Wondering if there might be malware on my PC

**Antoine** · 04-25-2017, 05:03 PM

Sooo any news? I usually wait longer as I dont expect an instant response (not my first time doing this after all) but considering someone who made a topic 13 hours after I made mine has just gotten a reply already I figured I should inquire about my own.

**user1** · 04-25-2017, 05:16 PM

Hello , sorry
your FRST log doesn’t show anything suspicious, do you want we do another more deep diag ?

**Antoine** · 04-25-2017, 06:05 PM

Originally posted by g3n-h@ckm@n

Hello , sorry
your FRST log doesn’t show anything suspicious, do you want we do another more deep diag ?

sure though is it possible something could be lurking on/in the places FRST does check, such as my external drive or usb thumb drive? Or are those places people wouldnt put viruses/keyloggers?

**user1** · 04-25-2017, 06:59 PM

let’s see more deepest :
Download Quick Diag to your desktop.
Very Important!! — Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.
g3n-h@ckm@n Tools: Image
Post the log that is generated in your next post.

**Antoine** · 04-25-2017, 07:34 PM

--------------- QuickDiag | g3n-h@ckm@n | V3_23.04.17.2 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 25/04/2017 14:25:22

Updated 23/04/2017 | 18.25 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-06:00) Central Time (US & Canada)
[Owner (Administrator)] - [OWNER-PC] (S-1-5-21-1014905426-3769363605-1701117676-1001)

System: Microsoft Windows 10 Pro - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Pro|C:\WINDOWS|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: 10AY0020US - LENOVO - IdNumber: MJ014YG1 - UUID: 070DBBA0-0324-11E4-A01A-649804D41100
Processor : X64 - 2893 Mhz - Intel(R) Core™ i5-4570T CPU @ 2.90GHz
LENOVO BIOS Rev: FHKT48A 0.0 - en|US|iso8859-1 - LENOVO - S/N: MJ014YG1 - FHKT48AUS - LENOVO - 1300
CoreTemp : 29.8 Celsius

----------| Quick

---------- | SoundDevice

Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0283&SUBSYS_17AA309E& REV_1000\4&ED4CB5B&0&0201

---------- | Video

DisplayLink USB Device - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: - PNPDeviceID: USB\VID_17E9&PID_0360\553874 - AdapterCompatibility: DisplayLink - RAM:
Intel(R) HD Graphics 4600 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd 12umd64.dll,igdumdim32,igd10iumd32,igd10iumd32,igd 12umd32 - PNPDeviceID: PCI\VEN_8086&DEV_0412&SUBSYS_309E17AA&REV_06\3&115 83659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824
Inegrated Video Chipset DeviceName: DisplayLink USB Device - DriverVersion: 10.0.14393.0 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:6 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:2 %

---------- | Network

Intel[R] Ethernet Connection I217-V : SENT:0 bytes/sec / RECVD:0 bytes/sec
Intel[R] Centrino[R] Wireless-N 2230 : SENT:11,433 bytes/sec / RECVD:11,433 bytes/sec
isatap.hsd1.tn.comcast.net : SENT:0 bytes/sec / RECVD:0 bytes/sec
Local Area Connection* 2 : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall → SEND Maxium:11,433 bytes/sec, / RECEIVE Maximum:11,433 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Intel(R) Ethernet Connection I217-V - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_153B&SUBSYS_309E17AA&REV_04\3&115 83659&0&C8
Intel(R) Centrino(R) Wireless-N 2230 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_0888&SUBSYS_42628086&REV_C4\00C2C 6FFFF71CD0200
Microsoft ISATAP Adapter - - - Status: - PnPID :
Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&36DDFE8&0&0
Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&36DDFE8&0&2
Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&39399298&0&01
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0
Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE

---------- | Memory

RAM = Total (MB) : 4098 | Free (MB) : 2
Pagefile = Total (MB) : 4819 | Free (MB) : 2774
Virtual = Total (MB) : 4194 | Free (MB) : 3925

Physical Memory 1 : Capacity: 4294967296 - ChannelB-DIMM0 - Posit.: 0 - Manufacturer: Samsung - PartNumber: M471B5173QH0-YK0 - S/N: 3849834A

---------- | SID Users

Administrator : [S-1-5-21-1014905426-3769363605-1701117676-500]
DefaultAccount : [S-1-5-21-1014905426-3769363605-1701117676-503]
Guest : [S-1-5-21-1014905426-3769363605-1701117676-501]
HomeGroupUser$ : [S-1-5-21-1014905426-3769363605-1701117676-1003]
Owner : [S-1-5-21-1014905426-3769363605-1701117676-1001]
Access Control Assistance Operators : [S-1-5-32-579]
Administrators : [S-1-5-32-544]
Backup Operators : [S-1-5-32-551]
Cryptographic Operators : [S-1-5-32-569]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
Hyper-V Administrators : [S-1-5-32-578]
IIS_IUSRS : [S-1-5-32-568]
Network Configuration Operators : [S-1-5-32-556]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Power Users : [S-1-5-32-547]
Remote Desktop Users : [S-1-5-32-555]
Remote Management Users : [S-1-5-32-580]
Replicator : [S-1-5-32-552]
System Managed Accounts Group : [S-1-5-32-581]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-1014905426-3769363605-1701117676-1002]
WinRMRemoteWMIUsers__ : [S-1-5-21-1014905426-3769363605-1701117676-1000]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ → [Fixed] | | Total : 118.46 Go | Free : 86.71 Go → NTFS (SSD) [SATA]
D:\ → [Removable] | [USB20FD] | Total : 7.59 Go | Free : 7.3 Go → FAT32 [USB]
F:\ → [Fixed] | [My Passport] | Total : 931.48 Go | Free : 846.92 Go → NTFS [USB]

Disk Usage Information [3 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:2,701,135 bytes/sec Max Read:0 bytes/sec, Max Write:2,701,135 bytes/sec
Physical Drive #1 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Physical Drive #2 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:2,701,135 bytes/sec

DeviceID: \.\PHYSICALDRIVE2 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0740&REV_1003 \575844314139315533383339&0
DeviceID: \.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_PNY&PROD_USB_2.0_FD&REV_1100\AF42 4H07YE11002048&0
DeviceID: \.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_LITEONIT&PROD_LCS-128M6S\4&126E5ADC&0&000000

---------- | Windows updates

Windows Is Activated

---------- | Browsers

IE : 11.0.14393.953 (© Microsoft Corporation.)
GC : 57.0.2987.133 (Copyright 2016 Google Inc.)

Default : “C:\Program Files\Internet Explorer\iexplore.exe” %1

---------- | FlashPlayer

FlashPlayer ActiveX : 25.0.0.148

---------- | Security

AV : Windows Defender Disabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

380 | [Owner : SYSTEM | Parent : 4(System) | ???] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 06:42:27] CPU Usage:0 %
524 | [Owner : SYSTEM | Parent : 472() | ???] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 06:42:27] CPU Usage:0 %
604 | [Owner : SYSTEM | Parent : 472() | ???] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 06:42:27] CPU Usage:0 %
616 | [Owner : SYSTEM | Parent : 596() | ???] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 06:42:27] CPU Usage:0 %
688 | [Owner : SYSTEM | Parent : 596() | 11.53 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.14393.594) = C:\Windows\System32\winlogon.exe [10/01/2017 19:48:20] CPU Usage:0 %
748 | [Owner : SYSTEM | Parent : 604(wininit.exe) | ???] - (.Microsoft Corporation - Services and Controller app.) - (10.0.14393.479) = C:\Windows\System32\services.exe [10/12/2016 20:03:46] CPU Usage:0 %
756 | [Owner : SYSTEM | Parent : 604(wininit.exe) | ???] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [27/09/2016 20:22:37] CPU Usage:0 %
844 | [Owner : SYSTEM | Parent : 748(services.exe) | 23.33 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
896 | [Owner : NETWORK SERVICE | Parent : 748(services.exe) | 10.51 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
988 | [Owner : DWM-1 | Parent : 688(winlogon.exe) | 60.16 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.14393.0) = C:\Windows\System32\dwm.exe [16/07/2016 06:42:23] CPU Usage:0 %
292 | [Owner : SYSTEM | Parent : 748(services.exe) | 88.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
308 | [Owner : SYSTEM | Parent : 748(services.exe) | 27.42 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
396 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 30.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
924 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 28.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1196 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 28.68 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1208 | [Owner : LOCAL SERVICE | Parent : 308(svchost.exe) | 8.51 Mo] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe [16/07/2016 06:42:35] CPU Usage:0 %
1288 | [Owner : SYSTEM | Parent : 748(services.exe) | 9.39 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4248) = C:\Windows\System32\igfxCUIService.exe [31/08/2015 21:43:50] CPU Usage:0 %
1316 | [Owner : NETWORK SERVICE | Parent : 748(services.exe) | 18.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1484 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 9.89 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1644 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 12.23 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1768 | [Owner : SYSTEM | Parent : 748(services.exe) | 15.26 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1852 | [Owner : SYSTEM | Parent : 748(services.exe) | ???] - (.AVAST Software - Avast Service.) - (17.3.3443.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [05/04/2017 02:33:02] CPU Usage:0 %
1356 | [Owner : SYSTEM | Parent : 748(services.exe) | 23.11 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.14393.953) = C:\Windows\System32\spoolsv.exe [15/03/2017 00:10:10] CPU Usage:0 %
2236 | [Owner : SYSTEM | Parent : 748(services.exe) | 12.65 Mo] - (.Apple Inc. - MobileDeviceService.) - (17.364.0.84) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [02/03/2016 15:31:28] CPU Usage:0 %
2256 | [Owner : SYSTEM | Parent : 748(services.exe) | 26.58 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
2332 | [Owner : SYSTEM | Parent : 748(services.exe) | 4 Mo] - (.Lenovo - Lenovo Desktop BIOS Event Utility.) - (1.0.0.7) = C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe [19/03/2015 13:19:24] CPU Usage:0 %
2344 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 14.75 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
2352 | [Owner : SYSTEM | Parent : 748(services.exe) | 21.82 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
2492 | [Owner : SYSTEM | Parent : 748(services.exe) | 6.46 Mo] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe [12/08/2015 16:03:42] CPU Usage:0 %
2500 | [Owner : SYSTEM | Parent : 748(services.exe) | 6.74 Mo] - (.- RichVideo Module.) - (2.0.0.2930) = C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [04/08/2015 09:28:54] CPU Usage:0 %
2824 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 12.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
2056 | [Owner : NETWORK SERVICE | Parent : 748(services.exe) | 7.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
968 | [Owner : LOCAL SERVICE | Parent : 308(svchost.exe) | 19.52 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe [27/09/2016 20:22:38] CPU Usage:0 %
3160 | [Owner : Owner | Parent : 292(svchost.exe) | 22.92 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 06:42:09] CPU Usage:0 %
3184 | [Owner : Owner | Parent : 748(services.exe) | 27.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
3216 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 18.22 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8763) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe [17/12/2016 21:06:35] CPU Usage:0 %
3276 | [Owner : Owner | Parent : 292(svchost.exe) | 3.29 Mo] - (.Microsoft Corporation - IType.exe.) - (2.5.166.0) = C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [08/07/2015 21:06:16] CPU Usage:0 %
3288 | [Owner : Owner | Parent : 292(svchost.exe) | 3.61 Mo] - (.Microsoft Corporation - IPoint.exe.) - (2.5.166.0) = C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [08/07/2015 21:06:16] CPU Usage:0 %
3332 | [Owner : Owner | Parent : 292(svchost.exe) | 18.08 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 06:42:36] CPU Usage:0 %
3460 | [Owner : LOCAL SERVICE | Parent : 308(svchost.exe) | 48.48 Mo] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe [16/07/2016 06:42:35] CPU Usage:0 %
3824 | [Owner : Owner | Parent : 844(svchost.exe) | 39.55 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 06:42:05] CPU Usage:0 %
4340 | [Owner : SYSTEM | Parent : 748(services.exe) | 18.91 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.14393.953) = C:\Windows\System32\SearchIndexer.exe [15/03/2017 00:11:03] CPU Usage:0 %
4444 | [Owner : Owner | Parent : 4160() | 118.26 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.14393.953) = C:\Windows\explorer.exe [15/03/2017 00:09:30] CPU Usage:0 %
3448 | [Owner : SYSTEM | Parent : 844(svchost.exe) | 14.1 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [16/07/2016 06:42:31] CPU Usage:0 %
4420 | [Owner : Owner | Parent : 3944() | 13.54 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4248) = C:\Windows\System32\igfxEM.exe [31/08/2015 21:43:50] CPU Usage:0 %
4816 | [Owner : Owner | Parent : 3944() | 9.66 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4248) = C:\Windows\System32\igfxHK.exe [31/08/2015 21:43:50] CPU Usage:0 %
5308 | [Owner : Owner | Parent : 844(svchost.exe) | 61.93 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe [10/11/2016 15:51:33] CPU Usage:0 %
5520 | [Owner : Owner | Parent : 3944() | 12.26 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe [31/08/2015 21:43:50] CPU Usage:0 %
5576 | [Owner : Owner | Parent : 844(svchost.exe) | 86.4 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.953) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe [15/03/2017 00:09:20] CPU Usage:0 %
548 | [Owner : Owner | Parent : 844(svchost.exe) | 24.31 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.1066) = C:\Windows\System32\smartscreen.exe [11/04/2017 20:35:20] CPU Usage:0 %
444 | [Owner : Owner | Parent : 4444(explorer.exe) | 15.63 Mo] - (.Apple Inc. - iTunesHelper.) - (12.4.1.6) = C:\Program Files\iTunes\iTunesHelper.exe [01/06/2016 13:16:26] CPU Usage:0 %
6320 | [Owner : Owner | Parent : 6200() | 17.13 Mo] - (.AVAST Software - Avast Antivirus.) - (17.3.3443.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [05/04/2017 02:33:04] CPU Usage:0 %
6440 | [Owner : Owner | Parent : 4444(explorer.exe) | 26.52 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6799.327) = C:\Users\Owner\AppData\Local\Microsoft\OneDrive\On eDrive.exe [09/01/2016 10:25:26] CPU Usage:0 %
6644 | [Owner : SYSTEM | Parent : 748(services.exe) | 8.15 Mo] - (.Apple Inc. - iPodService Module (64-bit).) - (12.4.1.6) = C:\Program Files\iPod\bin\iPodService.exe [01/06/2016 13:16:30] CPU Usage:0 %
6652 | [Owner : Owner | Parent : 4444(explorer.exe) | 102.53 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/07/2016 22:42:10] CPU Usage:0 %
6768 | [Owner : Owner | Parent : 6652(chrome.exe) | 8.66 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/07/2016 22:42:10] CPU Usage:0 %
6816 | [Owner : Owner | Parent : 6652(chrome.exe) | 9.75 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/07/2016 22:42:10] CPU Usage:0 %
6940 | [Owner : Owner | Parent : 6652(chrome.exe) | 46.61 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/07/2016 22:42:10] CPU Usage:0 %
6464 | [Owner : LOCAL SERVICE | Parent : 1484(svchost.exe) | 19.4 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe [16/07/2016 06:42:22] CPU Usage:0 %
6972 | [Owner : Owner | Parent : 4444(explorer.exe) | 10.11 Mo] - (.- Trendnet USB-KVM SwitcherSoftware.) - (2.4.7.0) = C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe [18/11/2016 14:57:25] CPU Usage:0 %
3648 | [Owner : Owner | Parent : 6836() | 11.13 Mo] - (.CyberLink - CyberLink MediaLibray Service.) - (2.1.3023.0) = C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [20/08/2010 09:57:06] CPU Usage:0 %
4908 | [Owner : Owner | Parent : 6836() | 8.38 Mo] - (.CyberLink Corp. - PowerDVD RC Service.) - (10.0.1403.0) = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [03/02/2010 00:08:56] CPU Usage:0 %
6704 | [Owner : Owner | Parent : 6836() | 11.03 Mo] - (.-.) - (3.3.0.4) = C:\Windows\Samsung\PanelMgr\SSMMgr.exe [05/08/2015 13:02:58] CPU Usage:0 %
5768 | [Owner : Owner | Parent : 6704(SSMMgr.exe) | 6.3 Mo] - (.-.) - (1.1.0.0) = C:\Windows\Samsung\PanelMgr\caller64.exe [05/08/2015 13:02:59] CPU Usage:0 %
6692 | [Owner : Owner | Parent : 6788() | 9.58 Mo] - (.Brother Industries, Ltd. - ControlCenter Main Process.) - (4.1.268.1) = C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe [11/08/2015 16:33:18] CPU Usage:0 %
6360 | [Owner : Owner | Parent : 6692(BrCtrlCntr.exe) | 9.06 Mo] - (.Brother Industries, Ltd. - ControlCenter UX System.) - (4.1.528.1) = C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe [11/08/2015 16:33:18] CPU Usage:0 %
6344 | [Owner : SYSTEM | Parent : 748(services.exe) | 10.43 Mo] - (.Brother Industries, Ltd. - BrYNCSvc.) - (1.4.6.0) = C:\Program Files (x86)\Browny02\BrYNSvc.exe [11/08/2015 16:33:18] CPU Usage:0 %
1620 | [Owner : Owner | Parent : 292(svchost.exe) | 2.15 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.205) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [19/03/2015 12:58:09] CPU Usage:0 %
628 | [Owner : Owner | Parent : 292(svchost.exe) | 2.29 Mo] - (.Realtek Semiconductor - Realtek HD Audio Manager.) - (1.0.0.940) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19/03/2015 12:58:09] CPU Usage:0 %
5196 | [Owner : SYSTEM | Parent : 688(winlogon.exe) | 2.86 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.1066) = C:\Windows\System32\fontdrvhost.exe [11/04/2017 20:34:52] CPU Usage:0 %
6212 | [Owner : Owner | Parent : 292(svchost.exe) | 4.5 Mo] - (.CyberLink - MediaEspresso 6 DeviceDetector.) - (6.0.2309.32373) = C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\Devic eDetector.exe [03/12/2010 17:45:00] CPU Usage:0 %
4592 | [Owner : Owner | Parent : 6320(AvastUI.exe) | 8.8 Mo] - (.Microsoft Corporation - CTF Loader.) - (10.0.14393.0) = C:\Windows\SysWOW64\ctfmon.exe [16/07/2016 06:43:04] CPU Usage:0 %
4300 | [Owner : Owner | Parent : 844(svchost.exe) | 10.7 Mo] - (.-.) - (11.13.133.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x 64__kzf8qxf38zg5c\SkypeHost.exe [10/04/2017 06:42:10] CPU Usage:0 %
6584 | [Owner : | Parent : 748(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
7400 | [Owner : SYSTEM | Parent : 748(services.exe) | 7.5 Mo] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.31.9000) = C:\Windows\SysWOW64\IntelCpHeciSvc.exe [31/08/2015 21:43:50] CPU Usage:0 %
8936 | [Owner : Owner | Parent : 6652(chrome.exe) | 66.85 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/07/2016 22:42:10] CPU Usage:0 %
8124 | [Owner : LogonSessionId_0_1913888 | Parent : 844(svchost.exe) | 14.11 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [16/07/2016 06:42:31] CPU Usage:0 %
7384 | [Owner : SYSTEM | Parent : 4340(SearchIndexer.exe) | 10.98 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.953) = C:\Windows\System32\SearchProtocolHost.exe [15/03/2017 00:11:03] CPU Usage:0 %
3644 | [Owner : SYSTEM | Parent : 4340(SearchIndexer.exe) | 6.17 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.953) = C:\Windows\System32\SearchFilterHost.exe [15/03/2017 00:11:03] CPU Usage:0 %
6228 | [Owner : LogonSessionId_0_2192317 | Parent : 748(services.exe) | 7.1 Mo] - (.Microsoft Corporation - Windows Modules Installer.) - (10.0.14393.479) = C:\Windows\servicing\TrustedInstaller.exe [10/12/2016 20:03:46] CPU Usage:0 %
8972 | [Owner : SYSTEM | Parent : 844(svchost.exe) | 9.94 Mo] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.14393.693) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_no ne_7f2bf7ea21d201b2\TiWorker.exe [25/01/2017 16:15:31] CPU Usage:0 %
4004 | [Owner : SYSTEM | Parent : 292(svchost.exe) | 7.08 Mo] - (.Microsoft Corporation - WMI Reverse Performance Adapter Maintenance Utility.) - (10.0.14393.0) = C:\Windows\System32\wbem\WMIADAP.exe [16/07/2016 06:42:31] CPU Usage:0 %
8672 | [Owner : Owner | Parent : 4444(explorer.exe) | 35.96 Mo] - (.SosVirus - QuickDiag.) - (23.4.17.2) = C:\Users\Owner\Desktop\QuickDiag.exe [25/04/2017 14:23:58] CPU Usage:2 %
7612 | [Owner : LogonSessionId_0_4582804 | Parent : 844(svchost.exe) | 9.53 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [16/07/2016 06:42:56] CPU Usage:0 %

---------- | MD5

[MD5.F2D58A2E27C2CD486F8F0A123A3F34C3] - [15/03/2017 00:09:30] - (.© Microsoft Corporation. - Windows Explorer.) - [4564.8 Ko] - (10.0.14393.953) : C:\WINDOWS\Explorer.exe
[MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 06:42:36] - (.© Microsoft Corporation. - Windows Command Processor.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe
[MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe
[MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.6955067712F2F4752CA12192B08EF860] - [16/07/2016 06:42:16] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [683.48 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Kernel32.dll
[MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [27/09/2016 20:22:37] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe
[MD5.7BD259FC59CF9C2AE1B979564B374CC6] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - Distributed COM Services.) - [867.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rpcss.dll
[MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 06:42:42] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.3C69CC28665854F1AAB4B4005005FA31] - [10/12/2016 20:03:46] - (.© Microsoft Corporation. - Services and Controller app.) - [443.94 Ko] - (10.0.14393.479) : C:\WINDOWS\System32\services.exe
[MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe
[MD5.C46EA86BF0E7C96235E9064CBAD6ED26] - [17/12/2016 17:10:14] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1426.95 Ko] - (10.0.14393.576) : C:\WINDOWS\System32\user32.dll
[MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - Userinit Logon Application.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe
[MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe
[MD5.917F081E2AB667C44F7D96DE1D16DFAE] - [10/01/2017 19:48:20] - (.© Microsoft Corporation. - Windows Logon Application.) - [658 Ko] - (10.0.14393.594) : C:\WINDOWS\System32\Winlogon.exe
[MD5.323AA1953ED9C01E23F740FA891FE064] - [29/10/2016 12:07:44] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 06:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 06:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 06:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 06:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.4BC21E937E9F9F408672D2C2CBE4A153] - [15/03/2017 00:09:27] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [142 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 06:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 06:41:54] - (.© Microsoft Corporation. - i8042 Port Driver.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 06:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.D559FF28B1AD9B1E15A4186E785E61F6] - [15/03/2017 00:10:21] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [439.84 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.63560E6BC9BCA978A6B72DF65F7A8930] - [11/04/2017 20:35:20] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1153.34 Ko] - (10.0.14393.1066) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 06:42:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.98BBD81DC481E9D58EEB31C81EBDEFF5] - [15/03/2017 00:10:06] - (.© Microsoft Corporation. - NT File System Driver.) - [2202.84 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 06:41:53] - (.© Microsoft Corporation. - Parallel Port Driver.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 06:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 06:44:03] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.F3CFBE74DAF9ABD06F0B2A037DC4C90A] - [11/04/2017 20:35:22] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2474.34 Ko] - (10.0.14393.1066) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.0B237F8A96952BF95A14865030E131F2] - [15/03/2017 00:10:24] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.84 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 06:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications

---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) – C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) – C:\WINDOWS\System32\winsqlite3.dll
(.AVAST Software.-.Avast Shell Extension.) - (17.3.3443.0) – C:\Program Files\AVAST Software\Avast\ashShA64.dll
(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (10.18.15.4248) – C:\WINDOWS\SYSTEM32\igd10iumd64.dll
(.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (10.18.15.4248) – C:\WINDOWS\SYSTEM32\igdusc64.dll
(..-..) - (14.0.7109.5000) – C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\of fice.odf
(..-..) - (14.0.6009.1000) – C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResou rce.dll
(.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) – C:\Program Files\Bonjour\mdnsNSP.dll
(.Apple Inc..-.ShellStreams.) - (41.1.0.7) – C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
(.Intel Corporation.-.igfxDTCM Module.) - (6.15.10.4248) – C:\WINDOWS\system32\igfxDTCM.dll
(.Intel Corporation.-.igfxDH Module.) - (6.15.10.4248) – C:\WINDOWS\system32\igfxDH.dll
(.Intel Corporation.-.igfxLHM Module.) - (6.15.10.4248) – C:\WINDOWS\system32\igfxLHM.dll
(.Intel Corporation.-.igfxDI Module.) - (6.15.10.4248) – C:\WINDOWS\system32\igfxDI.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) – C:\WINDOWS\System32\winsqlite3.dll
(.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) – C:\Program Files\Bonjour\mdnsNSP.dll
(.Brother Industries, Ltd..-.Brother MFC WIA minidriver(for 64Bit).) - (3.16.3.3) – C:\WINDOWS\system32\BrWi212a.dll
(.Brother Industries, Ltd..-.Brother Network Sti Interface DLL(for 64Bit).) - (2.0.13.6) – C:\WINDOWS\system32\BrNetSti.dll
(..-..) - (0.0.0.0) – C:\WINDOWS\system32\BrSNMP64.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
OneDrive - (“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\ OneDrive.exe” /background [HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE...\Run]) - User: Owner-PC\Owner
GoogleChromeAutoLaunch_721577D41E77D440C916E2687EB A0267 - (“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --no-startup-window /prefetch:5 [HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE...\Run]) - User: Owner-PC\Owner
USBKVM Switcher - (C:\PROGRA~2\Trendnet\USBKVM~1\USBKVM.exe [Common Startup]) - User: Public
iTunesHelper - (“C:\Program Files\iTunes\iTunesHelper.exe” [HKLM\SOFTWARE...\Run]) - User: Public
AvastUI.exe - (“C:\Program Files\AVAST Software\Avast\AvLaunch.exe” /gui [HKLM\SOFTWARE...\Run]) - User: Public

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Command Processor]
“CompletionChar”=9
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=9

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Run]
“OneDrive”=“C:\Users\Owner\AppData\Local\Microsoft \OneDrive\OneDrive.exe” /background
“GoogleChromeAutoLaunch_721577D41E77D440C916E2687E BA0267”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --no-startup-window /prefetch:5

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“ISUSPM”=0x020000000000000000000000

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“Device”=Brother MFC-J4510DW Printer,winspool,Ne06:
“IsMRUEstablished”=1
“LegacyDefaultPrinterMode”=1

[HKLM\Software\Microsoft\Command Processor]
“CompletionChar”=64
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe”
“AvastUI.exe”=“C:\Program Files\AVAST Software\Avast\AvLaunch.exe” /gui

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32]
“AvastUI.exe”=0x020000000000000000000000
“ControlCenter4”=0x020000000000000000000000
“CLMLServer”=0x020000000000000000000000
“ITSecMng”=0x020000000000000000000000
“UpdatePPShortCut”=0x020000000000000000000000
“IndexSearch”=0x020000000000000000000000
“PaperPort PTD”=0x020000000000000000000000
“PDF5 Registry Controller”=0x020000000000000000000000
“PDFHook”=0x020000000000000000000000
“RemoteControl10”=0x020000000000000000000000
“Samsung PanelMgr”=0x020000000000000000000000
“BrStsMon00”=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“AppInit_DLLs”=
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“DeviceNotSelectedTimeout”=15
“DwmInputUsesIoCompletionPort”=1
“EnableDwmInputProcessing”=7
“GDIProcessHandleQuota”=10000
“IconServiceLib”=IconCodecService.dll
“LoadAppInit_DLLs”=0
“NaturalInputHandler”=Ninput.dll
“ShutdownWarningDialogTimeout”=4294967295
“Spooler”=yes
“ThreadUnresponsiveLogTimeout”=500
“TransmissionRetryTimeout”=90
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000
“Win32kLastWriteTime”=1D255C50DCC143C

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
“CompletionChar”=64
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=64

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run]
“CLMLServer”=“C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
“RemoteControl10”=“C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe”
“UpdatePPShortCut”=“C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStart Menu.exe” “C:\Program Files (x86)\CyberLink\PowerProducer” update “Software\CyberLink\PowerProducer\5.0”
“Samsung PanelMgr”=C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
“ControlCenter4”=C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
“BrStsMon00”=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“AppInit_DLLs”=
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“DeviceNotSelectedTimeout”=15
“DwmInputUsesIoCompletionPort”=1
“EnableDwmInputProcessing”=7
“GDIProcessHandleQuota”=10000
“IconServiceLib”=IconCodecService.dll
“LoadAppInit_DLLs”=0
“NaturalInputHandler”=Ninput.dll
“ShutdownWarningDialogTimeout”=4294967295
“Spooler”=yes
“ThreadUnresponsiveLogTimeout”=500
“TransmissionRetryTimeout”=90
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
“WebCheck”={E6FB5E20-DE35-11CF-9C87-00AA005127ED}

---------- | Win.ini :

---------- | System.ini :

---------- | Tasks List

Avast Emergency Update
DeviceDetector
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Microsoft_MKC_Logon_Task_ipoint.exe
Microsoft_MKC_Logon_Task_itype.exe
OneDrive Standalone Update Task
OneDrive Standalone Update Task v2
Optimize Start Menu Cache Files-S-1-5-21-1014905426-3769363605-1701117676-1001
RtHDVBg_LENOVO_MICPKEY
RTKCPL
SafeZone scheduled Autoupdate 1468726664
User_Feed_Synchronization-{6CFCB75E-A30D-4826-9A56-0BC571027065}

---------- | Startings up registry ¦ Folder

---------- | Other keys

[HKLM\System\CurrentControlSet\Control\SecurityProv iders]
“SecurityProviders”=credssp.dll

[HKLM\System\CurrentControlSet\Control\Terminal Server]
“AllowRemoteRPC”=0
“DelayConMgrTimeout”=0
“DeleteTempDirsOnExit”=1
“fDenyTSConnections”=1
“fSingleSessionPerUser”=1
“NotificationTimeOut”=0
“PerSessionTempDir”=0
“ProductVersion”=5.1
“RCDependentServices”=CertPropSvc
SessionEnv
“SnapshotMonitors”=1
“StartRCM”=0
“TSUserEnabled”=0
“RailShowallNotifyIcons”=1
“RDPVGCInstalled”=1
“InstanceID”=d1d1bc76-2745-4205-a850-00790e0
“GlassSessionId”=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
“AutoChkTimeout”=8
“BootExecute”=autocheck autochk *
“BootShell”=%SystemRoot%\system32\bootim.exe
“CriticalSectionTimeout”=2592000
“ExcludeFromKnownDlls”=
“GlobalFlag”=0
“HeapDeCommitFreeBlockThreshold”=0
“HeapDeCommitTotalFreeThreshold”=0
“HeapSegmentCommit”=0
“HeapSegmentReserve”=0
“InitConsoleFlags”=0
“NumberOfInitialSessions”=2
“ObjectDirectories”=\Windows
\RPC Control
“ProcessorControl”=2
“ProtectionMode”=1
“ResourceTimeoutCount”=648000
“RunLevelExecute”=WinInit
ServiceControlManager
“RunLevelValidate”=ServiceControlManager
“SETUPEXECUTE”=

[HKLM\System\CurrentControlSet\Control]
“BootDriverFlags”=28
“CurrentUser”=USERNAME
“EarlyStartServices”=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc
“PreshutdownOrder”=UsoSvc
gpsvc
trustedinstaller
“WaitToKillServiceTimeout”=200
“SystemStartOptions”= NOEXECUTE=OPTIN
“SystemBootDevice”=multi(0)disk(0)rdisk(0)partitio n(2)
“FirmwareBootDevice”=multi(0)disk(0)rdisk(0)partit ion(1)
“LastBootSucceeded”=1
“LastBootShutdown”=1
“DirtyShutdownCount”=1

[HKLM\System\CurrentControlSet\Control\lsa]
“auditbasedirectories”=0
“auditbaseobjects”=0
“Bounds”=0x0030000000200000
“crashonauditfail”=0
“fullprivilegeauditing”=0x00
“LimitBlankPasswordUse”=1
“NoLmHash”=1
“Notification Packages”=scecli
“Authentication Packages”=msv1_0
“disabledomaincreds”=0
“everyoneincludesanonymous”=0
“forceguest”=0
“LsaPid”=756
“ProductType”=6
“restrictanonymous”=0
“restrictanonymoussam”=1
“SecureBoot”=1
“Security Packages”=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
livessp

---------- | .LNK with Arguments

---------- | AppCertDlls

---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll → OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll → OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Control Panel\Desktop]
“ActiveWndTrackTimeout”=0
“BlockSendInputResets”=0
“CaretWidth”=1
“ClickLockTime”=1200
“CoolSwitchColumns”=7
“CoolSwitchRows”=3
“CursorBlinkRate”=530
“DockMoving”=1
“DragFromMaximize”=1
“DragFullWindows”=1
“DragHeight”=4
“DragWidth”=4
“FocusBorderHeight”=1
“FocusBorderWidth”=1
“FontSmoothing”=2
“FontSmoothingGamma”=0
“FontSmoothingOrientation”=1
“FontSmoothingType”=2
“ForegroundFlashCount”=7
“ForegroundLockTimeout”=200000
“LeftOverlapChars”=3
“MenuShowDelay”=400
“MouseWheelRouting”=2
“PaintDesktopVersion”=0
“Pattern”=0
“RightOverlapChars”=3
“SnapSizing”=1
“TileWallpaper”=0
“WallPaper”=C:\WINDOWS\web\wallpaper\Windows\img0. jpg [16/07/2016 06:43:10]
“WallpaperOriginX”=0
“WallpaperOriginY”=0
“WallpaperStyle”=10
“WheelScrollChars”=3
“WheelScrollLines”=3
“WindowArrangementActive”=1
“ScreenSaveActive”=1
“MouseMonitorEscapeSpeed”=0
“UserPreferencesMask”=0x9E1E078012000000
“AutoColorization”=1
“MaxVirtualDesktopDimension”=3840
“MaxMonitorDimension”=1920
“TranscodedImageCount”=2
“LastUpdated”=4294967295
“TranscodedImageCache”=0x7AC301002B73030080070000B 0040000C1AF623A57DFD10143003A005C00570049004E00440 04F00570053005C007700650062005C00770061006C006C007 00061007000650072005C00570069006E0064006F007700730 05C0069006D00670030002E006A00700067000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000000000000000000
“ImageColor”=2940843252
“Win8DpiScaling”=0
“DpiScalingVer”=4096
“WaitToKillAppTimeout”=200

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{018D5C66-4533-4307-9B53-224DE2ED1FE6}”=1

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ShellState”=0x24000000342800000000000000000000000 0000001000000130000000000000062000000
“ExplorerStartupTraceRecorded”=1
“UserSignedIn”=1
“SIDUpdatedOnLibraries”=1
“LocalKnownFoldersMigrated”=1
“TelemetrySalt”=6
“GlobalAssocChangedCounter”=180
“FirstRunTelemetryComplete”=1
“AppReadinessLogonComplete”=1
“SlowContextMenuEntries”=0xB384D9893B816A408298118 AFA3A22AECF0200005D54A9A2C2A0B4429708A0B2BADD77C8D E0A00003673466C8182604E8204430CED96822D9A030000854 9D87AB487164ABE588B72A5B390F7500500000114020000000 000C00000000000004677010000

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_SearchFiles”=2
“ServerAdminUI”=0
“Hidden”=1
“ShowCompColor”=1
“HideFileExt”=1
“DontPrettyPath”=0
“ShowInfoTip”=1
“HideIcons”=0
“MapNetDrvBtn”=0
“WebView”=1
“Filter”=0
“ShowSuperHidden”=0
“SeparateProcess”=0
“AutoCheckSelect”=0
“IconsOnly”=0
“ShowTypeOverlay”=1
“ShowStatusBar”=1
“ListviewAlphaSelect”=1
“ListviewShadow”=1
“TaskbarAnimations”=1
“StartMenuInit”=13
“ReindexedProfile”=1
“Start_TrackShareContractHistory”=1
“Start_ShareContractHistoryCount”=5
“Start_TrackShareContractMFU”=1
“Start_TrackSearchContract”=1
“ApplicationSearchHistory”=1
“StoreAppsOnTaskbar”=1
“EnableStartMenu”=1
“TaskbarStateLastRun”=0xCBDFF65800000000
“HideDrivesWithNoMedia”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“DSCAutomationHostEnabled”=2
“EnableCursorSuppression”=1
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“ValidateAdminCodeSignatures”=0
“undockwithoutlogon”=1
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“SoftwareSASGeneration”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“NoRecentDocsHistory”=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\ClassicStartMenu]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“DefaultValue”=2
“HKeyRoot”=2147483649
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“ValueName”=Hidden

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ActiveSetupDisabled”=0
“ActiveSetupTaskOverride”=1
“AsyncRunOnce”=1
“AsyncUpdatePCSettings”=1
“DisableAppInstallsOnFirstLogon”=1
“DisableResolveStoreCategories”=1
“DisableUpgradeCleanup”=1
“EarlyAppResolverStart”=1
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“FSIASleepTimeInMs”=60000
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“MachineOobeUpdates”=1
“NoWaitOnRoamingPayloads”=1
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“AccessDeniedDialog”={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}
“SmartScreenEnabled”=RequireAdmin

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_TrackDocs”=1
“TaskbarSizeMove”=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations]
“Application”= open %s file - Search

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“DSCAutomationHostEnabled”=2
“EnableCursorSuppression”=1
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“ValidateAdminCodeSignatures”=0
“undockwithoutlogon”=1
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“SoftwareSASGeneration”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“NoRecentDocsHistory”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\ClassicStartMen u]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“DefaultValue”=2
“HKeyRoot”=2147483649
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“ValueName”=Hidden

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer]
“ActiveSetupDisabled”=0
“ActiveSetupTaskOverride”=1
“AsyncRunOnce”=1
“AsyncUpdatePCSettings”=1
“DisableAppInstallsOnFirstLogon”=1
“DisableResolveStoreCategories”=1
“DisableUpgradeCleanup”=1
“EarlyAppResolverStart”=1
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“FSIASleepTimeInMs”=60000
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“MachineOobeUpdates”=1
“NoWaitOnRoamingPayloads”=1
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“AccessDeniedDialog”={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}
“GlobalAssocChangedCounter”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced]
“Start_TrackDocs”=1
“TaskbarSizeMove”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Associations]
“Application”= open %s file - Search

---------- | Winlogon

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ExcludeProfileDirs”=AppData\Local;AppData\LocalLo w;$Recycle.Bin;OneDrive;Work Folders
“BuildNumber”=14393
“FirstLogon”=0
“PUUActive”=0x0BB991440A0000000800460074280000E177 0B0047790000D100000011001800BC70A41F5EF40D00E29D06 00121200004E100000CC01000000000000447F0500DE020000 2D00000076F011E2F8BDD20184530200000000000100000000 000000
“ParseAutoexec”=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“AutoRestartShell”=1
“Background”=0 0 0
“CachedLogonsCount”=10
“DebugServerCommand”=no
“DefaultDomainName”=
“DefaultUserName”=
“DisableBackButton”=1
“EnableSIHostIntegration”=1
“ForceUnlockLogon”=0
“LegalNoticeCaption”=
“LegalNoticeText”=
“PasswordExpiryWarning”=5
“PowerdownAfterShutdown”=0
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“ReportBootOk”=1
“Shell”=explorer.exe
“ShellCritical”=0
“ShellInfrastructure”=sihost.exe
“SiHostCritical”=0
“SiHostReadyTimeOut”=0
“SiHostRestartCountLimit”=0
“SiHostRestartTimeGap”=0
“VMApplet”=SystemPropertiesPerformance.exe /pagefile
“WinStationsDisabled”=0
“LastLogOffEndTimePerfCounter”=236720800008
“ShutdownFlags”=39
“Userinit”=C:\Windows\system32\userinit.exe,
“scremoveoption”=0
“DisableCad”=1
“ShutdownWithoutLogon”=0
“EnableFirstLogonAnimation”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
“DefaultDomainName”=
“DefaultUserName”=
“EnableSIHostIntegration”=1
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“Shell”=explorer.exe
“ShellCritical”=0
“SiHostCritical”=0
“SiHostReadyTimeOut”=0
“SiHostRestartCountLimit”=0
“SiHostRestartTimeGap”=0

---------- | Associations

[HKLM\Software\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\Classes.com]
“”=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.reg]
“”=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
“”=regedit.exe “%1”

[HKLM\Software\Classes.scr]
“”=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
“”=“%1” /S

[HKLM\Software\Classes.bat]
“”=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.cmd]
“”=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.pif]
“”=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.inf]
“”=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes.url]
“”=InternetShortcut

[HKLM\Software\Classes.lnk]
“”=lnkfile

[HKLM\Software\Classes.hta]
“”=htafile
“Content Type”=application/hta
“PerceivedType”=text

[HKLM\Software\Classes\htafile\Shell\Open\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\Classes\InternetShortcut]
“EditFlags”=2
“FriendlyTypeName”=@C:\WINDOWS\system32\ieframe.dl l,-10046
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“IsShortcut”=
“NeverShowExt”=
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
“”=Internet Shortcut

[HKLM\Software\Classes\Application.Manifest]
“”=Application Manifest
“BrowserFlags”=4096
“EditFlags”=4259840
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\Classes\Application.Reference]
“”=Application Reference
“EditFlags”=131072
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201
“IsShortcut”=
“NeverShowExt”=

[HKLM\Software\Classes\Folder]
“”=Folder
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKLM\Software\WOW6432Node\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Op en\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.com]
“”=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.reg]
“”=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Op en\Command]
“”=regedit.exe “%1”

[HKLM\Software\WOW6432Node\Classes.scr]
“”=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Op en\Command]
“”=“%1” /S

[HKLM\Software\WOW6432Node\Classes.bat]
“”=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.cmd]
“”=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.pif]
“”=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.inf]
“”=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Op en\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes.url]
“”=InternetShortcut

[HKLM\Software\WOW6432Node\Classes.lnk]
“”=lnkfile

[HKLM\Software\WOW6432Node\Classes.hta]
“”=htafile
“Content Type”=application/hta
“PerceivedType”=text

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Op en\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
“EditFlags”=2
“FriendlyTypeName”=@C:\WINDOWS\system32\ieframe.dl l,-10046
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“IsShortcut”=
“NeverShowExt”=
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
“”=Internet Shortcut

[HKLM\Software\WOW6432Node\Classes\Application.Mani fest]
“”=Application Manifest
“BrowserFlags”=4096
“EditFlags”=4259840
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\WOW6432Node\Classes\Application.Refe rence]
“”=Application Reference
“EditFlags”=131072
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201
“IsShortcut”=
“NeverShowExt”=

[HKLM\Software\WOW6432Node\Classes\Folder]
“”=Folder
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [15/03/2017 00:09:37]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

[HKLM\Software\Clients\StartMenuInternet\SafeZoneSt able\Shell\open\Command]
“”=“C:\Program Files\AVAST Software\SZBrowser\Launcher.exe”
[HKLM\Software\Clients\StartMenuInternet\SafeZoneSt able\InstallInfo]
“ReinstallCommand”=“C:\Program Files\AVAST Software\SZBrowser\Launcher.exe” --makedefaultbrowser

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [15/03/2017 00:09:37]
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\SafeZoneStable\Shell\open\Command]
“”=“C:\Program Files\AVAST Software\SZBrowser\Launcher.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\SafeZoneStable\InstallInfo]
“ReinstallCommand”=“C:\Program Files\AVAST Software\SZBrowser\Launcher.exe” --makedefaultbrowser

---------- | AppcompatFlags

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
“C:\SWTOOLS\DRIVERS\BLUETOOTH\B3BLT10US17_864\Setu p.exe”=1
“C:\SWTOOLS\DRIVERS\BLUETOOTH\B3BLT10US17_864\Win6 4\setup.exe”=1

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
“SIGN.MEDIA=545EA DRP_14.9\DriverPackSolution.exe”=0x534143500100000 0000000000700000028000000D8A803006CBD0300010000000 000000000000206712000002EF6C8A3A56ACD0100000080000 00000050000001000000000000000000000000000000000080 00002000000280000000000000000080040000000000000000 0000000000000000001D50700000000000100000001000000
“SIGN.IE=08DCDCB0 b3blt10us17_864.exe”=0x534143500100000000000000070 0000028000000B0DCDC08FB52DD08010000000000000000000 106000100002EF6C8A3A56ACD0100000080000000000200000 02800000000000000000000000000000000000000000000000 0000000824F0100000000000100000001000000
“SIGN.IE=0112E90 c1acp21us17.exe”=0x5341435001000000000000000700000 028000000902E110088D511000100000000000000000001060 00100002EF6C8A3A56ACD01000000800000000002000000280 00000000000000000000000000000000000000000000000000 00060F70000000000000100000001000000
“SIGN.IE=05172A68 TC00636200A.exe”=0x5341435001000000000000000700000 028000000682A1705E33217050100000000000000000002060 02100002EF6C8A3A56ACD01000000000000000002000000280 00000000000000000000000000000000000000000000000000 0009FB60300000000000100000001000000
“C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\As0.exe”=0x534143500100000000000000070000002 8000000707906006CC70600010000000000000000000106000 10000647CA60EA56ACD0100000000000000000500000010000 00000000000000000000000000000000000020000002800000 00000000000000000040000000000000000000000000000007 B310100000000000100000001000000
“SIGN.IE=056C150 avast_free_antivirus_setup_online.exe”=0x534143500 100000000000000070000002800000050C1560000000000010 000000000000000000206002100002EF6C8A3A56ACD0100000 00000000000050000001000000000000000000000000000000 00000000002000000280000000000000000000040000000000 0000000000000000000000013FE04000000000002000000020 00000
“C:\Users\Public\Desktop\avast_free_antivirus_setu p_online.exe”=0x5341435001000000000000000700000028 00000050C15600000000000100000000000000000002060021 00002EF6C8A3A56ACD01000000000000000002000000280000 00000000000000004000000000000000000000000000000000 2B490400000000000100000001000000
“D:\Downloaded Programs\Cyberlink\1_CyberLink_MediaSuite9_Pro_MES 101207-01.exe”=0x5341435001000000000000000700000028000000 0501065600000000010000000000000000000106002100002E F6C8A3A56ACD01000000000000000002000000280000000000 00000000000000000000000000000000000000000000891800 00000000000100000001000000
“D:\Downloaded Programs\Cyberlink\CMS9_Pro_MES101207-01_Single.exe”=0x534143500100000000000000070000002 80000000501065600000000010000000000000000000106002 100002EF6C8A3A56ACD010000000000000000
“C:\Program Files (x86)\CyberLink\Media Suite\PS.exe”=0x5341435001000000000000000700000028 000000286F0100508B01000100000000000000000001067122 0000975FD891C99ECE01000000000000000002000000280000 00000000000000000000100000000000000000000000000000 7B391902000000000600000006000000
“SIGN.MEDIA=4D66C47 AutoRun\AutoRun.exe”=0x534143500100000000000000070 0000028000000E8C100007CAE0100010000000000000000000 105710000002EF6C8A3A56ACD0100000000000000000500000 01000000000000000000000000000000080000000020000002 80000000000000080000000000420000000000000002000000 0000068E001000000000001000000010000000100000004000 00001000000
“SIGN.IE=094A7930 iTunes6464Setup.exe”=0x534143500100000000000000070 000002800000030794A09E89B4A09010000000000000000000 10600010000647CA60EA56ACD0100000000000000000200000 02800000000000000000000000000000000000000000000000 000000055480300000000000200000002000000
“C:\Users\Owner\AppData\Local\Temp\IXP544.TMP\Setu pAdmin.exe”=0x534143500100000000000000070000002800 0000302D0100E2DC0100010000000000000000000106000100 002EF6C8A3A56ACD0100000000000000000200000028000000 0000000000000040000000000000000000000000000000009E 460000000000000100000001000000
“SIGN.IE=094A7930 iTunes6464Setup (1).exe”=0x534143500100000000000000070000002800000 030794A09E89B4A09010000000000000000000106000100006 47CA60EA56ACD0100000000000000000200000028000000000 000000000000000000000000000000000000000000000B7270 100000000000100000001000000
“C:\Users\Owner\AppData\Local\Temp\IXP285.TMP\Setu pAdmin.exe”=0x534143500100000000000000070000002800 0000302D0100E2DC0100010000000000000000000106000100 002EF6C8A3A56ACD0100000000000000000200000028000000 0000000000000040000000000000000000000000000000004C 100000000000000100000001000000
“SIGN.MEDIA=C2B0B0 start.exe”=0x5341435001000000000000000500000010000 00000000000000000000000000000000000020000002800000 00000000000000040000000000000000000000000000000008 18C00000000000001000000010000000700000028000000504 C01007361010001000000000000000000010600210000975FD 891C99ECE010000000000000000
“SIGN.MEDIA=9EFDA setup.exe”=0x5341435001000000000000000700000028000 0007897050080CD05000100000000000000000001060021000 02EF6C8A3A56ACD010000000000000000
“SIGN.MEDIA=EDB931 AccessEncryptedFiles.exe”=0x5341435001000000000000 00070000002800000068C6010031F201000100000000000000 00000106712000002EF6C8A3A56ACD01000000000000000005 00000010000000000000000000000000000000000000000200 00002800000000000000000000000000000004000000000000 0004000000F6F8000000000000010000000100000001000000 0400000001000000
“SIGN.MEDIA=71426 setup.exe”=0x5341435001000000000000000700000028000 00078150700785307000100000000000000000001060021000 02EF6C8A3A56ACD01000000000000000002000000280000000 00000000000005000000000000000000000000000000000542 41300000000000100000001000000
“SIGN.MEDIA=1341E963 KeePass Password Safe\KeePass.exe”=0x534143500100000000000000070000 0028000000902D2100273D2100010000000000000000000206 71220000975FD891C99ECE0100000000000000000200000028 00000000000000000000000000000000000000000000000000 0000725D7A0C000000000700000007000000
“C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe”=0x5341435 00100000000000000070000002800000000402B004DCE21000 100000000000000000001067120000033504C2B57DFD101000 00000000000000200000028000000000000008000000000000 000000000000000000000000000094E1200000000001200000 012000000
“C:\Users\Owner\AppData\Local\Temp\IXP635.TMP\Setu pAdmin.exe”=0x534143500100000000000000070000002800 0000302D0100E2DC0100010000000000000000000106000100 002EF6C8A3A56ACD0100000000000000000200000028000000 00000000000000400000000000000000000000000000000008 520000000000000100000001000000
“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE”=0x534143500100000000 000000070000002800000048C801003AD00100010000000000 000000000106710200002EF6C8A3A56ACD0100000000000000 00020000002800000000000000000000000000000000000000 0000000000000000287E0000000000000100000001000000
“C:\Windows\System32\spool\drivers\x64\3\ssp8mam.e xe”=0x534143500100000000000000070000002800000050FA 08001D6509000100000000000000000001067122000019B4C5 29E312D1010000000000000000020000002800000000000000 0000000000000000000000000000000000000000FC7A000000 0000000600000006000000
“C:\Windows\System32\spool\drivers\x64\3\ssp8msm.e xe”=0x534143500100000000000000070000002800000050D4 1B00C97E1C000100000000000000000001067122000019B4C5 29E312D1010000000000000000020000002800000000000000 0000000000000000000000000000000000000000F309000000 0000000600000006000000
“C:\Program Files (x86)\Nuance\PaperPort\pppagevw.exe”=0x53414350010 0000000000000070000002800000068971400846D150001000 0000000000000000106712200002EF6C8A3A56ACD010000000 00000000002000000280000000000000000000010000000000 00000000000000000000000043600000000000001000000010 00000
“C:\Program Files (x86)\Nuance\PaperPort\ScannerWizardU.exe”=0x53414 35001000000000000000700000028000000206511009BC9110 001000000000000000000010600210000975FD891C99ECE010 00000000000000002000000280000000000000000000000000 00000000000000000000000000000C32B00000000000001000 00001000000
“C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe”=0x53414350010 00000000000000700000028000000683714009A43140001000 000000000000000010671220000975FD891C99ECE010000000 00000000002000000280000000000000000000010000000000 000000000000000000000008EB906000000000001000000010 00000
“C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe”=0 x534143500100000000000000070000002800000028A50600C D5A070001000000000000000000010671220000975FD891C99 ECE01000000000000000002000000280000000000000080000 000000000000000000000000000000000002E2B05000000000 00300000003000000
“C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ECCenter1.exe”=0x534143500100000000000000070 00000280000006095060071360700010000000000000000000 00671020000975FD891C99ECE0100000000000000000200000 02800000000000000000000000000000000000000000000000 0000000D9273F00000000000F0000000F000000
“C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\BtAssist1.exe”=0x534143500100000000000000070 000002800000060950600FFB80600010000000000000000000 00671020000975FD891C99ECE0100000000000000000200000 02800000000000000000000000000000000000000000000000 0000000C31B1100000000000700000007000000
“C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe”=0x53414350010000000000000007 0000002800000050630100A572010001000000000000000000 000673020000B395E7CF049FCE010000000000000000020000 00280000000000000000000000000000000000000000000000 00000000D3040000000000000100000001000000
“SIGN.IE=093B868 AmazonMusicImporterInstaller-3.1.0.V320648434.exe”=0x534143500100000000000000070000002800000068 B893006217940001000000000000000000030671220000975F D891C99ECE0100000000000000000200000028000000000000 000000000000000000000000000000000000000000C0C21100 000000000100000001000000
“C:\Program Files (x86)\Amazon\Utilities\Amazon Music Importer\Amazon Music Importer.exe”=0x5341435001000000000000000700000028 0000004845020033E702000100000000000000000001060001 000033504C2B57DFD101000000000000000002000000280000 00000000000000000000000000000000000000000000000000 E34A0000000000000200000002000000
“SIGN.MEDIA=27C5091A KeePass Password Safe\KeePass.exe”=0x534143500100000000000000070000 0028000000902D2100273D2100010000000000000000000306 71220000975FD891C99ECE0100000000000000000200000028 00000000000000000000000000000000000000000000000000 0000D5E40A07000000000200000002000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.5892.0626\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C03802000BA5020001000000 000000000000000A0021000019B4C529E312D1010000000100 000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6281.1202\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C88002006A18030001000000 000000000000000A0021000019B4C529E312D1010000000100 000000
“SIGN.MEDIA=64D8EDE KeePass Password Safe\KeePass.exe”=0x534143500100000000000000070000 0028000000C8F22000EF7C210001000000000000000000000A 7122000019B4C529E312D10100000000000000000200000028 00000000000000000000000000000000000000000000000000 00000A98A603000000000100000001000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6301.0127\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C8800200726B030001000000 000000000000000A0021000019B4C529E312D1010000000100 000000
“C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\BigBang\Runti me\CLUpdater.exe”=0x534143500100000000000000070000 002800000028E503005F360400010000000000000000000006 7102000019B4C529E312D10100000080000000000200000028 00000000000000000000000000000000000000000000000000 000070240000000000000100000001000000
“C:\Users\Owner\Downloads\Install_CopyTransControl Center.exe”=0x534143500100000000000000070000002800 0000A0205F00898E5F0001000000000000000000000A002100 0019B4C529E312D10100000000000000000200000028000000 0000000000000000000000000000000000000000000000002A DA2300000000000100000001000000
“C:\Users\Owner\AppData\Roaming\WindSolutions\Copy TransControlCenter\Applications\CopyTransControlCe nter.exe”=0x53414350010000000000000007000000280000 00A0205F00898E5F0001000000000000000000000A00210000 19B4C529E312D1010000000000000000020000002800000000 0000000000000000000000000000000000000000000000DAF9 9307000000000300000003000000
“SIGN.MEDIA=646EEDE KeePass Password Safe\KeePass.exe”=0x534143500100000000000000070000 0028000000C8F22000EF7C210001000000000000000000000A 7122000019B4C529E312D10100000000000000000200000028 00000000000000000000000000000000000000000000000000 00009F2A1B03000000000100000001000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6302.0225\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C88002006821030001000000 000000000000000A0021000019B4C529E312D1010000000100 000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6386.0412\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C8BA0200D5D3020001000000 000000000000000A0021000019B4C529E312D1010000000100 000000
“SIGN.MEDIA=3098DAC KeePass Password Safe\KeePass.exe”=0x534143500100000000000000070000 002800000018F7200004EF210001000000000000000000000A 7122000019B4C529E312D10100000000000000000200000028 00000000000000000000000000000000000000000000000000 0000CFF74800000000000200000002000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6390.0509\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C8BA020001D3020001000000 000000000000000A0021000019B4C529E312D1010000000100 000000
“C:\Users\Owner\Downloads\DisplayLink USB Graphics Software for Windows 8.0 M0.exe”=0x5341435001000000000000000700000028000000 C8B29502C204960201000000000000000000000A0021000019 B4C529E312D101000000000000000002000000280000000000 00000000004000000000000000000000000000000000062D01 00000000000100000001000000
“C:\Users\Owner\AppData\Local\Temp\Temp1_kvmswiche r.zip\KVMSwicher\Windows\USBKVMInstall.exe”=0x5341 435001000000000000000700000028000000CD850900000000 0001000000000000000000000A4122000019B4C529E312D101 00000000000000000200000028000000000000000000004000 00000000000000000000000000000021340300000000000100 000001000000
“SIGN.MEDIA=30B05AC KeePass Password Safe\KeePass.exe”=0x534143500100000000000000070000 002800000018F7200004EF210001000000000000000000000A 7122000033504C2B57DFD10100000000000000000200000028 00000000000000000000000000000000000000000000000000 000013C27E00000000000500000005000000
“C:\Program Files\iTunes\iTunes.exe”=0x53414350010000000000000 00700000028000000388F2E008CC62E0001000000000000000 000000A7322000059193B14E312D1010000000000000000020 00000280000000000000000000000000000000000000000000 000000000006004EF02000000000300000003000000
“C:\Program Files\Internet Explorer\iexplore.exe”=0x5341435001000000000000000 700000028000000C0740C00BD6F0D000100000001000000000 0000A0021000059193B14E312D1010000000000000000
“C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe”=0x534143500100000000000000070 00000280000000010090000000000010000000000000000000 1067120000033504C2B57DFD10100000000000000000200000 05000000000000000000000000000000000000000000000000 00000001A01000000000000090000000600000000000000000 0004000000000000000000000000000000000DB00000000000 0000200000000000000
“C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE”=0x534143500100000000000 0000700000028000000C074370101853701010000000000000 0000001060001000019B4C529E312D1010000000100000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6517.0809\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C0AC02007050030001000000 000000000000000A0021000019B4C529E312D1010000000100 000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6517.0809_1\FileSyncConfig.exe”=0x534143500100 0000000000000700000028000000C0AC020070500300010000 00000000000000000A0021000033504C2B57DFD10100000001 00000000
“C:\Users\Owner\Documents\KVM Switcher\KVMSwicher\Windows\USBKVMInstall.exe”=0x5 341435001000000000000000700000028000000CD850900000 0000001000000000000000000000A4122000033504C2B57DFD 1010000000000000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6705.1122\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000D87E03000008040001000000 000000000000000A0021000033504C2B57DFD1010000000100 000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6720.1207\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000E07E03004B44040001000000 000000000000000A0021000033504C2B57DFD1010000000100 000000
“C:\Program Files (x86)\Windows Media Player\wmplayer.exe”=0x534143500100000000000000070 0000028000000008C020019300300010000000100000000000 00A7122000033504C2B57DFD1010000000000000000
“C:\Users\Owner\Downloads\VideostreamNetworkRepair .exe”=0x534143500100000000000000070000002800000098 1C0300F98E0300010000000000000000000306F10200003350 4C2B57DFD10100000000000000000500000010000000000000 00000000000000000000000000020000002800000000000000 0000004000000000000000000000000000000000EA00000000 0000000100000001000000
“C:\Users\Owner\Downloads\VideostreamNetworkRepair (1).exe”=0x534143500100000000000000070000002800000 0981C0300F98E0300010000000000000000000306F10200003 3504C2B57DFD10100000000000000000500000010000000000 00000000000000000000000000000020000002800000000000 00000000040000000000000000000000000000000003160000 0000000000100000001000000
“C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE”=0x5341435001000000000 000000700000028000000B8DA1500A2B916000100000000000 000000001060001000033504C2B57DFD101000000010000000 0
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6743.1212\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000D87E030025C1030001000000 000000000000000A0021000033504C2B57DFD1010000000100 000000
“SIGN.MEDIA=30B05AC KeePass Password Safe\KeePass-1.31-Setup.exe”=0x5341435001000000000000000700000028000 00030671D00897F1D0001000000000000000000000A0021000 033504C2B57DFD101000000000000000002000000280000000 00000000000000000000000000000000000000000000000251 40000000000000100000001000000
“SIGN.MEDIA=1004CF4 KeePass Password Safe\KeePass-1.32-Setup.exe”=0x5341435001000000000000000700000028000 000A8721D0047181E0001000000000000000000000A0021000 033504C2B57DFD101000000000000000002000000280000000 000000000000000000000000000000000000000000000006C6 70500000000000200000002000000
“SIGN.MEDIA=539ABF6 KeePass Password Safe\KeePass.exe”=0x534143500100000000000000070000 002800000000F820004D2A210001000000000000000000000A 7122000033504C2B57DFD10100000000000000000200000028 00000000000000000000000000000000000000000000000000 0000F68C2D12000000000100000001000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6764.0111\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000E07E0300F3A9030001000000 000000000000000A0021000033504C2B57DFD1010000000100 000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6798.0207\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000D88003007F30040001000000 000000000000000A0021000033504C2B57DFD1010000000100 000000
“SIGN.MEDIA=A54CEFE KeePass Password Safe\KeePass.exe”=0x534143500100000000000000070000 002800000000F820004D2A210001000000000000000000000A 7122000033504C2B57DFD10100000000000000000200000028 00000000000000000000000000000000000000000000000000 000035100800000000000100000001000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\U pdate\OneDriveSetup.exe”=0x53414350010000000000000 00700000028000000D87E3801682C390101000000000000000 000000A0021000033504C2B57DFD1010000000100000000
“C:\Users\Owner\AppData\Local\Microsoft\OneDrive\1 7.3.6799.0327\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000D88203009CF3030001000000 000000000000000A0021000033504C2B57DFD1010000000100 000000
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”=0x5341 435001000000000000000700000028000000585F0E0023DF0E 0001000000000000000000000A0021000033504C2B57DFD101 0000000100000000
“C:\Program Files\AVAST Software\Avast\AvastUI.exe”=0x53414350010000000000 00000700000028000000A8D08B0011B48C0001000000000000 000000000A0021000033504C2B57DFD1010000000000000000 02000000280000000000000000000000000000000000000000 000000000000008C000000000000000300000003000000
“C:\Program Files\AVAST Software\SZBrowser\launcher.exe”=0x534143500100000 000000000070000002800000020260E0058590E00010000000 00000000000000A0021000033504C2B57DFD10100000000000 00000020000002800000000000000800000000000000000000 000000000000000000046B0730000000000020000000200000 0
“C:\Users\Owner\Downloads\malwarebytes.exe”=0x5341 435001000000000000000700000028000000B8FF1803D6E919 0301000000000000000000000A0021000033504C2B57DFD101 0000000000000000
“C:\Users\Owner\Desktop\FRST64.exe”=0x534143500100 00000000000007000000280000000006250008112500010000 00000000000000000A00210000D5B3B31A57DFD10100000000 00000000020000002800000000000000000000400000000000 00000000000000000000000C0C020000000000010000000100 0000
“C:\Users\Owner\Desktop\aswmbr.exe”=0x534143500100 0000000000000700000028000000005A4F0000000000010000 00000000000000000A7122000033504C2B57DFD10100000000 00000000050000001000000000000000000000000000000000 00000002000000280000000000000000000040000000000000 00000000000000000000ABC001000000000001000000010000 00
“C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe”=0x5341435001000000000000000 700000028000000D0AF05005F4606000100000000000000000 0000A7122000033504C2B57DFD101000000000000000002000 00028000000000000000000004000000000000000000000000 000000000B5010000000000000100000001000000
“C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe”=0x53414350010000000000000007 00000028000000D03112002024130003000000000000000000 000A0021000033504C2B57DFD1010000000000000000
“C:\Users\Owner\Desktop\QuickDiag.exe”=0x534143500 1000000000000000700000028000000A8612A00D3912A00010 00000000000000000000A0021000033504C2B57DFD10100000 00000000000

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
“C:\Program Files\AVAST Software\SZBrowser\Launcher.exe”=32

---------- | IFEO

---------- | Mountpoints2

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“”=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“Beep”=#USR:Control Panel\Sound
“CoolSwitch”=USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“Spooler”=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SwapMouseButtons”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“Beep”=#USR:Control Panel\Sound
“CoolSwitch”=USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SwapMouseButtons”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
“windows”=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
“cval”=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
“VistaSp1”=131194892913883613

[HKLM\SOFTWARE\Microsoft\Windows Defender]
“ProductAppDataPath”=C:\ProgramData\Microsoft\Wind ows Defender
“ProductIcon”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
“ProductLocalizedName”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
“RemediationExe”=%ProgramFiles%\Windows Defender\MSASCui.exe
“DisableAntiSpyware”=1
“ProductType”=2
“ProductStatus”=0
“DisableAntiVirus”=1
“InstallTime”=0xFEBCBE856D62D001
“ManagedDefenderProductType”=0

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall”=1

---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)

---------- | Hosts

---------- | Ping

Pinging google.com [74.125.138.100] with 32 bytes of data:
Reply from 74.125.138.100: bytes=32 time=22ms TTL=45
Reply from 74.125.138.100: bytes=32 time=33ms TTL=45
Reply from 74.125.138.100: bytes=32 time=26ms TTL=45
Reply from 74.125.138.100: bytes=32 time=28ms TTL=45

Ping statistics for 74.125.138.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 33ms, Average = 27ms

---------- | @

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Internet Explorer\Main]
“Anchor Underline”=yes
“Disable Script Debugger”=yes
“DisableScriptDebuggerIE”=yes
“Display Inline Images”=yes
“Do404Search”=0x01000000
“Save_Session_History_On_Exit”=no
“Search Page”= Search - Microsoft Bing
“Show_FullURL”=no
“Show_StatusBar”=yes
“Show_ToolBar”=yes
“Show_URLinStatusBar”=yes
“Show_URLToolBar”=yes
“Use_DlgBox_Colors”=yes
“UseClearType”=no
“XMLHTTP”=1
“Cache_Update_Frequency”=Once_Per_Session
“Local Page”=C:\WINDOWS\system32\blank.htm
“NoUpdateCheck”=1
“Enable Browser Extensions”=yes
“Play_Background_Sounds”=yes
“Play_Animations”=yes
“Start Page”= MSN
“OperationalData”=13
“CompatibilityFlags”=0
“FullScreen”=no
“Window_Placement”=0x2C0000000200000003000000FFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFF00000000190000000004000 0B4020000
“Start Page Redirect Cache_TIMESTAMP”=0xCD5413BD4140D101
“Start Page Redirect Cache AcceptLangs”=en-US
“IE10RunOncePerInstallCompleted”=1
“IE10RunOnceCompletionTime”=0x2B0564BFFCC9D101
“IconCache”=wvgt5je
“IE10TourShown”=1
“IE10TourShownTime”=0x2B0564BFFCC9D101
“PrivacyPolicyShown”=1
“Use FormSuggest”=no
“DownloadWindowPlacement”=0x2C00000000000000000000 00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9000000054000000 1003000034020000
“ImageStoreRandomFolder”=wwn5bio
“ApplicationTileImmersiveActivation”=0
“AssociationActivationMode”=2
“EdgeSwitchingOSBuildNumber”=10586.th2_release.160 802-1857
“Start Page_TIMESTAMP”=0xCB3F4E9B4EE0D101
“SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy”=

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“DisableCachingOfSSLPages”=0
“IE5_UA_Backup_Flag”=5.0
“PrivacyAdvanced”=1
“SecureProtocols”=2688
“CertificateRevocation”=1
“EnableNegotiate”=1
“MigrateProxy”=1
“ProxyEnable”=0
“User Agent”=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
“ZonesSecurityUpgrade”=0xEEEB25529E9ED201
“EmailName”=User@
“AutoConfigProxy”=wininet.dll
“MimeExclusionListForCache”=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
“WarnOnPost”=0x01000000
“UseSchannelDirectly”=0x01000000
“EnableHttp1_1”=1
“UrlEncoding”=0
“WarnonZoneCrossing”=0
“ProxyOverride”=*.local

[HKLM\Software\Microsoft\Internet Explorer\Main]
“Anchor_Visitation_Horizon”=0x01000000
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“AutoHide”=yes
“Cache_Percent_of_Disk”=0x0A000000
“Default_Page_URL”= MSN
“Default_Search_URL”= Search - Microsoft Bing
“Default_Secondary_Page_URL”=
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Extensions Off Page”=about:NoAdd-ons
“Local Page”=C:\Windows\System32\blank.htm
“Placeholder_Height”=0x1A000000
“Placeholder_Width”=0x1A000000
“Search Page”= Search - Microsoft Bing
“Security Risk Page”=about:SecurityRisk
“Start Page”= MSN
“Use_Async_DNS”=yes
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
“DoNotTrack”=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“Home”=270
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“PostNotCached”=res://ieframe.dll/repost.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix]
“”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes]
“ftp”=ftp://
“home”=http://
“mosaic”=http://
“www”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“ActiveXCache”=C:\Windows\Downloaded Program Files
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“MinorVersion”=0
“WarnOnIntranet”=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
“Anchor_Visitation_Horizon”=0x01000000
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“AutoHide”=yes
“Cache_Percent_of_Disk”=0x0A000000
“Default_Page_URL”= MSN
“Default_Search_URL”= Search - Microsoft Bing
“Default_Secondary_Page_URL”=
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Extensions Off Page”=about:NoAdd-ons
“Local Page”=C:\Windows\SysWOW64\blank.htm
“Placeholder_Height”=0x1A000000
“Placeholder_Width”=0x1A000000
“Search Page”= Search - Microsoft Bing
“Security Risk Page”=about:SecurityRisk
“Start Page”= MSN
“Use_Async_DNS”=yes
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“Home”=270
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“PostNotCached”=res://ieframe.dll/repost.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\DefaultPrefix]
“”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\Prefixes]
“ftp”=ftp://
“home”=http://
“mosaic”=http://
“www”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Internet settings]
“ActiveXCache”=C:\Windows\Downloaded Program Files
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“MinorVersion”=0
“WarnOnIntranet”=1

---------- | reparsepoint

---------- | Detection of offsets

---------- | Notify

---------- | Execution FileExts

---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} – C:\Program Files\AVAST Software\Avast\ashShA64.dll [05/04/2017 02:33:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} – C:\Program Files\AVAST Software\Avast\ashShA64.dll [05/04/2017 02:33:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\EnhancedStorageS hell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} – C:\Windows\System32\EhStorShell.dll [16/07/2016 06:42:17]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} – C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} – C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} – C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} – C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} – C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} – %SystemRoot%\System32\cscui.dll
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Groo ve Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} – C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Groo ve Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} – C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Groo ve Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} – C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Groo ve Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} – C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Groo ve Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} – C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=Groove GFS Stub Execution Hook

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellExecuteHooks]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=Groove GFS Stub Execution Hook

---------- | Toolbar

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“Locked”=1

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
“KnownProvidersUpgradeTime”=0x2B0564BFFCC9D101
“Version”=5
“UpgradeTime”=0x2B0564BFFCC9D101
“DefaultPackCorrection”=1
“DefaultPackNTCorrection”=1

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -

---------- | SearchScopes

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] → (Groove GFS Browser Helper) : C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{B4F3A835-0E21-4959-BA22-42B3008E02FF}] → (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 07:37:48]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] → (Groove GFS Browser Helper) : C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{B4F3A835-0E21-4959-BA22-42B3008E02FF}] → (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 07:37:48]

---------- | Chrome

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhon fmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfi lokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigk jlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [ http://docs.google.com/http://drive....ve.google.com/ ] - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\cnciopoikihiagdjbjpnocolok felagl = : Play your downloaded videos on the Chromecast™ (any file type) - Videostream for Google Chromecast™ - 760761840374-p3tdq2ck1nvdhfagh7sddtohs58psq9v.apps.googleuserco ntent.com - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\daanglpcpkjjlkhcbladppjphg lbigam = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security (BETA) - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihc jkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpeb giejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi = : MSG_extDesc - MSG_extName - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegiea cbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccm gmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoe jaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleuserco ntent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\WOW6432Node\Google\Chrome\Extensions \daanglpcpkjjlkhcbladppjphglbigam]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions \eofcbnmajmjmplflapaojjnihcjkigck]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions \gomekmidlodglbbmalcneegieacbdmki]

---------- | Opera

---------- | Firefox

[HKLM\Software\mozilla\Firefox\Extensions]
“wrc@avast.com”=C:\Program Files\AVAST Software\Avast\WebRep\FF
“sp@avast.com”=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensio ns]
“wrc@avast.com”=C:\Program Files\AVAST Software\Avast\WebRep\FF
“sp@avast.com”=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins@Apple.com/iTunes,version=] - (iTunes Detector Plug-in) :
[HKLM\Software\WOW6432Node\MozillaPlugins@Apple.com/iTunes,version=1.0] - () : C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters]
“DhcpNameServer”=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{5e3c0aea-66f9-465d-8e3b-e66fde3bcfee}]
“DhcpNameServer”=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{5e3c0aea-66f9-465d-8e3b-e66fde3bcfee}]
“DhcpNameServer”=192.168.1.1

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1
[HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : “C:\Program Files\iTunes\iTunes.exe” /open “%L”
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen “%1”
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : “%SystemRoot%\System32\provtool.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\SZBrowser.exe] : “C:\Program Files\AVAST Software\SZBrowser\Launcher.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iex plore.exe] : “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTu nes.exe] : “C:\Program Files\iTunes\iTunes.exe” /open “%L”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\not epad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois .exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\pho toviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\pro vtool.exe] : “%SystemRoot%\System32\provtool.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SZB rowser.exe] : “C:\Program Files\AVAST Software\SZBrowser\Launcher.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmp layer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wor dpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=Power
LSM
BrokerInfrastructure
PlugPlay
DeviceInstall
SystemEventsBroker
DcomLaunch
“Camera”=FrameServer
“smbsvcs”=lanmanserver
browser
“PeerDist”=PeerDistSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=PlugPlay
DeviceInstall
DcomLaunch
“smbsvcs”=lanmanserver

---------- | SvcHost - Netsvcs (Whitelist)

---------- | Software

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Amazon]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\AppDataLow]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Apple Inc.]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\AVAST Software]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Brother]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\CyberLink]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\DisplayLink]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\drpsu]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\FLEXnet]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Google]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\InstallShield]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Intel]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Lake]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\LogiShrd]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Macromedia]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Malwarebytes]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Mine]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Netscape]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\ODBC]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Policies]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Realtek]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Samsung]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\ScanSoft]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\SSPrint]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\sysinternals]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Toshiba]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\WindSolutions]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Wow6432Node]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Zeon]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Brother]
[HKLM\Software\Caphyon]
[HKLM\Software\Clients]
[HKLM\Software\DisplayLink]
[HKLM\Software\Dolby]
[HKLM\Software\DTS]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\Lenovo]
[HKLM\Software\Logishrd]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nahimic]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Samsung]
[HKLM\Software\SonicFocus]
[HKLM\Software\SRS Labs]
[HKLM\Software\SSPrint]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\Toshiba]
[HKLM\Software\Waves Audio]
[HKLM\Software\WIDCOMM_TEMP]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Yamaha APO]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\DWM]
[HKLM\Software\Microsoft\Windows\EnterpriseResource Manager]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnosti cs]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnostic sProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\Brother]
[HKLM\Software\WOW6432Node\Brother Industries, Ltd.]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\InstallShield]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Lake]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Samsung]
[HKLM\Software\WOW6432Node\ScanSoft]
[HKLM\Software\WOW6432Node\SmartSound Software]
[HKLM\Software\WOW6432Node\SPanel]
[HKLM\Software\WOW6432Node\SSPrint]
[HKLM\Software\WOW6432Node\TOSHIBA]
[HKLM\Software\WOW6432Node\Volatile]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickN ote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Enterp riseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStor age]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Script edDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives

D:

F:

[09/03/2011 19:56:21] - |A| - (.Copyright 2009-2010 Western Digital - WDQuickFormatter.exe.) - [3290480] - (1.2.0.7) - F:\WD Quick Formatter.exe
[09/03/2011 19:56:25] - |A| - (.(c) Western Digital - Setup Application for WD SmartWare.) - [4246384] - (1.4.5.2) - F:\WD SmartWare.exe

---------- | C:

[22/08/2013 10:36:31] - |SHD| - [1831779661] - C:$Recycle.Bin
[MD5.21BF183C15AFE62A8D1137BB9007B2A3] - [26/07/2012 03:18:43] - |RASH| - (.-.) - [398156] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [26/07/2012 03:18:43] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[11/08/2015 16:33:19] - |D| - [451456] - C:\Brother
[22/08/2013 09:45:52] - |SHD| - [0] - C:\Documents and Settings
[24/04/2017 15:11:30] - |D| - [117712338] - C:\FRST
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/09/2016 17:31:56] - |ASH| - (.-.) - [1678684160] - (0.0.0.0) - C:\hiberfil.sys
[19/03/2015 13:05:46] - |D| - [42070] - C:\Intel
[05/08/2015 14:26:19] - |RHD| - [719612625] - C:\MSOCache
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/03/2015 12:52:44] - |ASH| - (.-.) - [738197504] - (0.0.0.0) - C:\pagefile.sys
[16/07/2016 06:47:47] - |D| - [0] - C:\PerfLogs
[16/07/2016 01:04:24] - |RD| - [4316863461] - C:\Program Files
[16/07/2016 01:04:24] - |RD| - [4749830132] - C:\Program Files (x86)
[16/07/2016 06:47:48] - |HD| - [1840607552] - C:\ProgramData
[25/04/2017 14:25:12] - |D| - [262052] - C:\QuickDiag
[MD5.FC518E4ECD12021DA911CC1C109C842A] - [25/04/2017 14:25:22] - |A| - (.-.) - [144641] - (0.0.0.0) - C:\QuickDiag.txt
[09/01/2016 10:07:33] - |SHD| - [290066989] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/03/2015 12:52:44] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
[19/03/2015 13:18:11] - |D| - [251564183] - C:\SWTOOLS
[19/03/2015 12:52:43] - |SHD| - [20572] - C:\System Volume Information
[16/07/2016 01:04:24] - |RD| - [4993351410] - C:\Users
[16/07/2016 01:04:24] - |D| - [24971240056] - C:\Windows

---------- | C:\WINDOWS

[16/07/2016 06:47:48] - |D| - [802] - C:\WINDOWS\addins
[MD5.C048724563615DDE0471383910A6959E] - [05/08/2015 13:01:44] - |A| - (.-.) - [5430] - (0.0.0.0) - C:\WINDOWS\AnyWeb Print.ico
[16/07/2016 06:47:48] - |D| - [14559562] - C:\WINDOWS\appcompat
[16/07/2016 06:47:48] - |D| - [12422502] - C:\WINDOWS\AppPatch
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\AppReadiness
[16/07/2016 06:47:47] - |RD| - [836069847] - C:\WINDOWS\assembly
[26/07/2012 03:12:59] - |D| - [0] - C:\WINDOWS\AUInstallAgent
[MD5.12EBDA58437CD1EA7066FCB6455241D2] - [05/09/2016 16:10:58] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr
[16/07/2016 06:47:48] - |D| - [325008] - C:\WINDOWS\bcastdvr
[MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 06:42:16] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe
[16/07/2016 09:29:36] - |SHD| - [591899] - C:\WINDOWS\BitLockerDiscoveryVolumeContents
[16/07/2016 06:47:48] - |D| - [38115435] - C:\WINDOWS\Boot
[MD5.ED812775C5F87D6526AA7A9F496CBC1F] - [27/09/2016 17:27:06] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[16/07/2016 06:47:48] - |D| - [3715096] - C:\WINDOWS\Branding
[MD5.7D6E128FDC85D9EC2130ECAEC7FB7C76] - [11/08/2015 16:33:16] - |A| - (.-.) - [66] - (0.0.0.0) - C:\WINDOWS\Brfaxrx.ini
[MD5.BDAD1C5531FA9ED3863219D6923F4CD1] - [05/08/2015 13:16:03] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\brpcfx.ini
[MD5.2A4D68A1EDFF18D49CC9B9A41CE9C39C] - [05/08/2015 13:16:03] - |A| - (.-.) - [24] - (0.0.0.0) - C:\WINDOWS\Brpfx04a.ini
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/08/2015 13:15:29] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\BRRBCOM.INI
[16/07/2016 06:36:22] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.8AB7E743453CB6E272EF9374CE260C45] - [27/09/2016 17:32:20] - |A| - (.-.) - [19598] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[19/03/2015 12:54:04] - |D| - [0] - C:\WINDOWS\CSC
[16/07/2016 06:47:48] - |D| - [8970858] - C:\WINDOWS\Cursors
[16/07/2016 06:47:48] - |D| - [18692875] - C:\WINDOWS\debug
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [27/09/2016 17:34:10] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[16/07/2016 06:47:48] - |D| - [4494460] - C:\WINDOWS\diagnostics
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [27/09/2016 17:34:10] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[16/07/2016 09:14:00] - |D| - [0] - C:\WINDOWS\DigitalLocker
[16/07/2016 06:47:48] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.3B714C6B68444A6BB38DAAD5F39ED672] - [09/07/2016 13:47:12] - |A| - (.-.) - [9850] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG
[MD5.F6CAE25A0B2F38F536A9339A878E2ED1] - [05/08/2015 13:01:44] - |A| - (.-.) - [11502] - (0.0.0.0) - C:\WINDOWS\Dr. Printer Icon.ico
[MD5.1681D46EDEA33169301564E71CD255F6] - [16/07/2016 06:49:13] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[16/07/2016 06:47:48] - |HD| - [44056] - C:\WINDOWS\ELAMBKUP
[16/07/2016 09:14:00] - |D| - [105984] - C:\WINDOWS\en-US
[MD5.60864394E6C33D72ADC39856101DF832] - [23/09/2005 13:48:52] - |A| - (.Copyright 2000-2005, eSellerate Inc. - eSellerateEngine.) - [356352] - (3.6.2.3) - C:\WINDOWS\eSellerateEngine.dll
[MD5.F2D58A2E27C2CD486F8F0A123A3F34C3] - [15/03/2017 00:09:30] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [4674360] - (10.0.14393.953) - C:\WINDOWS\explorer.exe
[16/07/2016 06:47:48] - |RSD| - [399077936] - C:\WINDOWS\Fonts
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[16/07/2016 06:47:48] - |D| - [27494442] - C:\WINDOWS\Globalization
[16/07/2016 06:47:48] - |D| - [1405337] - C:\WINDOWS\Help
[MD5.DD3887563D64E631168B8C107C61A1EC] - [11/04/2017 20:35:04] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [975872] - (10.0.14393.1066) - C:\WINDOWS\HelpPane.exe
[MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 06:42:21] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe
[16/07/2016 06:47:48] - |D| - [173189416] - C:\WINDOWS\IME
[16/07/2016 06:47:48] - |RD| - [6841392] - C:\WINDOWS\ImmersiveControlPanel
[16/07/2016 06:45:54] - |D| - [64433376] - C:\WINDOWS\INF
[16/07/2016 06:47:48] - |D| - [1076853729] - C:\WINDOWS\InfusedApps
[16/07/2016 06:47:48] - |D| - [36285422] - C:\WINDOWS\InputMethod
[16/07/2016 06:47:48] - |SHDC| - [5949662537] - C:\WINDOWS\Installer
[16/07/2016 06:47:48] - |D| - [89407] - C:\WINDOWS\L2Schemas
[16/07/2016 06:47:48] - |D| - [16983498] - C:\WINDOWS\LiveKernelReports
[16/07/2016 01:04:29] - |D| - [30639783] - C:\WINDOWS\Logs
[16/07/2016 06:47:48] - |RSD| - [20316123] - C:\WINDOWS\Media
[22/08/2013 10:36:31] - |D| - [1619968] - C:\WINDOWS\MediaViewer
[MD5.A3F5562C9098075F6DEAA9CCBBDC96C2] - [15/08/2015 21:15:24] - |A| - (.-.) - [497545026] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 06:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[16/07/2016 06:47:47] - |RD| - [729194838] - C:\WINDOWS\Microsoft.NET
[16/07/2016 06:47:48] - |D| - [2563] - C:\WINDOWS\Migration
[16/07/2016 06:47:48] - |RD| - [484593] - C:\WINDOWS\MiracastView
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.616CA7CA98BC53FAED26040BC0838164] - [06/08/2015 07:44:19] - |A| - (.-.) - [263822] - (0.0.0.0) - C:\WINDOWS\msxml4-KB2758694-enu.LOG
[MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 06:43:51] - |A| - (.© Microsoft Corporation. - Notepad.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe
[16/07/2016 09:15:09] - |D| - [219754] - C:\WINDOWS\OCR
[16/07/2016 06:47:48] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[27/09/2016 20:24:32] - |DC| - [264786199] - C:\WINDOWS\Panther
[17/12/2016 17:52:59] - |D| - [0] - C:\WINDOWS\PCHEALTH
[16/07/2016 06:47:48] - |D| - [29341941] - C:\WINDOWS\Performance
[MD5.E3BABF0687A83295DC55F872ED77BC16] - [30/09/2016 20:14:43] - |A| - (.-.) - [455530] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[16/07/2016 06:47:48] - |D| - [1121835] - C:\WINDOWS\PLA
[16/07/2016 06:47:48] - |D| - [6170776] - C:\WINDOWS\PolicyDefinitions
[27/09/2016 17:25:18] - |D| - [3169848] - C:\WINDOWS\Prefetch
[16/07/2016 06:47:48] - |RD| - [2037042] - C:\WINDOWS\PrintDialog
[MD5.4ACE1A172D35E492443D29527441BB30] - [16/07/2016 09:30:48] - |A| - (.-.) - [33882] - (0.0.0.0) - C:\WINDOWS\Professional.xml
[16/07/2016 06:47:48] - |D| - [1419214] - C:\WINDOWS\Provisioning
[MD5.BF5D30514FEA913E25CCC9E546257088] - [15/03/2017 00:10:12] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [320512] - (10.0.14393.953) - C:\WINDOWS\regedit.exe
[16/07/2016 06:47:48] - |D| - [1117148] - C:\WINDOWS\Registration
[16/07/2016 09:29:36] - |D| - [0] - C:\WINDOWS\RemotePackages
[16/07/2016 06:47:48] - |D| - [10883107] - C:\WINDOWS\rescache
[16/07/2016 06:47:48] - |D| - [4956606] - C:\WINDOWS\Resources
[05/08/2015 13:02:58] - |D| - [1194018] - C:\WINDOWS\Samsung
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\SchCache
[16/07/2016 06:47:48] - |D| - [121229] - C:\WINDOWS\schemas
[16/07/2016 06:47:48] - |D| - [5141370] - C:\WINDOWS\security
[27/09/2016 17:25:18] - |D| - [42114701] - C:\WINDOWS\ServiceProfiles
[16/07/2016 01:04:24] - |D| - [238672406] - C:\WINDOWS\servicing
[16/07/2016 06:49:46] - |D| - [42] - C:\WINDOWS\Setup
[MD5.7BF5FCA0459977A70E9756C5D0D98077] - [27/09/2016 17:26:38] - |A| - (.-.) - [31232] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.93F7ACD3FFB1954DAA84D42C4FF8448C] - [27/09/2016 17:26:38] - |A| - (.-.) - [274] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[16/07/2016 06:47:48] - |D| - [31190016] - C:\WINDOWS\ShellExperiences
[30/10/2015 04:07:42] - |D| - [95790] - C:\WINDOWS\ShellNew
[16/07/2016 09:14:36] - |D| - [3757408] - C:\WINDOWS\SKB
[MD5.6E32354BEFF6EB30D620012098B50FD9] - [05/08/2015 13:01:44] - |A| - (.-.) - [133757] - (0.0.0.0) - C:\WINDOWS\SmartCMS2.ico
[19/03/2015 12:54:02] - |D| - [458116309] - C:\WINDOWS\SoftwareDistribution
[16/07/2016 06:47:48] - |D| - [107844594] - C:\WINDOWS\Speech
[16/07/2016 06:47:48] - |D| - [51335125] - C:\WINDOWS\Speech_OneCore
[MD5.BCDB205132974EC3AB6F5C01DD93489B] - [29/10/2016 12:08:16] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe
[MD5.38468412425D67D18B9BE00D59F7194D] - [05/08/2015 13:03:19] - |A| - (.Copyright ¨Ï 2004. - Non-Device INF Installer.) - [493432] - (1.2.1.2) - C:\WINDOWS\ssndii.exe
[16/07/2016 06:47:48] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 08:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[16/07/2016 01:04:24] - |D| - [5365152862] - C:\WINDOWS\System32
[16/07/2016 06:47:48] - |D| - [145553510] - C:\WINDOWS\SystemApps
[16/07/2016 06:47:48] - |D| - [17453597] - C:\WINDOWS\SystemResources
[16/07/2016 01:04:27] - |AD| - [1340627047] - C:\WINDOWS\SysWOW64
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\TAPI
[22/08/2013 10:36:30] - |D| - [220] - C:\WINDOWS\Tasks
[16/07/2016 06:47:48] - |D| - [9979882] - C:\WINDOWS\Temp
[22/08/2013 10:36:30] - |RD| - [0] - C:\WINDOWS\ToastData
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\tracing
[16/07/2016 06:47:48] - |D| - [7468941] - C:\WINDOWS\twain_32
[MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 06:43:52] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[22/08/2013 10:36:30] - |D| - [0] - C:\WINDOWS\vpnplugins
[16/07/2016 06:47:48] - |D| - [12420] - C:\WINDOWS\Vss
[16/07/2016 06:47:48] - |D| - [15729830] - C:\WINDOWS\Web
[MD5.DAA6AAD525D12F8985695B882301336F] - [26/07/2012 00:26:52] - |A| - (.-.) - [167] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 06:42:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [08/08/2015 21:44:21] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 06:42:48] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe
[16/07/2016 01:04:24] - |D| - [6825367731] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 06:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 06:42:39] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy

---------- | Systemroot\System

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[26/04/2011 22:28:48] - C:\WINDOWS\Installer\1164996.msi : (PaperPort Image Printer Driver AMD64 - Nuance Communications, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:44:33] - C:\WINDOWS\Installer\1627b72.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:46:28] - C:\WINDOWS\Installer\1627b76.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:48:21] - C:\WINDOWS\Installer\1627b84.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:49:37] - C:\WINDOWS\Installer\1627b88.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:53:39] - C:\WINDOWS\Installer\1627b90.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:57:35] - C:\WINDOWS\Installer\1627b94.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 18:04:19] - C:\WINDOWS\Installer\1627b98.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 18:00:09] - C:\WINDOWS\Installer\1627b9c.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/08/2015 09:34:42] - C:\WINDOWS\Installer\1627ba4.msi : (SmartSound Quicktracks - SmartSound Software Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 18:03:41] - C:\WINDOWS\Installer\1627bbc.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 18:07:59] - C:\WINDOWS\Installer\1627bc4.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 18:09:34] - C:\WINDOWS\Installer\1627bcc.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/12/2010 19:54:54] - C:\WINDOWS\Installer\1627bd0.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:50:05] - C:\WINDOWS\Installer\1627bd4.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/04/2017 17:05:26] - C:\WINDOWS\Installer\1916c380.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/09/2015 11:01:31] - C:\WINDOWS\Installer\2309eac9.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/09/2015 11:01:07] - C:\WINDOWS\Installer\2309eacf.msi : (Amazon Music Importer - Amazon Services LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 10:59:44] - C:\WINDOWS\Installer\2a50e05.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:00:01] - C:\WINDOWS\Installer\2a50f9d.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:00:02] - C:\WINDOWS\Installer\2a51071.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:00:40] - C:\WINDOWS\Installer\2a51077.msi : (iCloud for Windows installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:00:55] - C:\WINDOWS\Installer\2a510bc.msi : (Apple Mobile Device Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:00:57] - C:\WINDOWS\Installer\2a5112f.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:01:29] - C:\WINDOWS\Installer\2a5211e.msi : (iTunes Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/07/2016 04:33:41] - C:\WINDOWS\Installer\64423.msi : (DisplayLink Core Software - DisplayLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/07/2016 22:41:37] - C:\WINDOWS\Installer\7c1cc.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/02/2016 10:27:07] - C:\WINDOWS\Installer\8336e0fd.msi : (DisplayLink Core Software - DisplayLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/02/2015 04:35:42] - C:\WINDOWS\Installer\cdc9d.msi : (DisplayLink Core Software - DisplayLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/11/2014 03:53:04] - C:\WINDOWS\Installer\fd3e5.msi : (Bluetooth Toshiba Stack - Toshiba) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%*.in*

[16/07/2016 06:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[09/01/2016 10:26:00] - [1711050] - C:\WINDOWS\System32\PerfStringBackup.INI
[16/07/2016 06:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[16/07/2016 06:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[21/11/2013 01:02:12] - [114] - C:\WINDOWS\Syswow64\BRLMW03A.INI
[16/07/2016 06:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[16/07/2016 06:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.B7C476BBE4F001F4F33C04D9ABC33DC8] - |A| - [16/07/2016 06:42:17] - (.-.) - [14.52 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
[MD5.8BE31B88D8523648580AFAFB92B78A30] - |A| - [15/03/2017 00:09:03] - (.-.) - [540.84 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
[MD5.BB79ACC1E8EA2FBF2DB0641EE270ED15] - |A| - [13/10/2016 10:46:16] - (.-.) - [703.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\172996dd-9aae-4293-a5dd-e36a3d8c39c2
[MD5.00000000000000000000000000000000] - |D| - [22/03/2017 23:29:50] - [0 Ko] - C:\WINDOWS\Temp\1A7FAA1F-86DA-F9FC-9D65-1C8B453DFFD1
[MD5.00000000000000000000000000000000] - |D| - [19/03/2017 22:22:45] - [0 Ko] - C:\WINDOWS\Temp\27358A54-6AFF-2B50-87E1-513A5606545D
[MD5.00000000000000000000000000000000] - |D| - [08/04/2017 22:19:19] - [0 Ko] - C:\WINDOWS\Temp\2D005A46-2233-D98F-D797-3DB8EF5C639E
[MD5.00000000000000000000000000000000] - |D| - [30/03/2017 22:12:30] - [0 Ko] - C:\WINDOWS\Temp\359E4B82-8792-2228-38F5-FE3283173913
[MD5.00000000000000000000000000000000] - |D| - [29/03/2017 22:11:47] - [0 Ko] - C:\WINDOWS\Temp\55CC4203-51C4-D277-E882-E53AEAFE9BBB
[MD5.00000000000000000000000000000000] - |D| - [08/04/2017 08:43:19] - [0 Ko] - C:\WINDOWS\Temp\69148BE8-165C-26AD-2D39-8872E71B1B7C
[MD5.00000000000000000000000000000000] - |D| - [25/03/2017 22:10:47] - [0 Ko] - C:\WINDOWS\Temp\A26A02D1-2246-E53C-A1B6-C05E9A24923C
[MD5.00000000000000000000000000000000] - |D| - [05/04/2017 19:39:32] - [0 Ko] - C:\WINDOWS\Temp\A6367E95-69F2-D38A-0C54-CF3BDAFE2282
[MD5.00000000000000000000000000000000] - |D| - [01/04/2017 05:06:25] - [0 Ko] - C:\WINDOWS\Temp\A984D120-72BE-1D06-922E-6AACB8D39CD8
[MD5.333F45C62B7DC54DDA8B84410C6C517E] - |A| - [17/12/2016 21:07:10] - (.-.) - [0.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00000.log
[MD5.EF4D76E460CD506AE77A3215651105A6] - |A| - [17/12/2016 21:07:12] - (.-.) - [0.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00001.log
[MD5.00000000000000000000000000000000] - |D| - [27/09/2016 17:32:39] - [0 Ko] - C:\WINDOWS\Temp\avast_ash2
[MD5.00000000000000000000000000000000] - |D| - [26/03/2017 22:21:46] - [0 Ko] - C:\WINDOWS\Temp\BC0EFE74-304D-01DC-285E-4BD1ECCE6367
[MD5.D28E3DBC56565103CD5C1B5A59246E1F] - |A| - [14/10/2016 22:09:03] - (.-.) - [18.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/09/2016 17:38:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser1.51.2220.53SZBrowser_autoupdate. download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/10/2016 22:12:25] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser1.51.2220.62SZBrowser_autoupdate. download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/03/2017 17:42:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.527SZBrowser_autoupdate .download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/03/2017 21:49:29] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.590SZBrowser_autoupdate .download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/03/2017 17:43:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.590_0SZBrowser_autoupda te.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [06/04/2017 20:33:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.596SZBrowser_autoupdate .download.lock
[MD5.00000000000000000000000000000000] - |D| - [14/10/2016 22:09:03] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [03/04/2017 19:05:18] - [1378.07 Ko] - C:\WINDOWS\Temp\CR_B750F.tmp
[MD5.00000000000000000000000000000000] - |D| - [25/03/2017 19:36:03] - [0 Ko] - C:\WINDOWS\Temp\D2FF4607-6766-098F-C309-FF1E3E231EB1
[MD5.00000000000000000000000000000000] - |D| - [05/04/2017 22:38:03] - [0 Ko] - C:\WINDOWS\Temp\D7ABD4CB-D8D3-5DC3-2E48-1AE6BDDF71FC
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:20:46] - [0 Ko] - C:\WINDOWS\Temp\DB17AE93-CE6B-F7A5-155A-4CDC561C9B8A
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/09/2016 17:27:05] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DMID953.tmp
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 22:40:45] - [0 Ko] - C:\WINDOWS\Temp\E862AD30-6F29-DA81-E7E4-B835571A899B
[MD5.00000000000000000000000000000000] - |D| - [14/04/2017 23:34:34] - [0 Ko] - C:\WINDOWS\Temp\ECC18474-D755-C5E5-29A5-06D60A5478ED
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 22:21:46] - [0 Ko] - C:\WINDOWS\Temp\EDA70282-2D80-4C89-18E9-5A59CF648555
[MD5.00000000000000000000000000000000] - |D| - [24/04/2017 12:16:41] - [0 Ko] - C:\WINDOWS\Temp\F28C3FE6-8F05-99D7-9313-2CD97FE30C27
[MD5.00000000000000000000000000000000] - |D| - [15/04/2017 22:35:46] - [0 Ko] - C:\WINDOWS\Temp\F4E7161B-E072-CCC1-5646-1B5EF220E849
[MD5.00000000000000000000000000000000] - |D| - [27/03/2017 22:06:46] - [0 Ko] - C:\WINDOWS\Temp\F6A272A6-563E-B915-C2B2-1A4915C88B9A
[MD5.00000000000000000000000000000000] - |D| - [21/03/2017 22:23:45] - [0 Ko] - C:\WINDOWS\Temp\F88784DB-9BA5-8770-F977-7701077A62FD
[MD5.00000000000000000000000000000000] - |D| - [17/03/2017 22:33:47] - [0 Ko] - C:\WINDOWS\Temp\F9890D6F-C724-0400-D153-7B26B6A5A535
[MD5.00000000000000000000000000000000] - |D| - [16/03/2017 22:22:16] - [0 Ko] - C:\WINDOWS\Temp\FFD9A24A-CF06-A429-53C6-049694B93126
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/09/2016 17:34:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/09/2016 17:34:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.4A378994BE45212ED6674AA7DA9D31A8] - |A| - [27/09/2016 17:34:25] - (.-.) - [122.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [30/09/2016 19:16:21] - [0 Ko] - C:\WINDOWS\Temp\MRT
[MD5.00000000000000000000000000000000] - |D| - [14/10/2016 20:48:56] - [38.79 Ko] - C:\WINDOWS\Temp\SafeZone Installer
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/10/2016 20:48:56] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\safezone_crashreporter.log
[MD5.30815505E25760564B02D65A9C9DCD14] - |A| - [10/03/2017 21:49:25] - (.Copyright Opera Software 2017 - Opera Installer.) - [1471 Ko] - (42.0.2393.590) - C:\WINDOWS\Temp\safezone_installer_20173114925978. dll
[MD5.00000000000000000000000000000000] - |D| - [29/03/2017 19:08:11] - [0 Ko] - C:\WINDOWS\Temp\SDIAG_f10311af-de3e-4374-8646-831274f65b85
[MD5.25C915542CA8694B7AC03DA977B097C1] - |A| - [27/09/2016 17:31:02] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\tem794E.tmp
[MD5.B13AF738AA8BE55154B2752979D76827] - |A| - [27/09/2016 17:31:03] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\tem7A48.tmp
[MD5.29F911751FBF1A96D00A3DA51F5C1D5E] - |A| - [29/10/2016 17:37:02] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_3D28.tmp
[MD5.84DB170C696B848B7B2E4E08F15A75BF] - |A| - [29/10/2016 17:37:02] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_3D48.tmp
[MD5.924795A6D96AB5F603DD828ACE69860B] - |A| - [29/10/2016 17:37:12] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_6553.tmp
[MD5.DE1E5A2C1343C8AB420B4300DEA82993] - |A| - [29/10/2016 17:37:12] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_6573.tmp
[MD5.971D7837F9448E01B22B46A5309FFBE8] - |A| - [15/04/2017 00:10:34] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_707C.tmp
[MD5.0739E360D362DF6961A1ED903BDB46A7] - |A| - [15/04/2017 00:10:34] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_708D.tmp
[MD5.1A62A322CEEFCC7F4A812F3308ED7E0B] - |A| - [16/03/2017 17:42:56] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_7DDA.tmp
[MD5.031CD7142F0A7D74ED30E28C349D48BF] - |A| - [30/09/2016 20:15:18] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8CEE.tmp
[MD5.0EB3284801E5D959915CA93360A93369] - |A| - [30/09/2016 20:15:18] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8D0E.tmp
[MD5.84D2879ADF1FFB00B0D2B83C7F134967] - |A| - [30/09/2016 20:15:18] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8D1F.tmp
[MD5.F74CD656DE57813389F75E53E7F8408B] - |A| - [30/09/2016 20:15:18] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8D3F.tmp
[MD5.499D4B6E9FCF258068A6B176ACB5CEB2] - |A| - [30/09/2016 20:15:18] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8D5F.tmp
[MD5.70A514F03888BEEBD72E4AA6E588D9B3] - |A| - [30/09/2016 20:15:18] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8DFC.tmp
[MD5.0A5686AFBF884FE4614530F0B13B8ED1] - |A| - [30/09/2016 20:15:18] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8E0D.tmp
[MD5.C017ABB2F7DAB9222164B05DA96C46E0] - |A| - [30/09/2016 20:15:19] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8F46.tmp
[MD5.B74F9BA3C131D5879166C9537E6354E1] - |A| - [30/09/2016 20:15:24] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_A451.tmp
[MD5.9E355A9D61C3F508D53547C20EB63389] - |A| - [15/04/2017 00:10:52] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_B6E0.tmp
[MD5.DBCFA768E267C63AD7FC31E3C3B8E973] - |A| - [15/04/2017 00:10:52] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_B6F1.tmp
[MD5.4A6E19FC0483A126314686AC57AD0EB2] - |A| - [16/03/2017 17:43:15] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_C66E.tmp
[MD5.1923A5244D4935831873583BADD4991E] - |A| - [30/09/2016 20:15:35] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_CE22.tmp
[MD5.379B4063066B315F6C58FFC6F5D92DA2] - |A| - [30/09/2016 20:15:35] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_CE42.tmp
[MD5.2CEFE072490919EAE9A2024A0E3145AC] - |A| - [30/09/2016 20:15:35] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_CE52.tmp
[MD5.B437428A7B707239B9379F28E70A77BB] - |A| - [30/09/2016 20:15:38] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DB25.tmp
[MD5.DC754620AFD3559E2C0E01FC44BDD382] - |A| - [30/09/2016 20:15:39] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DDD5.tmp
[MD5.534E9979C1648FB96FED5736987F5299] - |A| - [30/09/2016 20:15:39] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DDE6.tmp
[MD5.235B8E6623C37B9B65E0F4AE109520D2] - |A| - [30/09/2016 20:15:39] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DDF6.tmp
[MD5.97138462F22480B2FF49E58254D47A5E] - |A| - [30/09/2016 20:15:39] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DE07.tmp
[MD5.0DBFBFA5212642629E11B15B7B0C2178] - |A| - [05/04/2017 20:18:27] - (.-.) - [38.31 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1723.tmp.csv
[MD5.2B60E87AFD3FB9F8B552EB7DEEF20771] - |A| - [05/04/2017 20:18:27] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1733.tmp.txt
[MD5.2DBBCD6F0F86BE004B8A90BCE9E5C0C7] - |A| - [12/03/2017 10:09:00] - (.-.) - [39.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER196F.tmp.csv
[MD5.235030673D0B9DF918D340223B2A3EF6] - |A| - [12/03/2017 10:09:00] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1990.tmp.txt
[MD5.71F975EDB8751A905BE8BB7E6C639184] - |A| - [24/04/2017 14:49:42] - (.-.) - [41.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1C5E.tmp.csv
[MD5.7D32D31FD96DB45BCAF471AB0C13C80C] - |A| - [24/04/2017 14:49:42] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1C6F.tmp.txt
[MD5.9291FDF993A452ABB8E7601B22854095] - |A| - [08/04/2017 22:45:59] - (.-.) - [36.74 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER3BFB.tmp.csv
[MD5.0BD971D0C8F4FAEC1DAC9D8CBF7EBB95] - |A| - [08/04/2017 22:45:59] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER3C2B.tmp.txt
[MD5.7A305449300FFAAEFFAF903D151431F4] - |A| - [26/12/2016 10:08:06] - (.-.) - [39.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5020.tmp.csv
[MD5.9ABA1C617C224E02E41CAF00918D4BB5] - |A| - [26/12/2016 10:08:06] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5031.tmp.txt
[MD5.3F4C906E02DE4AA556D1F1811301FC75] - |A| - [12/03/2017 05:27:29] - (.-.) - [39.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5C9A.tmp.csv
[MD5.727A1AAB61A4A163375CCA6F7756DF79] - |A| - [12/03/2017 05:27:29] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5CBA.tmp.txt
[MD5.25ECD964A0A5413BADE0BCFA0E223D51] - |A| - [28/12/2016 18:51:49] - (.-.) - [39.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8371.tmp.csv
[MD5.1F4076E4106B083A2870CE94CFD6BE8D] - |A| - [28/12/2016 18:51:49] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8391.tmp.txt
[MD5.B07A074316C2C5976CC5255F5E3970A9] - |A| - [23/12/2016 09:25:58] - (.-.) - [35.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA76B.tmp.csv
[MD5.DE634AF936E757E8BFB4F3730D37FDAE] - |A| - [23/12/2016 09:25:58] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA77C.tmp.txt
[MD5.A39AC1EA8C328B660B0736DCCD8FC2EF] - |A| - [15/01/2017 15:02:20] - (.-.) - [26.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA884.tmp.csv
[MD5.621A8EC025C3504470E9D5816BEE9F95] - |A| - [24/04/2017 12:06:40] - (.-.) - [34.72 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA8C3.tmp.csv
[MD5.AB47EFA2D9ADD2A0267E351D2547DEB3] - |A| - [15/01/2017 15:02:20] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA8C4.tmp.txt
[MD5.7B3185FD86B2CE0E545546B8C9C636D9] - |A| - [24/04/2017 12:06:40] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA8D3.tmp.txt
[MD5.620B5D4ED8A5221571BD08C496897E39] - |A| - [15/04/2017 00:10:50] - (.-.) - [20.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERAF2B.tmp.csv
[MD5.F14962C2F1009A1AA8C0711CA40C13A9] - |A| - [15/04/2017 00:10:50] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERAF3C.tmp.txt
[MD5.8D5831EB70DFA2A1D25399F145CBCF2D] - |A| - [24/04/2017 15:04:10] - (.-.) - [37.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERC311.tmp.csv
[MD5.FE502B62F82D06FA759063AA8FF1F2F6] - |A| - [24/04/2017 15:04:10] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERC322.tmp.txt
[MD5.648CE41E9F7A9B755ECB81065F430509] - |A| - [24/04/2017 14:49:25] - (.-.) - [39.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDB8B.tmp.csv
[MD5.4B2FF33A5420288536F8538E484CDC2A] - |A| - [24/04/2017 14:49:25] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDB9B.tmp.txt
[MD5.19EF90317705C8A670B40AD9B65EC479] - |A| - [24/04/2017 14:39:51] - (.-.) - [39.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDD02.tmp.csv
[MD5.2FB99B73B5C3DA233F3E4816E63453B7] - |A| - [24/04/2017 14:39:51] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDD12.tmp.txt
[MD5.C8AAD412EBC3435522ACA175DD66A645] - |A| - [25/04/2017 14:21:44] - (.-.) - [36.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDE79.tmp.csv
[MD5.481DB0A750825868CB4689EE2B0CEA66] - |A| - [25/04/2017 14:21:44] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDE89.tmp.txt
[MD5.FCE9A051A6ACD5C831CDAC59D0489AB7] - |A| - [22/03/2017 19:21:34] - (.-.) - [38.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERE985.tmp.csv
[MD5.72E21010762279588D713F3A01AB23FA] - |A| - [22/03/2017 19:21:34] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERE995.tmp.txt
[MD5.5110406861B67DFA032E2E1EEFD6697B] - |A| - [24/04/2017 14:39:55] - (.-.) - [38.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WEREBC9.tmp.csv
[MD5.50850FDCE92E092106592A5FB8820E60] - |A| - [24/04/2017 14:39:55] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WEREBDA.tmp.txt
[MD5.50946F644AB97B039228DF3885A96CA5] - |A| - [12/03/2017 06:39:05] - (.-.) - [39.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERECE7.tmp.csv
[MD5.CF2042D458269E81DD9885C7C43A0ACF] - |A| - [12/03/2017 06:39:05] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERECF8.tmp.txt
[MD5.7FE94C756FA6EA68F996226D0A755029] - |A| - [27/09/2016 17:31:02] - (.-.) - [0.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\wmsetup.log
[MD5.00000000000000000000000000000000] - |D| - [27/09/2016 17:32:07] - [0 Ko] - C:\WINDOWS\Temp_avast_
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:00] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 06:42:35] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [16/07/2016 06:42:05] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32@BackgroundAccessToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 06:42:38] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32@EnrollmentToastIcon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [16/07/2016 06:42:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32@language_notification_icon.png
[MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [16/07/2016 06:42:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 06:42:38] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [16/07/2016 06:42:38] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WiFiNotificationIcon.png
[MD5.58B6CB6A8528BA1B267CFAE325E6B834] - |A| - [16/07/2016 06:42:23] - (.-.) - [20.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WindowsHelloFaceToastIcon.png
[MD5.F2CF417EF502555B139EDCD9FEBF9CD3] - |A| - [19/03/2015 12:58:13] - (.-.) - [107.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:29] - [3176.34 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.1E53DBCFBA49AB327BF00CC7E0759B6C] - |A| - [15/03/2017 00:10:35] - (.-.) - [437.78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [04/08/2015 20:06:18] - [0 Ko] - C:\WINDOWS\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [2476.01 Ko] - C:\WINDOWS\System32\appraiser
[MD5.F94192B47ACA96AFFEBC1073891EBB42] - |A| - [16/07/2016 06:43:20] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AppVStreamingUX.exe.config
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [272 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.D170249F0FFD538BC587BC1A75EA4FFA] - |A| - [05/04/2017 02:33:13] - (.Copyright (c) 2014 AVAST Software - Avast start-up scanner.) - [390.57 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\aswBoot.exe
[MD5.8113D6E1884940FC3F9DED886B364A1E] - |A| - [19/03/2015 12:58:13] - (.-.) - [94.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll
[MD5.D8632E54B9D4BA45916B0E0D4DD73535] - |A| - [04/08/2015 07:13:53] - (.-.) - [10.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AutoconfigV2.cab
[MD5.00000000000000000000000000000000] - |D| - [05/08/2015 08:04:37] - [0 Ko] - C:\WINDOWS\System32\AutoUpdateLicense
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [247.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [4451.37 Ko] - C:\WINDOWS\System32\Boot
[MD5.9D881BE34B359D0010C676ECA6D219A4] - |A| - [21/11/2013 01:02:10] - (.(C) 1993 - 2013 Brother Industries, Ltd. - Printer Driver CoInstaller.) - [217.5 Ko] - (1.13.0.0) - C:\WINDOWS\System32\BRCOI12I.DLL
[MD5.2AD0B83A2D9024DDB8C1C6EF00F6B341] - |A| - [05/08/2015 13:15:12] - (.Copyright (C) 2003-2011 Brother Industries, Ltd. - PC-FAX DIAL Launcher.) - [305.5 Ko] - (1.0.3.0) - C:\WINDOWS\System32\BrFaxTxAppRun64.dll
[MD5.1719A58DC4127FA80F62A94494947568] - |A| - [21/11/2013 01:02:10] - (.Copyright(C) 2008-2011 Brother Industries, Ltd. - Scanning module for Brother Scanner.) - [272.5 Ko] - (1.0.10.3) - C:\WINDOWS\System32\BrJDec.dll
[MD5.7E0207E3F1CA04FD93CD8E858CCF41D8] - |RA| - [05/08/2015 13:15:11] - (.Copyright (C) 2002-2012 Brother Industries, Ltd. - Brother Network Sti Interface DLL(for 64Bit).) - [85 Ko] - (2.0.13.6) - C:\WINDOWS\System32\BrNetSti.dll
[MD5.F07BAE0904869AE925E4F9D494B842E8] - |RA| - [05/08/2015 13:15:11] - (.Copyright (C) 2003 - 2012 Brother Industries,Ltd - Language DLL for Brother Network Scanner.) - [53 Ko] - (1.19.5.5) - C:\WINDOWS\System32\Brnsplg.dll
[MD5.E3370E3143ED1FB77D356F688F2EBB2A] - |RA| - [05/08/2015 13:15:11] - (.-.) - [140 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BrSNMP64.dll
[MD5.6965400607B0B337B2125FE8B8277E23] - |A| - [21/11/2013 01:02:12] - (.Copyright (C) Brother Industries. 1996-2012 - Brother MFC WIA minidriver(for 64Bit).) - [1408 Ko] - (3.16.3.3) - C:\WINDOWS\System32\BrWi212a.dll
[MD5.6F8A950C5A9635929476C9576F3DD5DB] - |RA| - [05/08/2015 13:15:11] - (.Copyright(C) Brother Industries,Ltd. 2012 - Brother Network Scanner Property UI DLL(for 64Bit).) - [57.5 Ko] - (1.13.0.0) - C:\WINDOWS\System32\BrWiaNCp.dll
[MD5.31ABC8C02F1CCE0DA39550D763384184] - |A| - [16/07/2016 06:42:12] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:24] - [74366.92 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [41294.47 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [2260.35 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.64430E214B5B229D426D2D35538C402D] - |A| - [23/08/2015 02:01:40] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [360 Ko] - C:\WINDOWS\System32\Com
[MD5.6E14F444A2506049EEC25CB5EDFE0905] - |A| - [19/03/2015 12:58:13] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [110.91 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:24] - [370567.37 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [47.64 Ko] - C:\WINDOWS\System32\Configuration
[MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [23/08/2015 02:01:50] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [297 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.C252D88626FDC7DC7276D7A5E0D856DE] - |A| - [19/03/2015 12:58:14] - (.©Conexant Systems Inc. - Conexant APO.) - [1495.69 Ko] - (1.15.0.0) - C:\WINDOWS\System32\CX64APO.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [293 Ko] - C:\WINDOWS\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [177.63 Ko] - C:\WINDOWS\System32\DDFs
[MD5.27C042B16AAB77DA585FDD2A145FAC0D] - |A| - [19/03/2015 12:58:14] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [255.34 Ko] - (7.6.3.1) - C:\WINDOWS\System32\DDPA64.dll
[MD5.897250C97A775A7A667328F849D93D6F] - |A| - [19/03/2015 12:58:14] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1894.34 Ko] - (7.6.3.1) - C:\WINDOWS\System32\DDPD64A.dll
[MD5.A2D8B4C56F55F0349DC7A0C942833E0F] - |A| - [19/03/2015 12:58:14] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [308.34 Ko] - (7.6.3.1) - C:\WINDOWS\System32\DDPO64A.dll
[MD5.CCFDC399241063EF7F3EBA80F273F1A2] - |A| - [19/03/2015 12:58:14] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6072.34 Ko] - (7.6.3.1) - C:\WINDOWS\System32\DDPP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [329 Ko] - C:\WINDOWS\System32\de-DE
[MD5.306B90493D00011EB635E161C6C024B8] - |A| - [16/07/2016 06:42:22] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [16/07/2016 06:47:52] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [21/11/2014 03:53:53] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dfpinc.dat
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [642 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.8B5F7B8C2EFE38CA571FBE24658DF11F] - |A| - [16/07/2016 06:42:36] - (.-.) - [90.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:27] - [7578.09 Ko] - C:\WINDOWS\System32\Dism
[MD5.826802CDD019EC44558A3B7F9F9282F3] - |A| - [23/09/2016 23:58:36] - (.Copyright (c) 2003 - 2016 DisplayLink (UK) Ltd. - DisplayLink Core.) - [7560.54 Ko] - (8.0.762.0) - C:\WINDOWS\System32\dlidcore.dll
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [23/08/2015 02:01:52] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [23/08/2015 02:01:52] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:24] - [108031.98 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:24] - [1720272.97 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [149.5 Ko] - C:\WINDOWS\System32\dsc
[MD5.8B5A737AD11EF45D9B1AEB4ED6884968] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [711.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll
[MD5.21B38D4D86A87909491F690883AE6D1E] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Boost COM DLL.) - [1452.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll
[MD5.FF31A2F57AAAB58DB78FCC961A58B206] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [418.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll
[MD5.BC0474E5476E5EA0D0E1AA5AC41E2061] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS GFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll
[MD5.3B8FB5376F5431C0101747D5138BCB9B] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS GFX APO.) - [236.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll
[MD5.B3977C8BA77559F4F8752AE8EB724C87] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS LFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll
[MD5.192A03A21636D3775CEE4C049C3BEB2A] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Limiter COM DLL.) - [422.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll
[MD5.2EF5442E8E7ED20F7634EEFB09640C8F] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [479.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll
[MD5.F7C357462077156DC211AC2112FC8C53] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1531.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll
[MD5.F132C08BD8C58579B400DFAA71F34CFB] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1715.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll
[MD5.9948969B2C1987B1D64789EFEB284A84] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Symmetry COM DLL.) - [695.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll
[MD5.37B8A8089ECED77F6CEAF74917C5D12B] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS GFX APO.) - [475.94 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll
[MD5.8AE860D92752CFA136979B1FF797FFDC] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS LFX APO.) - [489.44 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll
[MD5.A9B98F96FBE514ADEABD20B2BD132172] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS LFX APO.) - [405.94 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll
[MD5.DE32448E6B40141C80DAABFF6FBE1744] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [677.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [325 Ko] - C:\WINDOWS\System32\el-GR
[MD5.B590F2E55318D13CED6F7D7ADDEAC27D] - |A| - [08/08/2015 21:41:51] - (.-.) - [22.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:01] - [3445.5 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [236 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [42148.33 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [318 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [257.5 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [232 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [25837.16 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [297 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [23/08/2015 02:01:52] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv
[MD5.20A8157FBEF27E4B2EC303364229891F] - |A| - [27/09/2016 17:25:16] - (.-.) - [340.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [264 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [326 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [16/07/2016 06:42:12] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [23/08/2015 02:01:54] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [23/08/2015 02:01:56] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 10:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 10:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [259.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [241.5 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [300.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.2A571B7728F23E83A800527879105180] - |A| - [16/07/2016 06:42:04] - (.-.) - [44.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.6AF1A037384A174326C816866586FEFB] - |A| - [19/03/2015 12:58:15] - (.Copyright (c) 2014, ICEpower a/s - ICEpower ICEsound audio effects.) - [291.16 Ko] - (1.0.0.8) - C:\WINDOWS\System32\ICEsoundAPO64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.0433C33D839B47503151CD5EB38C00CD] - |A| - [23/08/2015 02:02:46] - (.-.) - [6583.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin
[MD5.7932A98303D187A99F7B6303DA37158E] - |A| - [31/08/2015 21:45:16] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [180.66 Ko] - (5.0.0.1084) - C:\WINDOWS\System32\igfx11cmrt64.dll
[MD5.2B65BEA6FBDFDCBFE93B7F1CB1308F8F] - |A| - [31/08/2015 21:43:50] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1547.49 Ko] - (5.0.0.1084) - C:\WINDOWS\System32\igfxcmjit64.dll
[MD5.E21AB111DD02BAC79541444382731326] - |A| - [31/08/2015 21:45:16] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [181.66 Ko] - (5.0.0.1084) - C:\WINDOWS\System32\igfxcmrt64.dll
[MD5.F29592DEAB5B4BFA32D3FD0801026CBD] - |A| - [31/08/2015 21:43:50] - (.-.) - [267.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl
[MD5.6E7A1C0249B05C94279391BDAB515A22] - |A| - [31/08/2015 21:43:50] - (.-.) - [102.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll
[MD5.400E0BD5B1A070C59673588711366E63] - |A| - [31/08/2015 21:43:50] - (.-.) - [80.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll
[MD5.7A453278D1CBF997145D71B1F6DE1644] - |A| - [31/08/2015 21:43:50] - (.-.) - [89.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll
[MD5.D22910AFE1740733CFD0BB9E273AC9AE] - |A| - [31/08/2015 21:43:50] - (.-.) - [28.52 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll
[MD5.95B68689974D4DC061970F64595C1FBA] - |A| - [31/08/2015 21:43:50] - (.-.) - [28.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll
[MD5.37E2F597F528B5AF6C2C102F2F29E015] - |A| - [31/08/2015 21:43:50] - (.-.) - [29.98 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll
[MD5.DCDD93BFBEF4E74E738BC65D5319AE7D] - |A| - [31/08/2015 21:43:50] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll
[MD5.28EF0E838D0C932BF93612C9BCC72E5A] - |A| - [31/08/2015 21:43:50] - (.-.) - [23.49 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll
[MD5.B508E8C858F4406C483529E29FDED538] - |A| - [31/08/2015 21:43:50] - (.-.) - [23.49 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll
[MD5.21DDDF11A891B01DCE8969EB8AF0C0A1] - |A| - [31/08/2015 21:43:50] - (.-.) - [1002.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe
[MD5.FF64D06C7B3FA6ACEC66B40DC51FB87C] - |A| - [31/08/2015 21:43:50] - (.-.) - [99.49 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll
[MD5.53E3DA0482EB909E1F16B2A94F90AB73] - |A| - [31/08/2015 21:43:50] - (.-.) - [106.49 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll
[MD5.EF0E56F2DEA1FFA787936110FF9A952B] - |A| - [31/08/2015 21:43:50] - (.-.) - [405.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe
[MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [23/08/2015 02:03:26] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa
[MD5.2FCCF7939D4D3F392AB3C0F5F40039DD] - |A| - [23/08/2015 02:03:26] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp
[MD5.B226B85123619EF1394339C1B5EB5A8D] - |A| - [23/08/2015 02:03:26] - (.-.) - [42.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp
[MD5.55C71EDC47B57E5115B40095EEC9E205] - |A| - [23/08/2015 02:03:26] - (.-.) - [42.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp
[MD5.94ED4F871997E5DFC610DC1649C38911] - |A| - [23/08/2015 02:03:26] - (.-.) - [42.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp
[MD5.04590E9E52E13EF34B2AA02C7EA2431B] - |A| - [23/08/2015 02:03:26] - (.-.) - [42.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp
[MD5.3B6EF4F03F2DE75A3B7DDF627A3EC146] - |A| - [23/08/2015 02:03:26] - (.-.) - [42.99 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp
[MD5.715DBDBED4599E798F94EDF6003F75B6] - |A| - [23/08/2015 02:03:26] - (.-.) - [41.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp
[MD5.A30A8CBFA137FE1691C4DB90472B446B] - |A| - [23/08/2015 02:03:26] - (.-.) - [4.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp
[MD5.8898B09A8D08E138F238224648DF0739] - |A| - [16/07/2016 06:42:35] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [23/08/2015 02:03:26] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [25924.17 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [4897.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.06C99667D0A45FE44E634E2D966BA796] - |A| - [31/08/2015 21:43:50] - (.-.) - [594.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe
[MD5.FDA7B165DCA0D17FD693AF7022E2F29B] - |A| - [31/08/2015 21:43:50] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [100.48 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.5EA855B4A875E08AD93FF901B5D9E275] - |A| - [16/07/2016 06:42:09] - (.-.) - [226 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [323 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [235.5 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.6F7D1601DA55BBE5C7A79E01E236D7B9] - |A| - [19/03/2015 12:58:15] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [589.83 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [233 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [16/07/2016 06:42:22] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 22:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [73.41 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [6154.94 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [13/10/2016 22:55:24] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [237 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [238.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [29385.97 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [16/07/2016 06:44:03] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf
[MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [19/03/2015 12:58:15] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll
[MD5.06080807E61471A18AD99F3E6FF3C9B5] - |A| - [19/03/2015 12:58:15] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [647.75 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll
[MD5.80C4F3C1718C9EB97872E8074F215D35] - |A| - [19/03/2015 12:58:15] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1110.09 Ko] - (4.5.5.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll
[MD5.9AC502A3BCBB5A61A652D21280F947B6] - |A| - [19/03/2015 12:58:15] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1141.09 Ko] - (5.5.1.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll
[MD5.3107A0536287C4BB89D70377642F6B4A] - |A| - [19/03/2015 12:58:15] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1287.09 Ko] - (6.0.15.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll
[MD5.20033C3A104038F59668D563F0A0A048] - |A| - [19/03/2015 12:58:15] - (.Copyright (C) 2010-2014 - MaxxAudio APO Shell.) - [1038.59 Ko] - (4.15.0.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll
[MD5.E93ADE8C38CA41442FE60E844DED92AC] - |A| - [19/03/2015 12:58:15] - (.Copyright © 1996-2014 -.) - [1993.59 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll
[MD5.75EA61BDD02296302A61B9188DB2F5A9] - |A| - [19/03/2015 12:58:15] - (.- Waves Realtek App.) - [1889.09 Ko] - (5.2.21.0) - C:\WINDOWS\System32\MaxxAudioRealtek264.dll
[MD5.CF1FBA842B8F4E9AA8926B0BAC1DE47D] - |A| - [19/03/2015 12:58:16] - (.Copyright Â© 1996-2014 -.) - [14515.09 Ko] - (4.5.7.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll
[MD5.E151AAB6C22879648EC0C37422214E08] - |A| - [19/03/2015 12:58:17] - (.Copyright Â© 1996-2014 -.) - [27679.09 Ko] - (1.7.11.0) - C:\WINDOWS\System32\MaxxAudioVnA64.dll
[MD5.631A4E29274E7F0DCDD336F54C8E24BA] - |A| - [19/03/2015 12:58:17] - (.Copyright Â© 1996-2014 -.) - [3866.59 Ko] - (1.4.5.0) - C:\WINDOWS\System32\MaxxAudioVnN64.dll
[MD5.581778867AEB80C4366057B3DE1DC4D0] - |A| - [19/03/2015 12:58:18] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1283.11 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll
[MD5.08CF8AE5EC57381F41F3851C5351A155] - |A| - [19/03/2015 12:58:18] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [934.09 Ko] - (2.5.0.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll
[MD5.9ABDB1ED02FA5E401DF621329CFEB6EA] - |A| - [19/03/2015 12:58:18] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12592.59 Ko] - (3.0.15.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll
[MD5.587A8CF457604D84266FF858CEB60223] - |A| - [19/03/2015 12:58:18] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [647.25 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [16/07/2016 06:42:22] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.BD37AEE75A7A6E0CA52EDE2B3D717310] - |A| - [09/01/2016 19:19:28] - (.-.) - [1.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MsiExec.log
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [6 Ko] - C:\WINDOWS\System32\MUI
[MD5.14C5E35BAC85A2F3D5142B7411B647EB] - |A| - [19/03/2015 12:58:18] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5616.76 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll
[MD5.4A85926F6C7909DA642039116F088FF0] - |A| - [19/03/2015 12:58:19] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [920.3 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NAHIMICAPOSettingsIPC.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [288 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [640 Ko] - C:\WINDOWS\System32\NDF
[MD5.AC40D29C7F961EF000C7595B3ECE3E2B] - |A| - [19/03/2015 13:25:42] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-1101406.txt
[MD5.363AB3B147EC26DE764E2FB32EA2041C] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-11843.txt
[MD5.0A742EBDEC323A1C158125EDDCD0ECB9] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-11968.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [19/03/2015 13:27:25] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-1203750.txt
[MD5.EC3F2258DC5247436CF829AA405523A7] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12078.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 02:15:03] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-1208515.txt
[MD5.E39F5B5F2F8E17B44BC73BFD6F5EEFE8] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12187.txt
[MD5.670571AEA7547824368AAFF1210E5219] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12234.txt
[MD5.876860348EF677B24E4070B6F0D0434B] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12609.txt
[MD5.D9DF4A50BBA7175DDD31647FDD2E1C1E] - |A| - [19/03/2015 12:52:54] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12718.txt
[MD5.6B60C5E72A98FFD8AA3C3E79EB9EBC37] - |A| - [19/03/2015 12:52:54] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12828.txt
[MD5.FC2AE0A6CD9E5604723A4D73E3485D1B] - |A| - [19/03/2015 12:52:54] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12937.txt
[MD5.8CC3614DB50EB8B061D80657A5E43793] - |A| - [19/03/2015 12:52:54] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13000.txt
[MD5.FACC27AD18C2F04F14E8E085176E8E96] - |A| - [04/08/2015 03:16:17] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13328.txt
[MD5.948440016A48DEB170FB67536DAE1E31] - |A| - [04/08/2015 03:16:17] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13609.txt
[MD5.7BD67F5B6E0EA29E25082C0439CAAD7D] - |A| - [19/03/2015 12:52:55] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13703.txt
[MD5.44F9A26DA8A19CEB894842E2AE89F4C5] - |A| - [04/08/2015 03:16:18] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13718.txt
[MD5.26D4E41324816A5B30CB3C307130872A] - |A| - [19/03/2015 12:52:55] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13953.txt
[MD5.FACC27AD18C2F04F14E8E085176E8E96] - |A| - [04/08/2015 03:13:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-14687.txt
[MD5.948440016A48DEB170FB67536DAE1E31] - |A| - [04/08/2015 03:13:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-14984.txt
[MD5.44F9A26DA8A19CEB894842E2AE89F4C5] - |A| - [04/08/2015 03:13:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-15093.txt
[MD5.FACC27AD18C2F04F14E8E085176E8E96] - |A| - [04/08/2015 03:00:56] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-19484.txt
[MD5.512B83A2B7F329DBB4AA9073FA2B8A5A] - |A| - [19/03/2015 12:53:00] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-19562.txt
[MD5.4E0900BD307863327E69862CE06748E6] - |A| - [19/03/2015 12:53:00] - (.-.) - [1.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-19687.txt
[MD5.44F9A26DA8A19CEB894842E2AE89F4C5] - |A| - [04/08/2015 03:00:57] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-19812.txt
[MD5.5AE40F9BB1AE337C39F20352D4D4D5DD] - |A| - [19/03/2015 12:57:49] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-258796.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 02:00:20] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-324687.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [19/03/2015 13:13:22] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-361265.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [19/03/2015 13:13:25] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-364250.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 02:01:07] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-371671.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 03:00:26] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-3931500.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 02:02:00] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-425312.txt
[MD5.E1D3DA9C4386683FB3776AFDCD0AA51C] - |A| - [19/03/2015 13:06:13] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-762687.txt
[MD5.79656C0BED4A1138E9683B0F125B82FF] - |A| - [19/03/2015 13:06:13] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-762875.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 02:11:14] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-979234.txt
[MD5.2B4B5422EBE735F550E89B6D79BF82B2] - |A| - [27/09/2016 17:25:18] - (.-.) - [30.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [16/07/2016 06:42:12] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [308 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.4B29B05E10C5FFE3E35C67CAC3146E54] - |RA| - [05/08/2015 13:15:11] - (.Copyright(c) 2006-2012 Brother Industries,Ltd. - NSSearch.) - [309.5 Ko] - (1.1.0.6) - C:\WINDOWS\System32\NSSRH64.dll
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
[MD5.F54598052A618ADC0231853D870A22BE] - |A| - [16/07/2016 06:47:53] - (.-.) - [15.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [16/07/2016 06:42:11] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [12841.67 Ko] - C:\WINDOWS\System32\oobe
[MD5.42D2360079B1DF3230024AE920737367] - |A| - [16/07/2016 06:42:22] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.AE4E54013E8CE8F70BC7C91BFBAB1D32] - |A| - [16/07/2016 06:49:31] - (.-.) - [324.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [16/07/2016 06:49:35] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.5AA1208CEAFFEFB4DBF8A452C5F6551C] - |A| - [16/07/2016 06:49:31] - (.-.) - [1334.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.E1BD531D1FAEE74519BA87E5D321A6C6] - |A| - [09/01/2016 10:26:00] - (.-.) - [1670.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [306 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [559.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:02] - [413.88 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [16/07/2016 06:42:31] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [308 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [303.5 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.8882AD10853E45402CABD3BAF48A7EFC] - |A| - [19/03/2015 12:58:19] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [121.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll
[MD5.0B5EF50E26CFD1E7BF01E32E053532B2] - |A| - [19/03/2015 12:58:19] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [424.77 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll
[MD5.01096663377134C41D618AF0E53A953E] - |A| - [19/03/2015 12:58:19] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [73.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll
[MD5.D0EB28022A91A5C084E8A7DEBB08D8D2] - |A| - [19/03/2015 12:58:19] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [138.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll
[MD5.03625A179B27362D3A90E3331AEBE95E] - |A| - [19/03/2015 12:58:19] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [6996.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.5D9616D2A76F38EF94866248CA4EDB2C] - |A| - [16/07/2016 06:43:18] - (.Copyright (C) 2009 - RemoteFX Helper.) - [106 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [2.05 Ko] - C:\WINDOWS\System32\Recovery
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [16/07/2016 06:42:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.D67CDB8D2584AAC165A77488C5A7A987] - |A| - [16/07/2016 06:42:37] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.4FE9CE56EFA89779D81B988698D2454C] - |A| - [16/07/2016 06:42:37] - (.-.) - [8.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\restore
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [19/03/2015 12:58:19] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [19/03/2015 12:58:19] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [19/03/2015 12:58:19] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [19/03/2015 12:58:19] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [19/03/2015 12:58:19] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [19/03/2015 12:58:19] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [16/07/2016 06:43:50] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [16/07/2016 06:42:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.17ABCAD44A75C635583A238ED6333357] - |A| - [19/03/2015 12:58:20] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [76.84 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll
[MD5.2C25AF115BDDC05D9A84D26227A08E63] - |A| - [19/03/2015 12:58:20] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [79.34 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll
[MD5.7B3E9344FB43D799C6462227A0E65877] - |A| - [19/03/2015 12:58:20] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [215.84 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll
[MD5.55D8C5F89695CBDE93201671F5A4A23F] - |A| - [19/03/2015 12:58:20] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [868.74 Ko] - (3.1.23.0) - C:\WINDOWS\System32\sl3apo64.dll
[MD5.1671AE03E56BEED80A0FBD8519557232] - |A| - [19/03/2015 12:58:20] - (.Copyright (C) 2011 SRS Labs, Inc. - SRS Labs.) - [1024.24 Ko] - (3.1.23.0) - C:\WINDOWS\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [27/09/2016 17:25:18] - [3630.18 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:02] - [45.92 Ko] - C:\WINDOWS\System32\slmgr
[MD5.CBC5F17C1A77DFAC7825575A7BBB15C1] - |A| - [19/03/2015 12:58:21] - (.TODO: (c) . - TODO: .) - [240.24 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll
[MD5.AD8A1086FEBF23D98532659B82F68891] - |A| - [19/03/2015 12:58:21] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [707.74 Ko] - (3.1.23.0) - C:\WINDOWS\System32\sltech64.dll
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [16/07/2016 06:42:22] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:24] - [13697.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [7576.34 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [8565.2 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [174184.65 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [9913.42 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [243.5 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [363.93 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [16/07/2016 06:42:16] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [19/03/2015 12:58:21] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |A| - [19/03/2015 12:58:21] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [19/03/2015 12:58:21] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [19/03/2015 12:58:21] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [22808 Ko] - C:\WINDOWS\System32\sru
[MD5.11946FC82DEB8509F81856F1E1A16FD3] - |A| - [05/08/2015 13:03:08] - (.Copyright Samsung Electronics 2001 - Device Monitor.) - [72.5 Ko] - (1.5.6.0) - C:\WINDOWS\System32\ssdevm64.dll
[MD5.FC21BF5A1667FC745FE53D05DA4CB8A2] - |A| - [05/08/2015 13:02:22] - (.Copyright (C) 2004 Co., Ltd. - SSCoInst.) - [87.5 Ko] - (1.0.0.4) - C:\WINDOWS\System32\ssp8mci.dll
[MD5.36089584FC093A8512F427733A798C6C] - |A| - [05/08/2015 13:02:22] - (.Copyright © 2006 - SSCoInstExe.) - [148 Ko] - (1.0.1.0) - C:\WINDOWS\System32\ssp8mci.exe
[MD5.0BF28DEE7BFB7F2D787756A2009AD5F8] - |A| - [05/08/2015 13:02:35] - (.- Language Monitor for Status Monitor.) - [33.5 Ko] - (1.4.7.0) - C:\WINDOWS\System32\ssp8ml6.dll
[MD5.629014D6FDDD926574B3DD89FC42EC3B] - |A| - [05/08/2015 13:02:35] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssp8ml6.smt
[MD5.E4D0FF0C4B8E7806D64FA1180069C4FA] - |A| - [19/03/2015 12:58:21] - (.-.) - [2071.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SStudio.dll
[MD5.E60CE99951E9CC18143651755E7025D2] - |A| - [05/08/2015 13:03:08] - (.Copyright Samsung Electronics 2001 - USB Device.) - [46 Ko] - (0.6.0.0) - C:\WINDOWS\System32\ssusbp64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [293.5 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [16/07/2016 06:43:20] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:27] - [1622.37 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [912.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.3DC5656723F0A4D8777F9FCDE3693AB9] - |A| - [07/03/2013 17:02:44] - (.Copyright (C) 2001-2008 TOSHIBA CORPORATION, -.) - [198 Ko] - (6.2.0.0) - C:\WINDOWS\System32\TBTMon.dll
[MD5.BC01DF232FD65E50A4FCDF349526AB27] - |A| - [18/06/2009 23:42:00] - (.Copyright (C) 2001-2006 TOSHIBA CORPORATION, -.) - [90.34 Ko] - (5.0.1204.0) - C:\WINDOWS\System32\tbtmon98Language.dll
[MD5.CDF4646E6AF8DEC9759C99933ACD44E0] - |A| - [18/06/2009 23:42:00] - (.Copyright (C) 2001-2007 TOSHIBA CORPORATION, -.) - [160.83 Ko] - (5.0.2411.0) - C:\WINDOWS\System32\TBTMonUI.dll
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [16/07/2016 06:42:39] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.7F374C3AB6EA6413F7F7A483033C8DA8] - |A| - [19/03/2015 13:24:52] - (.Copyright (C) 2008 TOSHIBA CORPORATION, - Class Installer DLL for Bluetooth.) - [39.88 Ko] - (6.3.0.0) - C:\WINDOWS\System32\TosBtCi.dll
[MD5.C8F2952DAE3971614DBD0C509F35BE93] - |A| - [16/07/2016 06:42:38] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [16/07/2016 06:42:38] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials. xslt
[MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [16/07/2016 06:43:20] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config
[MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [16/07/2016 06:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [240 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.E7482D1D449217C8641762F5C38E157C] - |A| - [16/07/2016 06:42:12] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VpnSohDesktop.dll
[MD5.D5DBBF94106B931112FBFB19A1351506] - |A| - [19/03/2015 12:58:22] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2052.59 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [85492.62 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:02] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [81633.75 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [16/07/2016 06:42:11] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 10:36:30] - [0 Ko] - C:\WINDOWS\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [1.1 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [42585.77 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 10:36:31] - [14.53 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Media.Sh ared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 10:36:31] - [27.59 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Shared
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [9524.26 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [153576 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [4228.5 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:02] - [100.11 Ko] - C:\WINDOWS\System32\winrm
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [16/07/2016 06:42:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [16/07/2016 06:42:27] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [27/09/2016 17:26:57] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [27/09/2016 17:26:57] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
[MD5.0055B62657CE7561F68136FB1E54AFAC] - |A| - [19/03/2015 13:07:24] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:02] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 06:43:00] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 06:43:02] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 06:43:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@VpnToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:30] - [2141.84 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [250 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [222 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.5790DD6C789EFD358CB8E904E22E5105] - |A| - [11/08/2015 16:32:50] - (.Copyright (C) Brother Industries Ltd., 2010 - Brother Device Check Tool.) - [72 Ko] - (1.0.0.2) - C:\WINDOWS\SysWOW64\BrDctF2.dll
[MD5.7718B34E48DC68A2CB1A71CEAA0F43BE] - |A| - [11/08/2015 16:32:50] - (.Copyright (C) Brother Industries Ltd., 2007 - Brother Device Check Tool L.) - [5 Ko] - (1.0.0.0) - C:\WINDOWS\SysWOW64\BrDctF2L.dll
[MD5.B1DEE09C901FB884BA8AA62A5DFDB6D2] - |A| - [11/08/2015 16:32:50] - (.Copyright (C) Brother Industries Ltd., 2012 - Brother Device Check Tool S.) - [5 Ko] - (1.0.11.11) - C:\WINDOWS\SysWOW64\BrDctF2S.dll
[MD5.114E9DE7781BEE1FF4738658C12C013A] - |A| - [21/11/2013 01:02:12] - (.Copyright Brother Industries, Ltd 2004 - brlm03a.) - [24.71 Ko] - (1.0.6.4) - C:\WINDOWS\SysWOW64\BRLM03A.DLL
[MD5.822B31A9FC679366560BC4D416BBBB0E] - |A| - [21/11/2013 01:02:12] - (.Copyright (C) 2003,2004 Brother Industries, Ltd. - Wraper DLL for brlm03a(NT/2K/XP) / brif03a(9x).) - [76 Ko] - (1.0.0.182) - C:\WINDOWS\SysWOW64\BRLMW03A.DLL
[MD5.C0497C30E6976143CB46C016E8333707] - |A| - [21/11/2013 01:02:12] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\BRLMW03A.INI
[MD5.38E5E24BEDE6F59AFC648CB7EF897D69] - |A| - [21/11/2013 01:02:12] - (.Copyright (C) 1999-2008 Brother Industries, Ltd. - BrMuSNMP.) - [176 Ko] - (1.0.2.0) - C:\WINDOWS\SysWOW64\BROSNMP.DLL
[MD5.6F25A4E12EF09A37C3EAC2ACD9BE8FF2] - |A| - [21/11/2013 01:02:12] - (.Copyright (C) 2008-2012 Brother Industries, Ltd. - Brother Printer Driver Setting Controller.) - [49.5 Ko] - (2.0.0.0) - C:\WINDOWS\SysWOW64\BRPRTINK.DLL
[MD5.043B27A3D5E63CDF711D8BE500C5AFB3] - |A| - [21/11/2013 01:02:12] - (.Copyright (C) 2000-2012 Brother Industries Ltd. - brrbtool.) - [111.08 Ko] - (0.1.7.1) - C:\WINDOWS\SysWOW64\BRRBTOOL.EXE
[MD5.954388D98B5CBFA1D32C5D43D5FA5275] - |A| - [21/11/2013 01:02:12] - (.-.) - [44 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\BRTCPCON.DLL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [318 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.582B70CB67B9C1B138D2143E175F9C98] - |A| - [17/07/2016 11:13:34] - (.-.) - [2.92 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\debug.log
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [19 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:27] - [6007.05 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.58E7DCCA0C20372B630893D487201AB5] - |A| - [31/08/2015 21:43:50] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [102.99 Ko] - (2.0.2.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.877213F739198C3AEF2A615B77C0F0C4] - |A| - [19/03/2015 13:19:24] - (.Copyright (C) Lenovo. 1998-2012 - Lenovo Desktop BIOS Client Library.) - [17.32 Ko] - (1.0.0.7) - C:\WINDOWS\SysWOW64\LBAI.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [73.41 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [213.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [23948.4 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.59434189B1C1BCAC73E49E9D74291C5B] - |A| - [19/03/2015 12:58:15] - (.Copyright (C) 2010-2014 - MaxxAudio APO Shell.) - [879.59 Ko] - (4.15.0.0) - C:\WINDOWS\SysWOW64\MaxxAudioAPOShell.dll
[MD5.00000000000000000000000000000000] - |SD| - [30/09/2016 20:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [3008.96 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [821.34 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [260.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [278 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.1D4F8D6A2B4CB56A14C52BA585F945E7] - |A| - [11/08/2015 16:32:50] - (.Copyright(c) 2006-2012 Brother Industries,Ltd. - NSSearch.) - [240 Ko] - (1.1.0.6) - C:\WINDOWS\SysWOW64\NSSearch.dll
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [644.69 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [275.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.27C024A85079E057488302B98118EC62] - |A| - [11/08/2015 16:30:29] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\pp.log
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:03] - [413.88 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [278.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [273.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0.76 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [218.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [27/09/2016 17:26:58] - [5572.77 Ko] - C:\WINDOWS\SysWOW64\RTCOM
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [270.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU
[MD5.16EEB9588BCCAE365BB492D8A79D23E1] - |A| - [05/08/2015 13:03:07] - (.Copyright Samsung Electronics 2001 - Device Monitor.) - [80 Ko] - (1.5.6.0) - C:\WINDOWS\SysWOW64\ssdevm.dll
[MD5.D7F4BAF51DBEE3DC9EAF51BEE5B8F94B] - |A| - [05/08/2015 13:03:07] - (.Copyright Samsung Electronics 2001 - USB Device.) - [48 Ko] - (0.6.0.0) - C:\WINDOWS\SysWOW64\ssusbpn.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [265.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [205 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [261.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [16/07/2016 06:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [16742.42 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [8523.53 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [4228.5 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:03] - [100.11 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [190.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“!Do not use this registry key”=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
“AppData”=C:\Users\Owner\AppData\Roaming [27/09/2016 17:28:43]
“Local AppData”=C:\Users\Owner\AppData\Local [27/09/2016 17:28:43]
“{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}”=C:\Users\Owner\AppData\Roaming\Micr osoft\Windows\Libraries [19/03/2015 12:54:17]
“My Video”=C:\Users\Owner\Videos [19/03/2015 12:54:04]
“My Pictures”=C:\Users\Owner\Pictures [19/03/2015 12:54:04]
“Desktop”=C:\Users\Owner\Desktop [08/08/2015 21:34:55]
“History”=C:\Users\Owner\AppData\Local\Microsoft\W indows\History [19/03/2015 12:54:04]
“NetHood”=C:\Users\Owner\AppData\Roaming\Microsoft \Windows\Network Shortcuts [27/09/2016 17:28:43]
“{56784854-C6CB-462B-8169-88E350ACB882}”=C:\Users\Owner\Contacts [19/03/2015 12:54:17]
“{00BCFC5A-ED94-4E48-96A1-3F6217F21990}”=C:\Users\Owner\AppData\Local\Micros oft\Windows\RoamingTiles [19/03/2015 12:54:17]
“Cookies”=C:\Users\Owner\AppData\Local\Microsoft\W indows\INetCookies [19/03/2015 12:54:04]
“Favorites”=C:\Users\Owner\Favorites [08/08/2015 21:34:55]
“SendTo”=C:\Users\Owner\AppData\Roaming\Microsoft\ Windows\SendTo [27/09/2016 17:28:43]
“Start Menu”=C:\Users\Owner\AppData\Roaming\Microsoft\Win dows\Start Menu [27/09/2016 17:28:43]
“My Music”=C:\Users\Owner\Music [19/03/2015 12:54:04]
“Programs”=C:\Users\Owner\AppData\Roaming\Microsof t\Windows\Start Menu\Programs [27/09/2016 17:28:43]
“Recent”=C:\Users\Owner\AppData\Roaming\Microsoft\ Windows\Recent [19/03/2015 12:54:04]
“CD Burning”=C:\Users\Owner\AppData\Local\Microsoft\Wi ndows\Burn\Burn [27/09/2016 17:36:31]
“PrintHood”=C:\Users\Owner\AppData\Roaming\Microso ft\Windows\Printer Shortcuts [27/09/2016 17:28:43]
“{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}”=C:\Users\Owner\Searches [19/03/2015 12:54:17]
“{374DE290-123F-4565-9164-39C4925E467B}”=C:\Users\Owner\Downloads [19/03/2015 12:54:04]
“{A520A1A4-1780-4FF6-BD18-167343C5AF16}”=C:\Users\Owner\AppData\LocalLow [19/03/2015 12:54:04]
“Startup”=C:\Users\Owner\AppData\Roaming\Microsoft \Windows\Start Menu\Programs\Startup [19/03/2015 12:54:17]
“Administrative Tools”=C:\Users\Owner\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Administrative Tools [19/03/2015 12:54:17]
“Personal”=C:\Users\Owner\Documents [08/08/2015 21:34:55]
“{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}”=C:\Users\Owner\Links [19/03/2015 12:54:04]
“Cache”=C:\Users\Owner\AppData\Local\Microsoft\Win dows\INetCache [27/09/2016 17:28:43]
“Templates”=C:\Users\Owner\AppData\Roaming\Microso ft\Windows\Templates [27/09/2016 17:28:43]
“{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}”=C:\Users\Owner\Saved Games [19/03/2015 12:54:04]
“Fonts”=C:\WINDOWS\Fonts [16/07/2016 06:47:48]

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“AppData”=%USERPROFILE%\AppData\Roaming
“Desktop”=%USERPROFILE%\Desktop
“Favorites”=%USERPROFILE%\Favorites
“History”=%USERPROFILE%\AppData\Local\Microsoft\Wi ndows\History
“Local AppData”=%USERPROFILE%\AppData\Local
“My Music”=%USERPROFILE%\Music
“My Pictures”=%USERPROFILE%\Pictures
“My Video”=%USERPROFILE%\Videos
“NetHood”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Network Shortcuts
“Personal”=%USERPROFILE%\Documents
“PrintHood”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Printer Shortcuts
“Programs”=%USERPROFILE%\AppData\Roaming\Microsoft \Windows\Start Menu\Programs
“Recent”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\Recent
“SendTo”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\SendTo
“Start Menu”=%USERPROFILE%\AppData\Roaming\Microsoft\Wind ows\Start Menu
“Startup”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup
“Templates”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Templates
“{374DE290-123F-4565-9164-39C4925E467B}”=%USERPROFILE%\Downloads
“Cache”=C:\Users\Owner\AppData\Local\Microsoft\Win dows\INetCache [27/09/2016 17:28:43]
“Cookies”=C:\Users\Owner\AppData\Local\Microsoft\W indows\INetCookies [19/03/2015 12:54:04]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/07/2016 06:47:48]
“Common AppData”=C:\ProgramData [16/07/2016 06:47:48]
“Common Desktop”=C:\Users\Public\Desktop [22/08/2013 10:36:30]
“Common Documents”=C:\Users\Public\Documents [22/08/2013 10:36:30]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 06:47:48]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 06:47:48]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 06:47:48]
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [26/07/2012 03:12:59]
“CommonMusic”=C:\Users\Public\Music [22/08/2013 10:36:30]
“CommonPictures”=C:\Users\Public\Pictures [22/08/2013 10:36:30]
“CommonVideo”=C:\Users\Public\Videos [22/08/2013 10:36:30]
“OEM Links”=C:\ProgramData\OEM\Links

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“Common AppData”=%ProgramData%
“Common Desktop”=%PUBLIC%\Desktop
“Common Documents”=%PUBLIC%\Documents
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es
“CommonMusic”=%PUBLIC%\Music
“CommonPictures”=%PUBLIC%\Pictures
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Shell Folders]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/07/2016 06:47:48]
“Common AppData”=C:\ProgramData [16/07/2016 06:47:48]
“Common Desktop”=C:\Users\Public\Desktop [22/08/2013 10:36:30]
“Common Documents”=C:\Users\Public\Documents [22/08/2013 10:36:30]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 06:47:48]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 06:47:48]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 06:47:48]
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [26/07/2012 03:12:59]
“CommonMusic”=C:\Users\Public\Music [22/08/2013 10:36:30]
“CommonPictures”=C:\Users\Public\Pictures [22/08/2013 10:36:30]
“CommonVideo”=C:\Users\Public\Videos [22/08/2013 10:36:30]
“OEM Links”=C:\ProgramData\OEM\Links

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\User Shell Folders]
“Common AppData”=%ProgramData%
“Common Desktop”=%PUBLIC%\Desktop
“Common Documents”=%PUBLIC%\Documents
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es
“CommonMusic”=%PUBLIC%\Music
“CommonPictures”=%PUBLIC%\Pictures
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads

---------- | [Owner]

[27/09/2016 17:28:43] - |D| - [2210172208] - C:\Users\Owner\AppData\Local
[19/03/2015 12:54:04] - |D| - [1803763] - C:\Users\Owner\AppData\LocalLow
[27/09/2016 17:28:43] - |D| - [119525859] - C:\Users\Owner\AppData\Roaming
[09/01/2016 10:25:31] - |D| - [0] - C:\Users\Owner\AppData\Local\ActiveSync
[19/09/2015 11:01:07] - |D| - [6454] - C:\Users\Owner\AppData\Local\Adobe
[04/08/2015 17:28:16] - |D| - [0] - C:\Users\Owner\AppData\Local\Apple
[04/08/2015 17:28:33] - |D| - [29480583] - C:\Users\Owner\AppData\Local\Apple Computer
[27/09/2016 17:28:43] - |SHD| - [22987732001] - C:\Users\Owner\AppData\Local\Application Data
[16/07/2016 22:39:24] - |D| - [0] - C:\Users\Owner\AppData\Local\CEF
[09/01/2016 10:23:35] - |D| - [21192728] - C:\Users\Owner\AppData\Local\Comms
[27/09/2016 17:35:09] - |D| - [2217768] - C:\Users\Owner\AppData\Local\ConnectedDevicesPlatf orm
[04/08/2015 09:28:56] - |D| - [152160117] - C:\Users\Owner\AppData\Local\Cyberlink
[26/12/2015 19:56:32] - |D| - [0] - C:\Users\Owner\AppData\Local\Diagnostics
[16/07/2016 22:41:37] - |D| - [1188788048] - C:\Users\Owner\AppData\Local\Google
[12/08/2015 16:15:11] - |D| - [71] - C:\Users\Owner\AppData\Local\GWX
[27/09/2016 17:28:43] - |SHD| - [130] - C:\Users\Owner\AppData\Local\History
[25/04/2017 14:19:38] - |AH| - [15508] - C:\Users\Owner\AppData\Local\IconCache.db
[27/09/2016 17:28:43] - |D| - [317998621] - C:\Users\Owner\AppData\Local\Microsoft
[05/08/2015 14:26:39] - |D| - [0] - C:\Users\Owner\AppData\Local\Microsoft Help
[09/01/2016 19:56:27] - |D| - [82095] - C:\Users\Owner\AppData\Local\MicrosoftEdge
[09/01/2016 22:26:57] - |D| - [0] - C:\Users\Owner\AppData\Local\NetworkTiles
[19/03/2015 12:54:04] - |D| - [293519276] - C:\Users\Owner\AppData\Local\Packages
[10/01/2016 10:31:09] - |D| - [0] - C:\Users\Owner\AppData\Local\PeerDistRepub
[05/08/2015 08:05:49] - |D| - [40960] - C:\Users\Owner\AppData\Local\Power2Go
[05/02/2017 09:44:58] - |D| - [0] - C:\Users\Owner\AppData\Local\Programs
[09/01/2016 10:23:41] - |D| - [0] - C:\Users\Owner\AppData\Local\Publishers
[27/09/2016 17:28:43] - |D| - [190724374] - C:\Users\Owner\AppData\Local\Temp
[27/09/2016 17:28:43] - |SHD| - [9043786] - C:\Users\Owner\AppData\Local\Temporary Internet Files
[09/01/2016 10:23:32] - |D| - [13918208] - C:\Users\Owner\AppData\Local\TileDataLayer
[19/03/2015 13:28:00] - |D| - [6932] - C:\Users\Owner\AppData\Local\Toshiba
[19/03/2015 12:54:05] - |D| - [21453] - C:\Users\Owner\AppData\Local\VirtualStore
[04/08/2015 09:33:30] - |D| - [0] - C:\Users\Owner\AppData\LocalLow\Apple Computer
[21/09/2016 20:20:51] - |D| - [0] - C:\Users\Owner\AppData\LocalLow\Brother
[19/03/2015 13:13:41] - |D| - [1803763] - C:\Users\Owner\AppData\LocalLow\Microsoft
[19/03/2015 12:54:16] - |D| - [218155] - C:\Users\Owner\AppData\Roaming\Adobe
[04/08/2015 17:28:33] - |D| - [789282] - C:\Users\Owner\AppData\Roaming\Apple Computer
[04/08/2015 07:24:49] - |D| - [19158657] - C:\Users\Owner\AppData\Roaming\AVAST Software
[21/09/2016 20:20:51] - |RD| - [54] - C:\Users\Owner\AppData\Roaming\Brother
[19/09/2015 11:02:44] - |D| - [8192] - C:\Users\Owner\AppData\Roaming\com.amazon.music.up loader
[11/08/2015 16:37:11] - |D| - [41752] - C:\Users\Owner\AppData\Roaming\ControlCenter4
[04/08/2015 09:28:59] - |D| - [228613] - C:\Users\Owner\AppData\Roaming\CyberLink
[05/08/2015 13:18:32] - |D| - [526] - C:\Users\Owner\AppData\Roaming\FLEXnet
[08/08/2015 21:48:24] - |D| - [0] - C:\Users\Owner\AppData\Roaming\Identities
[11/08/2015 16:31:36] - |D| - [0] - C:\Users\Owner\AppData\Roaming\InstallShield
[05/08/2015 14:16:36] - |D| - [2489] - C:\Users\Owner\AppData\Roaming\KeePass
[19/03/2015 13:13:44] - |D| - [321567] - C:\Users\Owner\AppData\Roaming\Macromedia
[27/09/2016 17:28:43] - |SD| - [5031288] - C:\Users\Owner\AppData\Roaming\Microsoft
[05/08/2015 13:10:56] - |D| - [281] - C:\Users\Owner\AppData\Roaming\Nuance
[30/08/2016 04:10:51] - |D| - [76] - C:\Users\Owner\AppData\Roaming\Skype
[19/03/2015 13:24:26] - |D| - [0] - C:\Users\Owner\AppData\Roaming\WinBatch
[06/02/2016 18:43:39] - |D| - [93724054] - C:\Users\Owner\AppData\Roaming\WindSolutions
[11/08/2015 16:22:29] - |D| - [873] - C:\Users\Owner\AppData\Roaming\Zeon
[19/03/2015 12:54:17] - |ASH| - [174] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\desktop.ini
[27/09/2016 17:28:43] - |RD| - [32613] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs
[27/09/2016 17:28:43] - |RD| - [3888] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessibility
[27/09/2016 17:28:43] - |RD| - [2929] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories
[19/03/2015 12:54:17] - |RD| - [174] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Administrative Tools
[27/09/2015 08:50:06] - |A| - [1868] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\avast! antivirus.lnk
[17/12/2016 20:58:01] - |D| - [2867] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps
[06/02/2016 18:43:47] - |D| - [2963] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\CopyTrans Control Center
[04/08/2015 09:37:55] - |D| - [1387] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\CyberLink Media Suite
[27/09/2016 17:35:13] - |ASH| - [174] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\desktop.ini
[27/09/2016 17:28:43] - |D| - [170] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Maintenance
[09/01/2016 10:25:27] - |A| - [2405] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\OneDrive.lnk
[19/03/2015 12:54:17] - |RD| - [174] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup
[27/09/2016 17:28:43] - |RD| - [6376] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\System Tools
[27/09/2016 17:28:43] - |RD| - [7238] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Windows PowerShell
[19/03/2015 12:54:17] - |ASH| - [174] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\desktop.ini

---------- | [Public]

---------- | C:\ProgramData

[19/09/2015 11:02:45] - |D| - [0] - C:\ProgramData\Adobe
[04/08/2015 17:28:01] - |D| - [228859211] - C:\ProgramData\Apple
[04/08/2015 17:28:26] - |D| - [76404000] - C:\ProgramData\Apple Computer
[27/09/2016 17:35:01] - |SHD| - [20203574318] - C:\ProgramData\Application Data
[04/08/2015 02:08:28] - |D| - [236497933] - C:\ProgramData\AVAST Software
[05/08/2015 13:08:44] - |D| - [113921] - C:\ProgramData\Brother
[16/07/2016 06:47:48] - |D| - [0] - C:\ProgramData\Comms
[11/08/2015 16:33:18] - |D| - [498] - C:\ProgramData\ControlCenter4
[05/08/2015 13:30:28] - |D| - [71] - C:\ProgramData\Credant
[04/08/2015 09:23:44] - |D| - [149754] - C:\ProgramData\CyberLink
[27/09/2016 17:35:01] - |SHD| - [5699451] - C:\ProgramData\Desktop
[27/09/2016 17:26:45] - |D| - [1830103] - C:\ProgramData\DisplayLink
[27/09/2016 17:35:01] - |SHD| - [278] - C:\ProgramData\Documents
[27/09/2016 17:27:03] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[05/08/2015 13:10:46] - |D| - [154] - C:\ProgramData\FLEXnet
[16/07/2016 06:47:48] - |SD| - [918548468] - C:\ProgramData\Microsoft
[05/08/2015 14:26:38] - |D| - [62220] - C:\ProgramData\Microsoft Help
[27/09/2016 17:36:42] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[05/08/2015 13:10:46] - |D| - [7663038] - C:\ProgramData\Nuance
[05/08/2015 13:15:12] - |D| - [0] - C:\ProgramData\PCFaxTx
[19/03/2015 12:54:04] - |D| - [24208] - C:\ProgramData\PRICache
[16/07/2016 06:47:48] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft
[05/08/2015 13:02:40] - |D| - [70] - C:\ProgramData\Samsung
[05/08/2015 13:10:49] - |D| - [191098] - C:\ProgramData\ScanSoft
[04/08/2015 09:34:46] - |D| - [367134496] - C:\ProgramData\SmartSound Software Inc
[16/07/2016 06:47:48] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[27/09/2016 17:35:01] - |SHD| - [179902] - C:\ProgramData\Start Menu
[25/04/2017 14:25:08] - |D| - [0] - C:\ProgramData\SWCUTemp
[04/08/2015 09:19:52] - |D| - [867345] - C:\ProgramData\Temp
[27/09/2016 17:35:01] - |SHD| - [0] - C:\ProgramData\Templates
[19/03/2015 13:28:00] - |D| - [19203] - C:\ProgramData\TOSHIBA
[16/07/2016 06:47:48] - |D| - [1421] - C:\ProgramData\USOPrivate
[27/09/2016 17:35:55] - |D| - [2326528] - C:\ProgramData\USOShared
[06/02/2016 18:43:39] - |D| - [70311] - C:\ProgramData\WindSolutions

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[16/07/2016 06:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[16/07/2016 06:47:48] - |RD| - [179728] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[16/07/2016 06:47:48] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[16/07/2016 06:47:48] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[16/07/2016 06:47:48] - |RD| - [23012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[19/09/2015 11:02:43] - |A| - [1252] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk
[06/08/2015 08:02:47] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[16/07/2016 18:33:16] - |A| - [1979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
[16/07/2016 22:37:44] - |A| - [1088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[04/08/2015 07:24:13] - |D| - [1940] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[11/08/2015 16:33:37] - |D| - [2093] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[04/08/2015 09:27:05] - |RD| - [24233] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[16/07/2016 06:47:50] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[16/07/2016 22:42:10] - |A| - [2272] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[17/07/2016 11:00:44] - |D| - [24203] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[16/07/2016 06:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[17/07/2016 11:02:29] - |D| - [4065] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[05/02/2017 09:47:10] - |A| - [483] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk
[16/07/2016 06:47:48] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[05/08/2015 07:06:23] - |D| - [2747] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[05/08/2015 14:29:57] - |D| - [44257] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[16/07/2016 06:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[16/07/2016 06:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[05/08/2015 13:03:19] - |D| - [9804] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
[05/08/2015 14:29:57] - |D| - [3055] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[16/07/2016 06:47:48] - |RD| - [1444] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[16/07/2016 06:47:48] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[19/03/2015 13:24:52] - |D| - [98] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[09/07/2016 14:05:33] - |D| - [1276] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendnet
[27/09/2016 17:31:02] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[16/07/2016 06:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[09/07/2016 14:05:33] - |A| - [1270] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\USBKVM Switcher.lnk

---------- | C:\Program Files (x86)

[19/09/2015 11:02:43] - |D| - [339092] - C:\Program Files (x86)\Adobe
[19/09/2015 11:02:27] - |D| - [16206095] - C:\Program Files (x86)\Amazon
[17/07/2016 11:00:25] - |AD| - [2743854] - C:\Program Files (x86)\Apple Software Update
[17/07/2016 11:01:39] - |AD| - [631713] - C:\Program Files (x86)\Bonjour
[11/08/2015 16:32:50] - |D| - [75264020] - C:\Program Files (x86)\Brother
[11/08/2015 16:33:18] - |D| - [12098622] - C:\Program Files (x86)\Browny02
[16/07/2016 01:04:24] - |D| - [591582675] - C:\Program Files (x86)\Common Files
[05/08/2015 13:15:13] - |D| - [72741954] - C:\Program Files (x86)\ControlCenter4
[04/08/2015 09:26:42] - |D| - [2274885265] - C:\Program Files (x86)\CyberLink
[16/07/2016 06:47:50] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[16/07/2016 22:41:37] - |D| - [370499400] - C:\Program Files (x86)\Google
[04/08/2015 09:27:05] - |HD| - [102186949] - C:\Program Files (x86)\InstallShield Installation Information
[19/03/2015 13:05:46] - |D| - [3240612] - C:\Program Files (x86)\Intel
[16/07/2016 06:47:48] - |D| - [1988467] - C:\Program Files (x86)\Internet Explorer
[17/07/2016 11:02:23] - |D| - [76267] - C:\Program Files (x86)\iTunes
[19/03/2015 13:19:24] - |D| - [1348792] - C:\Program Files (x86)\Lenovo
[05/08/2015 14:26:53] - |D| - [39769547] - C:\Program Files (x86)\Microsoft Analysis Services
[05/08/2015 14:26:38] - |AD| - [924565418] - C:\Program Files (x86)\Microsoft Office
[05/08/2015 14:29:36] - |D| - [793991] - C:\Program Files (x86)\Microsoft Sync Framework
[05/08/2015 14:27:50] - |AD| - [1258102] - C:\Program Files (x86)\Microsoft Visual Studio 8
[16/07/2016 06:47:48] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[05/08/2015 14:29:46] - |AD| - [26521] - C:\Program Files (x86)\MSBuild
[05/08/2015 13:09:15] - |AD| - [154033] - C:\Program Files (x86)\MSXML 4.0
[05/08/2015 13:10:46] - |D| - [0] - C:\Program Files (x86)\Nuance
[17/12/2016 21:07:02] - |D| - [36957953] - C:\Program Files (x86)\Reference Assemblies
[05/08/2015 13:01:45] - |D| - [100675475] - C:\Program Files (x86)\Samsung
[05/08/2015 13:03:08] - |D| - [10683272] - C:\Program Files (x86)\SamsungPrinterLiveUpdate
[04/08/2015 09:34:46] - |D| - [7446017] - C:\Program Files (x86)\SmartSound Software
[19/03/2015 13:24:39] - |D| - [64424416] - C:\Program Files (x86)\Toshiba
[09/07/2016 14:05:32] - |D| - [1736290] - C:\Program Files (x86)\Trendnet
[16/07/2016 06:47:48] - |D| - [1922560] - C:\Program Files (x86)\Windows Defender
[16/07/2016 06:47:48] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail
[16/07/2016 06:47:48] - |D| - [3264664] - C:\Program Files (x86)\Windows Media Player
[16/07/2016 06:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform
[16/07/2016 06:47:48] - |D| - [7466690] - C:\Program Files (x86)\Windows NT
[16/07/2016 06:47:48] - |D| - [5418176] - C:\Program Files (x86)\Windows Photo Viewer
[16/07/2016 06:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices
[16/07/2016 06:47:48] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[16/07/2016 06:47:48] - |D| - [3230145] - C:\Program Files (x86)\WindowsPowerShell

---------- | C:\Program Files

[04/08/2015 07:20:59] - |D| - [1509186201] - C:\Program Files\AVAST Software
[17/07/2016 11:01:39] - |AD| - [615066] - C:\Program Files\Bonjour
[16/07/2016 01:04:24] - |D| - [318523455] - C:\Program Files\Common Files
[16/07/2016 06:47:50] - |ASH| - [174] - C:\Program Files\desktop.ini
[27/09/2016 17:26:45] - |AD| - [63292719] - C:\Program Files\DisplayLink Core Software
[27/09/2016 17:26:56] - |D| - [36205061] - C:\Program Files\Intel
[16/07/2016 06:47:47] - |D| - [2581342] - C:\Program Files\Internet Explorer
[17/07/2016 11:02:23] - |D| - [4170211] - C:\Program Files\iPod
[17/07/2016 11:02:23] - |AD| - [190501938] - C:\Program Files\iTunes
[05/08/2015 07:06:14] - |AD| - [78874441] - C:\Program Files\Microsoft Mouse and Keyboard Center
[05/08/2015 14:27:07] - |D| - [22698417] - C:\Program Files\Microsoft Office
[17/12/2016 21:07:02] - |D| - [25757] - C:\Program Files\MSBuild
[05/08/2015 13:11:43] - |D| - [541070] - C:\Program Files\Nuance
[27/09/2016 17:26:58] - |D| - [46617824] - C:\Program Files\Realtek
[17/12/2016 21:07:02] - |D| - [34617001] - C:\Program Files\Reference Assemblies
[27/09/2016 17:26:58] - |D| - [5871] - C:\Program Files\Synaptics
[26/07/2012 02:22:18] - |HD| - [0] - C:\Program Files\Uninstall Information
[16/07/2016 06:47:47] - |RD| - [14859434] - C:\Program Files\Windows Defender
[16/07/2016 09:29:36] - |D| - [6281288] - C:\Program Files\Windows Defender Advanced Threat Protection
[16/07/2016 06:47:47] - |D| - [6181888] - C:\Program Files\Windows Mail
[16/07/2016 06:47:47] - |D| - [4971196] - C:\Program Files\Windows Media Player
[16/07/2016 06:47:47] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform
[16/07/2016 06:47:47] - |D| - [7730370] - C:\Program Files\Windows NT
[16/07/2016 06:47:47] - |D| - [6216896] - C:\Program Files\Windows Photo Viewer
[16/07/2016 06:47:47] - |D| - [37784] - C:\Program Files\Windows Portable Devices
[16/07/2016 06:47:47] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[16/07/2016 06:47:47] - |HD| - [1961009429] - C:\Program Files\WindowsApps
[16/07/2016 06:47:47] - |D| - [3647234] - C:\Program Files\WindowsPowerShell

---------- | C:\Program Files (x86)\Common Files

[19/09/2015 11:02:43] - |AD| - [48777040] - C:\Program Files (x86)\Common Files\Adobe AIR
[04/08/2015 17:28:01] - |D| - [235508990] - C:\Program Files (x86)\Common Files\Apple
[19/12/2015 19:59:23] - |D| - [961872] - C:\Program Files (x86)\Common Files\AV
[06/08/2015 07:46:30] - |AD| - [99992] - C:\Program Files (x86)\Common Files\DESIGNER
[04/08/2015 09:34:42] - |D| - [4055029] - C:\Program Files (x86)\Common Files\InstallShield
[27/09/2016 17:26:54] - |D| - [68056347] - C:\Program Files (x86)\Common Files\Intel
[16/07/2016 06:47:48] - |AD| - [224176336] - C:\Program Files (x86)\Common Files\Microsoft Shared
[16/07/2016 06:47:48] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[16/07/2016 06:47:48] - |D| - [9944367] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[06/08/2015 08:02:38] - |D| - [208534383] - C:\Program Files\Common files\Apple
[19/12/2015 19:59:23] - |D| - [961872] - C:\Program Files\Common files\AV
[16/07/2016 06:47:47] - |AD| - [98821991] - C:\Program Files\Common files\microsoft shared
[16/07/2016 06:47:47] - |D| - [2702] - C:\Program Files\Common files\Services
[16/07/2016 06:47:47] - |D| - [10202507] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.31E447B39B3A82C2C2E2532AE5A2F250] - [24/04/2017 14:52:31] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [27/09/2016 17:33:56] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.00000000000000000000000000000000] - [27/09/2016 17:33:56] - |D| - [2606] - C:\WINDOWS\System32\Tasks\Apple
[MD5.9AEA3AAB0ECCA998300E14B80F066144] - [08/02/2017 04:09:46] - |A| - [3994] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
[MD5.00000000000000000000000000000000] - [27/09/2016 17:33:56] - |D| - [3968] - C:\WINDOWS\System32\Tasks\AVAST Software
[MD5.3B0E5C51EFDDF83B7DD3C0FB0831DF39] - [27/09/2016 17:33:56] - |A| - [2392] - C:\WINDOWS\System32\Tasks\DeviceDetector : C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\Devic eDetector.exe
[MD5.E98373D2013EBE19B6B30FA5BF162898] - [27/09/2016 17:33:56] - |A| - [3292] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.8795B838F14984B6087CFEFCF5D4BF11] - [27/09/2016 17:33:56] - |A| - [3416] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [16/07/2016 06:47:48] - |D| - [563642] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.64CBC5318CC94B24F6FA010F8FB2CCC0] - [27/09/2016 17:33:56] - |A| - [2168] - C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task _ipoint.exe : C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
[MD5.6FABD998EA3EBCECEB8F4E2460084522] - [27/09/2016 17:33:56] - |A| - [2166] - C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task _itype.exe : C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
[MD5.00000000000000000000000000000000] - [27/09/2016 17:33:57] - |D| - [0] - C:\WINDOWS\System32\Tasks\OfficeSoftwareProtection Platform
[MD5.45C953B2DEC137B3AD009F4CA73ADCB2] - [27/09/2016 17:33:56] - |A| - [2824] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task : C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17 .3.6517.0809\OneDriveStandaloneUpdater.exe
[MD5.622E92B1054A4D996BE963985C351E14] - [06/12/2016 15:36:32] - |A| - [3276] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 : %localappdata%\Microsoft\OneDrive\OneDriveStandalo neUpdater.exe
[MD5.FC7F4E653AA8340FD65678C9EECA0FE3] - [27/09/2016 17:33:56] - |A| - [2812] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1014905426-3769363605-1701117676-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandalo neUpdater.exe
[MD5.7CDFB50F4BD0CED6BE88474E73F94380] - [27/09/2016 17:33:56] - |A| - [2198] - C:\WINDOWS\System32\Tasks\RtHDVBg_LENOVO_MICPKEY : “C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe”
[MD5.88D68B15AB786B3DF7CF3E83E15E428B] - [27/09/2016 17:33:56] - |A| - [2174] - C:\WINDOWS\System32\Tasks\RTKCPL : “C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe”
[MD5.FCFA83FF488AD429AC3A8121BA6EDA7A] - [27/09/2016 17:33:56] - |A| - [4008] - C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1468726664 : C:\Program Files\AVAST Software\SZBrowser\launcher.exe
[MD5.928BBE59AFEA7ACCE8F1361CF923BEC7] - [27/09/2016 17:33:56] - |A| - [3296] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{6CFCB75E-A30D-4826-9A56-0BC571027065} : C:\WINDOWS\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [27/09/2016 17:33:58] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedacces s\Parameters\FirewallPolicy\FirewallRules]
“Wininit-Shutdown-In-Rule-TCP-RPC”=v2.26|Action=Allow|Active=FALSE|Dir=In|Protoc ol=6|LPort=RPC|App=%systemroot%\system32\wininit.e xe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
“Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper”=v2.26|Action=Allow|Active=FALSE|Dir=In|P rotocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@ firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
“Netlogon-NamedPipe-In”=v2.26|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
“Netlogon-TCP-RPC-In”=v2.26|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe| Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
“WirelessDisplay-In-TCP”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|Profile=Private|Profile=Public|App=%systemroot %\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD

A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“WirelessDisplay-Infra-In-TCP”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|Profile=Private|Profile=Public|LPort=7250|App= %systemroot%\system32\CastSrv.exe|Name=@wifidispla y.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
“MDNS-In-UDP”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protoco l=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svch ost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\f irewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi .dll,-37302|
“MDNS-Out-UDP”=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=17|LPort=5353|App=%SystemRoot%\system32\svchost .exe|Svc=dnscache|Name=@%SystemRoot%\system32\fire wallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi .dll,-37302|
“DeliveryOptimization-TCP-In”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol =6|LPort=7680|App=%SystemRoot%\system32\svchost.ex e|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
“DeliveryOptimization-UDP-In”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol =17|LPort=7680|App=%SystemRoot%\system32\svchost.e xe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll ,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
“{49A75FE9-C561-4677-8237-CBBBA6E4DDF7}”=v2.25|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
“{4318DBDD-DDE1-463F-BCE7-258D6D028763}”=v2.25|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
“{B883ABCE-DF1A-4A0B-ABAE-8CA27CB83D1D}”=v2.25|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
“{E3D39E12-16A5-4746-8B99-19BD74822B66}”=v2.25|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
“{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}”=v2.22|Action=Allow|Active=TRUE|Dir= Out|Name=SonicWALL.MobileConnect|Desc=SonicWALL.Mo bileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platfo rm=2:6:2|Platform2=GTEQ|
“{560448D6-095C-4907-B046-AC7F710701A7}”=v2.22|Action=Allow|Active=TRUE|Dir= In|Name=SonicWALL.MobileConnect|Desc=SonicWALL.Mob ileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platfo rm=2:6:2|Platform2=GTEQ|Edge=TRUE|
“{D6980480-941A-4DF6-AB81-3734ECD3D779}”=v2.22|Action=Allow|Active=TRUE|Dir= Out|Name=JuniperNetworks.JunosPulseVpn|Desc=Junipe rNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn |Platform=2:6:2|Platform2=GTEQ|
“{EC799E33-72BA-42D7-9127-DEFE68F9799D}”=v2.22|Action=Allow|Active=TRUE|Dir= In|Name=JuniperNetworks.JunosPulseVpn|Desc=Juniper Networks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn |Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
“{F64300AD-D559-4000-BD45-0997BCC8E70A}”=v2.22|Action=Allow|Active=TRUE|Dir= Out|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2| Platform2=GTEQ|
“{F77E5446-4378-4E99-8B7A-7061AAAEA193}”=v2.22|Action=Allow|Active=TRUE|Dir= In|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2| Platform2=GTEQ|Edge=TRUE|
“{9E3D57FC-7C37-4424-9352-4831E97D029D}”=v2.22|Action=Allow|Active=TRUE|Dir= Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources. pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resourc es.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
“{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}”=v2.22|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=@{C:\Window s\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources. pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resourc es.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
“{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}”=v2.22|Action=Allow|Active=TRUE|Dir= Out|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn= S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2 |Platform2=GTEQ|
“{4282FE99-8560-4BC7-9576-5F3ED84E263F}”=v2.22|Action=Allow|Active=TRUE|Dir= In|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2 |Platform2=GTEQ|Edge=TRUE|
“{152F2F8A-E265-4C9C-9BE0-4C8E7AEA69D4}”=v2.22|Action=Allow|Active=TRUE|Dir= Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2: 6:2|Platform2=GTEQ|
“{38448C18-A688-49C7-8174-1B2BC24536EC}”=v2.20|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Public|LPort=54925|Name=Bro therNetwork Scanner|
“{0FB634A8-6EA7-43B2-A769-45454BE438C0}”=v2.20|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe|Name=FAXRX.EXE|
“{B3F40DE2-8388-4CAE-8638-D6A2B4EFF453}”=v2.20|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe|Name=FAXRX.EXE|
“{BDC72FFF-6BF5-4EA4-A1C9-87615CF8650F}”=v2.20|Action=Allow|Active=TRUE|Dir= In|App=C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE|Name=Cyb erLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0|
“{E3A6ED74-81F5-446A-957D-10E530C43644}”=v2.20|Action=Allow|Active=TRUE|Dir= In|App=C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe|Name=CyberLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0|
“{6227C5EA-E5F9-4C60-8D66-32D77F2E16EE}”=v2.20|Action=Allow|Active=TRUE|Dir= In|App=C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE|Name=CyberL ink PowerDirector|Desc=CyberLink PowerDirector|
“{E7985E1D-C36F-4787-80A8-6350D07E9266}”=v2.20|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=@{C:\Window s\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources. pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resourc es.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
“{808F1451-4108-46FD-ADBB-F17324B5F0BD}”=v2.20|Action=Allow|Active=TRUE|Dir= Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources. pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resourc es.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
“{791DAA5F-4699-4632-A075-9E9E12A69E38}”=v2.22|Action=Allow|Active=TRUE|Dir= Out|Name=Check Point VPN|Desc=Check Point VPN|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=Check Point VPN|Platform=2:6:2|Platform2=GTEQ|
“{E0D6733F-F144-4ED0-BB39-1BCEBF3A4578}”=v2.22|Action=Allow|Active=TRUE|Dir= In|Name=Check Point VPN|Desc=Check Point VPN|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=Check Point VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
“{992BA417-AB1E-48D6-985B-7286B6C2EE84}”=v2.22|Action=Allow|Active=TRUE|Dir= Out|Name=F5 VPN|Desc=F5 VPN|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=F5 VPN|Platform=2:6:2|Platform2=GTEQ|
“{0FE09839-BDCA-4451-83E0-FCAABFFF9DFD}”=v2.22|Action=Allow|Active=TRUE|Dir= In|Name=F5 VPN|Desc=F5 VPN|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=F5 VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
“{60DFFD0B-6093-4928-BA82-3B1F1E23C1C4}”=v2.22|Action=Allow|Active=TRUE|Dir= Out|Name=Juniper Networks Junos Pulse|Desc=Juniper Networks Junos Pulse|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=Juniper Networks Junos Pulse|Platform=2:6:2|Platform2=GTEQ|
“{244B1068-FC71-49A5-A814-75FD55D42373}”=v2.22|Action=Allow|Active=TRUE|Dir= In|Name=Juniper Networks Junos Pulse|Desc=Juniper Networks Junos Pulse|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=Juniper Networks Junos Pulse|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
“{E68BDD3D-66D0-42C1-8599-5BDA417A9922}”=v2.22|Action=Allow|Active=TRUE|Dir= Out|Name=SonicWALL Mobile Connect|Desc=SonicWALL Mobile Connect|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL Mobile Connect|Platform=2:6:2|Platform2=GTEQ|
“{F2CBF299-FDE2-40A9-B458-5F740F6856B1}”=v2.22|Action=Allow|Active=TRUE|Dir= In|Name=SonicWALL Mobile Connect|Desc=SonicWALL Mobile Connect|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL Mobile Connect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
“TCP Query User{4CB13AE9-7084-4A83-BC12-848522DF60E8}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe”=v2.10|Action=Allow|Active=TRUE|Dir=I n|Protocol=6|Profile=Public|App=C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe|Name=amazon music importer|Desc=amazon music importer|Defer=User|
“UDP Query User{D4799C1E-4693-4F64-B855-4DA5749DE500}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe”=v2.10|Action=Allow|Active=TRUE|Dir=I n|Protocol=17|Profile=Public|App=C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe|Name=amazon music importer|Desc=amazon music importer|Defer=User|
“{508C52B6-0B68-4628-A56A-BE375B2358B7}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2: 6:2|Platform2=GTEQ|
“{86456A7C-4008-43EA-B8FA-9D1D1114153F}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ|
“{F22331B4-691C-4F0C-8675-8A4BDF00E39D}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Go ogle Chrome|
“{EC64A73F-9C15-4066-BBFC-80A58E246C2D}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Go ogle Chrome|
“{7E54A6EE-FB66-4B87-AF21-0770E20C250E}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|LPort=5556|Name=Vide ostream Desktop Application|
“{375B3A70-0160-4DF6-970B-A89FF225ECCE}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|LPort=5558|Name=Vide ostream Mobile Application|
“{82C503A6-E6FF-42F9-8124-A8448B1E8AD7}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=@{63429HDWProduction.AVCast_2015.729.2.62_neu tral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|Desc=@{63429HDWProduction.AVCast_2015 .729.2.62_neutral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1206494822-2154230163-57104287-3287776930-1937660456-2633082984-2402757740|EmbedCtxt=@{63429HDWProduction.AVCast_2 015.729.2.62_neutral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|Platform=2:6:2|Platform2=GTEQ|
“{3E3A38E4-9940-4A06-9137-80CED1C6FB54}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Profile=Public|N ame=@{63429HDWProduction.AVCast_2015.729.2.62_neut ral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|Desc=@{63429HDWProduction.AVCast_2015 .729.2.62_neutral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1206494822-2154230163-57104287-3287776930-1937660456-2633082984-2402757740|EmbedCtxt=@{63429HDWProduction.AVCast_2 015.729.2.62_neutral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TR UE|
“{1D0BDDA3-7452-4E9F-A071-FC13D992FBF0}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe|N ame=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|
“{51B8B173-D0AE-4131-AB6A-0D91D0E20208}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platfo rm2=GTEQ|
“{9209A7A8-78D3-4A14-9C5D-5A93966EAAC7}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Go ogle Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|
“{E38EB9B4-1B18-43A7-A965-0F56933968C6}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe|Nam e=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|
“{FB14DDBC-222D-4D25-929F-74F491455DC4}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
“{464BD631-5C86-4724-B115-D092E08DE990}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
“{354D61B0-FD70-455C-A8B1-2D43EFC2EF09}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
“{09DFC57F-AA1D-4809-A2AD-A087C8942CC9}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
“{62589703-4D8D-4D22-A059-9A1ACAA2BB9A}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2 =GTEQ|
“{27DEBC54-87CC-4831-84F4-21965B2CAD68}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Profile=Public|N ame=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2 =GTEQ|Edge=TRUE|
“{092FBE2E-086B-4681-A8C5-303FE97FD703}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|
“{B022D6AF-E5A1-4FA2-B716-85A5E255E509}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platfo rm2=GTEQ|
“{72977B23-DE41-4C2C-8925-53B90CC2E185}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=OneNote|Des c=OneNote|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platfo rm2=GTEQ|
“{74DBA38E-14FB-4AC8-A433-F84AE1202653}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2 =GTEQ|
“{F1C70004-D967-4D47-BDD8-627F5DF81153}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Profile=Public|N ame=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2 =GTEQ|Edge=TRUE|
“{CE3204CD-96E1-4D22-BC98-6532A1B17B22}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=@{E046963F.LenovoCompanion_3.72.1.0_x86__k1h2 ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_3.72.1.0_ x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_3. 72.1.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|

---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class{03F529 37-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{05f5cf e2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) → @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{126476 0F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{13e42d fa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) → @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class{14b62f 50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) → @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{1ed2bb f9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) → @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class{24A0C8 40-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{25dbce 51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) → @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class{268c95 a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) → @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2a9fe5 32-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) → @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2db153 74-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) → @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B648}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B649}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3376f4 ce-ff8d-40a2-a80f-bb4359d1415c}] : (USB Display Adapters) → USB Display Adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{36fc9e 60-c465-11cf-8056-444553540000}] : (USB) → @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3e3f06 74-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) → @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{43675d 81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) → @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4658ee 7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) → @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48721b 56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) → @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48d3eb c4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) → @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{49ce6a c8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) → @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 65-e325-11ce-bfc1-08002be10318}] : (CDROM) → @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 66-e325-11ce-bfc1-08002be10318}] : (Computer) → @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 67-e325-11ce-bfc1-08002be10318}] : (DiskDrive) → @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 68-e325-11ce-bfc1-08002be10318}] : (Display) → @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 69-e325-11ce-bfc1-08002be10318}] : (FDC) → @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6a-e325-11ce-bfc1-08002be10318}] : (HDC) → @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6b-e325-11ce-bfc1-08002be10318}] : (Keyboard) → @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6c-e325-11ce-bfc1-08002be10318}] : (MEDIA) → @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6d-e325-11ce-bfc1-08002be10318}] : (Modem) → @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6e-e325-11ce-bfc1-08002be10318}] : (Monitor) → @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6f-e325-11ce-bfc1-08002be10318}] : (Mouse) → @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 70-e325-11ce-bfc1-08002be10318}] : (MTD) → @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 71-e325-11ce-bfc1-08002be10318}] : (MultiFunction) → @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 72-e325-11ce-bfc1-08002be10318}] : (Net) → @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 73-e325-11ce-bfc1-08002be10318}] : (NetClient) → @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 74-e325-11ce-bfc1-08002be10318}] : (NetService) → @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 75-e325-11ce-bfc1-08002be10318}] : (NetTrans) → @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 77-e325-11ce-bfc1-08002be10318}] : (PCMCIA) → @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 78-e325-11ce-bfc1-08002be10318}] : (Ports) → @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 79-e325-11ce-bfc1-08002be10318}] : (Printer) → @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) → @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7d-e325-11ce-bfc1-08002be10318}] : (System) → @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7e-e325-11ce-bfc1-08002be10318}] : (Unknown) → @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 80-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) → @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50127d c3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) → @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50906c b8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) → @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class{509994 4a-f6b9-4057-a056-8c550228544c}] : (Memory) → @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50dd52 30-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) → @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5175d3 34-c371-4806-b3ba-71fd53c9258d}] : (Sensor) → @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{522119 B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{533c5b 84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) → @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53966c b1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) → @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53ccb1 49-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) → @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53d29e f7-377c-4d14-864b-eb3a85769359}] : (Biometric) → @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class{563083 1c-06c9-4856-b327-f5d32586e060}] : (Proximity) → @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5989fc e8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) → @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5c4c33 32-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) → @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5d1b9a aa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) → @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{62f9c7 41-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) → @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{688033 7A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6a0a8e 78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) → @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c1-810f-11d0-bec7-08002be2092f}] : (1394) → @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c5-810f-11d0-bec7-08002be2092f}] : (Infrared) → @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c6-810f-11d0-bec7-08002be2092f}] : (Image) → @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6d8078 84-7d21-11cf-801c-08002be10318}] : (TapeDrive) → @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6FAE73 B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71a27c dd-812a-11d0-bec7-08002be2092f}] : (Volume) → @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71aa14 f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) → @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{72631e 54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) → @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class{745a17 a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) → @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{772e18 f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) → @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class{7ebefb c0-3200-11d2-b4c2-00a0c9697d07}] : (61883) → @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class{81C874 65-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8496e8 7e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) → @oem31.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8503c9 11-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) → @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{87C077 B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88a1c3 42-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) → @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88bae0 32-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) → @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class{89786f f1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) → @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8AE855 50-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8ecc05 5d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) → @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{990a2b d7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) → @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9d6d66 a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) → @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9da2b8 0f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) → @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a588 a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) → @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a701 c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) → @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A3E32D BA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b1d1a1 69-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) → @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b6a945 de-134c-4279-9a66-61a63c6f0dc5}] : (Network Infrastructure Devices) → @oem12.inf,%ClassName%;Network Infrastructure Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b86dff 51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) → @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{bbbe87 34-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) → @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c06ff2 65-ae09-48f0-812c-16753d7cba83}] : (AVC) → @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c16652 3c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) → @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c243ff bd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) → @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c30ece a0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) → @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class{C4A06E 97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c7bc9b 22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) → @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class{cdcf09 39-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) → @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{ce5939 ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) → @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d02bc3 da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) → @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d421b0 8e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) → @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d48179 be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) → @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d54650 0a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) → @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d61ca3 65-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) → @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d94ee5 d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) → @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class{db4f6d dd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) → @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e0cbf0 6c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) → @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e2f84c e7-8efa-411c-aa69-97454ca4cb57}] : (Extension) → @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e55fa6 f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) → @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{eec5ad 98-8080-425f-922a-dabf3de3f69a}] : (WPD) → @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f2e7dd 72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) → @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f3586b af-b5aa-49b5-8d6c-0569284c639f}] : (Compression) → @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f75a86 c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) → @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f8ecaf a6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) → @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{FB58BE 68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{fe8f15 72-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) → @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] → ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] → elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] → ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[19/03/2015 12:59:39] - (18.0.7.53) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
[19/03/2015 13:19:24] - (1.0.0.8) - (Lenovo - Lenovo Desktop BIOS Driver) - C:\WINDOWS\System32\Drivers\LBAI.sys
[12/11/2015 23:50:10] - (1.1.0.0) - (Western Digital Technologies, Inc. - Western Digital SCSI Architecture Model (SAM) driver) - C:\WINDOWS\System32\drivers\wdcsam64.sys
[05/08/2015 13:00:14] - (1.0.0.0) - (Samsung Electronics - Port Contention Driver) - C:\Windows\system32\Drivers\SSPORT.sys
[09/01/2016 10:19:08] - (1.0.2829.2626) - (CyberLink Corp. -) - C:\WINDOWS\system32\Drivers\rikvm_90970B6B.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () → System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) → System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) → System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () → System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () → System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () → System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () → System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport’s Miniport Driver) → System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) → System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) → System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) → System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () → System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) → System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) → System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) → System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) → System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) → System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) → system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) → System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () → System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) → System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorA () → System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) → System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) → System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () → System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) → System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) → system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () → System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () → System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () → System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () → System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () → System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () → System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () → System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () → System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () → System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () → System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) → System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () → System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) → System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () → System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) → system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () → System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () → System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) → System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) → System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () → System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () → System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) → System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) → system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () → System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () → System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) → System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) → System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) → System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () → System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () → System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) → System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () → System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsof t Standard SATA AHCI Driver) → System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) → System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) → System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) → System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () → System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) → System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) → System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) → System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) → System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) → System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) → System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) → System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () → System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) → System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) → system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) → System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) → system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy .SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) → System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) → \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) → system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) → \SystemRoot\system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswKbd (aswKbd) → \SystemRoot\system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswRdr (aswRdr) → \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSnx (aswSnx) → \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSP (aswSP) → \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () → \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () → \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) → \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) → system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) → system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) → System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) → system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) → System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) → \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) → system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) → System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) → \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) → system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) → System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) → system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) → \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) → System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - aswMonFlt (aswMonFlt) → \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True
S2 - [Kernel Driver] - aswStm (aswStm) → \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False
R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) → \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) → system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) → \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) → \SystemRoot\system32\drivers\MBAMChameleon.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) → \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) → system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) → system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) → system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) → system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) → system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) → System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - SSPORT (SSPORT) → ??\C:\Windows\system32\Drivers\SSPORT.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) → system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) → System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) → \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) → \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft Files whitelisted)

[MD5.EE1CCC54F75C24727A218F98FC5349DA] - [16/07/2016 06:41:53] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys
[MD5.49B9DB97AFC85DCCBDACDAB2E90085B7] - [16/07/2016 06:41:53] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys
[MD5.74FFBC43B4B899C9A8CA06A892F2CE73] - [16/07/2016 06:41:53] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys
[MD5.AAB0F1D8D7E54761ABAB13AF161F1680] - [16/07/2016 06:41:53] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys
[MD5.F91BAAC4237C40352A807000F3B716F9] - [16/07/2016 06:41:53] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys
[MD5.E6AB1F0B4C3D4E0D2A88332D76FECD03] - [16/07/2016 06:41:53] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys
[MD5.A7B57360535C2F651FD29017212BEE2C] - [08/02/2017 04:09:46] - (.Copyright (C) 2014 AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) - [300.52 Ko] - (17.3.2.64257) - C:\WINDOWS\System32\Drivers\aswbidsdrivera.sys
[MD5.E4EA423C630EEDCAEEFAD064C394C817] - [08/02/2017 04:09:46] - (.Copyright (C) 2014 AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) - [185.32 Ko] - (17.3.2.64257) - C:\WINDOWS\System32\Drivers\aswbidsha.sys
[MD5.E2A05D51AF0C017C66C6DA780E9D6049] - [08/02/2017 04:09:46] - (.Copyright (C) 2014 AVAST Software s.r.o. - Logging Driver.) - [326.26 Ko] - (17.3.2.64257) - C:\WINDOWS\System32\Drivers\aswbloga.sys
[MD5.A6ECFEDBFBF28DF8E4AF1415F8F96424] - [08/02/2017 04:09:46] - (.Copyright (C) 2014 AVAST Software s.r.o. - Universal Driver.) - [47.39 Ko] - (17.3.2.64257) - C:\WINDOWS\System32\Drivers\aswbuniva.sys
[MD5.F616A379AE5416B7B74D257C786E688E] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast HWID.) - [37.4 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswHwid.sys
[MD5.958F99D57A10FE3C1AED7E170335A8A7] - [16/07/2016 18:32:57] - (.Copyright (c) 2014 AVAST Software - Avast Keyboard Filter Driver.) - [31.84 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswKbd.sys
[MD5.9E121B7D43AD2CECBF84FD115ABCFEA8] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast File System Minifilter for Windows 2003/Vista.) - [124.13 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswMonFlt.sys
[MD5.B560D9446262FD66557540D270E8C0D0] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast WFP Redirect Driver.) - [98.78 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswRdr2.sys
[MD5.8DC8CDF5351601FB95D3288F88100ED6] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast Revert.) - [73.93 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswRvrt.sys
[MD5.48FDB04B2145582E21938C31CA7DFC50] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast Virtualization Driver.) - [981.49 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswSnx.sys
[MD5.601CB08742B96334DBA3629ECDD3E9ED] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast self protection module.) - [543.73 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswSP.sys
[MD5.9E70CF27A36A11462798255C2D7A5DC1] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Stream Filter.) - [160.22 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswStm.sys
[MD5.AEEF7494648FD2B4B9D9F6BEA7D25D20] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast VM Monitor.) - [331.73 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswVmm.sys
[MD5.3F5523DCEFE42B385659C5CB46A6B810] - [16/07/2016 06:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys
[MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [16/07/2016 06:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys
[MD5.7BA3A4FA7B051E70AF41B1A5AE7678DC] - [19/03/2015 12:57:35] - (.Copyright (C) 2013, Broadcom Corporation. - Broadcom SMBus Controller Driver.) - [39.21 Ko] - (1.1.0.2200) - C:\WINDOWS\System32\Drivers\bcmsmbsp.sys
[MD5.61BAC67048CA5C1D08C48FCC8012B613] - [16/07/2016 06:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic Gigabit Ethernet VBD.) - [521.34 Ko] - (7.12.31.105) - C:\WINDOWS\System32\Drivers\bxvbda.sys
[MD5.48BC8B59BF348BD8C8702B93171008F2] - [16/07/2016 06:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI Crash Dump Driver.) - [100.34 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4dx64.sys
[MD5.0AED948DA8D5F08B3D6F12E4E2089736] - [16/07/2016 06:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI VMiniport Driver.) - [338.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4sx64.sys
[MD5.0002A0FDE087C1657AB31CE73077539C] - [16/07/2016 06:41:53] - (.Copyright © 2010 Chelsio Communications. - Virtual Bus Driver for Chelsio ® T4 Chipset.) - [2054.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4vx64.sys
[MD5.83E4A14F851341C933C3235BFB882ECA] - [16/07/2016 06:41:54] - (.Copyright(C) 2013, Intel Corporation. - Intel(R) Gigabit Adapter NDIS 6.x driver.) - [512.5 Ko] - (12.15.22.6) - C:\WINDOWS\System32\Drivers\e1i63x64.sys
[MD5.7EC6FC0266D74BD47ABB130A328B70EC] - [16/07/2016 06:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic 10 GigE VBD.) - [3338.84 Ko] - (7.13.65.105) - C:\WINDOWS\System32\Drivers\evbda.sys
[MD5.F5CA18197B4646E04DB9EB2D6642CC4D] - [16/07/2016 06:41:53] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys
[MD5.C6B8743B213F06AA60943D8366FE968F] - [16/07/2016 06:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO GPIO Controller Driver.) - [32.5 Ko] - (604.10146.3023.12819) - C:\WINDOWS\System32\Drivers\iagpio.sys
[MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [16/07/2016 06:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys
[MD5.5A0E850F8CD17791A3E6A3CF81D0CA28] - [16/07/2016 06:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Driver v2.) - [63 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_GPIO2.sys
[MD5.7508F1096803385D6376BFD0BD473AC4] - [16/07/2016 06:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [172.25 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys
[MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [16/07/2016 06:41:52] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys
[MD5.EB82A11613326691508D9ED9A4FE29E7] - [16/07/2016 06:41:50] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys
[MD5.D62CBCD73F175C8A7F92CAFB6B6AF4DD] - [19/03/2015 12:57:52] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver - x64.) - [654.85 Ko] - (13.2.4.1000) - C:\WINDOWS\System32\Drivers\iaStorA.sys
[MD5.97E553D03219D3D51705C7235D9EAEBD] - [16/07/2016 06:41:53] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys
[MD5.8350FE3BCDE3428BC040877BB7E9EAEB] - [16/07/2016 06:41:53] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys
[MD5.3BA03F7C7700DDF4C383DDE9252F5817] - [16/07/2016 06:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [513.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ibbus.sys
[MD5.62F0CB0A54EAF37E15EC385300957BB8] - [01/07/2015 22:17:44] - (.Intel Corporation (C) 2015 - Intel(R) Wireless Bluetooth(R) Driver.) - [77.77 Ko] - (18.1.1525.1445) - C:\WINDOWS\System32\Drivers\ibtfltcoex.sys
[MD5.243A1CC37824CF3539BA6E6AEA3E7459] - [31/08/2015 21:43:50] - (.Copyright (c) 1998-2014 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [6129.76 Ko] - (10.18.15.4248) - C:\WINDOWS\System32\Drivers\igdkmd64.sys
[MD5.5F6F8E55DDB25BC41497DD11A85FC257] - [19/03/2015 12:57:55] - (.Intel(R) Corporation. - Intel(R) Display Audio Driver.) - [443.23 Ko] - (6.16.0.3150) - C:\WINDOWS\System32\Drivers\IntcDAud.sys
[MD5.5950F69F9B345952F3C2275C39EA393B] - [04/03/2015 16:18:26] - (.Copyright © 2010-2014, Intel Corporation. - Intel® WiDi Solution.) - [41.3 Ko] - (5.5.55.0) - C:\WINDOWS\System32\Drivers\intelaud.sys
[MD5.F980BC9EDC3BB844C6144351B8053581] - [19/03/2015 13:19:24] - (.Copyright (C) Lenovo. 1998-2013 - Lenovo Desktop BIOS Driver.) - [15.82 Ko] - (1.0.0.8) - C:\WINDOWS\System32\Drivers\LBAI.sys
[MD5.8E1B0946948CCC0BC1FA3CB70374A795] - [16/07/2016 06:41:53] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys
[MD5.4F68163FC04C973500DC4DA0946917B0] - [16/07/2016 06:41:53] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [103.34 Ko] - (2.0.79.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys
[MD5.E5AC5F2815938651CDCC27F425474673] - [16/07/2016 06:41:53] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [98.84 Ko] - (2.51.12.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys
[MD5.CCF6EC9FB9B8F18E05B4253E81013E48] - [16/07/2016 06:41:53] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys
[MD5.3BEC6134F1E45AEF5E971F69F0D38510] - [24/04/2017 14:31:49] - (.(C) Malwarebytes. - Malwarebytes Chameleon.) - [171.94 Ko] - (3.0.0.149) - C:\WINDOWS\System32\Drivers\MBAMChameleon.sys
[MD5.C3CDCCF07486BD2616A7B82946E07AC0] - [16/07/2016 06:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys
[MD5.2CF0CB2A0ED68C5455371E84C16F9627] - [14/10/2016 20:59:12] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [62.84 Ko] - (6.711.10.11) - C:\WINDOWS\System32\Drivers\MegaSas2i.sys
[MD5.FADB2FE017E69EECE0E1BA78661C2E8C] - [16/07/2016 06:41:53] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys
[MD5.FD60818B66B2E8A5415EA840E99A9D8F] - [16/07/2016 06:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [822.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys
[MD5.3D2C5B4995CA0751D32DEA0DE9FDFE44] - [16/07/2016 06:41:53] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys
[MD5.629CB21AC49C8867E0F29DF1C16DB7B4] - [16/07/2016 06:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [106.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys
[MD5.6C76780A01FC2B885BD6E957B5C36B02] - [16/07/2016 06:42:03] - (.-.) - [88.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\NetAdapterCx.sys
[MD5.99C24A7DC1F3D4845553B4BD189274A0] - [16/07/2016 06:41:50] - (.Copyright © Intel Corporation 2011 - Intel® Wireless WiFi Link Driver.) - [3265.5 Ko] - (15.16.0.2) - C:\WINDOWS\System32\Drivers\NETwew01.sys
[MD5.D261DF41F0840F734856A2B4F5E072C7] - [16/07/2016 06:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys
[MD5.23B702B555EB0436B9DAA0BC63DA65CE] - [16/07/2016 06:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys
[MD5.540116170E2135FCD5DDE77702166B67] - [16/07/2016 06:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.805.3.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys
[MD5.8356F87553BF49C703CF382033815898] - [16/07/2016 06:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [60.34 Ko] - (6.603.6.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys
[MD5.2A8D4FDD17CD77B2C90A1D1418D60263] - [09/01/2016 10:19:08] - (.Copyright (C) CyberLink Corp. 2009 -.) - [148.48 Ko] - (1.0.2829.2626) - C:\WINDOWS\System32\Drivers\rikvm_90970B6B.sys
[MD5.C44251AF46727BA1A4D2A703255C9071] - [19/03/2015 12:58:22] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [3932.46 Ko] - (6.0.1.7324) - C:\WINDOWS\System32\Drivers\RTKVHD64.sys
[MD5.A34CE1830E45DA98932295FDE4B7908A] - [16/07/2016 06:41:53] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys
[MD5.A7B5C670770E908DA5FEF5BF1136E933] - [16/07/2016 06:41:53] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys
[MD5.AF14CCEDA0CB1F509A3B7963B7B7A86C] - [19/03/2015 12:59:39] - (.Copyright (C) Synaptics Incorporated 1996-2014 - Synaptics SMBus Driver.) - [30.73 Ko] - (18.0.7.53) - C:\WINDOWS\System32\Drivers\Smb_driver_Intel.sys
[MD5.0211AB46B73A2623B86C1CFCB30579AB] - [05/08/2015 13:00:14] - (.Copyright (C) Samsung Corp. 1998-2005 - Port Contention Driver.) - [11.3 Ko] - (1.0.0.0) - C:\WINDOWS\System32\Drivers\SSPORT.SYS
[MD5.29D26E1347AE1BBD4201014E19880B2C] - [16/07/2016 06:41:53] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys
[MD5.9042E630FE102F1A2436EE05857CD139] - [19/03/2015 12:57:36] - (.Copyright © 2006-2014, Intel Corporation. - Intel(R) Management Engine Interface.) - [123 Ko] - (10.0.20.1258) - C:\WINDOWS\System32\Drivers\TeeDriverx64.sys
[MD5.F957092C63CD71D85903CA0D8370F473] - [10/06/2015 23:08:36] - (.© Apple, Inc. - Apple Mobile Device USB Driver.) - [53.5 Ko] - (1.67.0.0) - C:\WINDOWS\System32\Drivers\usbaapl64.sys
[MD5.FD9BCB8920973CEAD4D49DC7A6D8A618] - [16/07/2016 06:41:53] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys
[MD5.0C111F220798CCE80484026E06822379] - [16/07/2016 06:41:53] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS
[MD5.A556768CC1FA4F36022BEE2F0EDE2566] - [12/11/2015 23:50:10] - (.© 2006-2015 Western Digital Technologies, Inc. - Western Digital SCSI Architecture Model (SAM) driver.) - [26.25 Ko] - (1.1.0.0) - C:\WINDOWS\System32\Drivers\wdcsam64.sys
[MD5.F95DE20312ACCA7761446DE152BD1F7C] - [16/07/2016 06:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [31.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winmad.sys
[MD5.8B9AFF5F08E66A6F1F1063DEC9457FB6] - [16/07/2016 06:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [63.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winverbs.sys

---------- | Uninstall

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\CopyTrans Suite] : (CopyTrans Control Center Uninstall Only.-.WindSolutions) → C:\Users\Owner\AppData\Roaming\WindSolutions\CopyT ransControlCenter\Applications\CopyTransControlCen ter.exe /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\AddressBook] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE40] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IEData] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WIC] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{0C03110B-25BE-4E98-853F-4AA6C902CEC3}] : (DisplayLink Graphics.-.DisplayLink Corp.) → RunDll32.exe “%DisplayLinkConfigRoot%\InstallerApi.dll”,dlRemov eProduct {78A36ACD-80D5-490f-B4C4-83D7FCC08391}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{22ED06F1-2432-4D16-B4DC-2DF4A7ACD54A}] : (DisplayLink Core Software.-.DisplayLink Corp.) → MsiExec.exe /X{22ED06F1-2432-4D16-B4DC-2DF4A7ACD54A}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}] : (Apple Mobile Device Support.-.Apple Inc.) → MsiExec.exe /I{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) → MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{587BCDD1-4F59-42A9-8E69-6A5E5F885063}] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}] : (PaperPort Image Printer 64-bit.-.Nuance Communications, Inc.) → MsiExec.exe /X{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}] : (iTunes.-.Apple Inc.) → MsiExec.exe /I{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}] : (iCloud.-.Apple Inc.) → MsiExec.exe /I{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B255D495-4734-4E9B-B4F5-96702FD4A7B9}] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}] : (Apple Application Support (64-bit).-.Apple Inc.) → MsiExec.exe /I{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{C84F2CE8-4833-465E-90F4-CF38C99F0CAC}] : (DisplayLink Core Software.-.DisplayLink Corp.) → MsiExec.exe /X{C84F2CE8-4833-465E-90F4-CF38C99F0CAC}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}] : (Bluetooth Stack for Windows by Toshiba.-.TOSHIBA CORPORATION) → MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\AddressBook] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe AIR] : (Adobe AIR.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Avast Antivirus] : (Avast Free Antivirus.-.AVAST Software) → C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\com.amazon.music.uploader] : (Amazon Music Importer.-.Amazon Services LLC) → msiexec /qb /x {3BAF1C25-33AA-AB09-0D89-1BAB227E5FB8}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) → “C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Inst aller\setup.exe” --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE40] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IEData] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield Uninstall Information] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}] : (CyberLink Media Suite.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}] : (CyberLink WaveEditor.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}] : (CyberLink Power2Go.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}] : (SmartSound Quicktracks Plugin.-.SmartSound Software Inc) → C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}] : (CyberLink MediaShow.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{80E158EA-7181-40FE-A701-301CE6BE64AB}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}] : (CyberLink PowerBackup.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{ADD5DB49-72CF-11D8-9D75-000129760D75}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}] : (CyberLink PowerProducer.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}] : (CyberLink LabelPrint.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] : (CyberLink PowerDirector.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}] : (CyberLink PhotoNow.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{DA92A916-9238-4448-A876-276180E56FEA}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}] : (CyberLink PowerDVD 10.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}] : (CyberLink MediaEspresso.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}] : (CyberLink PowerDVD Copy.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\KeePass Password Safe_is1] : (KeePass Password Safe 1.32.-.Dominik Reichl) → “D:\KeePass Password Safe\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MPlayer2] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\SafeZone 3.55.2393.596] : (SafeZone Stable 3.55.2393.596.-.Avast Software) → “C:\Program Files\AVAST Software\SZBrowser\Launcher.exe” /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Samsung ML-1865W Series] : (Samsung ML-1865W Series.-.Samsung Electronics Co., Ltd.) → “C:\Program Files (x86)\Samsung\Samsung ML-1865W Series\Setup\Setup.exe” /R
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Trendnet USBKVM Switcher_is1] : (Trendnet USBKVM Switcher.-.) → “C:\Program Files (x86)\Trendnet\USBKVM Switcher\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WIC] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{0C8EBB00-4909-459C-8347-B2068B7F0319}] : (CyberLink DVD Menu Template Pack.-.CyberLink Corp.) → RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{0C8EBB00-4909-459C-8347-B2068B7F0319}\Setup.exe” -uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}] : (CyberLink Media Suite.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26356515-5821-40FA-9C3D-9785052A1062}] : (Apple Application Support (32-bit).-.Apple Inc.) → MsiExec.exe /I{26356515-5821-40FA-9C3D-9785052A1062}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{31B9D218-FED2-4C6C-B19F-7294FFC130B0}] : (Adobe AIR.-.Adobe Systems Incorporated) → MsiExec.exe /I{31B9D218-FED2-4C6C-B19F-7294FFC130B0}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}] : (CyberLink WaveEditor.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{3BAF1C25-33AA-AB09-0D89-1BAB227E5FB8}] : (Amazon Music Importer.-.Amazon Services LLC) → MsiExec.exe /I{3BAF1C25-33AA-AB09-0D89-1BAB227E5FB8}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{40BF1E83-20EB-11D8-97C5-0009C5020658}] : (CyberLink Power2Go.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}] : (SmartSound Quicktracks Plugin.-.SmartSound Software Inc) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{56EC47AA-5813-4FF6-8E75-544026FBEA83}] : (Apple Software Update.-.Apple Inc.) → MsiExec.exe /I{56EC47AA-5813-4FF6-8E75-544026FBEA83}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) → MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{7FE25256-B7C1-480D-B736-10A67A833AEA}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{80E158EA-7181-40FE-A701-301CE6BE64AB}] : (CyberLink MediaShow.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{80E158EA-7181-40FE-A701-301CE6BE64AB}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) → MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{ADD5DB49-72CF-11D8-9D75-000129760D75}] : (CyberLink PowerBackup.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{ADD5DB49-72CF-11D8-9D75-000129760D75}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{B7A0CE06-068E-11D6-97FD-0050BACBF861}] : (CyberLink PowerProducer.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C59C179C-668D-49A9-B6EA-0121CCFC1243}] : (CyberLink LabelPrint.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1] : (LBAI.-.Lenovo Group Limited) → “C:\Program Files (x86)\Lenovo\LBAI\unins000.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] : (CyberLink PowerDirector.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D36DD326-7280-11D8-97C8-000129760CBE}] : (CyberLink PhotoNow.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{DD98C438-D769-4677-AA87-3481FA32D20C}] : (Brother MFL-Pro Suite MFC-J4510DW.-.Brother Industries, Ltd.) → “C:\Program Files (x86)\InstallShield Installation Information{DD98C438-D769-4677-AA87-3481FA32D20C}\Setup.exe” -runfromtemp -l0x0009 UNINSTALL Reg=BHS13 -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}] : (CyberLink PowerDVD 10.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E3739848-5329-48E3-8D28-5BBD6E8BE384}] : (CyberLink MediaEspresso.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe” /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E3D04529-6EDB-11D8-A372-0050BAE317E1}] : (CyberLink PowerDVD Copy.-.CyberLink Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe” /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) → C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) → C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

---------- | Ports

---------- | Installer

[HKCR\Installer\Products\098990BCF5D15D11E99A0005AB 3E711E] : PowerDirector → C:\Windows\Installer{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\09AB59D18F4FCE748A2844C199 3DC0E1] : MSXML 4.0 SP3 Parser (KB2758694)
[HKCR\Installer\Products\1F60DE22234261D44BCDD24F7A CA5DA4] : DisplayLink Core Software → C:\WINDOWS\Installer{22ED06F1-2432-4D16-B4DC-2DF4A7ACD54A}\controlPanelIcon.exe
[HKCR\Installer\Products\1F764691F11C67F458B88521DA 8CB349] : MSXML 4.0 SP3 Parser
[HKCR\Installer\Products\3551562C3AC622842B6ECBA4AC E6E02A] : Apple Application Support (64-bit) → C:\WINDOWS\Installer{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}\WinInstall.ico
[HKCR\Installer\Products\38E1FB04BE028D11795C00905C 206085] : Power2Go → C:\Windows\Installer{40BF1E83-20EB-11D8-97C5-0009C5020658}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42C6FBF1Df1C10144AB2C065F4 E9E897] : Media Suite → C:\Windows\Installer{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\515653621285AF04C9D3795850 A20126] : Apple Application Support (32-bit) → C:\WINDOWS\Installer{26356515-5821-40FA-9C3D-9785052A1062}\WinInstall.ico
[HKCR\Installer\Products\52C1FAB3AA3390BAD098B1BA22 E7F58B] : Amazon Music Importer
[HKCR\Installer\Products\60EC0A7BE8606D1179DF0005AB BC8F16] : PowerProducer → C:\Windows\Installer{B7A0CE06-068E-11D6-97FD-0050BACBF861}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\623DD63D08278D11798C001092 67C0EB] : PhotoNow → C:\Windows\Installer{D36DD326-7280-11D8-97C8-000129760CBE}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6A2FA4E2AE050624B94AE585D2 1178A9] : Apple Mobile Device Support → C:\WINDOWS\Installer{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}\Installer.ico
[HKCR\Installer\Products\746BDFDA0C534524E96ED2C9B3 1740DB] : iCloud → C:\WINDOWS\Installer{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}\ARP.ico
[HKCR\Installer\Products\812D9B132DEFC6C41BF92749FF 1C030B] : Adobe AIR
[HKCR\Installer\Products\8489373E92353E84D882B5DBE6 B83E48] : MediaEspresso → C:\Windows\Installer{E3739848-5329-48E3-8D28-5BBD6E8BE384}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8BFDDD6597F70844985D521E5F A22BF8] : Bonjour → C:\WINDOWS\Installer{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico
[HKCR\Installer\Products\8EC2F48C3384E564094FFC839C F9C0CA] : DisplayLink Core Software → C:\WINDOWS\Installer{C84F2CE8-4833-465E-90F4-CF38C99F0CAC}\controlPanelIcon.exe
[HKCR\Installer\Products\92540D3EBDE68D113A270005AB 3E711E] : PowerDVD Copy → C:\Windows\Installer{E3D04529-6EDB-11D8-A372-0050BAE317E1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446E B8552E] : Google Update Helper
[HKCR\Installer\Products\94BD5DDAFC278D11D957001092 67D057] : PowerBackup → C:\Windows\Installer{ADD5DB49-72CF-11D8-9D75-000129760D75}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\958FB4F94A3C6BA4DB1DC9D585 815889] : iTunes → C:\WINDOWS\Installer{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}\Installer.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745 894BAC] : Google Update Helper
[HKCR\Installer\Products\AA74CE6531856FF4E857450462 BFAE38] : Apple Software Update → C:\WINDOWS\Installer{56EC47AA-5813-4FF6-8E75-544026FBEA83}\Installer.ico
[HKCR\Installer\Products\AE851E081817EF047A1003C16E EB46BA] : MediaShow → C:\Windows\Installer{80E158EA-7181-40FE-A701-301CE6BE64AB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\BFB6BBEC807D99F46A33CB6200 0EE16F] : Bluetooth Stack for Windows by Toshiba → C:\Windows\Installer{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C971C95CD8669A946BAE1012CC CF2134] : LabelPrint → C:\Windows\Installer{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\CC67F423DD8D78D47BD74DFAE5 A17A3B] : WaveEditor → C:\Windows\Installer{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\CCAAC517B97513845A4F8AA3D8 3EFE2E] : PaperPort Image Printer 64-bit → C:\Windows\Installer{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D4ADF7A47D4F94A439A460D695 4AC3E7] : SmartSound Quicktracks Plugin → C:\Windows\Installer{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DE532CED4A8571542A874CE1D8 EABAB3] : PowerDVD → C:\Windows\Installer{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe

---------- | ADS

@C:\WINDOWS\System32:Win32App_1
@C:\WINDOWS\Syswow64:Win32App_1

---------- | Drives

Disk: 0 Size=122G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors

0 0 07-NTFS 350M Yes No 2,048 716,800
1 1 07-NTFS 121G No No 718,848 248,426,496
2 2 27-UNKNWN 450M No No 249,145,344 921,600

---------- | MBR

Windows Version: Professional
Windows Information: (build 9200), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 10AY0020US
Logical Drives Mask: 0x0000003c

Analysis of file “C:\QuickDiag\MBR.bin”:
Windows 7 MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog
[HEADING=1]Faulting application name: mbamtray.exe, version: 3.0.0.849, time stamp: 0x583dca59
Faulting module name: mbamtray.exe, version: 3.0.0.849, time stamp: 0x583dca59
Exception code: 0xc0000005
Fault offset: 0x00055315
Faulting process id: 0xd50
Faulting application start time: 0x01d2bdf8cf80ac1c
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Report Id: 3ed666b4-c515-407c-b8fd-75dd03515177
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: b821f5ce-8cdf-4326-ae62-19d3235f1764
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 656c5ebd-92d8-42d7-b3a2-acb08e8013de
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 38dd5da3-1922-4423-a32a-4127f168c7db
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 6b5988bf-3d3d-4466-abfa-06072a8b1cad
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 07777e10-ee3c-425a-a304-73178a7d44ce
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: c54a5a35-e1da-4e82-8eeb-232403a41771
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 837b69e4-bf2c-4175-806b-d5ae7c6ff337
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 431ccd49-98eb-4a92-aa88-56207326c541
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 22e923a7-d3f4-46b0-a2b6-4117855fb9ff
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: ad644a05-1a5a-48e0-a56f-851cad121b0e
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 1dc57f13-5436-4319-8125-e331418f662f
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: a1179158-2cdd-47d1-a4ad-fe83ed04d625
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 0b06e4c2-0540-48f3-8965-5d662c6d8aa0
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: de0c68d8-607e-440a-b924-a44af2a39ce6
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1ee0
Faulting application start time: 0x01d2bd360fd29dcd
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: cdb270af-4c67-4831-96e4-b947e1b69e79
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1ee0
Faulting application start time: 0x01d2bd360fd29dcd
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 939ead1b-cc33-4c68-8597-ddb51cf05bdc
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1ee0
Faulting application start time: 0x01d2bd360fd29dcd
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: f95a0050-96da-4095-ad88-23ecbace5adb
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
[HEADING=1]Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1ee0
Faulting application start time: 0x01d2bd360fd29dcd
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: e053924b-ec7b-4b4e-aa88-4490e237ab28
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8 wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge[/HEADING]
----------( EOF)---------- - 4023 | 14:31:10

**user1** · 04-25-2017, 08:09 PM

Disable all your protections ,select and copy all this text :

Code:

Key::
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Run]|"GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267"
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|"userinit"|REG_SZ|userinit.exe,
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]|"Locked"|REG_DWORD|0

File::
C:\ProgramData\WindSolutions

CMD::
rd /s /q C:\WINDOWS\Temp\*
del /f /q C:\WINDOWS\Temp\*
sc delete diagtrack
sc delete dwmappushservice
###

ADS::
@C:\WINDOWS\System32
@C:\WINDOWS\Syswow64

Clean::
yes

Run QuickDiag and click on the « S » at the top of the interface.

A window will open with exactly the same text you selected before

Click « Script » button

A short time later another window will open with the results, copy/paste all the text in your answer.

**Antoine** · 04-25-2017, 08:50 PM

--------------- QuickScript | g3n-h@ckm@n | V3_23.04.17.2 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 25/04/2017 15:48:13

Updated 23/04/2017 | 18.25 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-06:00) Central Time (US & Canada)
[Owner (Administrator)] - [OWNER-PC] (S-1-5-21-1014905426-3769363605-1701117676-1001)

System: Microsoft Windows 10 Pro - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Pro|C:\WINDOWS|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: 10AY0020US - LENOVO - IdNumber: MJ014YG1 - UUID: 070DBBA0-0324-11E4-A01A-649804D41100
Processor : X64 - 2893 Mhz - Intel(R) Core™ i5-4570T CPU @ 2.90GHz
LENOVO BIOS Rev: FHKT48A 0.0 - en|US|iso8859-1 - LENOVO - S/N: MJ014YG1 - FHKT48AUS - LENOVO - 1300
CoreTemp : 29.8 Celsius

----------| Script

Registry saved : C:\QuickDiag\Save\Registry [25.04.2017 @ 15_48_14]

Value : [HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Run]~[GoogleChromeAutoLaunch_721577D41E77D440C916E2687EB A0267] Deleted Successfully
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, → Set Successfully
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 0 → Set Successfully
C:\ProgramData\WindSolutions Moved Successfully
Batch File Executed !
ADS : @C:\WINDOWS\Syswow64:Win32App_1 Deleted successfully

-------------- | CleanDisk :

FreeSpace : 88677
Cleaning…
FreeSpace : 88717

----------(EOF)----------

**user1** · 04-25-2017, 09:01 PM

ok it was generally just few corrections , not really infections
you’re not infected

**Antoine** · 04-25-2017, 09:08 PM

and thus theres no chance that any external or thumbdrives have been infected or anyone maybe got on my wifi network somehow and infected it that way right.. because if anyone did send a virus to an external or thumb drive or access my pc though my wifi network then whatever they did wouldnt have planted itself on my main drive (c

since thats where the OS and all the files necessary to run any exploits are located right?

**user1** · 04-25-2017, 09:19 PM

If there had been an infection I would have seen it in the report, how did you see that your banking information was compromised?

**Antoine** · 04-25-2017, 09:31 PM

Originally posted by g3n-h@ckm@n

If there had been an infection I would have seen it in the report, how did you see that your banking information was compromised?

Well according to the bank there ha been unauthorized access on my online banking and my transactions history shows very small (like less than a dollar) withdrawals and deposits kind of like the ones some websites (such as paypal) would do to test your account so you can see it and report the amounts to them that way it would verify or prove that the account belongs to you and I’ve never been to such websites or done such things sooo if I did not then SOMEONE must have

**user1** · 04-26-2017, 07:55 AM

The bank can, at your request to block this kind of transactions … is it still the same dealer who operates?

**Antoine** · 04-26-2017, 12:57 PM

well ive already had my accounts changed i just didnt wanna set up online banking for the new accounts if my pc was compromised and it was just gonna happen again. So I wanted to make sure before I did so

**user1** · 04-26-2017, 04:13 PM

you can be