppData\Local\Adobe
[05/10/2015 18:56:03] - |D| - [0] - C:\Users\shrey\AppData\Local\Apple
[02/08/2014 08:58:08] - |SHD| - [0] - C:\Users\shrey\AppData\Local\Application Data
[15/12/2016 12:01:52] - |D| - [477] - C:\Users\shrey\AppData\Local\Chris_Pietschmann_(ht tp__
[21/01/2015 20:44:45] - |D| - [6761478] - C:\Users\shrey\AppData\Local\CrashDumps
[30/08/2014 12:03:26] - |D| - [202] - C:\Users\shrey\AppData\Local\CyberLink
[04/01/2015 19:35:27] - |SHD| - [0] - C:\Users\shrey\AppData\Local\EmieBrowserModeList
[30/08/2014 12:02:28] - |SHD| - [0] - C:\Users\shrey\AppData\Local\EmieSiteList
[30/08/2014 12:02:28] - |SHD| - [0] - C:\Users\shrey\AppData\Local\EmieUserList
[07/10/2015 09:09:22] - |A| - [238880] - C:\Users\shrey\AppData\Local\GDIPFONTCACHEV1.DAT
[14/03/2017 02:09:25] - |D| - [42356142] - C:\Users\shrey\AppData\Local\Google
[03/10/2015 22:08:34] - |D| - [71] - C:\Users\shrey\AppData\Local\GWX
[02/08/2014 08:59:21] - |D| - [3586] - C:\Users\shrey\AppData\Local\Hewlett-Packard
[02/08/2014 08:58:08] - |SHD| - [0] - C:\Users\shrey\AppData\Local\History
[02/08/2016 21:14:41] - |D| - [0] - C:\Users\shrey\AppData\Local\Lenovo
[02/08/2014 08:57:23] - |D| - [214895095] - C:\Users\shrey\AppData\Local\Microsoft
[21/09/2014 22:13:05] - |D| - [150469850] - C:\Users\shrey\AppData\Local\Mozilla
[02/08/2014 08:58:10] - |D| - [70715492] - C:\Users\shrey\AppData\Local\Packages
[02/08/2016 21:14:03] - |D| - [4067786] - C:\Users\shrey\AppData\Local\Research In Motion
[02/08/2016 21:14:24] - |D| - [148869] - C:\Users\shrey\AppData\Local\SHAREit
[02/08/2014 08:57:23] - |D| - [0] - C:\Users\shrey\AppData\Local\Temp
[02/08/2014 08:58:08] - |SHD| - [0] - C:\Users\shrey\AppData\Local\Temporary Internet Files
[02/08/2014 08:58:19] - |D| - [654] - C:\Users\shrey\AppData\Local\VirtualStore
[21/09/2014 21:12:34] - |D| - [188065] - C:\Users\shrey\AppData\LocalLow\Adobe
[22/11/2015 17:59:19] - |D| - [10929] - C:\Users\shrey\AppData\LocalLow\Apple Computer
[04/01/2015 19:34:47] - |SHD| - [0] - C:\Users\shrey\AppData\LocalLow\EmieBrowserModeLis t
[24/08/2014 14:12:06] - |SHD| - [0] - C:\Users\shrey\AppData\LocalLow\EmieSiteList
[30/08/2014 12:02:33] - |SHD| - [0] - C:\Users\shrey\AppData\LocalLow\EmieUserList
[02/08/2014 08:58:26] - |D| - [3370879] - C:\Users\shrey\AppData\LocalLow\Microsoft
[02/08/2014 08:58:20] - |D| - [78879] - C:\Users\shrey\AppData\Roaming\Adobe
[07/12/2016 10:50:56] - |D| - [0] - C:\Users\shrey\AppData\Roaming\CyberLink
[21/02/2016 19:01:09] - |D| - [140416] - C:\Users\shrey\AppData\Roaming\Design Science
[03/10/2015 22:08:03] - |D| - [0] - C:\Users\shrey\AppData\Roaming\Identities
[16/09/2014 15:31:19] - |D| - [2133] - C:\Users\shrey\AppData\Roaming\Macromedia
[02/08/2014 08:57:23] - |SD| - [1572019] - C:\Users\shrey\AppData\Roaming\Microsoft
[21/09/2014 22:13:05] - |D| - [2026004] - C:\Users\shrey\AppData\Roaming\Mozilla
[02/08/2014 08:58:11] - |D| - [0] - C:\Users\shrey\AppData\Roaming\Synaptics
[02/08/2014 08:58:28] - |SH| - [174] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\desktop.ini
[02/08/2014 08:57:23] - |RD| - [16711] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs
[02/08/2014 08:57:23] - |RD| - [3888] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessibility
[02/08/2014 08:57:23] - |RD| - [1486] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories
[02/08/2014 08:58:29] - |RD| - [174] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Administrative Tools
[02/08/2014 08:57:23] - |SH| - [564] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\desktop.ini
[02/08/2014 08:57:23] - |A| - [369] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Documents.lnk
[04/12/2016 07:44:55] - |A| - [1494] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\FarmVille 2.lnk
[02/08/2014 08:58:20] - |A| - [1453] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Internet Explorer.lnk
[02/08/2014 08:57:23] - |D| - [170] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Maintenance
[02/08/2014 08:57:23] - |A| - [369] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Pictures.lnk
[04/12/2016 07:45:01] - |A| - [1296] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Start Menu.lnk
[02/08/2014 08:58:29] - |RD| - [174] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup
[02/08/2014 08:57:23] - |RD| - [5274] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\System Tools
[02/08/2014 08:58:29] - |SH| - [174] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\desktop.ini

---------- | C:\ProgramData

[20/03/2017 13:31:51] - |D| - [58882847] - C:\ProgramData\9-lab
[28/07/2014 21:45:39] - |D| - [557091399] - C:\ProgramData\Adobe
[29/01/2016 02:17:47] - |D| - [2067424] - C:\ProgramData\Apowersoft
[13/05/2014 09:02:42] - |D| - [0] - C:\ProgramData\Apple
[22/08/2013 20:15:52] - |SHD| - [0] - C:\ProgramData\Application Data
[03/02/2015 09:08:16] - |D| - [0] - C:\ProgramData\Applications
[30/08/2014 11:31:16] - |D| - [6235978] - C:\ProgramData\Autograph 3
[30/08/2014 11:29:40] - |D| - [1480] - C:\ProgramData\Autograph 3 Logs
[14/03/2017 01:05:31] - |D| - [6962272] - C:\ProgramData\AVAST Software
[29/07/2014 04:01:27] - |D| - [750] - C:\ProgramData\BlueStacks
[13/05/2014 09:08:19] - |D| - [53469999] - C:\ProgramData\CyberLink
[22/08/2013 20:15:52] - |SHD| - [0] - C:\ProgramData\Desktop
[22/08/2013 20:15:52] - |SHD| - [0] - C:\ProgramData\Documents
[08/05/2014 06:25:46] - |D| - [32978201] - C:\ProgramData\Hewlett-Packard
[13/05/2014 09:07:20] - |D| - [725317] - C:\ProgramData\install_clap
[13/05/2014 08:49:40] - |D| - [15818387] - C:\ProgramData\Intel
[14/03/2017 20:10:40] - |D| - [622574798] - C:\ProgramData\Kaspersky Lab
[17/07/2016 20:35:03] - |D| - [6634] - C:\ProgramData\Lenovo
[13/03/2017 23:41:21] - |D| - [108335007] - C:\ProgramData\Malwarebytes
[13/05/2014 09:18:11] - |D| - [6128] - C:\ProgramData\McAfee
[30/07/2014 00:11:32] - |D| - [1529322] - C:\ProgramData\Micromax
[22/08/2013 19:06:15] - |SD| - [2658277561] - C:\ProgramData\Microsoft
[28/07/2014 21:33:16] - |D| - [62866] - C:\ProgramData\Microsoft Help
[27/01/2016 09:06:59] - |D| - [64] - C:\ProgramData\Movavi Screen Capture Studio 7
[14/03/2017 20:08:15] - |A| - [262144] - C:\ProgramData\ntuser.dat
[14/03/2017 20:08:15] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG1
[14/03/2017 20:08:15] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG2
[14/03/2017 20:08:15] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TM.blf
[14/03/2017 20:08:15] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TMContainer00000000000000000001.regt rans-ms
[14/03/2017 20:08:15] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TMContainer00000000000000000002.regt rans-ms
[27/01/2016 09:06:58] - |A| - [5392] - C:\ProgramData\oqztiqep.adk.4B4FC70A905FD32B.matri x
[22/10/2014 20:16:34] - |D| - [82551925] - C:\ProgramData\Oracle
[13/05/2014 08:59:48] - |D| - [170513267] - C:\ProgramData\Package Cache
[05/02/2016 13:36:11] - |D| - [2071] - C:\ProgramData\Protexis64
[22/08/2013 21:06:30] - |D| - [2062] - C:\ProgramData\regid.1991-06.com.microsoft
[23/06/2016 23:07:09] - |D| - [2420681] - C:\ProgramData\Research In Motion
[19/03/2017 14:02:40] - |D| - [2466472] - C:\ProgramData\RogueKiller
[13/12/2014 12:35:17] - |D| - [145895424] - C:\ProgramData\Skype
[22/08/2013 20:15:52] - |SHD| - [0] - C:\ProgramData\Start Menu
[22/10/2014 20:17:08] - |D| - [154] - C:\ProgramData\Sun
[13/05/2014 09:04:13] - |D| - [1878] - C:\ProgramData\Synaptics
[13/05/2014 09:07:21] - |D| - [2176472] - C:\ProgramData\Temp
[22/08/2013 20:15:52] - |SHD| - [0] - C:\ProgramData\Templates
[05/02/2016 12:30:14] - |D| - [294] - C:\ProgramData\UniqueId
[13/05/2014 09:10:03] - |D| - [546891] - C:\ProgramData\WildTangent
[08/05/2014 06:25:57] - |D| - [45639670] - C:\ProgramData{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[22/08/2013 21:06:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[30/07/2014 00:11:32] - |A| - [1809] - C:\ProgramData\Microsoft\Windows\Start Menu\MMX200G Netwarrior Manager.lnk
[22/08/2013 21:06:30] - |D| - [245556] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[03/09/2016 08:40:10] - |A| - [1524] - C:\ProgramData\Microsoft\Windows\Start Menu\VIDLE for VPython.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[20/03/2017 13:31:58] - |D| - [975] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
[22/08/2013 21:06:30] - |RD| - [1590] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[22/08/2013 21:06:30] - |RD| - [16835] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[22/08/2013 21:06:30] - |RD| - [25520] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[28/07/2014 21:34:26] - |D| - [2362] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[28/07/2014 21:34:27] - |A| - [1192] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[28/07/2014 21:46:13] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[20/02/2016 23:40:02] - |D| - [2899] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
[30/08/2014 11:34:54] - |D| - [8302] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autograph 3.3
[23/06/2016 23:08:39] - |D| - [1016] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Blend
[23/06/2016 23:08:00] - |D| - [1100] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Link
[17/08/2015 13:35:37] - |D| - [4426] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueJ
[22/08/2013 12:27:22] - |RAS| - [2131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
[19/03/2017 12:50:05] - |D| - [941] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[13/05/2014 09:09:47] - |RD| - [1721] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
[08/05/2014 06:25:20] - |A| - [1511] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk
[18/07/2016 12:40:30] - |D| - [2384] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link Connection Manager
[22/08/2013 21:06:33] - |SH| - [1252] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[22/08/2013 12:27:05] - |RAS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
[18/03/2014 15:25:08] - |RAS| - [2440] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
[13/05/2014 09:10:07] - |RD| - [93] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[14/03/2017 01:25:52] - |A| - [2182] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[16/08/2015 13:29:37] - |D| - [2979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graph
[08/05/2014 06:25:45] - |RD| - [6042] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[22/10/2014 20:46:41] - |D| - [3840] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IB Questionbank
[22/08/2013 12:24:10] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[13/05/2014 08:52:56] - |D| - [2301] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[22/10/2014 20:22:10] - |D| - [6935] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[14/03/2017 20:19:57] - |D| - [5627] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
[14/03/2017 20:18:22] - |D| - [6536] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
[17/07/2016 20:34:21] - |D| - [1118] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[22/09/2016 02:10:44] - |D| - [1194] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LizardTech
[22/08/2013 21:06:30] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[13/03/2017 23:41:50] - |D| - [3840] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[18/03/2017 20:05:18] - |D| - [6926] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathType 6
[30/07/2014 00:11:32] - |D| - [2819] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Micromax 200G USB Modem
[28/07/2014 21:37:27] - |D| - [37198] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[08/05/2014 06:20:20] - |A| - [2029] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
[28/07/2014 21:46:38] - |D| - [3880] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[13/05/2014 08:54:13] - |RD| - [9122] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[22/08/2013 12:27:08] - |RAS| - [2365] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
[28/07/2014 21:33:38] - |D| - [3397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[08/05/2014 06:18:29] - |RD| - [9887] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
[03/09/2016 08:16:37] - |D| - [8352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[19/03/2017 14:02:34] - |D| - [895] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
[22/08/2013 12:15:50] - |A| - [938] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
[08/05/2014 06:19:22] - |RD| - [1949] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
[17/07/2016 20:34:21] - |D| - [1118] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
[15/11/2016 19:03:29] - |D| - [2120] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[30/05/2016 13:11:15] - |D| - [1044] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slitherlink
[22/08/2013 21:06:30] - |RD| - [2251] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[22/08/2013 21:06:30] - |RD| - [6218] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[16/06/2016 00:28:00] - |D| - [1100] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
[10/09/2016 02:29:48] - |D| - [2324] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker
[27/03/2015 15:08:18] - |D| - [3190] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vernier Software
[15/11/2016 22:48:12] - |D| - [1924] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView
[22/08/2013 12:18:43] - |RAS| - [2191] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
[28/07/2014 21:31:41] - |D| - [4057] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[20/03/2017 00:10:49] - |D| - [1149] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[22/08/2013 21:06:33] - |SH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[13/05/2014 08:52:56] - |A| - [2077] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk

---------- | C:\Program Files (x86)

[28/07/2014 21:33:11] - |D| - [417236406] - C:\Program Files (x86)\Adobe
[20/03/2017 12:23:07] - |D| - [1293] - C:\Program Files (x86)\Adware Removal Tool by TSA
[20/02/2016 23:39:38] - |D| - [41705385] - C:\Program Files (x86)\Apowersoft
[30/08/2014 11:31:16] - |D| - [353148835] - C:\Program Files (x86)\Autograph 3.3
[23/06/2016 23:08:33] - |D| - [81205290] - C:\Program Files (x86)\BlackBerry
[17/08/2015 13:34:07] - |D| - [329539211] - C:\Program Files (x86)\BlueJ
[13/05/2014 08:58:12] - |D| - [3598306] - C:\Program Files (x86)\Cisco
[22/08/2013 19:06:15] - |D| - [881943369] - C:\Program Files (x86)\Common Files
[08/05/2014 06:25:20] - |D| - [2203388] - C:\Program Files (x86)\Connected Music powered by Universal Music Group
[13/05/2014 09:07:54] - |D| - [1925464562] - C:\Program Files (x86)\CyberLink
[18/07/2016 12:40:16] - |D| - [45095860] - C:\Program Files (x86)\D-Link Connection Manager
[22/08/2013 21:06:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[19/03/2017 15:38:43] - |D| - [203007274] - C:\Program Files (x86)\ESET
[08/05/2014 06:25:06] - |D| - [215846090] - C:\Program Files (x86)\Evernote
[27/01/2016 10:09:36] - |D| - [19844027] - C:\Program Files (x86)\Free Screen To Video
[28/07/2014 21:33:17] - |D| - [464056732] - C:\Program Files (x86)\Google
[16/08/2015 13:29:33] - |D| - [11049106] - C:\Program Files (x86)\Graph
[08/05/2014 06:15:21] - |D| - [345465438] - C:\Program Files (x86)\Hewlett-Packard
[15/11/2016 21:43:00] - |D| - [21992] - C:\Program Files (x86)\Hotspoter
[22/10/2014 20:46:32] - |D| - [257263818] - C:\Program Files (x86)\IB Questionbank32
[08/05/2014 06:19:19] - |HD| - [169605284] - C:\Program Files (x86)\InstallShield Installation Information
[13/05/2014 08:47:11] - |D| - [21800977] - C:\Program Files (x86)\Intel
[22/08/2013 21:06:30] - |D| - [7118996] - C:\Program Files (x86)\Internet Explorer
[14/03/2017 20:10:40] - |D| - [239914249] - C:\Program Files (x86)\Kaspersky Lab
[22/09/2016 02:10:39] - |D| - [3416158] - C:\Program Files (x86)\LizardTech
[27/10/2015 14:46:11] - |D| - [12657202] - C:\Program Files (x86)\MathType
[13/05/2014 09:18:14] - |D| - [29647692] - C:\Program Files (x86)\McAfee
[18/03/2017 20:10:27] - |D| - [3002380] - C:\Program Files (x86)\Microsoft Mathematics Add-in
[08/05/2014 06:20:16] - |D| - [647436860] - C:\Program Files (x86)\Microsoft Office
[28/07/2014 21:36:26] - |D| - [14904] - C:\Program Files (x86)\Microsoft Visual Studio
[28/07/2014 21:34:10] - |D| - [1262854] - C:\Program Files (x86)\Microsoft Visual Studio 8
[28/07/2014 21:36:46] - |D| - [3178824] - C:\Program Files (x86)\Microsoft Works
[22/08/2013 21:06:30] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[28/07/2014 21:46:31] - |D| - [27253132] - C:\Program Files (x86)\Mozilla Firefox
[02/04/2014 15:20:36] - |D| - [26521] - C:\Program Files (x86)\MSBuild
[08/05/2014 06:24:55] - |RD| - [739776] - C:\Program Files (x86)\Online Services
[13/05/2014 08:53:12] - |D| - [23391246] - C:\Program Files (x86)\Realtek
[02/04/2014 15:20:36] - |D| - [36953857] - C:\Program Files (x86)\Reference Assemblies
[23/06/2016 23:07:42] - |D| - [26242609] - C:\Program Files (x86)\Research In Motion
[17/07/2016 20:34:11] - |D| - [13697898] - C:\Program Files (x86)\SHAREit
[15/11/2016 19:03:24] - |RD| - [85152973] - C:\Program Files (x86)\Skype
[30/05/2016 13:11:13] - |D| - [2436724] - C:\Program Files (x86)\slitherlink
[07/03/2017 19:25:01] - |D| - [35318156] - C:\Program Files (x86)\SMLNJ
[13/05/2014 08:53:45] - |HD| - [0] - C:\Program Files (x86)\Temp
[16/06/2016 03:01:53] - |D| - [147131618] - C:\Program Files (x86)\Texmaker
[10/09/2016 02:29:22] - |D| - [74617011] - C:\Program Files (x86)\Tracker
[02/08/2014 09:06:32] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[27/03/2015 15:08:18] - |D| - [123047316] - C:\Program Files (x86)\Vernier Software
[15/11/2016 21:29:11] - |D| - [335] - C:\Program Files (x86)\Virtual Router
[13/05/2014 09:10:03] - |D| - [21600799] - C:\Program Files (x86)\WildTangent Games
[22/08/2013 21:06:30] - |D| - [1455744] - C:\Program Files (x86)\Windows Defender
[22/08/2013 21:06:30] - |D| - [5953536] - C:\Program Files (x86)\Windows Mail
[22/08/2013 21:06:30] - |D| - [3315226] - C:\Program Files (x86)\Windows Media Player
[22/08/2013 21:06:30] - |D| - [230912] - C:\Program Files (x86)\Windows Multimedia Platform
[22/08/2013 21:06:30] - |D| - [7472698] - C:\Program Files (x86)\Windows NT
[22/08/2013 21:06:30] - |D| - [5495440] - C:\Program Files (x86)\Windows Photo Viewer
[22/08/2013 21:06:30] - |D| - [230912] - C:\Program Files (x86)\Windows Portable Devices
[22/08/2013 21:06:30] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[22/08/2013 21:06:30] - |D| - [0] - C:\Program Files (x86)\WindowsPowerShell
[20/03/2017 00:10:48] - |D| - [17202506] - C:\Program Files (x86)\Zemana AntiMalware

---------- | \Program Files

[20/03/2017 13:31:50] - |D| - [19035820] - \Program Files\9-lab
[13/05/2014 08:58:14] - |D| - [47542946] - \Program Files\Broadcom
[19/03/2017 12:50:01] - |D| - [20456512] - \Program Files\CCleaner
[22/08/2013 19:06:15] - |D| - [101706393] - \Program Files\Common Files
[22/08/2013 21:06:45] - |ASH| - [174] - \Program Files\desktop.ini
[19/03/2017 23:48:10] - |D| - [1969093] - \Program Files\Everything
[14/03/2017 01:39:45] - |D| - [0] - \Program Files\Google
[08/05/2014 06:15:18] - |D| - [41246503] - \Program Files\Hewlett-Packard
[16/02/2017 10:47:23] - |D| - [18893494] - \Program Files\HP
[13/05/2014 08:48:54] - |D| - [103682111] - \Program Files\Intel
[22/08/2013 21:06:31] - |D| - [26312169] - \Program Files\Internet Explorer
[13/03/2017 23:41:21] - |D| - [133397508] - \Program Files\Malwarebytes
[30/07/2014 00:11:32] - |D| - [3798303] - \Program Files\Micromax 200G USB Modem
[28/07/2014 21:34:17] - |D| - [1140374] - \Program Files\Microsoft Office
[02/04/2014 15:20:32] - |D| - [25757] - \Program Files\MSBuild
[13/05/2014 08:54:06] - |D| - [32823279] - \Program Files\Realtek
[02/04/2014 15:20:32] - |D| - [34612905] - \Program Files\Reference Assemblies
[19/03/2017 14:02:29] - |D| - [82220766] - \Program Files\RogueKiller
[13/05/2014 08:48:24] - |D| - [141828003] - \Program Files\Synaptics
[22/08/2013 20:17:10] - |HD| - [0] - \Program Files\Uninstall Information
[15/11/2016 22:48:10] - |D| - [3318125] - \Program Files\WinDjView
[22/08/2013 21:06:31] - |D| - [10240231] - \Program Files\Windows Defender
[22/08/2013 21:06:31] - |D| - [6312448] - \Program Files\Windows Mail
[22/08/2013 21:06:31] - |D| - [5367870] - \Program Files\Windows Media Player
[22/08/2013 21:06:31] - |D| - [286208] - \Program Files\Windows Multimedia Platform
[22/08/2013 21:06:31] - |D| - [7824954] - \Program Files\Windows NT
[22/08/2013 21:06:31] - |D| - [6426768] - \Program Files\Windows Photo Viewer
[22/08/2013 21:06:31] - |D| - [286208] - \Program Files\Windows Portable Devices
[22/08/2013 21:06:31] - |SHD| - [0] - \Program Files\Windows Sidebar
[22/08/2013 21:06:31] - |HD| - [1165452848] - \Program Files\WindowsApps
[22/08/2013 21:06:31] - |D| - [0] - \Program Files\WindowsPowerShell
[28/07/2014 21:31:33] - |D| - [5123704] - \Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[28/07/2014 21:33:13] - |D| - [16246295] - C:\Program Files (x86)\Common Files\Adobe
[30/08/2014 11:31:35] - |D| - [7938448] - C:\Program Files (x86)\Common Files\Autograph 3
[13/05/2014 09:17:54] - |D| - [96216] - C:\Program Files (x86)\Common Files\CyberLink
[28/07/2014 21:36:26] - |D| - [92976] - C:\Program Files (x86)\Common Files\DESIGNER
[13/05/2014 08:53:42] - |D| - [2106564] - C:\Program Files (x86)\Common Files\InstallShield
[13/05/2014 08:56:52] - |D| - [155537785] - C:\Program Files (x86)\Common Files\Intel
[13/05/2014 08:58:23] - |D| - [234303] - C:\Program Files (x86)\Common Files\Intel Corporation
[22/10/2014 20:22:22] - |D| - [2151307] - C:\Program Files (x86)\Common Files\Java
[13/05/2014 09:18:14] - |D| - [836168] - C:\Program Files (x86)\Common Files\mcafee
[22/08/2013 21:06:30] - |D| - [533404753] - C:\Program Files (x86)\Common Files\Microsoft Shared
[13/05/2014 09:26:35] - |D| - [1485205] - C:\Program Files (x86)\Common Files\Nikon
[13/05/2014 08:48:36] - |D| - [196972] - C:\Program Files (x86)\Common Files\postureAgent
[23/06/2016 23:02:35] - |D| - [66727857] - C:\Program Files (x86)\Common Files\Research In Motion
[22/08/2013 21:06:30] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[15/11/2016 19:03:26] - |D| - [2581120] - C:\Program Files (x86)\Common Files\Skype
[16/02/2017 10:41:24] - |D| - [0] - C:\Program Files (x86)\Common Files\SWF Studio
[22/08/2013 21:06:30] - |D| - [43178066] - C:\Program Files (x86)\Common Files\System
[27/03/2015 15:09:55] - |D| - [110592] - C:\Program Files (x86)\Common Files\TI Shared
[27/03/2015 15:08:56] - |D| - [2465038] - C:\Program Files (x86)\Common Files\Vernier Software
[23/06/2016 23:07:42] - |D| - [46551002] - C:\Program Files (x86)\Common Files\XCPCSync.OEM

---------- | \Program Files\Common files

[14/03/2017 01:13:26] - |D| - [1774538] - \Program Files\Common files\AV
[05/02/2016 13:25:06] - |D| - [5128124] - \Program Files\Common files\Corel
[22/08/2013 21:06:31] - |D| - [81459594] - \Program Files\Common files\microsoft shared
[05/02/2016 13:24:32] - |D| - [2653552] - \Program Files\Common files\Protexis
[22/08/2013 21:06:31] - |D| - [2702] - \Program Files\Common files\Services
[22/08/2013 21:06:31] - |D| - [10687883] - \Program Files\Common files\System

---------- | Tasks

[MD5.6F1F877DB5E59250A8815AEB4536B7FF] - [14/03/2017 19:45:20] - |A| - [338] - C:\Windows\Tasks\HPCeeScheduleForHP-PC.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [22/08/2013 20:15:54] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.00000000000000000000000000000000] - [14/03/2017 01:13:27] - |D| - [3860] - C:\Windows\System32\Tasks\AVAST Software
[MD5.93CD85217221313D05B791779F2735A0] - [19/03/2017 12:50:09] - |A| - [2778] - C:\Windows\System32\Tasks\CCleanerSkipUAC : “C:\Program Files\CCleaner\CCleaner.exe”
[MD5.5EB026328B6804DB9FBA6365E34E30EB] - [14/03/2017 01:23:16] - |A| - [3204] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.84D7A8D02C07BC2E21E3C5E65028D718] - [14/03/2017 01:23:19] - |A| - [3332] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [08/05/2014 06:25:33] - |D| - [7620] - C:\Windows\System32\Tasks\Hewlett-Packard
[MD5.2B169D3F3A77278B4073048384B9B68A] - [28/07/2014 21:48:26] - |A| - [4012] - C:\Windows\System32\Tasks\HPGenoobeReminder : “C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe”
[MD5.CFCA31F3505F9B2D9C973C33E360D11D] - [14/03/2017 20:17:36] - |A| - [3032] - C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launch er_{278ADC42-419D-4547-A6CA-5B74BE0AD901} : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.00000000000000000000000000000000] - [22/08/2013 21:06:30] - |D| - [383856] - C:\Windows\System32\Tasks\Microsoft
[MD5.748DB416DAD2770DAD822FAAA308E9DA] - [28/07/2014 21:23:49] - |A| - [3600] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1605944295-1278072363-3366277582-1001 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.33287F88E8DC083D8F7FEE8C6052A70F] - [02/08/2014 09:04:02] - |A| - [3598] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1605944295-1278072363-3366277582-1004 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.46F0488517C1D760FDEFBA33844A4A6D] - [30/08/2014 11:50:39] - |A| - [3600] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1605944295-1278072363-3366277582-1005 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.DF7A006AB9CDECC4B611C35D818BF69C] - [13/05/2014 10:34:56] - |A| - [2324] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1605944295-1278072363-3366277582-500 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.71E845317605583052F811E1DF69586B] - [02/04/2014 15:05:50] - |A| - [3596] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1725350855-1927001909-1276192757-500 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.F399DA6F2FBFE29A193A6C14E039BFEE] - [08/05/2014 06:10:25] - |A| - [3596] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1926912868-3721114296-1435701358-500 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.C141D6474D322F48DFD41D69C568140B] - [13/05/2014 08:43:18] - |A| - [3596] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2733828166-1789802061-3082008228-500 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.C960CEB40F711F5B7002433EBC9A2B8B] - [30/08/2014 12:02:28] - |A| - [3902] - C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{3B4D6E76-FC38-41A1-9102-DBC7623838F7} : C:\Windows\system32\msfeedssync.exe
[MD5.23F04245784F5E5DF9DBF0092A81AE11] - [28/07/2014 21:24:00] - |A| - [3902] - C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{B1F2061F-BE85-4148-A1E1-65F4E7E6E010} : C:\Windows\system32\msfeedssync.exe
[MD5.2EC7293DAD7916ECABA959D2AF9D5A16] - [30/08/2014 11:45:17] - |A| - [3902] - C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{DE27E9B2-459D-4537-842A-16F287853CBA} : C:\Windows\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [28/07/2014 21:18:41] - |D| - [13398] - C:\Windows\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [22/08/2013 21:06:31] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedacces s\Parameters\FirewallPolicy\FirewallRules]
“WirelessDisplay-Out-UDP”=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=17|Profile=Private|Profile=Public|App=%systemro ot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSDA;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“WirelessDisplay-Out-TCP”=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=6|Profile=Private|Profile=Public|App=%systemroo t%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSDA;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“WirelessDisplay-In-TCP”=v2.22|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|Profile=Private|Profile=Public|App=%systemroot %\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSDA;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“Netlogon-TCP-RPC-In”=v2.22|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe| Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
“Netlogon-NamedPipe-In”=v2.22|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
“Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper”=v2.22|Action=Allow|Active=FALSE|Dir=In|P rotocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@ firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
“Wininit-Shutdown-In-Rule-TCP-RPC”=v2.22|Action=Allow|Active=FALSE|Dir=In|Protoc ol=6|LPort=RPC|App=%systemroot%\system32\wininit.e xe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
“TCP Query User{A29BD3EF-FE76-4EC4-8475-B84A52CC2CF8}C:\program files (x86)\google\chrome\application\chrome.exe”=v2.10| Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile =Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Go ogle Chrome|Desc=Google Chrome|
“UDP Query User{9FCC04E9-E499-4B5B-99B7-02D63229409D}C:\program files (x86)\google\chrome\application\chrome.exe”=v2.10| Action=Block|Active=TRUE|Dir=In|Protocol=17|Profil e=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Go ogle Chrome|Desc=Google Chrome|

---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class{126476 0F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{14b62f 50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) → @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{17fdd8 f0-53df-406f-8287-8c38f6fc9bcc}] : (RIMUSBBB) → BlackBerry
[HKLM\SYSTEM\CurrentControlSet\Control\Class{1ed2bb f9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) → @PrintQueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class{25dbce 51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) → @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class{268c95 a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) → @c_sslaccel.inf,%SECURITYACCELERATORCLASSNAME%;Sec urity Accelerator
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2a9fe5 32-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) → @idtsec.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2EA9B4 3F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B648}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B649}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{36fc9e 60-c465-11cf-8056-444553540000}] : (USB) → @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3f966b d9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) → @oem28.inf,%ClassName%;SAMSUNG Android Phone
[HKLM\SYSTEM\CurrentControlSet\Control\Class{43675d 81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) → @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4658ee 7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) → @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48721b 56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) → @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class{49ce6a c8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) → @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 65-e325-11ce-bfc1-08002be10318}] : (CDROM) → @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 66-e325-11ce-bfc1-08002be10318}] : (Computer) → @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 67-e325-11ce-bfc1-08002be10318}] : (DiskDrive) → @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 68-e325-11ce-bfc1-08002be10318}] : (Display) → @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 69-e325-11ce-bfc1-08002be10318}] : (fdc) → @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6a-e325-11ce-bfc1-08002be10318}] : (hdc) → @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6b-e325-11ce-bfc1-08002be10318}] : (Keyboard) → @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6c-e325-11ce-bfc1-08002be10318}] : (MEDIA) → @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6d-e325-11ce-bfc1-08002be10318}] : (Modem) → @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6e-e325-11ce-bfc1-08002be10318}] : (Monitor) → @%SystemRoot%\System32\Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6f-e325-11ce-bfc1-08002be10318}] : (Mouse) → @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 70-e325-11ce-bfc1-08002be10318}] : (MTD) → @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 71-e325-11ce-bfc1-08002be10318}] : (MultiFunction) → @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 72-e325-11ce-bfc1-08002be10318}] : (Net) → @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 73-e325-11ce-bfc1-08002be10318}] : (NetClient) → @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 74-e325-11ce-bfc1-08002be10318}] : (NetService) → @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 75-e325-11ce-bfc1-08002be10318}] : (NetTrans) → @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 77-e325-11ce-bfc1-08002be10318}] : (PCMCIA) → @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 78-e325-11ce-bfc1-08002be10318}] : (Ports) → @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 79-e325-11ce-bfc1-08002be10318}] : (Printer) → @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) → @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7d-e325-11ce-bfc1-08002be10318}] : (System) → @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7e-e325-11ce-bfc1-08002be10318}] : (Unknown) → @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 80-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) → @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50127d c3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) → @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{502EB6 8B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50906c b8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) → @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class{509994 4a-f6b9-4057-a056-8c550228544c}] : (Memory) → @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50dd52 30-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) → @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5175d3 34-c371-4806-b3ba-71fd53c9258d}] : (Sensor) → @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{533c5b 84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) → @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53d29e f7-377c-4d14-864b-eb3a85769359}] : (Biometric) → @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class{563083 1c-06c9-4856-b327-f5d32586e060}] : (Proximity) → @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{574650 43-616c-6c6f-7574-5f636c617373}] : (WFPCALLOUTS) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{62f9c7 41-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) → @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c1-810f-11d0-bec7-08002be2092f}] : (1394) → @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c5-810f-11d0-bec7-08002be2092f}] : (Infrared) → @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c6-810f-11d0-bec7-08002be2092f}] : (Image) → @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6d8078 84-7d21-11cf-801c-08002be10318}] : (TapeDrive) → @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6FAE73 B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71a27c dd-812a-11d0-bec7-08002be2092f}] : (Volume) → @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class{72631e 54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) → @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class{745a17 a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) → @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{7ebefb c0-3200-11d2-b4c2-00a0c9697d07}] : (61883) → @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class{81C874 65-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8496e8 7e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) → @oem48.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88a1c3 42-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) → @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88bae0 32-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) → @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8c78b9 6c-9120-4da4-a144-ff427f2cf132}] : (BarcodeScanner) → @hidscanner.inf,%ClassName%;POS HID Barcode scanners
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8ecc05 5d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) → @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{990a2b d7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) → @%SystemRoot%\System32\sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9d6d66 a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) → @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9da2b8 0f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) → @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a588 a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) → @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A3E32D BA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{B95B83 6B-234E-4857-A1F8-D0D9A9BEC1C5}] : (vmbus) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c06ff2 65-ae09-48f0-812c-16753d7cba83}] : (AVC) → @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c16652 3c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) → @AudioEndpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c30ece a0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) → @WSDPrint.Inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c67167 8c-82c1-43f3-d700-0049433e9a4b}] : (Jungo) → Jungo
[HKLM\SYSTEM\CurrentControlSet\Control\Class{ce5939 ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) → @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d421b0 8e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) → @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d48179 be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) → @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d61ca3 65-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) → @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d94ee5 d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) → @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class{db4f6d dd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) → @%SystemRoot%\System32\sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e0cbf0 6c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) → @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e2f84c e7-8efa-411c-aa69-97454ca4cb57}] : (Extension) → @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class{eec5ad 98-8080-425f-922a-dabf3de3f69a}] : (WPD) → @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f2e7dd 72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) → @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f72fe0 d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) → @oem32.inf,%ClassName%;ADB Interface
[HKLM\SYSTEM\CurrentControlSet\Control\Class~backup .{4D36E972-E325-11CE-BFC1-08002bE10318}.bak0] : (Net) → @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class~backup .{4D36E972-E325-11CE-BFC1-08002bE10318}.bak1] : (Net) → @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] → ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] → elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] → ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[02/06/2016 03:43:38] - (6.8.0.67) - (AO Kaspersky Lab - Kaspersky Unified Driver) - C:\Windows\system32\DRIVERS\kl1.sys
[10/06/2016 06:41:26] - (4.0.74.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\Windows\system32\DRIVERS\cm_km.sys
[07/06/2016 23:33:14] - (12.0.0.6) - (AO Kaspersky Lab - Backup Disk Filter [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\klbackupdisk.sys
[23/07/2013 22:58:56] - (6.0.5.1) - (Hewlett-Packard - HP Disk Filter - SATA/RAID) - C:\Windows\system32\DRIVERS\hpdskflt.sys
[20/06/2016 17:54:10] - (12.0.111.62) - (AO Kaspersky Lab - klhk [fre_win8_x64]) - C:\Windows\System32\drivers\klhk.sys
[15/06/2016 00:23:44] - (12.0.0.8) - (AO Kaspersky Lab - Backup File Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klbackupflt.sys
[14/03/2017 20:07:43] - (12.0.31.0) - (AO Kaspersky Lab - Filter Core [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klflt.sys
[14/03/2017 20:07:41] - (12.0.208.0) - (AO Kaspersky Lab - Core System Interceptors [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klif.sys
[31/05/2016 23:31:20] - (12.0.0.6) - (AO Kaspersky Lab - Format Recognizer [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\klpd.sys
[18/06/2016 01:36:24] - (12.0.0.11) - (AO Kaspersky Lab - WFP Network Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klwfp.sys
[20/06/2016 23:41:10] - (13.0.0.8) - (AO Kaspersky Lab - Packet Network Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klim6.sys
[02/06/2016 22:39:42] - (12.0.0.39) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klwtp.sys
[20/03/2017 00:10:50] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\Windows\System32\drivers\zamguard64.sys
[20/03/2017 00:10:50] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\Windows\System32\drivers\zam64.sys
[14/06/2016 17:47:52] - (12.0.0.22) - (AO Kaspersky Lab - Network Processor [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kneps.sys
[13/05/2014 09:17:55] - (1.0.0.3512) - (CyberLink - It is a virtual device driver which could create multiple virtual devices and mount image files.) - C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
[07/06/2016 01:31:06] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\Windows\system32\DRIVERS\kltap.sys
[19/03/2015 12:22:44] - (1.1.0.18) - (BlackBerry Limited - BlackBerry Virtual Private Network Driver) - C:\Windows\System32\Drivers\rimvndis6_AMD64.sys
[14/08/2013 04:32:08] - (1.0.11.0) - ( - Intel Keyboard Class Upper Filter Driver) - C:\Windows\system32\DRIVERS\ikbevent.sys
[13/03/2014 22:20:16] - (18.1.5.2) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\Windows\system32\DRIVERS\SynTP.sys
[19/05/2016 00:57:36] - (12.0.0.1) - (AO Kaspersky Lab - Keyboard Device Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klkbdflt.sys
[14/08/2013 04:32:12] - (1.0.11.0) - ( - Intel Mouse Class Upper Filter Driver) - C:\Windows\system32\DRIVERS\imsevent.sys
[07/06/2015 01:52:56] - (10.0.0.11) - (Kaspersky Lab ZAO - Mouse Device Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klmouflt.sys
[13/03/2014 22:20:16] - (18.1.5.2) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
[23/07/2013 22:58:56] - (6.0.5.1) - (Hewlett-Packard - HP Accelerometer) - C:\Windows\system32\DRIVERS\Accelerometer.sys
[23/07/2013 05:15:58] - (1.0.6.1) - (Hewlett-Packard Development Company, L.P. - HP Wireless Button Driver) - C:\Windows\System32\drivers\WirelessButtonDriver64 .sys
[14/08/2013 04:32:12] - (1.0.8.0) - ( - Intel(R) Smart Connect Technology Device Driver) - C:\Windows\System32\drivers\ISCTD64.sys
[13/05/2014 09:09:52] - (1.0.27893.6128) - (CyberLink Corporation - CyberLink WebCam Virtual Driver) - C:\Windows\system32\DRIVERS\clwvd.sys
[23/06/2016 23:03:31] - (2.3.0.11) - (Research in Motion Ltd - RIM Virtual Serial Driver) - C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
[31/05/2016 23:24:06] - (12.0.0.1) - (AO Kaspersky Lab - Virtual Disk [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kldisk.sys
[13/05/2014 09:04:09] - (0.0.0.0) - ( -) - C:\Windows\System32\Drivers\INETMON.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () → System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) → System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) → System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () → System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) → System32\drivers\agp440.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () → System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () → System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () → System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport’s Miniport Driver) → System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) → System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) → System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) → System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) → system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () → System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) → System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II 10 GigE VBD) → System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) → System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) → System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) → System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) → system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) → System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - gagp30kx (@machine.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) → System32\drivers\gagp30kx.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - hpdskflt (@oem23.inf,%service_desc%;HP Filter) → system32\DRIVERS\hpdskflt.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () → System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) → System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorA () → System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) → System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) → System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () → System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) → System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () → System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - kl1 (kl1) → system32\DRIVERS\kl1.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) → system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - klelam (klelam) → system32\DRIVERS\klelam.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () → System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () → System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () → System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2 () → System32\drivers\lsi_sas2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3 () → System32\drivers\lsi_sas3.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () → System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () → System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () → System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) → System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () → System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) → System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () → System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) → system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () → System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () → System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) → System32\drivers\nv_agp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) → System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@machine.inf,%pci_svcdesc%;PCI Bus Driver) → System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () → System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () → System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) → System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) → system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) → System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) → System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () → System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () → System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) → System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () → System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsof t Standard SATA AHCI Driver) → System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) → System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) → System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () → System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) → System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - uagp35 (@machine.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) → System32\drivers\uagp35.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) → System32\drivers\uliagpkx.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) → System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - viaide () → System32\drivers\viaide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) → System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) → System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) → System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) → System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () → System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) → System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) → system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) → system32\DRIVERS\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) → \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) → system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () → \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () → \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) → (?) - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) → \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - CLVirtualDrive (CLVirtualDrive) → \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) → system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) → System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) → system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klhk (@oem86.inf,%klhkDisplayName%;Kaspersky Lab service driver) → \SystemRoot\System32\drivers\klhk.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) → system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - KLIM6 (@oem73.inf,%KLIM6_Desc%;Kaspersky Anti-Virus NDIS 6 Filter) → \SystemRoot\system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) → system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klwfp (klwfp) → \SystemRoot\system32\DRIVERS\klwfp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Klwtp (KLwtp - WFP callout traffic inspector) → \SystemRoot\system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - kneps (kneps) → \SystemRoot\system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) → \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface) → system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) → System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) → \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) → system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) → \SystemRoot\system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) → system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) → \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) → \SystemRoot\system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) → \SystemRoot\system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM (ZAM Helper Driver) → ??\C:\Windows\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) → ??\C:\Windows\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - kldisk (kldisk) → \SystemRoot\system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) → \SystemRoot\system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) → \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) → system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) → \SystemRoot\system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) → system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) → system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) → \SystemRoot\system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) → System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) → System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft Files whitelisted)

[MD5.AD508A1A46EC21B740AB31C28EFDFDB1] - [22/08/2013 12:27:45] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [106.34 Ko] - (5.1.0.51) - C:\Windows\System32\Drivers\3ware.sys
[MD5.F39180029723D7779C80360F9E255709] - [23/07/2013 22:58:56] - (.© Copyright 2001-2013 Hewlett-Packard Development Company, L.P. - HP Accelerometer.) - [42.3 Ko] - (6.0.5.1) - C:\Windows\System32\Drivers\Accelerometer.sys
[MD5.7C1FDF1B48298CBA7CE4BDD4978951AD] - [22/08/2013 12:31:07] - (.Copyright (C) PMC-Sierra 2001-2013 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [763.84 Ko] - (1.0.0.254) - C:\Windows\System32\Drivers\adp80xx.sys
[MD5.D2BF2F94A47D332814910FD47C6BBCD2] - [22/08/2013 12:31:07] - (.Copyright © 2008-2013 AMD, Inc. - AHCI 1.3 Device Driver.) - [77.34 Ko] - (1.1.4.14) - C:\Windows\System32\Drivers\amdsata.sys
[MD5.A8E04943C7BBA7219AA50400272C3C6E] - [22/08/2013 12:27:45] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\Windows\System32\Drivers\amdsbs.sys
[MD5.CEA5F4F27CFC08E3A44D576811B35F50] - [22/08/2013 12:31:07] - (.Copyright © 2008-2013 AMD, Inc. - Storage Filter Driver.) - [25.34 Ko] - (1.1.4.14) - C:\Windows\System32\Drivers\amdxata.sys
[MD5.65045784366F7EC5FB4E71BCF923187B] - [22/08/2013 12:31:07] - (.Copyright 2013 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [111.34 Ko] - (7.2.0.30261) - C:\Windows\System32\Drivers\arcsas.sys
[MD5.F8FE7E12F8151E0A17C23CF840599F9A] - [14/11/2013 09:59:42] - (.Copyright (C) 2000-2012, Broadcom Corporation. - Broadcom Bluetooth Firmware Download Filter.) - [166.71 Ko] - (12.0.0.8047) - C:\Windows\System32\Drivers\bcbtums.sys
[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - [22/08/2013 12:27:48] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [17.21 Ko] - (6.3.9391.6) - C:\Windows\System32\Drivers\bcmfn2.sys
[MD5.79B6BF28DD35C673D1B02D7D7D8C4827] - [13/05/2014 08:58:15] - (.1998-2012, Broadcom Corp. All Rights Rsvd - Broadcom 802.11 Network Adapter wireless driver.) - [7341.67 Ko] - (6.223.215.5) - C:\Windows\System32\Drivers\BCMWL63a.SYS
[MD5.D0C542D44800D6600ED04755F5106DE9] - [06/04/2016 16:08:42] - (.Copyright 2016 BlackBerry - BlackBerry CDC/NCM Driver.) - [35.51 Ko] - (1.0.0.38) - C:\Windows\System32\Drivers\blackberryncm6_AMD64.s ys
[MD5.20C8EB70C0B179DF06A01CA503F4A824] - [05/09/2013 08:46:54] - (.Copyright (C) 2000-2012, Broadcom Corporation. - Broadcom Bluetooth USB AMP Filter for Windows Vista.) - [162.21 Ko] - (12.0.0.7820) - C:\Windows\System32\Drivers\btwampfl.sys
[MD5.0CBAC17B51CB0411938AB82240E4EEFA] - [10/09/2013 08:36:44] - (.Copyright (C) 2000-2012, Broadcom Corporation. - Bluetooth Serial Bus Driver.) - [147.21 Ko] - (12.0.0.7825) - C:\Windows\System32\Drivers\BtwSerialBus.sys
[MD5.A4A73F631FE2AA2826FBE4A399B04DEF] - [22/08/2013 12:27:55] - (.(c) COPYRIGHT 2001-2012 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [518.84 Ko] - (7.4.14.0) - C:\Windows\System32\Drivers\bxvbda.sys
[MD5.6D4391508AA902798259DE327DFDC621] - [15/11/2016 21:58:22] - (.Copyright © Connectify 2015 - Connectify NDISRD helper driver.) - [35.88 Ko] - (3.2.4.1) - C:\Windows\System32\Drivers\cfywlan1.sys
[MD5.5C646CAC91E086F7FF53C7F2E857F263] - [13/05/2014 09:17:55] - (.Copyright (C) 2011 CyberLink - It is a virtual device driver which could create multiple virtual devices and mount image files..) - [89.76 Ko] - (1.0.0.3512) - C:\Windows\System32\Drivers\CLVirtualDrive.sys
[MD5.9731DAFDC7B690B2C7752FDFF045BFD8] - [13/05/2014 09:09:52] - (.Copyright (C) 2009 CyberLink Corporation. - CyberLink WebCam Virtual Driver.) - [40.73 Ko] - (1.0.27893.6128) - C:\Windows\System32\Drivers\clwvd.sys
[MD5.B29A764A1E76473CD9D64C9438705C19] - [10/06/2016 06:41:26] - (.© 2016 AO Kaspersky Lab. - Cryptographic Module Driver x64 (56 bit).) - [233.34 Ko] - (4.0.74.0) - C:\Windows\System32\Drivers\cm_km.sys
[MD5.0E4142B0858B7F3F110E8BF8854062D7] - [15/11/2016 21:58:21] - (.Copyright Connectify© 2015 - CNNCTFY helper driver.) - [42.84 Ko] - (3.2.4.2) - C:\Windows\System32\Drivers\cnnctfy3.sys
[MD5.114BCFDF367FF37C3F1B0A96AF542E4D] - [22/08/2013 12:27:55] - (.(c) COPYRIGHT 2001-2013 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3278.34 Ko] - (7.4.33.1) - C:\Windows\System32\Drivers\evbda.sys
[MD5.E8E0D53AA910D8BC60A403E77DBA9B8C] - [14/03/2017 00:37:40] - (.(C) Malwarebytes. - Malwarebytes Anti-Ransomware Protection.) - [108.93 Ko] - (3.0.0.265) - C:\Windows\System32\Drivers\farflt.sys
[MD5.8B8E6BD988EAF18C1B86704BF05E5C03] - [23/07/2013 22:58:56] - (.© Copyright 2001-2013 Hewlett-Packard Development Company, L.P. - HP Disk Filter - SATA/RAID.) - [29.8 Ko] - (6.0.5.1) - C:\Windows\System32\Drivers\hpdskflt.sys
[MD5.A6AACEA4C785789BDA5912AD1FEDA80D] - [22/08/2013 12:27:45] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\Windows\System32\Drivers\HpSAMD.sys
[MD5.5D90E32E36CE5D4C535D17CE08AEAF05] - [22/08/2013 12:27:49] - (.Copyright © 2013, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [23.99 Ko] - (1.1.163.0) - C:\Windows\System32\Drivers\iaLPSSi_GPIO.sys
[MD5.DD05E7E80F52ADE9AEB292819920F32C] - [22/08/2013 12:27:49] - (.Copyright © 2013, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [96.99 Ko] - (1.1.163.0) - C:\Windows\System32\Drivers\iaLPSSi_I2C.sys
[MD5.4558F084BCB7EFA3E8321C95B4EE736F] - [08/11/2013 23:52:00] - (.Copyright(C) Intel Corporation 1994-2013 - Intel Rapid Storage Technology driver - x64.) - [617.35 Ko] - (12.8.9.1000) - C:\Windows\System32\Drivers\iaStorA.sys
[MD5.08BFE413B0B4AA8DFA4B5684CE06D3DC] - [22/08/2013 12:31:07] - (.Copyright(C) Intel Corporation 1994-2012 - Intel Rapid Storage Technology driver (inbox) - x64.) - [635.98 Ko] - (12.0.1.1018) - C:\Windows\System32\Drivers\iaStorAV.sys
[MD5.A2200C3033FA4EF249FC096A7A7D02A2] - [22/08/2013 12:31:07] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\Windows\System32\Drivers\iaStorV.sys
[MD5.142CFBE6ED0E498CCA7ABE8DD932C1AF] - [18/03/2014 22:59:24] - (.Copyright (c) 1998-2012 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [3642.5 Ko] - (10.18.10.3496) - C:\Windows\System32\Drivers\igdkmd64.sys
[MD5.E71AC94964ED675B3ED0727059B7F97B] - [14/08/2013 04:32:08] - (.Copyright (C) 2011 - 2013 Intel Corporation - Intel Keyboard Class Upper Filter Driver.) - [20.91 Ko] - (1.0.11.0) - C:\Windows\System32\Drivers\ikbevent.sys
[MD5.2FDB67F5B9F4E96B40FDC9D1AA0B686F] - [14/08/2013 04:32:12] - (.Copyright (C) 2011 - 2013 Intel Corporation - Intel Mouse Class Upper Filter Driver.) - [21.41 Ko] - (1.0.11.0) - C:\Windows\System32\Drivers\imsevent.sys
[MD5.3F2BB021CB280880F8C1B7A6FEF9B447] - [13/05/2014 09:04:09] - (.-.) - [28.41 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\INETMON.sys
[MD5.8E4044C6B71B2F837166F6EDB6BF9100] - [18/03/2014 22:59:02] - (.Intel(R) Corporation. - Intel(R) Display Audio Driver.) - [439.96 Ko] - (6.16.0.3135) - C:\Windows\System32\Drivers\IntcDAud.sys
[MD5.F0F581A2299CB2BAB1DF2597BCDDB80F] - [02/03/2014 02:12:29] - (.Copyright © 2013-2013, Intel Corporation. - Intel® WiDi Solution.) - [37.4 Ko] - (4.5.44.0) - C:\Windows\System32\Drivers\intelaud.sys
[MD5.4EE2423C38F43D37F8497A672FD10BDC] - [14/08/2013 04:32:12] - (.Copyright (C) 2011-2012 - Intel(R) Smart Connect Technology Device Driver.) - [45.48 Ko] - (1.0.8.0) - C:\Windows\System32\Drivers\ISCTD64.sys
[MD5.C2BC9AC9C6514230A481BDCA6A24BEFD] - [02/03/2014 02:12:30] - (.Copyright © 2013-2013, Intel Corporation. - Intel® WiDi Solution.) - [26.4 Ko] - (4.5.44.0) - C:\Windows\System32\Drivers\iwdbus.sys
[MD5.97E3E8F35632EECD0ABD2DE6519A9666] - [02/06/2016 03:43:38] - (.© 2016 AO Kaspersky Lab. - Kaspersky Unified Driver.) - [541.42 Ko] - (6.8.0.67) - C:\Windows\System32\Drivers\kl1.sys
[MD5.B01AD8DA034EE42D4C2282F77FDB03AE] - [07/06/2016 23:33:14] - (.© 2016 AO Kaspersky Lab. - Backup Disk Filter [fre_wnet_x64].) - [62.42 Ko] - (12.0.0.6) - C:\Windows\System32\Drivers\klbackupdisk.sys
[MD5.10549B5BFD9A3DCF4FFA6287236FA959] - [15/06/2016 00:23:44] - (.© 2016 AO Kaspersky Lab. - Backup File Filter [fre_win8_x64].) - [84.33 Ko] - (12.0.0.8) - C:\Windows\System32\Drivers\klbackupflt.sys
[MD5.7DAA9047F50BF5A3F8C147719FC520AF] - [31/05/2016 23:24:06] - (.© 2015 AO Kaspersky Lab. - Virtual Disk [fre_wnet_x64].) - [76.38 Ko] - (12.0.0.1) - C:\Windows\System32\Drivers\kldisk.sys
[MD5.5766A27C85EE813029831D125D2EFB45] - [31/03/2016 00:09:04] - (.© 2016 AO Kaspersky Lab. - Early Launch Anti-Malware Filter [fre_win8_x64].) - [28.12 Ko] - (12.0.0.6) - C:\Windows\System32\Drivers\klelam.sys
[MD5.2CBFFDD6325676C1DBD42C9F668B40EB] - [14/03/2017 20:07:43] - (.© 2016 AO Kaspersky Lab. - Filter Core [fre_win8_x64].) - [191.77 Ko] - (12.0.31.0) - C:\Windows\System32\Drivers\klflt.sys
[MD5.C2AED7EDBC43E8316513251C633FF546] - [20/06/2016 17:54:10] - (.© 2016 AO Kaspersky Lab. - klhk [fre_win8_x64].) - [497.78 Ko] - (12.0.111.62) - C:\Windows\System32\Drivers\klhk.sys
[MD5.9349AAE93762D6F23187E646D9BC00C9] - [14/03/2017 20:07:41] - (.© 2016 AO Kaspersky Lab. - Core System Interceptors [fre_win8_x64].) - [993.77 Ko] - (12.0.208.0) - C:\Windows\System32\Drivers\klif.sys
[MD5.6357C533C30650361110DBAF59A25DF8] - [20/06/2016 23:41:10] - (.© 2016 AO Kaspersky Lab. - Packet Network Filter [fre_win8_x64].) - [56.08 Ko] - (13.0.0.8) - C:\Windows\System32\Drivers\klim6.sys
[MD5.5480CC93737F48282552C84FA7EBA59B] - [19/05/2016 00:57:36] - (.© 2016 AO Kaspersky Lab. - Keyboard Device Filter [fre_win8_x64].) - [50.91 Ko] - (12.0.0.1) - C:\Windows\System32\Drivers\klkbdflt.sys
[MD5.FD47C92A63B6EADEA830BFA96C06EAEE] - [07/06/2015 01:52:56] - (.© 2015 Kaspersky Lab ZAO. - Mouse Device Filter [fre_win8_x64].) - [40.68 Ko] - (10.0.0.11) - C:\Windows\System32\Drivers\klmouflt.sys
[MD5.6B0C605591C892CBB683F63EA47822DC] - [31/05/2016 23:31:20] - (.© 2016 AO Kaspersky Lab. - Format Recognizer [fre_wnet_x64].) - [44.42 Ko] - (12.0.0.6) - C:\Windows\System32\Drivers\klpd.sys
[MD5.828B042A95F055648DA190DF6C7AB1B6] - [07/06/2016 01:31:06] - (.OpenVPN Technologies, Inc. - TAP-Windows Virtual Network Driver (NDIS 6.0).) - [50.93 Ko] - (9.0.0.21) - C:\Windows\System32\Drivers\kltap.sys
[MD5.4C5305295B51BA72FC9C8CDAB32F95C3] - [18/06/2016 01:36:24] - (.© 2016 AO Kaspersky Lab. - WFP Network Filter [fre_win8_x64].) - [83.32 Ko] - (12.0.0.11) - C:\Windows\System32\Drivers\klwfp.sys
[MD5.4799405773BB400A2FF96663CF0EE4A2] - [02/06/2016 22:39:42] - (.© 2016 AO Kaspersky Lab. - WFP Network Connection Filter Driver [fre_win8_x64].) - [133.22 Ko] - (12.0.0.39) - C:\Windows\System32\Drivers\klwtp.sys
[MD5.098D3EBDC599E05449A3BFB5BB519FE0] - [14/06/2016 17:47:52] - (.© 2016 AO Kaspersky Lab. - Network Processor [fre_wnet_x64].) - [194.72 Ko] - (12.0.0.22) - C:\Windows\System32\Drivers\kneps.sys
[MD5.C755AE4635457AA2A11F79C0DF857ABC] - [22/08/2013 12:27:45] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.84 Ko] - (1.34.3.82) - C:\Windows\System32\Drivers\lsi_sas.sys
[MD5.ADAC09CBE7A2040B7F68B5E5C9A75141] - [22/08/2013 12:27:45] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [91.34 Ko] - (2.0.60.82) - C:\Windows\System32\Drivers\lsi_sas2.sys
[MD5.04D1274BB9BBCCF12BD12374002AA191] - [22/08/2013 12:27:45] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen3 Driver (StorPort).) - [79.84 Ko] - (2.50.65.1) - C:\Windows\System32\Drivers\lsi_sas3.sys
[MD5.327469EEF3833D0C584B7E88A76AEC0C] - [22/08/2013 12:27:45] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\Windows\System32\Drivers\lsi_sss.sys
[MD5.ACB81E9F20882D2D2BEC7FF626E090AE] - [13/03/2017 23:41:44] - (.-.) - [75.59 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\mbae64.sys
[MD5.88BD122C3A35DE63D75D382DF75554CE] - [13/03/2017 23:42:09] - (.(C) Malwarebytes. - Malwarebytes Real-Time Protection.) - [42.94 Ko] - (3.0.0.83) - C:\Windows\System32\Drivers\mbam.sys
[MD5.835E1D6B5835EF70FC3BDF93ED42243A] - [13/03/2017 23:42:30] - (.(C) Malwarebytes. - Malwarebytes Chameleon.) - [181.94 Ko] - (3.0.0.155) - C:\Windows\System32\Drivers\MBAMChameleon.sys
[MD5.F8E8B0977741F114407494174522B71A] - [13/03/2017 23:42:01] - (.(C) Malwarebytes. - Malwarebytes SwissArmy.) - [245.94 Ko] - (4.2.0.108) - C:\Windows\System32\Drivers\MBAMSwissArmy.sys
[MD5.EA01AD547F3C4D8A841A113C857B440B] - [03/02/2015 10:00:16] - (.2012 Fortinet Inc. - Malware Detection and Removal Engine Driver.) - [91.72 Ko] - (2.0.52.0) - C:\Windows\System32\Drivers\mdare64_54.sys
[MD5.67687829B08837CEFD802B72DFAD8E3C] - [18/11/2015 22:59:28] - (.2012 Fortinet Inc. - Malware Detection and Removal Engine Driver.) - [91.38 Ko] - (2.0.61.0) - C:\Windows\System32\Drivers\mdare64_63.sys
[MD5.EB5C03A070F30D64A6DF80E53B22F53F] - [22/08/2013 12:27:45] - (.Copyright © LSI Corporation 2013 - MEGASAS RAID Controller Driver for Windows.) - [55.34 Ko] - (6.3.9466.0) - C:\Windows\System32\Drivers\megasas.sys
[MD5.F6F13533196DE7A582D422B0241E4363] - [22/08/2013 12:27:45] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\Windows\System32\Drivers\megasr.sys
[MD5.81AB6B6A13CD0FF378FC8EAE61B21E4D] - [13/12/2012 07:19:54] - (.Copyright (C) MediaTek Inc.. - MediaTek Mobile Broadband NDIS 6.20 Miniport Driver.) - [204 Ko] - (1.12.44.0) - C:\Windows\System32\Drivers\mtkmbim7_x64.sys
[MD5.B8C35C94DCB2DFEAF03BB42131F2F77F] - [22/08/2013 12:27:45] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1015) - C:\Windows\System32\Drivers\mvumis.sys
[MD5.71C365620D484750948664AA4A579AB3] - [13/03/2017 23:42:19] - (.(C) Malwarebytes. - Malwarebytes Web Protection.) - [89.93 Ko] - (3.0.0.138) - C:\Windows\System32\Drivers\mwac.sys
[MD5.BC6B5942AFF25EBAF62DE43C3807EDF8] - [22/08/2013 12:31:09] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) - [146.84 Ko] - (10.6.0.22) - C:\Windows\System32\Drivers\nvraid.sys
[MD5.1F43ABFFAC3D6CA356851D517392966E] - [22/08/2013 12:31:09] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) - [164.34 Ko] - (10.6.0.22) - C:\Windows\System32\Drivers\nvstor.sys
[MD5.B0E7D5D2CFAA6ED5F20EB8B84A35E593] - [21/03/2011 12:54:24] - (.2006-2009 Fortinet Inc., Fortinet Inc. - pppop.) - [41.53 Ko] - (2009.7.14.0) - C:\Windows\System32\Drivers\pppop64.sys
[MD5.344604E6913BD6E4EAEC34AF2E0943D7] - [23/06/2016 23:03:31] - (.Copyright (c) 2011 Research in Motion Ltd - RIM Virtual Serial Driver.) - [43.5 Ko] - (2.3.0.11) - C:\Windows\System32\Drivers\RimSerial_AMD64.sys
[MD5.968897C7F8184E2534F14B9B10BCFB72] - [06/05/2014 09:21:02] - (.Copyright 2014 BlackBerry Limited - BlackBerry Device Driver.) - [78 Ko] - (4.2.0.32) - C:\Windows\System32\Drivers\RimUsb_AMD64.sys
[MD5.8D5E629E39FD2A36ADF963BBAECC15D2] - [19/03/2015 12:22:44] - (.Copyright 2015 BlackBerry Limited - BlackBerry Virtual Private Network Driver.) - [18 Ko] - (1.1.0.18) - C:\Windows\System32\Drivers\rimvndis6_AMD64.sys
[MD5.7CC0D898D00675F14BA0C4BF056C1CF4] - [13/05/2014 08:55:17] - (.Copyright (C) 2013 Realtek Semiconductor Corporation. All Right Reserved. - Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver .) - [820.21 Ko] - (8.24.1218.2013) - C:\Windows\System32\Drivers\Rt630x64.sys
[MD5.44ED7064A8CFF33E6D2BCC81412145F7] - [13/05/2014 08:53:54] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [3850.96 Ko] - (6.0.1.7231) - C:\Windows\System32\Drivers\RTKVHD64.sys
[MD5.A5A0BBC875A1E50E29ED02E21A8FA13E] - [13/05/2014 08:53:12] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8.) - [305.71 Ko] - (6.3.9600.27047) - C:\Windows\System32\Drivers\RtsBaStor.sys
[MD5.6A940599A059C6C9D6E54D7A3EF356B8] - [13/05/2014 08:53:12] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8.) - [284.71 Ko] - (6.3.9600.29075) - C:\Windows\System32\Drivers\RtsP2Stor.sys
[MD5.8E255394255FB64DB7D31DD3D08F68A6] - [13/05/2014 08:53:12] - (.Copyright © Realtek Semiconductor Corporation 2013 - RTS PCIE READER Driver.) - [455.21 Ko] - (6.3.9600.21247) - C:\Windows\System32\Drivers\RtsPer.sys
[MD5.D23399622ED6692BF6AA1D30322345FC] - [13/05/2014 08:53:12] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8.) - [350.71 Ko] - (6.3.9600.28150) - C:\Windows\System32\Drivers\RtsPStor.sys
[MD5.14182642967B8751F3717E94FC90DF48] - [13/05/2014 08:53:12] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Win8.) - [264.71 Ko] - (6.3.9600.30174) - C:\Windows\System32\Drivers\RtsUStor.sys
[MD5.B0B2C5F4D0A41FAAE7F2DD51C889CC13] - [13/05/2014 08:53:12] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Win8.) - [324.21 Ko] - (6.3.9600.39057) - C:\Windows\System32\Drivers\RtsUVStor.sys
[MD5.3EA8A16169C26AFBEB544E0E48421186] - [22/08/2013 21:06:40] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [22.5 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys
[MD5.2F518D13DD6F3053837FE606F1A2EA1F] - [22/08/2013 12:31:09] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys
[MD5.1AC9A200A9C49C4508F04AAFFCA34A3F] - [22/08/2013 12:31:09] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys
[MD5.13DFE743C3AF65458F5C7777A9B16CCC] - [13/03/2014 22:20:14] - (.Copyright (C) Synaptics Incorporated 1996-2014 - Synaptics SMBus Driver.) - [29.73 Ko] - (18.1.5.2) - C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys
[MD5.3D3A01F8499FD703513A33ED0C8921C2] - [13/03/2014 22:20:16] - (.Copyright (C) Synaptics Incorporated 1996-2014 - Synaptics SMBus Driver.) - [30.73 Ko] - (18.1.5.2) - C:\Windows\System32\Drivers\Smb_driver_Intel.sys
[MD5.73BDD44A6088916964945886F9025409] - [22/01/2014 08:52:10] - (.Copyright (c) DEVGURU 2002-2008.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) - [106.25 Ko] - (2.11.7.0) - C:\Windows\System32\Drivers\ssudbus.sys
[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - [22/01/2014 08:52:10] - (.Copyright (c) DEVGURU 2002-2008. (www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) - [201.25 Ko] - (2.11.7.0) - C:\Windows\System32\Drivers\ssudmdm.sys
[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - [22/08/2013 12:27:45] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\Windows\System32\Drivers\stexstor.sys
[MD5.12711DAB3FCCC1649FE149B61C26C80A] - [13/03/2014 22:20:16] - (.Copyright (C) Synaptics Incorporated 1996-2014 - Synaptics Touchpad Win64 Driver.) - [528.73 Ko] - (18.1.5.2) - C:\Windows\System32\Drivers\SynTP.sys
[MD5.EB1D78140D6634C32A46AB1006105EDC] - [10/12/2013 20:57:36] - (.Copyright © 2006-2013, Intel Corporation. - Intel(R) Management Engine Interface.) - [97.96 Ko] - (9.5.24.1790) - C:\Windows\System32\Drivers\TeeDriverx64.sys
[MD5.C44D96B1CDDE705B23F55AB423CCA73D] - [29/03/2010 17:31:18] - (.Copyright © 2010 Texas Instruments - tinspusb.sys.) - [139.5 Ko] - (1.0.1.0) - C:\Windows\System32\Drivers\tinspusb.sys
[MD5.0D5A09B08568760AE85A801FCBC0F83D] - [19/03/2017 14:03:05] - (.-.) - [27.61 Ko] - (2.0.2.0) - C:\Windows\System32\Drivers\TrueSight.sys
[MD5.CABA2C0BBBDA1410EB18D4C7C574F355] - [18/07/2016 12:40:22] - (.Copyright (C) MediaTek Inc. - MediaTek USB to Com Port Driver.) - [79.5 Ko] - (1.0.1244.0) - C:\Windows\System32\Drivers\usb2ser.sys
[MD5.06D38968028E9AB19DE9B618C7B6D199] - [22/08/2013 17:52:58] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [19.34 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys
[MD5.4539F45F9F4C9757A86A56C949421E07] - [22/08/2013 12:31:09] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [164.84 Ko] - (7.0.9200.6320) - C:\Windows\System32\Drivers\vsmraid.sys
[MD5.0849B7260F26FE05EA56DED0672E2F4B] - [22/08/2013 12:31:10] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\Windows\System32\Drivers\VSTXRAID.SYS
[MD5.A3D04EBF5227886029B4532F20D026F7] - [27/01/2015 00:23:46] - (.(C) 2006-2008 Western Digital Technologies - WD SCSI Architecture Model (SAM) driver.) - [14.13 Ko] - (1.0.7.2) - C:\Windows\System32\Drivers\wdcsam64.sys
[MD5.4F2A80D65AE6F845776E2F06AE6782ED] - [23/07/2013 05:15:58] - (.Copyright (C) 2000-2012 Hewlett-Packard Development Company, L.P. - HP Wireless Button Driver.) - [20.31 Ko] - (1.0.6.1) - C:\Windows\System32\Drivers\WirelessButtonDriver64 .sys
[MD5.21E13F2CB269DEFEAE5E1D09887D47BB] - [20/03/2017 00:10:50] - (.Zemana Ltd. - ZAM.) - [198.91 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\zam64.sys
[MD5.21E13F2CB269DEFEAE5E1D09887D47BB] - [20/03/2017 00:10:50] - (.Zemana Ltd. - ZAM.) - [198.91 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\zamguard64.sys
[MD5.0D58FE0B853A1FD3D626F5118CE79F8F] - [27/03/2015 15:09:24] - (.Copyright © 1998 - ezusb.) - [17.02 Ko] - (1.20.0.0) - C:\Windows\Syswow64\Drivers\ezusb.sys
[MD5.A1124EBC672AA3AE1B327096C1DCC346] - [27/03/2015 15:09:55] - (.Copyright © 2003 Texas Instruments Incorporated - tiehdusb.sys.) - [48.38 Ko] - (1.5.0.0) - C:\Windows\Syswow64\Drivers\tiehdusb.sys
[MD5.9969E105B350D0F7CF03956FC4DC5407] - [27/03/2015 15:09:55] - (.Copyright © 2000 by Walter Oney - WDM stub functions for Windows 98.) - [11.25 Ko] - (5.0.0.6) - C:\Windows\Syswow64\Drivers\wdmstub.sys
[MD5.097A8291DF541F9B9AF2C500797CDCAA] - [27/03/2015 15:09:25] - (.Copyright © Jungo 1997 - 2006 - WinDriver Device Driver 8.11.) - [189.81 Ko] - (8.1.1.0) - C:\Windows\Syswow64\Drivers\windrvr6.sys

---------- | Uninstall

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\GeoGebra 5] : (GeoGebra 5.-.International GeoGebra Institute) → “C:\Users\HP-PC\GeoGebra 5.0\uninstaller.exe”
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MiKTeX 2.9] : (MiKTeX 2.9.-.MiKTeX.org) → “C:\Users\HP-PC\AppData\Local\Programs\MiKTeX 2.9\miktex/bin/internal\copystart.exe” “C:\Users\HP-PC\AppData\Local\Programs\MiKTeX 2.9\miktex/bin/internal\uninstall.exe”
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SmartDraw CI] : (.-.SmartDraw, LLC) → “C:\SMARTD~1\Uninstall.exe” “C:\SMARTD~1\Install.log” SmartDraw Uninstall
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}is1] : (RescueTime 2.12.5.1490.-.RescueTime.com) → “C:\Users\HP-PC\AppData\Local\RescueTime\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\8B3D7924-ED89-486B-8322-E8594065D5CB_is1] : (RogueKiller version 12.10.0.0.-.Adlice Software) → “C:\Program Files\RogueKiller\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\AddressBook] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Broadcom 802.11 Network Adapter] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Broadcom 802.11 Wireless LAN Adapter] : (Broadcom 802.11 Wireless LAN Adapter.-.Broadcom Corporation) → “C:\Program Files\Broadcom\Broadcom 802.11\bcmwlu00.exe” verbose /rootkey=“Software\Broadcom\802.11\UninstallInfo” /rootdir=“C:\Program Files\Broadcom\Broadcom 802.11” driver
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Broadcom Wireless Utility] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\CCleaner] : (CCleaner.-.Piriform) → “C:\Program Files\CCleaner\uninst.exe”
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Everything] : (Everything 1.3.4.686 (x64).-.) → C:\Program Files\Everything\Uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE40] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IEData] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SynTPDeinstKey] : (Synaptics Pointing Device Driver.-.Synaptics Incorporated) → rundll32.exe “%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll”,stan dAloneUninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WIC] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WinDjView] : (WinDjView 2.0.1.-.Andrew Zhezherun) → C:\Program Files\WinDjView\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WinRAR archiver] : (WinRAR 5.10 (64-bit).-.win.rar GmbH) → C:\Program Files\WinRAR\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall_{4DC318F5-1640-4417-A218-912ED9905FAA}] : (Corel Graphics - Windows Shell Extension.-.Corel Corporation) → c:\Program Files\Common Files\Corel\Shared\Shell Extension\x64\ShellUninst.exe -ProductCode {4DC318F5-1640-4417-A218-912ED9905FAA} -arp
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{0A1B4690-E176-4533-8058-939480AEE1D0}] : (Broadcom Bluetooth Drivers.-.Broadcom Corporation) → MsiExec.exe /X{0A1B4690-E176-4533-8058-939480AEE1D0}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{26A24AE4-039D-4CA4-87B4-2F86418025F0}] : (Java 8 Update 25 (64-bit).-.Oracle Corporation) → MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F86418025F0}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}] : (Inst5675.-.Softex Inc.) → MsiExec.exe /I{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{314FAD12-F785-4471-BCE8-AB506642B9A1}] : (HP SimplePass.-.Hewlett-Packard) → MsiExec.exe /X{314FAD12-F785-4471-BCE8-AB506642B9A1}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}is1] : (Malwarebytes version 3.0.6.1469.-.Malwarebytes) → “C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}] : (HP Utility Center.-.Hewlett-Packard Company) → MsiExec.exe /I{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}] : (Corel Graphics - Windows Shell Extension 32 Bit.-.Corel Corporation) → MsiExec.exe /I{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{409CB30E-E457-4008-9B1A-ED1B9EA21140}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) → “C:\ProgramData\Intel\Package Cache{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe” -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}] : (Energy Star.-.Hewlett-Packard Company) → MsiExec.exe /I{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{4DC318F5-1640-4417-A218-912ED9905FAA}] : (Corel Graphics - Windows Shell Extension.-.Corel Corporation) → MsiExec.exe /X{4DC318F5-1640-4417-A218-912ED9905FAA}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{51AC86D3-C431-48AD-9195-0D6C930D07CD}] : (Intel(R) Smart Connect Technology.-.Intel Corporation) → MsiExec.exe /I{51AC86D3-C431-48AD-9195-0D6C930D07CD}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}] : (HP Postscript Converter.-.Hewlett-Packard) → MsiExec.exe /I{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}] : (DisableMSDefender.-.Hewlett-Packard Company) → MsiExec.exe /I{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{878F6913-7421-4713-97F7-0A736EE2A188}] : (Inst5676.-.Softex Inc.) → MsiExec.exe /I{878F6913-7421-4713-97F7-0A736EE2A188}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{9E9C290F-18E8-412D-B4F2-6CD6B45E47C0}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) → MsiExec.exe /I{9E9C290F-18E8-412D-B4F2-6CD6B45E47C0}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B5E06417-A4AC-4225-B36E-7E34C91616E7}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) → MsiExec.exe /I{B5E06417-A4AC-4225-B36E-7E34C91616E7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{BE40AB1F-558F-4434-B72F-461EF97E7796}is1] : (BDAntiRansomware.-.Bitdefender) → “C:\Program Files\Bitdefender\Tools\BDAntiRansomware\unins000. exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{D1E8F2D7-7794-4245-B286-87ED86C1893C}] : (HP Registration Service.-.Hewlett-Packard) → MsiExec.exe /X{D1E8F2D7-7794-4245-B286-87ED86C1893C}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{D1F9117F-7187-4734-B105-8EEB4B2A3696}is1] : (MMX200G Netwarrior Manager V20090909.-.Micromax Informatics Limited) → “C:\Program Files\Micromax 200G USB Modem\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{E8A34AC8-0137-4515-A94B-0A0946DDC251}] : (Scan To.-.HP) → MsiExec.exe /I{E8A34AC8-0137-4515-A94B-0A0946DDC251}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\9-lab Removal Tool] : (9-lab Removal Tool.-.) → “C:\Program Files\9-lab\Removal Tool\uninst.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\AddressBook] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe Photoshop CS4_is1] : (Adobe Photoshop CS4.-.Adobe Systems Incorporated) → “C:\Program Files (x86)\Adobe\Photoshop CS4\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe Shockwave Player] : (Adobe Shockwave Player 12.0.-.Adobe Systems, Inc.) → “C:\windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Broad Mobi HSPA Modem Normal Version_is1] : (D-Link Connection Manager v7.0.1IN.-.) → “C:\Program Files (x86)\D-Link Connection Manager\uninst\unins000.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DjVu Solo 3.1] : (DjVu Solo 3.1.-.) → C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\LizardTech\DjVu Solo 3.1\Uninst.isu"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DSMT6] : (MathType 6.-.Design Science, Inc.) → “C:\Program Files (x86)\MathType\Setup.exe” -R
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\ESET Online Scanner] : (ESET Online Scanner v3.-.) → C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) → “C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\Insta ller\setup.exe” --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Graph_is1] : (Graph 4.3.-.Ivan Johansen) → “C:\Program Files (x86)\Graph\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IB Questionbank IB_MH] : (IB Questionbank Maths HL.-.) → C:\PROGRA~2\IBQUES~1\UNWISE32.EXE C:\PROGRA~2\IBQUES~1\IB_MH.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IB Questionbank IB_PH] : (IB Questionbank Physics.-.) → C:\PROGRA~2\IBQUES~1\UNWISE32.EXE C:\PROGRA~2\IBQUES~1\IB_PH.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE40] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IEData] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield Uninstall Information] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield{01FB4998-33C4-4431-85ED-079E3EEFE75D}] : (CyberLink YouCam.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}] : (CyberLink Media Suite 10.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}] : (CyberLink Power2Go 8.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield{314FAD12-F785-4471-BCE8-AB506642B9A1}] : (HP SimplePass.-.Hewlett-Packard) → “C:\Program Files (x86)\InstallShield Installation Information{314FAD12-F785-4471-BCE8-AB506642B9A1}\setup.exe” -runfromtemp -l0x0409 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}] : (Cyberlink PhotoDirector.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{39337565-330E-4ab6-A9AE-AC81E0720B10}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}] : (CyberLink PowerDirector 10.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}] : (CyberLink PowerDVD 12.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (Kaspersky Secure Connection.-.Kaspersky Lab) → MsiExec.exe /I{1CF84962-50F8-48CA-9082-B70F3A02C686} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (Kaspersky Total Security.-.Kaspersky Lab) → MsiExec.exe /I{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Mozilla Firefox (3.5.7)] : (Mozilla Firefox (3.5.7).-.Mozilla) → C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\OSP Tracker] : (Tracker.-.Open Source Physics) → C:\Program Files (x86)\Tracker\uninstall_Tracker.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Picasa 3] : (Picasa 3.-.Google, Inc.) → “C:\Program Files (x86)\Google\Picasa3\Uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\SHAREit_is1] : (SHAREit.-.Lenovo) → “C:\Program Files (x86)\SHAREit\SHAREit\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\slitherlink_is1] : (slitherlink version 1.0.-.) → “C:\Program Files (x86)\slitherlink\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Texmaker] : (Texmaker.-.) → C:\Program Files (x86)\Texmaker\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\VPython for Python 2.7_is1] : (VPython 6.11.-.) → “C:\Python27\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WIC] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WildTangentGameProvider-hp-genres] : (.-.WildTangent, Inc.) → “C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\Uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WildTangentGameProvider-hp-main] : (.-.WildTangent, Inc.) → “C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - main\Uninstall.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WildTangentGDF-hp-doubledowncasinosocial] : (.-.WildTangent) → “C:\Program Files (x86)\WildTangent Games\Web Link - DoubleDown Casino\Uninstall.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WildTangentGDF-hp-dragonsofatlantis] : (.-.WildTangent) → “C:\Program Files (x86)\WildTangent Games\Web Link - Dragons Of Atlantis\Uninstall.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{01FB4998-33C4-4431-85ED-079E3EEFE75D}] : (CyberLink YouCam.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{07FA4960-B038-49EB-891B-9F95930AA544}] : (HP Customer Experience Enhancements.-.Hewlett-Packard) → MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{082B1425-0F24-43FA-9B64-E8F617B0AD3B}] : (HP Documentation.-.Hewlett-Packard) → MsiExec.exe /X{082B1425-0F24-43FA-9B64-E8F617B0AD3B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1A10532B-CC99-415C-A51F-B8418DE7A395}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (Kaspersky Secure Connection.-.Kaspersky Lab) → MsiExec.exe /I{1CF84962-50F8-48CA-9082-B70F3A02C686}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1D657FA2-4C53-4CCB-8903-C86AD9338D8F}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}] : (BlackBerry Blend.-.BlackBerry Ltd.) → MsiExec.exe /I{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}] : (BlackBerry Device Drivers.-.BlackBerry Ltd.) → MsiExec.exe /I{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}] : (CyberLink Media Suite 10.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}] : (CyberLink Power2Go 8.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{30B2D1D8-0A07-4B71-9553-0710C5D31E35}] : (HP Wireless Button Driver.-.Hewlett-Packard Company) → MsiExec.exe /X{30B2D1D8-0A07-4B71-9553-0710C5D31E35}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{314FAD12-F785-4471-BCE8-AB506642B9A1}] : (.-.Softex Inc.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{39337565-330E-4ab6-A9AE-AC81E0720B10}] : (Cyberlink PhotoDirector.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{39337565-330E-4ab6-A9AE-AC81E0720B10}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{3D8B9E90-B711-4F60-A181-7CE80B2D6F89}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{40201846-B6BD-4858-A993-85030D1FF675}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{412F6426-A3C7-11E3-8A71-00163E98E7D6}] : (Evernote v. 5.2.-.Evernote Corp.) → MsiExec.exe /X{412F6426-A3C7-11E3-8A71-00163E98E7D6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}] : (BlackBerry Link Remover.-.BlackBerry Ltd.) → MsiExec.exe /I{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{46CD5A63-0C1F-45C3-B643-CA87A17275C0}] : (BlackBerry Communication Drivers.-.BlackBerry Ltd.) → MsiExec.exe /I{46CD5A63-0C1F-45C3-B643-CA87A17275C0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4715760F-AF61-494C-A699-7DF5D29A03A8}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4A3579A7-8A6A-4F07-8EFD-9E1DD7605864}_is1] : (Connected Music powered by Universal Music Group version 1.0.-.Universal Music India) → “C:\Program Files (x86)\Connected Music powered by Universal Music Group\unins000.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{51C7AD07-C3F6-4635-8E8A-231306D810FE}] : (Cisco LEAP Module.-.Cisco Systems, Inc.) → MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconductor Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe” -runfromtemp -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) → MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{612C34C7-5E90-47D8-9B5C-0F717DD82726}] : (swMSM.-.Adobe Systems, Inc) → MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}] : (Cisco EAP-FAST Module.-.Cisco Systems, Inc.) → MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{65153EA5-8B6E-43B6-857B-C6E4FC25798A}] : (Intel(R) Management Engine Components.-.Intel Corporation) → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{65386E59-7F41-4843-AC59-B57C57439BB8}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{697DD5FE-79B0-4F3B-9555-24B0B167DF03}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{6F340107-F9AA-47C6-B54C-C3A19F11553F}] : (Hewlett-Packard ACLM.NET v1.2.2.3.-.Hewlett-Packard Company) → MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{79F081BF-7454-43DB-BD8F-9EE596813232}] : (Python 2.7.9.-.Python Software Foundation) → MsiExec.exe /I{79F081BF-7454-43DB-BD8F-9EE596813232}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{7D66971C-652B-4065-A6B1-B3EE313C254B}] : (BlueJ.-.BlueJ Team) → MsiExec.exe /X{7D66971C-652B-4065-A6B1-B3EE313C254B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver.-.Realtek) → C:\Program Files (x86)\InstallShield Installation Information{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8C696B4B-6AB1-44BC-9416-96EAC474CABE}] : (HP Support Assistant.-.Hewlett-Packard Company) → “C:\Program Files (x86)\InstallShield Installation Information{8C696B4B-6AB1-44BC-9416-96EAC474CABE}\setup.exe” -runfromtemp -l0x0409 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1] : (Zemana AntiMalware.-.Zemana Ltd.) → “C:\Program Files (x86)\Zemana AntiMalware\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{9D50B374-147A-41E1-B2FD-A76C0A9916E9}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{a0642dd3-1105-464b-84c8-caaf676c39c8}] : (BlackBerry 10 Desktop Software.-.BlackBerry) → “C:\ProgramData\Package Cache{a0642dd3-1105-464b-84c8-caaf676c39c8}\BlackBerryDesktopSoftware.exe” /uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-0804-1033-1959-001824211354}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-0804-1033-1959-001824211354}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-7AD7-1033-7B44-AB0000000001}] : (Adobe Reader XI (11.0.19).-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AD6A8057-680B-459E-84D6-13A880A3575C}] : (Autograph 3.3.-.Eastmond Publishing Ltd.) → MsiExec.exe /I{AD6A8057-680B-459E-84D6-13A880A3575C}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}] : (CyberLink PowerDirector 10.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{B46BEA36-0B71-4A4E-AE41-87241643FA0A}] : (CyberLink PowerDVD 12.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C42468F9-9812-4550-A54B-5DDB062EB10F}] : (BlackBerry Link.-.BlackBerry) → MsiExec.exe /I{C42468F9-9812-4550-A54B-5DDB062EB10F}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{CBE48FF8-521A-4AE1-92B5-7008D8529630}] : (Logger Pro 3.6.1.-.Vernier Software & Technology) → C:\Program Files (x86)\InstallShield Installation Information{CBE48FF8-521A-4AE1-92B5-7008D8529630}\setup.exe -runfromtemp -l0x0009 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D22761B2-44C4-44D5-9F23-7DAB4DF56655}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D2437C5C-2D8C-40D2-8059-689AD7239FA3}] : (Intel(R) C++ Redistributables for Windows* on Intel(R) 64.-.Intel Corporation) → MsiExec.exe /X{D2437C5C-2D8C-40D2-8059-689AD7239FA3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D8F984D3-79C1-4AD0-8E27-1F4528BC1712}] : (HP Recovery Manager.-.Hewlett-Packard) → MsiExec.exe /I{D8F984D3-79C1-4AD0-8E27-1F4528BC1712}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1] : (Apowersoft Screen Recorder Pro V2.1.1.-.APOWERSOFT LIMITED) → “C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{DEF23826-DB71-4654-BC00-D5D6C20802EA}] : (HP System Event Utility.-.Hewlett-Packard Company) → MsiExec.exe /I{DEF23826-DB71-4654-BC00-D5D6C20802EA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (Kaspersky Total Security.-.Kaspersky Lab) → MsiExec.exe /I{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}] : (HP CoolSense.-.Hewlett-Packard Company) → MsiExec.exe /I{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E6F7EDC4-6271-4560-A22B-F13BC710F47B}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}] : (Cisco PEAP Module.-.Cisco Systems, Inc.) → MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) → C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) → RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe” -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{f761359c-9ced-45ae-9a51-9d6605cd55c4}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F7CA0FDB-0C97-480B-A532-2A579917CFDB}] : (Standard ML of New Jersey.-.University of Chicago) → MsiExec.exe /X{F7CA0FDB-0C97-480B-A532-2A579917CFDB}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F90A86C9-7779-47DD-AC06-8EE832C55F55}] : (HP 3D DriveGuard.-.Hewlett-Packard Company) → MsiExec.exe /X{F90A86C9-7779-47DD-AC06-8EE832C55F55}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.30.-.Skype Technologies S.A.) → MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6}

---------- | Installer

[HKCR\Installer\Products\0694AF70830BBE9498B1F95939 A05A44] : HP Customer Experience Enhancements → C:\windows\Installer{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0964B1A0671E33540885394908 EA1E0D] : Broadcom Bluetooth Drivers → C:\Windows\Installer{0A1B4690-E176-4533-8058-939480AEE1D0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0A93EF4767BFDC7448AB192EBB 1BE72F] : DisableMSDefender
[HKCR\Installer\Products\10C24AD12DE4E4B49BC081CFAB 21CF14] : BlackBerry Blend
[HKCR\Installer\Products\21DAF413587F1744CB8EBA0566 249B1A] : HP SimplePass → C:\windows\Installer{314FAD12-F785-4471-BCE8-AB506642B9A1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\26948FC18F05AC8409287BF0A3 206C68] : Kaspersky Secure Connection → C:\Windows\Installer{1CF84962-50F8-48CA-9082-B70F3A02C686}\setup2.ico
[HKCR\Installer\Products\2C0D8C2E79C150C439A9B5310A EF56C5] : HP CoolSense → C:\windows\Installer{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\2D6F4B0BEA2FA1544969F6F2A6 98B723] : PowerDirector → C:\Windows\Installer{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3196F87812473174797FA037E6 2E1A88] : Inst5676 → C:\windows\Installer{878F6913-7421-4713-97F7-0A736EE2A188}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\36A5DC64F1C03C546B34AC781A 27570C] : BlackBerry Communication Drivers
[HKCR\Installer\Products\3D489F8D1C970DA4E872F15482 CB7121] : HP Recovery Manager → C:\windows\Installer{D8F984D3-79C1-4AD0-8E27-1F4528BC1712}_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\3D68CA15134CDA841959D0C639 D070DC] : Intel(R) Smart Connect Technology → C:\Windows\Installer{51AC86D3-C431-48AD-9195-0D6C930D07CD}\ISCT.ico
[HKCR\Installer\Products\42C6FBF1Df1C10144AB2C065F4 E9E897] : Media Suite → C:\Windows\Installer{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF26814 08520F] : Java 8 Update 25 (64-bit)
[HKCR\Installer\Products\5241B28042F0AF34B9468E6F71 0BDAB3] : HP Documentation → C:\Windows\Installer{082B1425-0F24-43FA-9B64-E8F617B0AD3B}\NotebookDocs.exe
[HKCR\Installer\Products\56573393E0336ba49AEACA180E 27B001] : PhotoDirector → C:\Windows\Installer{39337565-330E-4ab6-A9AE-AC81E0720B10}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5D6775DE4B957B64FA18F5D249 7D6C04] : Cisco PEAP Module
[HKCR\Installer\Products\5E0946F10457D624CBE1BE750B FBC083] : BlackBerry Device Drivers
[HKCR\Installer\Products\5F813CD4046171442A8119E29D 09F5AA] : Corel Graphics - Windows Shell Extension → c:\Windows\Installer{4DC318F5-1640-4417-A218-912ED9905FAA}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6246F2147C3A3E11A8170061E3 897E6D] : Evernote v. 5.2 → C:\windows\Installer{412F6426-A3C7-11E3-8A71-00163E98E7D6}\Evernote.ico
[HKCR\Installer\Products\62832FED17BD4564CB005D6D2C 8020AE] : HP System Event Utility → C:\windows\Installer{DEF23826-DB71-4654-BC00-D5D6C20802EA}_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\63AEB64B17B0E4A4EA14784261 34AFA0] : PowerDVD → C:\Windows\Installer{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA408033019195008142 123145] : Adobe Refresh Manager → C:\Windows\Installer{AC76BA86-0804-1033-1959-001824211354}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA73301B744BA0000 000010] : Adobe Reader XI (11.0.19) → C:\Windows\Installer{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
[HKCR\Installer\Products\6B2AC564FA8977E4EB229A803C B49BCE] : Energy Star → C:\Windows\Installer{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\6D6E41E65713A1E49B43AC5B8A 3676DC] : HP Postscript Converter
[HKCR\Installer\Products\701043F6AA9F6C745BC43C1AF9 1155F3] : Hewlett-Packard ACLM.NET v1.2.2.3 → C:\windows\Installer{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\70DA7C156F3C5364E8A8323160 8D01EF] : Cisco LEAP Module
[HKCR\Installer\Products\71460E5BCA4A52243BE6E7439C 61617E] : Intel® Trusted Connect Service Client
[HKCR\Installer\Products\74A569CF9384AC046B81814F68 0F246C] : Skype™ 7.30 → C:\Windows\Installer{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
[HKCR\Installer\Products\7508A6DAB086E954486D318A08 3A75C5] : Autograph 3.3 → C:\Windows\Installer{AD6A8057-680B-459E-84D6-13A880A3575C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7810FB462D3FB89499AE61A39F EAE69C] : Cisco EAP-FAST Module
[HKCR\Installer\Products\7C43C21609E58D74B9C5F017D7 8D7262] : swMSM → C:\windows\Installer{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7D2F8E1D497754242B6878DE68 1C98C3] : HP Registration Service → C:\Windows\Installer{D1E8F2D7-7794-4245-B286-87ED86C1893C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8994BF104C33134458DE70E9E3 FE7ED5] : YouCam → C:\Windows\Installer{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8CA43A8E731051549AB4A09064 DD2C15] : Scan To
[HKCR\Installer\Products\8D1D2B0370A017B4593570015C 3DE153] : HP Wireless Button Driver → C:\Windows\Installer{30B2D1D8-0A07-4B71-9553-0710C5D31E35}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446E B8552E] : Google Update Helper
[HKCR\Installer\Products\9A1EA4B3620C80D40840ADA958 4A114A] : Corel Graphics - Windows Shell Extension 32 Bit → c:\Windows\Installer{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9C68A09F9777DD74CA60E88E23 5CF555] : HP 3D DriveGuard → C:\Windows\Installer{F90A86C9-7779-47DD-AC06-8EE832C55F55}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9F86424C218905545AB4D5BD60 E21BF0] : BlackBerry Link
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745 894BAC] : Google Update Helper
[HKCR\Installer\Products\B4B696C81BA6CB44496169AE4C 47ACEB] : HP Support Assistant → C:\windows\Installer{8C696B4B-6AB1-44BC-9416-96EAC474CABE}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\B7D1B72E43B32A34F90C89825D FD642E] : Kaspersky Total Security → C:\Windows\Installer{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}\setup2.ico
[HKCR\Installer\Products\BAC56D448CB17B74FBB5E38B6B BB2067] : BlackBerry Link Remover
[HKCR\Installer\Products\C17966D7B25656046A1B3BEE13 C352B4] : BlueJ
[HKCR\Installer\Products\C5C7342DC8D22D04089586A97D 32F93A] : Intel(R) C++ Redistributables for Windows* on Intel(R) 64 → C:\Windows\Installer{D2437C5C-2D8C-40D2-8059-689AD7239FA3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C7426ED27707B154B87AFF1D2A BABB74] : Inst5675 → C:\windows\Installer{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D84D78A2FDF3df1479DC1A3E07 FEFF2E] : Power2Go → C:\Windows\Installer{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F092C9E98E81D2144B2FC66D4B E5740C] : Intel(R) Rapid Storage Technology
[HKCR\Installer\Products\F5C08F63D0CD4FD4FA90CD8176 0FBEA0] : HP Utility Center → C:\Windows\Installer{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\F60730A4A66673047777F57284 67D401] : Java Auto Updater
[HKCR\Installer\Products\FB180F974547BD34DBF8E95E69 182323] : Python 2.7.9

---------- | ADS

---------- | Drives

---------- | MBR

64 bits not supported by MBR.exe, Dump : Impossible to extract !!!

---------- | 20 LastEventLog
[HEADING=1]Activation context generation failed for “C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f 33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec 6aab013aafee.manifest.[/HEADING]
[HEADING=1]Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x504
Faulting application start time: 0x01d2a1649c7b7a97
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: e3ebca20-0d57-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f 33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec 6aab013aafee.manifest.[/HEADING]
[HEADING=1]Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x1678
Faulting application start time: 0x01d2a15475edcf32
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: c669793d-0d57-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
[HEADING=1]There was an error with the Windows Location Provider database[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f 33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec 6aab013aafee.manifest.[/HEADING]
[HEADING=1]Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x1a44
Faulting application start time: 0x01d2a154585aab9a
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ab1fd5de-0d47-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
[HEADING=1]Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x914
Faulting application start time: 0x01d2a154423fcdeb
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 89cd7efe-0d47-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
[HEADING=1]Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x117c
Faulting application start time: 0x01d2a154021ea380
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 624f0d97-0d47-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
[HEADING=1]Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x18dc
Faulting application start time: 0x01d2a153d43455c0
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 3b316175-0d47-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f 33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec 6aab013aafee.manifest.[/HEADING]
The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1474
Start Time: 01d2a152f499eceb
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.ex e
Report Id: e997498b-0d46-11e7-82f9-a02bb859a5c2
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.2091 1_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

---

[HEADING=1]Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x1730
Faulting application start time: 0x01d2a1537783fcef
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ce4d881d-0d46-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f 33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec 6aab013aafee.manifest.[/HEADING]
[HEADING=1]Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x134c
Faulting application start time: 0x01d2a152f20a4608
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 5f9f21f1-0d46-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f 33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec 6aab013aafee.manifest.[/HEADING]
[HEADING=1]Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x9bc
Faulting application start time: 0x01d2a143f33068d6
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: a4501107-0d44-11e7-82f8-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1bac
Start Time: 01d2a14543b82cf7
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.ex e
Report Id: 392b69cb-0d39-11e7-82f8-a02bb859a5c2
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.2091 1_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

---

Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data
[HEADING=1]Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ebfab9cc-f78b-4905-a65b-4b4eb94b1200}[/HEADING]
----------( EOF)---------- - 4912 | 16:11:08

6383522C180BADC4E1D5C30A5C4F4913 \Program Files\desktop.ini
B0221E152F38E1E231BF2AF7E80F99E5 \Program Files\Everything\Changes.txt
FE18DDEA98D90DBF850AFCA0158ABEC8 \Program Files\Everything\Everything.exe
E161C6DC64F493DB361A706A50246449 \Program Files\Everything\Everything.ini
2B6ED08D9106F2465648B46D098EA24B \Program Files\Everything\Everything.lng
7C40ED77D115E2A00869A9170D9D8829 \Program Files\Everything\License.txt
9EA9E790C65E6FFD13311A517868049F \Program Files\Everything\Uninstall.exe
6B3C87E039BF7051A7CE2AA4D74EA69B \Program Files\Micromax 200G USB Modem\autorun_start.bat
6A5F592A293ECCE283C9E92897DC33EE \Program Files\Micromax 200G USB Modem\autorun_stop.bat
F3D4E3183473253CF9FF0C9D91AAE891 \Program Files\Micromax 200G USB Modem\EdgeModem-DrvSrv.exe
E064C143B725C3CF8AD4A3BE337F533E \Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe
57EB555C897318FCC4C8D3CCAF43FEDF \Program Files\Micromax 200G USB Modem\EdgeModem.exe
B492D7BC6F7376193190B0DB1687E00D \Program Files\Micromax 200G USB Modem\install_service.bat
6F73334675693392744C67E9AB08072E \Program Files\Micromax 200G USB Modem\MainIcon.ico
AF270C69F0F44D7D5626695F2BD8EC3A \Program Files\Micromax 200G USB Modem\remove_service.bat
E6E6110923B9FAB5C1DF9B75C72B4665 \Program Files\Micromax 200G USB Modem\unins000.dat
26A1930CB9695E6E0F272A968063A1FA \Program Files\Micromax 200G USB Modem\unins000.exe
544C27B0AB05B0EF03853B25FD8E3207 \Program Files\WinDjView\uninstall.exe
565907C9D8595D1897DDB882ABD8A927 \Program Files\WinDjView\WinDjView.exe
89163F4D2E020316704E1509B0C22530 \Program Files\Common files\System\DirectDB.dll
356F1393BE0A0E714CDCC3FDD2C9D881 \Program Files\Common files\System\wab32.dll
DD0D66DC398A5840B74CADD5A6BA1C7D \Program Files\Common files\System\wab32res.dll
5B8A2BA3138573583FF9E0158096EC48 C:\Program Files (x86)\desktop.ini
0C86F2BEECFB39234110BD68B38745F1 C:\Program Files (x86)\Autograph 3.3\advanced.xml
7585DB02AFCF6BC3A590CE306B9F2A20 C:\Program Files (x86)\Autograph 3.3\AGlib.dll
BDCDC8388080555209E2F1C4BE30D6CF C:\Program Files (x86)\Autograph 3.3\agraph.agc
8BACAD6422F24A32B19977179905D2A0 C:\Program Files (x86)\Autograph 3.3\agraph.exe
AFE9DA5B4CDB9FD0184E02FAFD4C4D27 C:\Program Files (x86)\Autograph 3.3\Autograph Virtual Keyboard.exe
CBF1C6178B0FE1C5EEDB455E0D053B57 C:\Program Files (x86)\Autograph 3.3\junior.xml
17C1308472ED11BC58A5CFB5561B3E1B C:\Program Files (x86)\Autograph 3.3\layout.xml
9487113D6E1375C45451DDDE696330AB C:\Program Files (x86)\Autograph 3.3\LocalisedLauncher.exe
E731BB25FC49626F30F0350936533F2E C:\Program Files (x86)\Autograph 3.3\owl620vu.dll
9824977EB71B2FFA40187338DBB0EF6B C:\Program Files (x86)\Autograph 3.3\owlx3vu.dll
93402941AB5583B687CDEE1779A94647 C:\Program Files (x86)\Autograph 3.3\spr32du70.dll
DC0BC69955D2E666AD5957B4EC3701A1 C:\Program Files (x86)\Autograph 3.3\swiftshader_d3d9.dll
090DCAF179F52832CD6EB0A308146F67 C:\Program Files (x86)\Autograph 3.3\vkbdll.dll
B5A9DB9657161CB188E8D4797AED8EEB C:\Program Files (x86)\BlueJ\BlueJ.exe
2D90FA46585B5EBDF12F9BAC19BD5A75 C:\Program Files (x86)\BlueJ\LICENSE.txt
3A41F27F53C3E34B942F32AAA7E52D52 C:\Program Files (x86)\BlueJ\README.TXT
44A59C086DEA93E14676A955EE6F1AB9 C:\Program Files (x86)\BlueJ\THIRDPARTYLICENSE.txt
B16108B0AB68964B563B2AC4542C8FFC C:\Program Files (x86)\D-Link Connection Manager\ACLctrl.exe
AF776D199FFE5227891B8695D4FFFBFA C:\Program Files (x86)\D-Link Connection Manager\Modem.ini
B92AF5959DC138114B57BFB3C9E6AEE0 C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe
EE902C9116FAEE7325EF2D4AD3A0BF56 C:\Program Files (x86)\Free Screen To Video\log.log
8F58FBF89811ECCD19C1C5BA68889B4C C:\Program Files (x86)\Graph\Graph.exe
4D62AC8B7DEAE276FC253ABC90BF564B C:\Program Files (x86)\Graph\License.txt
6364B0647CD6FC80AF3FFA52831956EC C:\Program Files (x86)\Graph\PDFlib.dll
7A7D0706D0AEDEA6974EF6A5BF03DCAB C:\Program Files (x86)\Graph\Thumbnails.dll
E065DF06842FEDC22C663441ED8E4975 C:\Program Files (x86)\Graph\unins000.dat
89ADD4D44B584443602A38681E78AA0D C:\Program Files (x86)\Graph\unins000.exe
1BE77C17C9157D3B46DCF729AC103B62 C:\Program Files (x86)\Hotspoter\exceptions.log
2321B23A5640FBEAC93FF945CDFE676F C:\Program Files (x86)\Hotspoter\settings.config
8A432BEB85AE9D7AEFACABC46CCD81DE C:\Program Files (x86)\Hotspoter\trace.log
CD8376EDD166B439CE79B17D8963A8FF C:\Program Files (x86)\IB Questionbank32\IB Licence.txt
3C67B91C459C24C29250696E61AE0DE7 C:\Program Files (x86)\IB Questionbank32\IB Questionbank32.cnt
5D05D60D96EDDA47EF5FA3D0AAFCA6D5 C:\Program Files (x86)\IB Questionbank32\IB Questionbank32.exe
E8673B3FCAA517D06F3AB910099B3060 C:\Program Files (x86)\IB Questionbank32\IB Questionbank32.hlp
81FBF90B4684E948C1DA9858AD0C96B1 C:\Program Files (x86)\IB Questionbank32\IB.ico
322C26646C4C30D3A814653B84432D25 C:\Program Files (x86)\IB Questionbank32\IB_MH.LOG
054828C9F598851C07E8D74C6FD3C882 C:\Program Files (x86)\IB Questionbank32\IB_PH.LOG
9CBA2E40567DA8C4594AEC8EF454B718 C:\Program Files (x86)\IB Questionbank32\Launcher.exe
7AFF2FF05136B5058E2B78324619FA8D C:\Program Files (x86)\IB Questionbank32\ta4i.xlt
1DE69F64E93FD216267DF5EF8B5F1067 C:\Program Files (x86)\IB Questionbank32\UNWISE32.EXE
7AE6F5411E2C3BE8969D87EF7BA165CD C:\Program Files (x86)\MathType\MathType.exe
146FB2A46FCE78A87D30E56EF48F133C C:\Program Files (x86)\MathType\MT6.DSC
2EA5634CE376CE52B42638CF99155D4D C:\Program Files (x86)\MathType\MT6enu.chm
41762A75F6BBBD3F4EF74003428ECB58 C:\Program Files (x86)\MathType\Setup.exe
5A285041B32EE49552B283B43AAF0CF2 C:\Program Files (x86)\MathType\Setup.inf
C2DE32A39EFFE0EB1413D7B58B701E13 C:\Program Files (x86)\slitherlink\ALL.COL
5C139C0D7F6CAEB5BEEF4E69BE74E98A C:\Program Files (x86)\slitherlink\IMPORT.TXT
34DC6DF2DF33C1AB2DFB86727B13E79F C:\Program Files (x86)\slitherlink\JUMBO50X50PUZZLE.XLS
0135ABD26FB700A7B49893394CC5D59C C:\Program Files (x86)\slitherlink\PUZ-WITHPATTERNS.TXT
D2E89A35F23281D5C83534FF2BB00338 C:\Program Files (x86)\slitherlink\PUZZLES.TXT
93CCF9C4CE4166B4E1A1CA49D938564C C:\Program Files (x86)\slitherlink\README.TXT
5F5582C440237B97DB745F7663596BBC C:\Program Files (x86)\slitherlink\SAMPLEPATTERNS.TXT
3BB98FB3C7BF33A0E493A858E65B2FE7 C:\Program Files (x86)\slitherlink\SLITHERLINK.EXE
D4C91F02ADA98D01A099D306CB2DE7FD C:\Program Files (x86)\slitherlink\SLITHERLINK.GIF
D85B8FBD7A97CF2A1D66FFAA84701661 C:\Program Files (x86)\slitherlink\SLITHERLINK.HTM
AA37429D6270BD685B967DE52326E611 C:\Program Files (x86)\slitherlink\SLITHERLINK.JPG
4B4B8169942C6F8F1C5A8E26326F1D3D C:\Program Files (x86)\slitherlink\SLITHERLINK1.GIF
992B7303343CD2ACEFC988FE8ED261AC C:\Program Files (x86)\slitherlink\SLITHERLINK2.GIF
E71C87674F3CBF0099381DEB6579776D C:\Program Files (x86)\slitherlink\SLITHERLINK3.GIF
EC7BAF3816361198057827517FE80C6F C:\Program Files (x86)\slitherlink\SLITHERLINK4.GIF
C643212E9A550F094D000924A0817153 C:\Program Files (x86)\slitherlink\SLITHERLINKSOLUTIONTECHNIQUES.DO CX
3196E9411658C9657C06DB069E6D30A8 C:\Program Files (x86)\slitherlink\TEMPORARYPUZFILE.TXT
369D5426725928F86C35B3744A2EF26D C:\Program Files (x86)\slitherlink\unins000.dat
3C68ECBCAD97A38B1CC705C797C615B0 C:\Program Files (x86)\slitherlink\unins000.exe
A4C32C4291D728BFE1E9F369E70BD931 C:\Program Files (x86)\Tracker\logback-classic.jar
36F007FF934DDA7735F8491F282F8DF7 C:\Program Files (x86)\Tracker\logback-core.jar
A134D83E0C12A9611824284C855FFB13 C:\Program Files (x86)\Tracker\slf4j-api.jar
8BB9422CAA05F8C6DAC113F8E1C203C7 C:\Program Files (x86)\Tracker\tracker-4.94.jar
899A98AA45B8E18D9CD9E78DB2C1C70E C:\Program Files (x86)\Tracker\Tracker.exe
E4CE0CCB153C6D66A25EFB239DD86E04 C:\Program Files (x86)\Tracker\tracker.ico
8BB9422CAA05F8C6DAC113F8E1C203C7 C:\Program Files (x86)\Tracker\tracker.jar
67F77C1FD00E0F52E4EBD471A4D8CE8A C:\Program Files (x86)\Tracker\tracker.prefs.default
217D6FD4208DE5C73FB20A93C5D89C47 C:\Program Files (x86)\Tracker\tracker_icon.png
9E37D9F153691D41F834A68A8FF4B08A C:\Program Files (x86)\Tracker\tracker_install.log
F85D08B72BC6FE640C1C460EE9B87F1A C:\Program Files (x86)\Tracker\Tracker_README.txt
B9552CEC6DCE29F93FA3827CE39E5BA3 C:\Program Files (x86)\Tracker\trk.ico
1B8590B1C412946714292C11A145D7A8 C:\Program Files (x86)\Tracker\uninstall_Tracker.dat
E91F2D6026AA656787FA6E450CDBCB98 C:\Program Files (x86)\Tracker\uninstall_Tracker.exe
B955D7F96F0479B8B3659B0A947FAA4E C:\Program Files (x86)\Tracker\xuggle-xuggler.jar
DCFE96535BD4BAFB4304BB759AA3F578 C:\Program Files (x86)\Virtual Router\VirtualRouterService.savedstate
AB93131A0C749ED8FB76F24B29BBF37F C:\Program Files (x86)\Common Files\Autograph 3\ChilkatFtp2.dll
D9E7FE77EBAED42EF1EAD6AAD57B5705 C:\Program Files (x86)\Common Files\Autograph 3\Codejock.CommandBars.Unicode.v13.1.0.ocx
ED16D4E9A709752BDD2F186424A2683D C:\Program Files (x86)\Common Files\Autograph 3\Codejock.DockingPane.Unicode.v13.1.0.ocx
B2D769E652ECCCB799EE88D7E538CD6C C:\Program Files (x86)\Common Files\Autograph 3\oedfx20.dll
0CD5C0E6BF2B84C3E13B5DCFE423DF68 C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL
890A8B30966E321811AA66BB1B3391A8 C:\Program Files (x86)\Common Files\System\DirectDB.dll
6DDD879C1D7E1704DFD4420BBF3F239D C:\Program Files (x86)\Common Files\System\wab32.dll
56B55186E930BC9DA4668342FCEED0A0 C:\Program Files (x86)\Common Files\System\wab32res.dll
C4C62871879AB6F60E0EDBC35ABD719C C:\Program Files (x86)\Common Files\Vernier Software\NonDemo.txt
B8D6726C58A4045E5B1CBF4C77EB1DD3 C:\ProgramData\ntuser.dat
DEFFFCD1467BEE7C741DB3D069B6CD9F C:\ProgramData\ntuser.dat.LOG1
6021F21BAF16F17878FF095658FB70B1 C:\ProgramData\ntuser.dat.LOG2
7FF3AC993EE7350967AC73A115941A05 C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TM.blf
A0041D533C6548A4731FF5FC7EBC0519 C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TMContainer00000000000000000001.regt rans-ms
59071590099D21DD439896592338BF95 C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TMContainer00000000000000000002.regt rans-ms
FE2E1E921284A21901BE4E59397A4607 C:\ProgramData\oqztiqep.adk.4B4FC70A905FD32B.matri x
0D52AD7000A28538E11376C37690C888 C:\ProgramData\Autograph 3\activation.agc
A7C7C7467C45EE7CAD6F3B9514B3BD5E C:\ProgramData\Autograph 3\Autograph3.3.10.lic
F794A4C7F5C2DEC5066B0BCA2E7DA3AD C:\ProgramData\Autograph 3\LicProtector270.dll
EF776044072A375A61E63742A57A2C21 C:\ProgramData\Autograph 3 Logs\InstallLog.log
6D2A80F4CAF1C8336C7B165213D75364 C:\ProgramData\install_clap\ErrorInfo.ini
F3CC75CABB61ED70BD87ABC7780E41AB C:\ProgramData\install_clap\summary.log
FA847C26AD5E97B63E88A80178041BF7 C:\ProgramData\UniqueId\data
36AFFBD6FF77D1515CFC1C5E998FBAF9 C:\ProgramData{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}\0x0409.ini
CF17568BC6B09AEA7AC79D877D7C9D08 C:\ProgramData{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}\HP Support Assistant.msi
E161C6DC64F493DB361A706A50246449 C:\Users\183-k\AppData\Roaming\Everything\Everything.ini
04B870B8637B8941C07FB827B8100C3F C:\Users\183-k\AppData\Roaming\xm1\texmaker.ini
BA8826937D1969BE3858FC011CE08ABE C:\Users\183-k\AppData\Roaming\xm1\texmakerapp.ini
E80C0437114A453F760A9C8D14E05D44 C:\Users\183-k\AppData\Local\Microsoft\bass.dll
C0C3FA022F605FD04C867CD7B2F5F2A5 C:\Users\183-k\AppData\Local\Microsoft\basscd.dll
3A26BB7CE8660F08734C578BAA332814 C:\Users\183-k\AppData\Local\Microsoft\bassenc.dll
50AF8A7D49E83A723ED0F70FB682DCFB C:\Users\183-k\AppData\Local\Microsoft\bassflac.dll
BEBA64522AA8265751187E38D1FC0653 C:\Users\183-k\AppData\Local\Microsoft\bassmidi.dll
99F4F38007D347CEED482B7C04FDD122 C:\Users\183-k\AppData\Local\Microsoft\bassmix.dll
CD942B3E28FA9E6F13B6F120901EDC79 C:\Users\183-k\AppData\Local\Microsoft\basswasapi.dll
EBE29552B1449D95CB61867B6633AAEF C:\Users\183-k\AppData\Local\Microsoft\basswma.dll
0B3A2ED25A6AC6D676EBB12EA934AD0F C:\Users\183-k\AppData\Local\Microsoft\bass_fx.dll
1176720C2AB5EB3089222ABF1A96F54A C:\Users\183-k\AppData\Local\Microsoft\bass_vst.dll
C9ED3A910A4341F869AEBBFFAAA0D7F1 C:\Users\183-k\AppData\Local\Microsoft\engine_vx.dll

If the problem is resolved, then could we decrypt the ecrypted files? I read on the internet that one could restore the system, but I am not sure how should I go about doing that?

This log will take a while to go over, as far as I know there is no decryption for this particular ransomware.
That would be a system restore, but with this type of malware the restore points are usually wiped out. If you do a system restore then you run the risk of restoring the malware, but you can certainly try Although you would need to go through the removal process once more if you do indeed restore the malware.

Quick Diag Fix.

First please create a restore point!
Disable your antivirus anti spyware applications!!
Right click in Quick Diag Run as Admin.
Copy the content of the code box below to your clipboard.
Click on the S within the User Interface of the program.
Then click on Script.
Allow completion.
Post the log created in your next reply.

HijackThis.

1- Please click HERE to download HijackThis. – Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.