FRST Scanned

**mnisia** · 07-29-2017, 08:26 AM

windows defender is stopping FRST now

**Malnutrition** · 07-29-2017, 10:50 AM

[MEDIA=youtube]FmjblGay3AM[/MEDIA]

**Malnutrition** · 07-31-2017, 10:41 PM

@mnisia How about an update for us.

**mnisia** · 08-01-2017, 09:04 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Steve (administrator) on STEVE-PC (01-08-2017 17:01:34)
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available Profiles: Steve & DefaultAppPool)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.100 1.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalyt ics.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Farbar) C:\Users\Steve\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)
HKLM...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-10-03] (NVIDIA Corporation)
HKLM...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [556288 2017-05-31] (McAfee, Inc.)
HKLM-x32...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-04] (Adobe Systems Inc.)
HKLM-x32...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [593216 2015-08-31] (Razer Inc.)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-3518905376-1918425772-3662548586-1001...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3518905376-1918425772-3662548586-1001...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2016-08-29]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk → C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-09-13]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip..\Interfaces{3a1b2148-2a78-4084-ac04-ccbabaddbe37}: [DhcpNameServer] 209.18.47.62 209.18.47.61
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM → DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM → {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 → DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 → {AB62CE37-C53F-4D77-9489-308327D58331} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3518905376-1918425772-3662548586-1001 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3518905376-1918425772-3662548586-1001 → {0C755E98-7D34-4B11-A63A-5F01EB9ABAE7} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-29] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper → {AE7CD045-E861-484f-8273-0445EE161910} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: McAfee WebAdvisor BHO → {B164E929-A1B6-4A06-B104-2CD0E90A88FF} → c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-29] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection → {F4971EE7-DAA0-4053-9964-665D8EE6A077} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object → {FFCB3198-32F3-4E8B-9539-4324694ED664} → C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: Windows Live Messenger Companion Helper → {9FDDE16B-836F-4806-AB1F-1455CBEFF289} → C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper → {AE7CD045-E861-484f-8273-0445EE161910} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO → {B164E929-A1B6-4A06-B104-2CD0E90A88FF} → c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper → {DDA57003-0068-4ed2-9D32-4D1EC707D94D} → c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.Visua lStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection → {F4971EE7-DAA0-4053-9964-665D8EE6A077} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object → {FFCB3198-32F3-4E8B-9539-4324694ED664} → C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2015-12-18] (Adobe Systems Incorporated)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.)
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default [2017-08-01]
FF Homepage: Mozilla\Firefox\Profiles\jor6jyfq.default → hxxps://www.facebook.com/
FF Extension: (LavaFox V2-Blue) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default\Extensions\djziggy@gmail.com [2017-08-01]
FF Extension: (HTML5 Notifications) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default\Extensions\html5notifications@paxal.net.xpi [2016-04-30]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20]
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default\searchplugins\McSiteAdvisor .xml [2016-03-12]
FF HKLM...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-13]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-09-12]
FF Plugin: @adobe.com/FlashPlayer → C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_ 137.dll [2017-07-21] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 → C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1 .dll [2017-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 → C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-29] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 → c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect → C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer → C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 137.dll [2017-07-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer → C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 → c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @mcafee.com/MVT → C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-11-09] (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 → C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat → C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect → C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
StartMenuInternet: Firefox-6F940AC27A98DD61 - C:\Program Files\Waterfox\waterfox.exe
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR HomePage: Default → hxxp://www.google.com/
CHR StartupUrls: Default → “hxxp://www.google.com/”
CHR DefaultSearchURL: Default → hxxps://search.yahoo.com/search?fr=mcafee&type=C215US837D20110426&p={search Terms}
CHR DefaultSearchKeyword: Default → mcafee
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default [2017-07-29]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-07-23]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho [2017-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-07-23]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-07-23]
CHR Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-07-29]
CHR HKLM...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18]
CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 1999-09-01] () [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalyt ics.exe [1752992 2017-03-29] (Intel Security)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [206712 2017-06-20] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3296632 2017-06-20] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-06-20] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [590880 2017-07-25] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [241656 2017-04-30] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [390656 2017-04-30] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [128512 2015-04-15] (Motorola Mobility LLC) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-22] (Intel Security, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [52696 2017-06-28] (Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-26] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307488 2012-09-03] ()
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
S2 0239901501187841mcinstcleanup; C:\WINDOWS\TEMP\023990~1.EXE -cleanup -nolog
S2 Bonjour Service; “C:\Program Files (x86)\Bonjour\mDNSResponder.exe”

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc.)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2015-10-03] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2015-10-03] (Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-07-25] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-28] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-08-01] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc.)
S3 NPF; C:\WINDOWS\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
R3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R0 SCMNdisP; C:\WINDOWS\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [350160 2015-05-09] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-24] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-24] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-01 17:01 - 2017-08-01 17:02 - 000030056 _____ C:\Users\Steve\Downloads\FRST.txt
2017-08-01 17:00 - 2017-08-01 17:00 - 002381312 _____ (Farbar) C:\Users\Steve\Downloads\FRST64(1).exe
2017-07-30 04:43 - 2017-07-30 04:46 - 000000000 ____D C:\Users\Steve\AppData\Roaming\PCDr
2017-07-29 04:06 - 2017-07-29 04:06 - 000515639 _____ (glax24 (safezone.cc)) C:\Users\Steve\Downloads\SecurityCheck(1).exe
2017-07-29 03:50 - 2017-07-29 03:50 - 000000000 ____D C:\Users\Steve\AppData\Local\DBG
2017-07-29 03:41 - 2017-07-29 03:42 - 000000000 ____D C:\ProgramData\PCDr
2017-07-29 03:41 - 2017-07-29 03:41 - 002381312 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2017-07-29 03:41 - 2017-07-29 03:41 - 000000000 ____D C:\ProgramData\SupportAssist
2017-07-29 03:38 - 2017-07-29 03:38 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-07-29 03:38 - 2017-07-29 03:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-29 03:37 - 2017-07-29 03:37 - 065365056 _____ (Oracle Corporation) C:\Users\Steve\Downloads\jre-8u144-windows-x64(1).exe
2017-07-29 03:37 - 2017-07-29 03:37 - 000000000 ____D C:\Program Files\Java
2017-07-29 03:32 - 2017-07-29 03:32 - 000605984 _____ (www.patchmypc.net) C:\Users\Steve\Downloads\PatchMyPC(2).exe
2017-07-29 03:30 - 2017-07-29 03:30 - 000006177 _____ C:\Users\Steve\Desktop\ZHPFixReport.txt
2017-07-29 03:22 - 2017-07-29 03:22 - 003498068 _____ C:\Users\Steve\Downloads\ZHPFix(2).zip
2017-07-28 00:50 - 2017-07-28 00:50 - 000000000 ____D C:\Users\Steve\AppData\Local\NetworkTiles
2017-07-27 23:21 - 2017-07-27 22:03 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2017-07-27 22:01 - 2017-07-27 22:01 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-07-27 21:59 - 2017-07-27 21:59 - 001309184 _____ C:\Users\Steve\Downloads\zoek(2).exe
2017-07-27 17:01 - 2017-07-27 17:01 - 000738880 _____ (Oracle Corporation) C:\Users\Steve\Downloads\JavaSetup8u144(1).exe
2017-07-27 16:59 - 2017-07-27 16:59 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3518905376-1918425772-3662548586-1001
2017-07-27 16:50 - 2017-07-27 16:50 - 000738880 _____ (Oracle Corporation) C:\Users\Steve\Downloads\JavaSetup8u144.exe
2017-07-27 16:41 - 2017-07-27 16:41 - 000000000 ____D C:\Users\Steve\Desktop\jre1.8.0_144
2017-07-27 16:40 - 2017-07-27 16:41 - 067097437 _____ C:\Users\Steve\Downloads\jre-8u144-windows-x64.tar.gz
2017-07-27 16:39 - 2017-07-27 16:39 - 065365056 _____ (Oracle Corporation) C:\Users\Steve\Downloads\jre-8u144-windows-x64.exe
2017-07-27 16:35 - 2017-07-29 04:06 - 000000000 ____D C:\SecurityCheck
2017-07-27 16:35 - 2017-07-27 16:35 - 000515639 _____ (glax24 (safezone.cc)) C:\Users\Steve\Downloads\SecurityCheck.exe
2017-07-26 19:35 - 2017-07-26 19:35 - 003498068 _____ C:\Users\Steve\Downloads\ZHPFix(1).zip
2017-07-26 16:27 - 2017-07-26 17:17 - 000000000 ____D C:\zoek_backup
2017-07-26 16:26 - 2017-07-26 16:31 - 000000000 _____ C:\Users\Steve\Downloads\zoek.exe
2017-07-26 16:26 - 2017-07-26 16:26 - 001309184 _____ C:\Users\Steve\Downloads\zoek(1).exe
2017-07-26 09:51 - 2017-07-26 09:51 - 000000000 ____D C:\Windows.old
2017-07-26 09:49 - 2017-07-26 09:49 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-26 09:49 - 2017-07-26 09:49 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-26 09:49 - 2017-07-26 09:49 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailI nfo.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFl owUI.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.G att.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-26 09:48 - 2017-07-26 09:48 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-26 09:48 - 2017-07-26 09:48 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-26 09:48 - 2017-07-26 09:48 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-26 09:48 - 2017-07-26 09:48 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-26 09:48 - 2017-07-26 09:48 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-26 09:48 - 2017-07-26 09:48 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dl l
2017-07-26 09:48 - 2017-07-26 09:48 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-26 09:48 - 2017-07-26 09:48 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dl l
2017-07-26 09:48 - 2017-07-26 09:48 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-26 09:48 - 2017-07-26 09:48 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-26 09:48 - 2017-07-26 09:48 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-26 09:48 - 2017-07-26 09:48 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-26 09:48 - 2017-07-26 09:48 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dl l
2017-07-26 09:48 - 2017-07-26 09:48 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-26 09:48 - 2017-07-26 09:48 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReducti on.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions .dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dl l
2017-07-26 09:48 - 2017-07-26 09:48 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications .dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer .dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dl l
2017-07-26 09:48 - 2017-07-26 09:48 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-26 09:48 - 2017-07-26 09:48 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.G att.Interface.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-26 09:48 - 2017-07-26 09:48 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailI nfo.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.G att.Interface.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-26 09:48 - 2017-07-26 09:48 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-26 09:48 - 2017-07-26 09:48 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-26 09:48 - 2017-07-26 09:48 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-26 09:48 - 2017-07-26 09:48 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 006726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-07-26 09:39 - 2017-07-26 09:39 - 006535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-07-26 09:39 - 2017-07-26 09:39 - 004709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 004672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.Cura tedTileCollections.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 002625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 002604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 002424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 002347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 002341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 002088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store .dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 001035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-07-26 09:39 - 2017-07-26 09:39 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker. dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-07-26 09:39 - 2017-07-26 09:39 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dl l
2017-07-26 09:39 - 2017-07-26 09:39 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-07-26 09:39 - 2017-07-26 09:39 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-07-26 09:39 - 2017-07-26 09:39 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-07-26 09:39 - 2017-07-26 09:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-07-26 09:39 - 2017-07-26 09:39 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManage r.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-07-26 09:39 - 2017-07-26 09:39 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-07-26 09:39 - 2017-07-26 09:39 - 000059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-07-26 09:39 - 2017-07-26 09:39 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 003135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 002085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 001003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-07-26 09:38 - 2017-07-26 09:38 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dl l
2017-07-26 09:38 - 2017-07-26 09:38 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-07-26 09:38 - 2017-07-26 09:38 - 000363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authenticatio n.Identity.Provider.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authenticatio n.Identity.Provider.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-26 09:38 - 2017-07-26 09:38 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-07-26 09:38 - 2017-07-26 09:38 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-07-26 09:38 - 2017-07-26 09:38 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-07-26 09:33 - 2017-07-26 05:56 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-07-26 09:32 - 2017-07-26 09:32 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-07-26 09:29 - 2017-07-26 09:29 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-07-26 09:29 - 2017-07-26 09:29 - 000000000 ____D C:\WINDOWS\system32\msmq
2017-07-26 09:29 - 2017-07-26 09:29 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-07-26 09:29 - 2017-07-26 09:29 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-07-26 09:29 - 2017-07-26 09:29 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-07-26 09:29 - 2017-07-26 09:29 - 000000000 ____D C:\inetpub
2017-07-26 09:29 - 2017-07-26 06:23 - 000000000 ____D C:\Program Files\MSBuild
2017-07-26 09:29 - 2017-07-26 06:09 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-07-26 09:28 - 2017-02-10 15:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-07-26 09:28 - 2017-02-10 15:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNativ e_v0300.dll
2017-07-26 09:28 - 2017-02-10 15:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-07-26 09:28 - 2017-02-10 15:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-07-26 09:28 - 2017-02-10 15:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNativ e_v0300.dll
2017-07-26 09:28 - 2017-02-10 15:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-07-26 09:27 - 2017-07-26 09:27 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-07-26 07:00 - 2017-07-26 07:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-26 06:58 - 2017-07-26 06:58 - 006589840 _____ (Zemana Ltd. ) C:\Users\Steve\Downloads\Zemana.AntiMalware.Setup( 1).exe
2017-07-26 06:54 - 2017-07-26 06:54 - 001117771 _____ C:\Users\Steve\Downloads\HiJackThis.zip
2017-07-26 06:54 - 2017-04-12 21:30 - 001147984 _____ (Trend Micro Inc. & Stanislav Polshyn) C:\Users\Steve\Desktop\HiJackThis.exe
2017-07-26 06:49 - 2017-07-26 06:49 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-07-26 06:45 - 2017-07-26 06:45 - 000000020 ___SH C:\Users\Steve\ntuser.ini
2017-07-26 06:41 - 2017-07-26 06:43 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-07-26 06:41 - 2017-07-26 06:43 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-07-26 06:34 - 2017-08-01 16:53 - 000004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-07-26 06:34 - 2017-08-01 16:43 - 000004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-07-26 06:34 - 2017-08-01 16:34 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{BF02009D-C843-4079-8428-ABBD8A451EAB}
2017-07-26 06:34 - 2017-07-28 03:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-26 06:34 - 2017-07-27 17:41 - 000003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-07-26 06:34 - 2017-07-26 06:35 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A
2017-07-26 06:34 - 2017-07-26 06:35 - 000003252 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-07-26 06:34 - 2017-07-26 06:35 - 000002984 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-07-26 06:34 - 2017-07-26 06:35 - 000002602 _____ C:\WINDOWS\System32\Tasks\Verizon Wireless Upgrade Assistant Update
2017-07-26 06:34 - 2017-07-26 06:35 - 000002590 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnele vatedTask
2017-07-26 06:34 - 2017-07-26 06:34 - 000003576 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1501022171
2017-07-26 06:34 - 2017-07-26 06:34 - 000003188 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration
2017-07-26 06:34 - 2017-07-26 06:34 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore
2017-07-26 06:34 - 2017-07-26 06:34 - 000003100 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-07-26 06:34 - 2017-07-26 06:34 - 000002470 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-07-26 06:34 - 2017-07-26 06:34 - 000002410 _____ C:\WINDOWS\System32\Tasks\Verizon Wireless Upgrade Assistant Update Initial Update
2017-07-26 06:34 - 2017-07-26 06:34 - 000002382 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2017-07-26 06:34 - 2017-07-26 06:34 - 000002352 _____ C:\WINDOWS\System32\Tasks{E236F5E3-EB2E-4D84-AA3C-FE4AF73342E4}
2017-07-26 06:34 - 2017-07-26 06:34 - 000002300 _____ C:\WINDOWS\System32\Tasks{59944E75-8499-4A0B-B7F7-CC267C7182FC}
2017-07-26 06:34 - 2017-07-26 06:34 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-07-26 06:34 - 2017-07-26 06:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-07-26 06:34 - 2017-07-26 06:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtection Platform
2017-07-26 06:34 - 2017-07-26 06:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Swift Sound
2017-07-26 06:34 - 2017-07-26 06:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2017-07-26 06:34 - 2017-07-26 06:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-07-26 06:34 - 2017-07-26 06:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2017-07-26 06:21 - 2017-07-26 06:21 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-26 06:09 - 2017-07-26 06:09 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-07-26 06:07 - 2017-07-26 06:07 - 000000000 ____D C:\ProgramData\USOShared
2017-07-26 06:05 - 2017-07-26 06:23 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-07-26 06:02 - 2017-07-26 18:58 - 000000000 ____D C:\Users\Steve
2017-07-26 06:02 - 2017-07-26 06:30 - 000000000 ____D C:\Users\DefaultAppPool
2017-07-26 06:00 - 2017-07-28 03:40 - 001166792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-26 06:00 - 2017-07-26 06:00 - 000975864 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-07-26 06:00 - 2017-07-26 06:00 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bcmwlhigh6 64_01009.Wdf
2017-07-26 05:59 - 2017-07-28 03:34 - 000000000 ____D C:\ProgramData\NVIDIA
2017-07-26 05:59 - 2017-07-26 06:10 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-26 05:59 - 2017-07-26 06:09 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-26 05:59 - 2017-07-26 05:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_ 00.Wdf
2017-07-26 05:59 - 2017-07-26 05:59 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-07-26 05:59 - 2017-07-26 05:59 - 000000000 ____D C:\Program Files\Realtek
2017-07-26 05:59 - 2017-03-18 16:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-07-26 05:59 - 2016-11-14 07:15 - 006789056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-07-26 05:59 - 2016-11-14 07:15 - 003528128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-07-26 05:59 - 2016-11-14 07:15 - 002558512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-07-26 05:59 - 2016-11-14 07:15 - 000932728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-07-26 05:59 - 2016-11-14 07:15 - 000384888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-07-26 05:59 - 2016-11-14 07:15 - 000062328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-07-26 05:59 - 2016-11-14 05:09 - 007513855 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-07-26 05:56 - 2017-08-01 16:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-26 05:55 - 2017-07-26 19:01 - 005225312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-25 19:26 - 2017-07-26 06:45 - 000000000 ___DC C:\WINDOWS\Panther
2017-07-25 19:11 - 2017-07-25 19:11 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-07-25 18:39 - 2017-07-25 18:39 - 000000000 ____D C:\Users\Steve\AppData\Roaming\GRETECH
2017-07-25 18:39 - 2017-07-25 18:39 - 000000000 ____D C:\Program Files (x86)\GRETECH
2017-07-25 18:38 - 2017-07-26 06:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2017-07-25 18:38 - 2017-07-25 18:38 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2017-07-25 18:38 - 2017-07-25 18:38 - 000001106 _____ C:\Users\Public\Desktop\foobar2000.lnk
2017-07-25 18:38 - 2017-07-25 18:38 - 000001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-07-25 18:38 - 2017-07-25 18:38 - 000001082 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-07-25 18:38 - 2017-07-25 18:38 - 000000970 _____ C:\Users\Public\Desktop\AIMP.lnk
2017-07-25 18:38 - 2017-07-25 18:38 - 000000000 ____D C:\Users\Steve\AppData\Roaming\AIMP
2017-07-25 18:38 - 2017-07-25 18:38 - 000000000 ____D C:\Program Files (x86)\foobar2000
2017-07-25 18:38 - 2017-07-25 18:38 - 000000000 ____D C:\Program Files (x86)\Audacity
2017-07-25 18:38 - 2017-07-25 18:38 - 000000000 ____D C:\Program Files (x86)\AIMP
2017-07-25 18:37 - 2017-07-25 18:37 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2017-07-25 18:37 - 2017-07-25 18:37 - 000000953 _____ C:\Users\Public\Desktop\Waterfox.lnk
2017-07-25 18:37 - 2017-07-25 18:37 - 000000000 ____D C:\Program Files\Waterfox
2017-07-25 18:36 - 2017-07-25 18:36 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2017-07-25 18:36 - 2017-07-25 18:36 - 000001394 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Opera Browser.lnk
2017-07-25 18:36 - 2017-07-25 18:36 - 000000968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2017-07-25 18:36 - 2017-07-25 18:36 - 000000956 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2017-07-25 18:36 - 2017-07-25 18:36 - 000000000 ____D C:\ProgramData\Apple Computer
2017-07-25 18:36 - 2017-07-25 18:36 - 000000000 ____D C:\Program Files\Pale Moon
2017-07-25 18:36 - 2017-07-25 18:36 - 000000000 ____D C:\Program Files (x86)\Safari
2017-07-25 18:35 - 2017-07-25 18:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-07-25 18:09 - 2017-07-26 06:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avant Browser
2017-07-25 18:09 - 2017-07-25 18:09 - 000001998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Avant Browser.lnk
2017-07-25 18:09 - 2017-07-25 18:09 - 000001992 _____ C:\Users\Public\Desktop\Avant Browser.lnk
2017-07-25 18:09 - 2017-07-25 18:09 - 000000000 ____D C:\Program Files (x86)\Avant Browser
2017-07-25 18:07 - 2017-07-27 17:03 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Adblock Plus for IE
2017-07-25 18:07 - 2017-07-26 06:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-07-25 18:07 - 2017-07-25 18:07 - 000000000 ____D C:\Program Files\Adblock Plus for IE
2017-07-25 16:42 - 2017-08-01 16:33 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-25 16:42 - 2017-07-28 03:35 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-25 16:42 - 2017-07-28 03:35 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-25 16:42 - 2017-07-26 19:00 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-25 16:42 - 2017-07-26 06:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-25 16:42 - 2017-07-25 19:28 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-25 16:42 - 2017-07-25 16:42 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-25 16:42 - 2017-07-25 16:42 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-25 16:39 - 2017-07-26 06:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-07-25 16:39 - 2017-07-26 06:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-07-25 16:39 - 2017-07-25 16:39 - 000001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2017-07-25 16:39 - 2017-07-25 16:39 - 000001136 _____ C:\Users\Steve\Desktop\WinSCP.lnk
2017-07-25 16:39 - 2017-07-25 16:39 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-07-25 16:39 - 2017-07-25 16:39 - 000000000 ____D C:\Program Files\Notepad++
2017-07-25 16:37 - 2017-07-25 16:37 - 000000000 ____D C:\Program Files\CDBurnerXP
2017-07-25 16:33 - 2017-07-25 16:33 - 000605984 _____ (www.patchmypc.net) C:\Users\Steve\Downloads\PatchMyPC(1).exe
2017-07-25 16:28 - 2017-05-24 22:12 - 003521617 _____ (Nicolas Coolman ) C:\Users\Steve\Desktop\ZHPFix(2).exe
2017-07-25 16:26 - 2017-07-29 03:25 - 000001924 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2017-07-25 16:26 - 2017-07-29 03:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2017-07-25 16:26 - 2017-07-29 03:25 - 000000000 ____D C:\Program Files (x86)\ZHPFix
2017-07-25 16:24 - 2017-07-25 16:24 - 003498068 _____ C:\Users\Steve\Downloads\ZHPFix.zip
2017-07-25 06:26 - 2017-07-25 06:26 - 000605984 _____ (www.patchmypc.net) C:\Users\Steve\Downloads\PatchMyPC.exe
2017-07-24 17:44 - 2017-08-01 17:02 - 005204135 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-24 17:44 - 2017-08-01 17:01 - 000692468 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-24 17:43 - 2017-07-26 07:00 - 000001223 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-07-24 17:43 - 2017-07-26 07:00 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-24 17:43 - 2017-07-24 17:43 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-07-24 17:43 - 2017-07-24 17:43 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-07-24 17:42 - 2017-07-24 17:42 - 006589840 _____ (Zemana Ltd. ) C:\Users\Steve\Downloads\Zemana.AntiMalware.Setup. exe
2017-07-24 17:42 - 2017-07-24 17:42 - 000000000 ____D C:\Users\Steve\AppData\Local\Zemana
2017-07-24 17:24 - 2017-07-26 20:44 - 000001725 _____ C:\Users\Steve\Desktop\ZHPCleaner.txt
2017-07-24 17:11 - 2017-07-26 19:40 - 000000917 _____ C:\Users\Steve\Desktop\ZHPCleaner.lnk
2017-07-24 17:10 - 2017-07-24 17:10 - 002833792 _____ C:\Users\Steve\Downloads\ZHPCleaner.exe
2017-07-24 17:10 - 2017-07-24 17:10 - 002833792 _____ C:\Users\Steve\Downloads\ZHPCleaner(1).exe
2017-07-24 17:01 - 2017-07-26 06:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-24 17:01 - 2017-07-24 17:01 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-24 17:01 - 2017-07-24 17:01 - 000000000 ____D C:\Program Files\CCleaner
2017-07-24 17:00 - 2017-07-24 17:01 - 009747512 _____ (Piriform Ltd) C:\Users\Steve\Downloads\ccsetup532.exe
2017-07-23 23:13 - 2017-07-23 23:13 - 002789760 _____ C:\Users\Steve\Downloads\ZHPDiag3(3).exe
2017-07-23 22:59 - 2017-07-23 22:59 - 002789760 _____ C:\Users\Steve\Downloads\ZHPDiag3(2).exe
2017-07-23 22:57 - 2017-07-23 22:58 - 002789760 _____ C:\Users\Steve\Downloads\ZHPDiag3(1).exe
2017-07-23 22:51 - 2017-07-23 23:23 - 000214132 _____ C:\Users\Steve\Desktop\ZHPDiag.txt
2017-07-23 22:45 - 2017-07-29 03:30 - 000000000 ____D C:\Users\Steve\AppData\Roaming\ZHP
2017-07-23 22:45 - 2017-07-24 17:11 - 000000000 ____D C:\Users\Steve\AppData\Local\ZHP
2017-07-23 22:45 - 2017-07-23 23:14 - 000000907 _____ C:\Users\Steve\Desktop\ZHPDiag.lnk
2017-07-23 22:44 - 2017-07-23 22:45 - 002789760 _____ C:\Users\Steve\Downloads\ZHPDiag3.exe
2017-07-23 22:33 - 2017-07-23 22:34 - 008162248 _____ (Malwarebytes) C:\Users\Steve\Downloads\adwcleaner_7.0.0.0.exe
2017-07-23 22:17 - 2017-07-23 22:17 - 000060902 _____ C:\Users\Steve\Desktop\JRT.txt
2017-07-23 22:05 - 2017-07-23 22:06 - 001790024 _____ (Malwarebytes) C:\Users\Steve\Downloads\JRT.exe
2017-07-23 20:10 - 2017-07-23 20:10 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-23 20:09 - 2017-07-23 22:04 - 000000000 ____D C:\ProgramData\RogueKiller
2017-07-23 20:06 - 2017-07-23 20:09 - 026472008 _____ C:\Users\Steve\Downloads\RogueKiller_portable64.ex e
2017-07-23 13:07 - 2017-07-23 13:07 - 000250831 _____ C:\Users\Steve\Downloads\Adware Removal Tool by TSA(2).exe.part
2017-07-23 13:06 - 2017-07-23 13:06 - 000752296 _____ C:\Users\Steve\Downloads\Adware Removal Tool by TSA(1).exe
2017-07-23 13:05 - 2017-07-23 13:06 - 000752296 _____ C:\Users\Steve\Downloads\Adware Removal Tool by TSA.exe
2017-07-23 12:40 - 2017-07-23 12:41 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Steve\Downloads\esetonlinescanner_enu.exe
2017-07-23 11:25 - 2017-07-23 11:26 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Geek Uninstaller
2017-07-23 11:07 - 2017-07-23 11:12 - 000001051 _____ C:\Users\Steve\Downloads\aswMBR.txt
2017-07-23 11:03 - 2017-07-23 11:04 - 005200384 _____ (AVAST Software) C:\Users\Steve\Downloads\aswmbr.exe
2017-07-23 04:57 - 2017-08-01 17:01 - 000000000 ____D C:\FRST
2017-07-23 04:53 - 2017-07-23 04:54 - 001778176 _____ (Farbar) C:\Users\Steve\Downloads\FRST.exe
2017-07-23 03:34 - 2017-07-23 03:34 - 000000000 ____D C:\Users\Steve\AppData\Local\UNP
2017-07-21 12:42 - 2017-07-21 12:42 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Google
2017-07-21 12:11 - 2017-07-26 06:23 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-07-21 12:11 - 2017-07-21 12:12 - 000000000 ____D C:\Program Files\UNP
2017-07-21 11:57 - 2017-07-21 11:57 - 000000000 ____D C:\Program Files (x86)\Dell Update
2017-07-17 13:30 - 2017-07-17 13:30 - 000863744 _____ (Farbar) C:\WINDOWS\mod_frst.exe
2017-07-03 21:26 - 2017-07-03 21:26 - 000002119 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2017-07-03 21:26 - 2017-07-03 21:26 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-07-03 21:26 - 2017-07-03 21:26 - 000000000 ____D C:\Program Files\Dell Support Center

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-01 16:45 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-01 16:44 - 2016-11-27 14:58 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2017-08-01 16:35 - 2016-02-13 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-08-01 04:23 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-01 04:23 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-07-30 04:46 - 2015-10-03 12:09 - 000000000 ____D C:\Users\Steve\AppData\Local\Packages
2017-07-29 03:49 - 2017-03-18 07:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-29 03:44 - 2015-09-05 11:18 - 000565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-29 03:33 - 2014-08-27 12:30 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-29 02:00 - 2011-02-24 10:47 - 000000000 ____D C:\Users\Steve\AppData\Local\Adobe
2017-07-28 04:43 - 2012-10-13 21:41 - 000000000 ____D C:\Users\Steve\Downloads\Documents\Outlook Files
2017-07-28 03:36 - 2011-02-17 01:45 - 000000000 ____D C:\Temp
2017-07-28 03:35 - 2015-04-15 12:19 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-28 03:33 - 2017-03-18 07:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-07-27 17:50 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-07-27 17:03 - 2013-11-10 17:55 - 000000000 ____D C:\ProgramData\Oracle
2017-07-27 16:59 - 2015-10-03 12:13 - 000002409 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\OneDrive.lnk
2017-07-27 16:59 - 2015-10-03 12:13 - 000000000 ___RD C:\Users\Steve\OneDrive
2017-07-27 16:53 - 2011-02-17 01:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-27 16:35 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-07-26 21:08 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-26 20:58 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-26 17:17 - 2009-07-13 23:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-26 09:54 - 2017-03-18 17:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-07-26 09:51 - 2017-03-18 17:06 - 000000000 ____D C:\WINDOWS\Setup
2017-07-26 09:50 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-26 09:50 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-26 09:50 - 2017-03-18 17:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-26 09:50 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-26 09:50 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-26 09:50 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-26 09:50 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-26 09:50 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-26 09:50 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-26 09:40 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-26 09:40 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-07-26 09:40 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-07-26 09:40 - 2017-03-18 07:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-07-26 09:29 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-07-26 09:29 - 2017-03-18 16:59 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-07-26 09:29 - 2017-03-18 16:59 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-07-26 09:29 - 2017-03-18 16:59 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-07-26 09:29 - 2017-03-18 16:59 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-07-26 09:29 - 2017-03-18 16:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-07-26 09:29 - 2017-03-18 16:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-07-26 09:29 - 2017-03-18 16:59 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-07-26 09:29 - 2017-03-18 16:59 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-07-26 09:29 - 2017-03-18 16:56 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-07-26 09:29 - 2017-03-18 16:56 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-07-26 09:29 - 2017-03-18 16:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-07-26 09:29 - 2017-03-18 16:56 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-07-26 09:29 - 2017-03-18 16:56 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-07-26 09:29 - 2017-03-18 16:56 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-07-26 09:29 - 2017-03-18 16:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-07-26 09:29 - 2017-03-18 16:56 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-07-26 09:28 - 2017-03-18 16:59 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-07-26 09:28 - 2017-03-18 16:59 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-07-26 09:28 - 2017-03-18 16:56 - 001380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-07-26 09:28 - 2017-03-18 16:56 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-07-26 09:28 - 2017-03-18 16:56 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-07-26 09:28 - 2017-03-18 16:56 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-07-26 09:28 - 2017-03-18 16:56 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-07-26 09:28 - 2017-03-18 16:56 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-07-26 09:28 - 2017-03-18 16:56 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-07-26 06:50 - 2015-10-03 00:21 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Skype
2017-07-26 06:47 - 2016-09-17 15:09 - 000000000 ____D C:\Users\Steve\AppData\Local\ConnectedDevicesPlatf orm
2017-07-26 06:46 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-26 06:46 - 2015-09-10 01:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-26 06:44 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-07-26 06:41 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-07-26 06:35 - 2017-03-18 22:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-07-26 06:35 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\Registration
2017-07-26 06:34 - 2015-10-03 02:58 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-07-26 06:33 - 2017-03-18 17:03 - 000000000 __RSD C:\WINDOWS\Media
2017-07-26 06:33 - 2017-03-18 17:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-07-26 06:23 - 2017-03-10 18:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2017-07-26 06:23 - 2016-08-29 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Genie
2017-07-26 06:23 - 2016-03-19 22:08 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\WinRAR
2017-07-26 06:23 - 2016-03-19 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-26 06:23 - 2016-01-24 01:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-07-26 06:23 - 2016-01-16 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Wireless Software Upgrade Assistant - Motorola
2017-07-26 06:23 - 2015-10-03 14:31 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Windows 7 USB DVD Download Tool
2017-07-26 06:23 - 2015-09-05 14:19 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\AVS4YOU
2017-07-26 06:23 - 2015-09-05 14:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-07-26 06:23 - 2015-05-09 11:23 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\PrivaZer
2017-07-26 06:23 - 2014-06-22 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2017-07-26 06:23 - 2014-02-18 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
2017-07-26 06:23 - 2014-02-18 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2017-07-26 06:23 - 2014-01-29 21:42 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2017-07-26 06:23 - 2014-01-29 21:42 - 000000000 ____D C:\WINDOWS\system32\1033
2017-07-26 06:23 - 2014-01-29 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2017-07-26 06:23 - 2013-05-17 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-07-26 06:23 - 2013-05-11 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-07-26 06:23 - 2013-02-18 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-07-26 06:23 - 2013-02-14 18:47 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-07-26 06:23 - 2013-01-12 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt
2017-07-26 06:23 - 2012-10-11 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspell
2017-07-26 06:23 - 2012-05-12 03:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-26 06:23 - 2012-04-15 15:39 - 000000000 ____D C:\WINDOWS\en
2017-07-26 06:23 - 2012-03-17 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidShare Manager
2017-07-26 06:23 - 2011-06-17 10:22 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\QuarkXPress Passport
2017-07-26 06:23 - 2011-02-25 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Print Shop
2017-07-26 06:23 - 2011-02-17 01:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
2017-07-26 06:23 - 2011-02-17 01:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-07-26 06:23 - 2011-02-17 01:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage
2017-07-26 06:23 - 2011-02-17 01:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-07-26 06:23 - 2011-02-17 01:41 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-07-26 06:12 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-26 06:12 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-07-26 06:12 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-07-26 06:12 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-26 06:12 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-26 06:12 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-07-26 06:12 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\IME
2017-07-26 06:12 - 2017-02-16 19:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-07-26 06:12 - 2013-07-15 03:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-26 06:12 - 2011-06-17 10:22 - 000000000 ____D C:\WINDOWS\SysWOW64\Color
2017-07-26 06:12 - 2011-05-03 07:25 - 000000000 ____D C:\WINDOWS\system32\SPReview
2017-07-26 06:12 - 2011-05-03 07:24 - 000000000 ____D C:\WINDOWS\system32\EventProviders
2017-07-26 06:12 - 2011-03-17 15:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ipp20
2017-07-26 06:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\schemas
2017-07-26 06:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-07-26 06:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-26 06:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\Help
2017-07-26 06:10 - 2016-12-23 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-26 06:10 - 2016-05-15 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetNZB
2017-07-26 06:10 - 2015-10-30 05:07 - 000000000 ____D C:\WINDOWS\ShellNew
2017-07-26 06:10 - 2015-10-02 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-07-26 06:10 - 2014-06-22 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2017-07-26 06:10 - 2014-02-18 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
2017-07-26 06:10 - 2012-12-11 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2017-07-26 06:10 - 2011-04-23 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
2017-07-26 06:10 - 2011-02-17 01:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-07-26 06:09 - 2017-03-18 17:03 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-07-26 06:09 - 2017-03-18 17:03 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-07-26 06:09 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-26 06:09 - 2014-02-18 14:12 - 000000000 ____D C:\Program Files\IIS
2017-07-26 06:09 - 2009-07-14 01:32 - 000000000 ____D C:\Program Files\Microsoft Games
2017-07-26 06:07 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-07-26 06:05 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-07-26 06:00 - 2017-03-18 07:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-07-25 22:25 - 2017-03-18 23:20 - 000000000 ___HD C:$WINDOWS.~BT
2017-07-25 19:15 - 2012-05-02 19:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-25 18:35 - 2016-12-23 10:47 - 000000995 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-25 18:35 - 2011-04-30 09:00 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-25 16:43 - 2015-05-15 22:57 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-25 16:42 - 2015-04-15 12:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-25 16:39 - 2015-10-03 00:20 - 000000000 ____D C:\ProgramData\Skype
2017-07-25 16:39 - 2012-10-11 19:12 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Notepad++
2017-07-25 16:39 - 2012-09-14 21:08 - 000000000 ____D C:\Program Files (x86)\WinSCP
2017-07-25 16:37 - 2017-03-03 12:03 - 000001777 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2017-07-25 16:37 - 2017-03-03 12:03 - 000001735 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-07-25 16:37 - 2016-05-14 10:34 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-24 17:07 - 2016-06-25 11:45 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-07-24 16:53 - 2016-05-06 20:41 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-07-23 22:35 - 2015-05-09 19:43 - 000000000 ____D C:\AdwCleaner
2017-07-23 14:59 - 2016-02-20 22:02 - 1253355818 _____ C:\WINDOWS\MEMORY.DMP
2017-07-23 11:41 - 2011-04-26 14:49 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-07-23 10:46 - 2016-05-01 18:15 - 000000000 ____D C:\Program Files\McAfee
2017-07-23 10:46 - 2011-02-17 01:53 - 000000000 ____D C:\ProgramData\McAfee
2017-07-23 10:44 - 2016-11-19 13:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-23 10:44 - 2012-05-12 03:01 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-23 10:44 - 2012-05-12 03:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-07-23 04:50 - 2011-02-24 11:43 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-21 13:07 - 2016-05-01 18:12 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-07-21 11:57 - 2011-02-17 01:48 - 000000000 ____D C:\ProgramData\Dell
2017-07-03 21:21 - 2015-02-11 20:49 - 000000000 ____D C:\Program Files\Dell

==================== Files in the root of some directories =======

2016-06-11 23:06 - 2016-06-11 23:06 - 000000033 _____ () C:\Users\Steve\AppData\Roaming\AdobeWLCMCache.dat
2016-09-16 18:37 - 2016-09-16 21:10 - 000007933 _____ () C:\Users\Steve\AppData\Roaming\url.txt
2012-09-14 21:08 - 2016-08-10 19:35 - 000000600 _____ () C:\Users\Steve\AppData\Roaming\winscp.rnd
2013-07-27 23:17 - 2013-08-05 15:10 - 145394418 _____ () C:\Users\Steve\AppData\Local\ACCCx189.zip.aamdownl oad
2013-07-27 23:17 - 2013-08-05 15:10 - 000001811 _____ () C:\Users\Steve\AppData\Local\ACCCx189.zip.aamdownl oad.aamd
2013-02-14 19:44 - 2013-05-12 18:11 - 000001456 _____ () C:\Users\Steve\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-09-07 21:10 - 2012-09-14 22:01 - 000000600 _____ () C:\Users\Steve\AppData\Local\PUTTY.RND
2013-09-29 11:43 - 2013-09-29 11:43 - 000000017 _____ () C:\Users\Steve\AppData\Local\resmon.resmoncfg
2012-02-23 22:19 - 2012-02-23 22:19 - 000000000 _____ () C:\Users\Steve\AppData\Local\rx_image32.Cache
2017-03-10 18:29 - 2017-03-10 20:10 - 000000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32. bc
[HEADING=1]Some zero byte size files/folders:[/HEADING]
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-26 05:55

==================== End of FRST.txt ============================

**mnisia** · 08-01-2017, 09:05 PM

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Steve (01-08-2017 17:03:04)
Running from C:\Users\Steve\Downloads
Windows 10 Home Version 1703 (X64) (2017-07-26 10:45:16)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-3518905376-1918425772-3662548586-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3518905376-1918425772-3662548586-503 - Limited - Disabled)
Guest (S-1-5-21-3518905376-1918425772-3662548586-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3518905376-1918425772-3662548586-1003 - Limited - Enabled)
Steve (S-1-5-21-3518905376-1918425772-3662548586-1001 - Administrator - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM...{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat DC (HKLM-x32...{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32...{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32...{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32...\com.adobe.downloadassistant.AdobeDownloadAs sistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32...{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (HKLM-x32...\Adobe_7328fdfcb73660ec8b11d5a3d5c6232) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32...{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12.2.0 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32...{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Professional CS6 (HKLM-x32...{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8C E.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32...\ILST_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32...{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InCopy CC 2015 (HKLM-x32...{9EF1DB49-6D32-1014-93B7-EB62FA572532}) (Version: 11.0.1.105 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32...{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.3.0.034 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32...{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0.1.407 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32...{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.5.1 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32...{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Muse CC 2015 (HKLM-x32...{9B0619A0-D501-11E5-B16B-FB3EC5F53981}) (Version: 2015.1.2.44 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32...{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32...{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32...{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32...{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32...{39EA6AA6-F891-4D70-867D-839DA49948D2}) (Version: 12.2.9.199 - Adobe Systems, Inc)
Adobe Widget Browser (HKLM-x32...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32...\com.adobe.dmp.contentviewer) (Version: 3.3.0 - Adobe Systems Incorporated)
AIMP (HKLM-x32...\AIMP) (Version: v4.13.1897, 25.06.2017 - AIMP DevTeam)
Aspell English Dictionary-0.50-2 (HKLM-x32...\Aspell English Dictionary_is1) (Version: - GNU)
Audacity 2.1.3 (HKLM-x32...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avant Browser (remove only) (HKLM-x32...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
AVS Audio Converter version 7 (HKLM-x32...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.)
bl (HKLM-x32...{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.32 - Piriform)
CDBurnerXP (HKLM...{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
CDBurnerXP (HKLM-x32...{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6521 - CDBurnerXP)
Consumer In-Home Service Agreement (HKLM-x32...{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Crystal Reports for Visual Studio (HKLM-x32...{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}) (Version: 12.51.0.240 - SAP) Hidden
D3DX10 (HKLM-x32...{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell MusicStage (HKLM-x32...{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}) (Version: 1.3.31.0 - Fingertapps)
Dell PhotoStage (HKLM-x32...{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.19 - ArcSoft)
Dell SupportAssist (HKLM...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM...{90881C8E-6C4F-4662-9923-85AFCA058C44}) (Version: 2.0.1.7 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM...{EEA45885-F3E3-4E7D-8435-E9C21D36C141}) (Version: 3.0.0.2840 - Dell Inc.)
Digital Camera3.0M (HKLM-x32...{1A3ADB5A-2491-4F7A-BD6D-5F8C9B4714B0}) (Version: - )
DirectX 9 Runtime (HKLM-x32...{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32...{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Express Burn Disc Burning Software (HKLM-x32...\ExpressBurn) (Version: 6.02 - NCH Software)
foobar2000 v1.3.16 (HKLM-x32...\foobar2000) (Version: 1.3.16 - Peter Pawlowski)
GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
GetNZB version 1.401 (HKLM-x32...\GetNZB_is1) (Version: 1.401 - )
GNU Aspell 0.50-3 (HKLM-x32...\GNU Aspell_is1) (Version: - GNU)
GOM Player (HKLM-x32...\GOM Player) (Version: 2.3.17.5274 - GOM & Company)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 60.0.3112.78 - Google Inc.)
Google Drive (HKLM-x32...{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32...{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32...\GrabIt_is1) (Version: - Ilan Shemes)
Intel(R) Control Center (HKLM-x32...{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Integrated Performance Primitives RTI 4.0 (HKLM-x32...{51C91B84-7B46-4FE7-8999-8228CFA75F89}) (Version: 4.0.23 - Intel Corporation)
Internet Explorer (HKLM-x32...{AA31EA7B-7917-4000-949B-38E91F848A25}) (Version: 8 - Microsoft Corporation) Hidden
Internet TV for Windows Media Center (HKLM-x32...{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 8 Update 144 (64-bit) (HKLM...{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
LG VZW United Drivers (HKLM-x32...{AB43784D-1EE5-4111-95C8-918B25EFDC4B}) (Version: 2.22.0 - LG Electronics)
Malwarebytes version 3.1.2.1733 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee AntiVirus Plus (HKLM-x32...\MSC) (Version: 16.0.1 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32...\McAfee Virtual Technician) (Version: 8.1.0.135 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32...{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Mesh Runtime (HKLM-x32...{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32...{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32...{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32...{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32...{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM...\O365HomePremRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3518905376-1918425772-3662548586-1001...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32...{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32...{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32...{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32...{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32...{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM...{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32...{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32...{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32...{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM...{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32...{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM...{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32...{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM...{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32...{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32...{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM...{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM...{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM...{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32...{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM...{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM...{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32...{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32...{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32...{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM...{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM...{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32...{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32...{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32...{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32...{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32...{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM...{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM...{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM...{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 54.0.1 (x64 en-US) (HKLM...\Mozilla Firefox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32...{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32...{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
Nero 2016 Content Pack (HKLM-x32...{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}) (Version: 17.0.00200 - Nero AG)
Netflix in Windows Media Center (HKLM-x32...{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32...{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.1.0.4 - NETGEAR)
Notepad++ (64-bit x64) (HKLM...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Notepad++ (HKLM-x32...{E452F262-D655-45E3-9BDB-3E6AE19B83C5}) (Version: 5.9.0.0 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 270.57 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.57 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32...{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM...{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32...{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Opera Stable 46.0.2597.57 (HKU\S-1-5-21-3518905376-1918425772-3662548586-1001...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32...{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pale Moon 27.4.0 (x64 en-US) (HKLM...\Pale Moon 27.4.0 (x64 en-US)) (Version: 27.4.0 - Moonchild Productions)
PDF Settings CS6 (HKLM-x32...{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32...{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PhotoShowExpress (HKLM-x32...{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.028 - Sonic Solutions) Hidden
Prerequisite installer (HKLM-x32...{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
PrivaZer (HKLM-x32...\PrivaZer) (Version: 2.31.0.0 - Goversoft LLC)
QuarkXPress 6.1 (HKLM-x32...{FF0B0792-F6E7-4627-B820-EA50617E223B}) (Version: 6.10.0000 - Quark, Inc.)
RapidShare Manager 2 (HKLM-x32...\6103-4188-8184-5707) (Version: 2 - RapidShare AG)
Razer Synapse (HKLM-x32...{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27599 - Razer Inc.)
RBVirtualFolder64Inst (HKLM...{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32...{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
Recuva (HKLM...\Recuva) (Version: 1.52 - Piriform)
Roxio Creator Starter (HKLM-x32...{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (HKLM...{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Safari (HKLM-x32...{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Secure Download Manager (HKLM-x32...{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32...{91150000-003B-0000-0000-0000000FF1CE}Office15.PRJPROR{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32...{91150000-0051-0000-0000-0000000FF1CE}Office15.VISPROR{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM...{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shockwave (HKLM-x32...\Shockwave) (Version: - )
Skype™ 7.38 (HKLM-x32...{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32...{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Sql Server Customer Experience Improvement Program (HKLM...{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
The Print Shop 12 (HKLM-x32...{3DD1FE66-5536-41E3-B786-70068887B3F4}) (Version: - )
THX TruStudio PC (HKLM-x32...{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TurboTax 2015 (HKLM-x32...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Update for Skype for Business 2015 (KB3213574) 32-Bit Edition (HKLM-x32...{90150000-002A-0000-1000-0000000FF1CE}Office15.PRJPROR{2178D653-A054-4A65-9726-A90664E92D9F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3213574) 32-Bit Edition (HKLM-x32...{90150000-002A-0000-1000-0000000FF1CE}Office15.VISPROR{2178D653-A054-4A65-9726-A90664E92D9F}) (Version: - Microsoft)
UseNeXT by Tangysoft (HKLM-x32...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
Verizon Software Upgrade Assistant (HKLM-x32...{F933562A-45B5-4730-8A5E-0D282AA9866B}) (Version: 15.05.0601 - Motorola Mobility) Hidden
Verizon Wireless Software Upgrade Assistant for Motorola (HKLM-x32...{9BEDD987-AC68-44D2-8803-EC0650F6C43F}) (Version: 1.4.7 - Motorola Mobility)
Visual Studio 2010 Prerequisites - English (HKLM...{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32...{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Waterfox 54.0.1 (x64 en-US) (HKLM...\Waterfox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Waterfox Ltd)
WCF RIA Services V1.0 SP1 (HKLM-x32...{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM...{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows 10 Update and Privacy Settings (HKLM...{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32...{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32...{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinSCP 5.9.6 (HKLM-x32...\winscp3_is1) (Version: 5.9.6 - Martin Prikryl)
Zemana AntiMalware (HKLM-x32...{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
ZHPFix 2015 (HKLM-x32...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3518905376-1918425772-3662548586-1001_Classes\CLSID{0E270DAA-1BE6-48F2-AC49-A79589C16F3B}\InprocServer32 → %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3518905376-1918425772-3662548586-1001_Classes\CLSID{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] → {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] → {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] → {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => → No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] → {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-24] ()
ContextMenuHandlers1: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => → No File
ContextMenuHandlers1: [AccExt] → {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] → {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-07-25] (AIMP DevTeam)
ContextMenuHandlers1: [ANotepad++64] → {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers1: [GDContextMenu] → {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [McCtxMenuFrmWrk] → {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers1-x32: [Notepad++] → {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files (x86)\Notepad++\NppShell_04.dll → No File
ContextMenuHandlers1-x32: [PrivaZer] → {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2015-05-09] ()
ContextMenuHandlers1-x32: [ShellConverter] → {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2011-05-11] (Online Media Technologies Ltd.)
ContextMenuHandlers1-x32: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [PrivaZer] → {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2015-05-09] ()
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers3: [PrivaZer] → {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2015-05-09] ()
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] → {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => → No File
ContextMenuHandlers4: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => → No File
ContextMenuHandlers4: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-07-25] (AIMP DevTeam)
ContextMenuHandlers4: [GDContextMenu] → {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers4: [Offline Files] → {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => → No File
ContextMenuHandlers4: [PrivaZer] → {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2015-05-09] ()
ContextMenuHandlers4: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers5: [Gadgets] → {6B9228DA-9C15-419e-856C-19E768A13BDC} => → No File
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] → {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-24] ()
ContextMenuHandlers6: [AccExt] → {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] → {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] → {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers6: [Offline Files] → {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => → No File
ContextMenuHandlers6: [PrivaZer] → {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2015-05-09] ()
ContextMenuHandlers6: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05568D31-BBE6-4CB5-A88C-E666DC011F13} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d → No File <==== ATTENTION
Task: {0C855300-441B-42AC-AA66-D0D89089C907} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {0E8BA77D-4266-4580-B72B-3CD42E15D7EB} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {1291F7F5-7806-412A-9484-565DE8358B7C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {161897C7-2EB0-4B16-B3ED-53376C206846} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {18388806-6ECE-4A84-BCF1-B94584116D21} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {27460911-EAF0-481B-B769-AEAF18443920} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2B33A801-7BC4-4BF9-B206-E08E6054EF51} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2E13C35B-7155-4578-ACF1-0B8A60901239} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd → No File <==== ATTENTION
Task: {2E4A9315-98CA-48B4-8D24-1C72E09DE819} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {322C1822-EED3-4054-9336-2013968D1F5A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d → No File <==== ATTENTION
Task: {33028CBE-7F32-48C5-A70E-988D12D3B7F1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [2017-07-21] ()
Task: {3686520B-B006-4460-9F9B-523C01A3F9D3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3A5F3AEA-E730-44EB-918F-0B812C32F187} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {3CC1B7EC-72D4-4EF5-82CA-290A1228E561} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {407C29E3-9E6F-4C8C-AA19-FCDC913B5542} - System32\Tasks\Verizon Wireless Upgrade Assistant Update Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2015-05-21] ()
Task: {42D088FD-805A-46FA-A7E2-EA8DEDBA846C} - System32\Tasks{59944E75-8499-4A0B-B7F7-CC267C7182FC} => C:\Windows\system32\pcalua.exe -a C:\LGMobileUpgrade\LGMOBILEAX\BYRLauncher.exe -d C:\LGMobileUpgrade\LGMOBILEAX
Task: {43B077FF-0D14-48F3-9C3F-E14FCE479B66} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4B4B7332-58ED-4BBC-B13F-629E096B8472} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {573D20B9-A0E1-43E5-988A-ACBCABE409E5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {61B81CA3-89C1-4B5B-9984-5DEF5351EF28} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {62A7BFF5-FF12-4892-8531-F0A988FF8652} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig → No File <==== ATTENTION
Task: {63529A74-F245-4BEE-96DC-11C7280C4310} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50 .1291.1\mcdatrep.exe [2017-02-07] (McAfee, Inc.)
Task: {66E2E6D4-1BCB-44D4-AE52-E39EF170E081} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {76E07E4B-F33C-4988-8127-2918C072021F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {7D52DB34-FE7C-4DF3-B6C6-30EAA4CB6872} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.ex e [2017-06-28] (Dell Inc.)
Task: {7E59EF7A-2848-401E-A40E-1B2A6A15242A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d → No File <==== ATTENTION
Task: {7E6A706D-6B23-4F8B-A3CC-0364E8A1928E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [2017-07-21] ()
Task: {7FD7EAE3-8E6D-4D8F-8B56-F0C822EC86F6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-26] (Microsoft Corporation)
Task: {8069DAD5-CE5C-4912-AEED-BD116B780C2B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83B13107-B063-45C0-914D-1F967295648E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {85130557-900E-46A5-8318-6A8E76053B6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {862B0DBF-A9BB-4487-A4B5-894774C5CFB9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {8A2BE6FA-018A-4B90-989D-CAF7695214B7} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-31] (McAfee, Inc.)
Task: {8B441289-D895-461C-A99E-02781859DB36} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8BEA27D7-9724-40C3-9588-F7E8F3802C23} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {8FEBFC84-98F1-4753-9A06-7B30E45F071F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {92A20D1D-41D3-4C12-B60B-0647338C74BC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9ACC3CA7-4B80-4B5B-B626-8805DF480942} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {9CED3402-7833-4A1F-9889-8251AF421E37} - System32\Tasks{E236F5E3-EB2E-4D84-AA3C-FE4AF73342E4} => C:\Windows\system32\pcalua.exe -a C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\BYRAppUni nstall.exe -d C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client
Task: {9F40D04C-C248-49D1-AA17-975760ADE3DF} - System32\Tasks\Opera scheduled Autoupdate 1501022171 => C:\Users\Steve\AppData\Local\Programs\Opera\launch er.exe [2017-07-18] (Opera Software)
Task: {A6272B46-E196-4C4F-9A6B-B851D72A94F5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B02FD196-7EA2-4171-AE44-74D2DF99BB30} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {B06BEB75-7052-4170-A765-6183C197356E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {BD13FFDE-FADF-4256-9189-762392260A7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B → No File <==== ATTENTION
Task: {BEE8FD6E-7F43-46BE-800B-7F84901338B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent → No File <==== ATTENTION
Task: {BFC331B8-4F9F-4A5B-AFA4-A5E6EA700D93} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent → No File <==== ATTENTION
Task: {C30CA81D-08A8-4389-ACA3-49AD0B458606} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3717063-C7C4-4AB2-A687-F218BCF8AA64} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d → No File <==== ATTENTION
Task: {C6F052D8-DBD7-496D-A50B-B448AA0639CB} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50 .1291.1\mcdatrep.exe [2017-02-07] (McAfee, Inc.)
Task: {C82DC40A-2D69-4DE0-8535-79D36CE46C07} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d → No File <==== ATTENTION
Task: {CE576902-A24B-4C45-8029-373A2E9806E9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CF25A834-4B67-414D-BB96-691D2F368BD2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess → No File <==== ATTENTION
Task: {D199AA32-9982-440D-A9A1-3DC2BA7CD9EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D30A8E27-A2F5-466C-9036-991986398902} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D9D932A8-4BBB-4DC3-AF48-0BDE59A185FE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {DC84FF58-BB65-48FB-9D9A-CAA06F793553} - \OfficeSoftwareProtectionPlatform\SvcRestartTask → No File <==== ATTENTION
Task: {DCC882C4-801C-46CF-9BEA-6B0212D1A0A5} - System32\Tasks\Verizon Wireless Upgrade Assistant Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2015-05-21] ()
Task: {ECC15AC3-8FDC-4339-A3E8-71B6B6275FB0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F40020BC-3CC9-408F-8F8E-7B2EB275AEDF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {F420EC79-F30C-43BC-A2D9-1472E7E8C043} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.ex e [2017-06-28] (Dell Inc.)
Task: {F596A317-101D-4626-A405-D6C1D11AECA4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA2060DA-EB54-4219-A79E-B47196A3FDF5} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Steve\Favorites\NCH Software Download Site.lnk → hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-07-26 05:59 - 2016-11-14 07:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-29 22:34 - 2012-09-03 16:41 - 000307488 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2017-07-25 16:42 - 2017-07-25 19:28 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-23 14:16 - 2017-07-21 12:09 - 008932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-05-09 11:24 - 2015-05-09 11:24 - 003525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2017-06-18 17:44 - 2017-06-18 17:44 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-07-24 17:43 - 2017-07-24 17:43 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-23 05:05 - 2017-07-23 05:06 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-23 05:05 - 2017-07-23 05:06 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x 64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-23 05:05 - 2017-07-23 05:06 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x 64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-23 05:05 - 2017-07-23 05:06 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x 64__kzf8qxf38zg5c\skypert.dll
2017-07-03 21:35 - 2017-06-11 13:00 - 000583160 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-07-03 21:35 - 2017-06-11 12:59 - 000574352 _____ () C:\Program Files\McAfee\MfeAV\AMEngineScan.dll
2017-07-03 21:35 - 2017-06-11 13:00 - 000571240 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2017-06-08 04:17 - 2017-06-08 04:17 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.100 1.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-26 09:53 - 2017-07-26 09:53 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.100 1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.M obile.dll
2017-07-26 09:53 - 2017-07-26 09:53 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.100 1.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common. Mobile.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2015-04-15 09:11 - 2015-04-15 09:11 - 000162816 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2016-08-29 22:34 - 2012-09-28 10:04 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2017-05-01 15:27 - 2017-05-01 15:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2010-08-30 05:34 - 2010-08-30 05:34 - 000375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MCODS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3518905376-1918425772-3662548586-1001...\dell.com → dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-07-27 22:05 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Control Panel\Desktop\Wallpaper → C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
MSCONFIG\startupreg: AdobeCS6ServiceManager => “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e” -launchedbylogin
HKLM...\StartupApproved\StartupFolder: => “NETGEAR WNA3100 Genie.lnk”
HKLM...\StartupApproved\Run: => “RtHDVCpl”
HKLM...\StartupApproved\Run: => “AdobeAAMUpdater-1.0”
HKLM...\StartupApproved\Run: => “NvBackend”
HKLM...\StartupApproved\Run: => “RunDLLEntry_EptMon”
HKLM...\StartupApproved\Run: => “RunDLLEntry_THXCfg”
HKLM...\StartupApproved\Run: => “mcui_exe”
HKLM...\StartupApproved\Run32: => “Acrobat Assistant 8.0”
HKLM...\StartupApproved\Run32: => “Adobe Creative Cloud”
HKLM...\StartupApproved\Run32: => “AdobeCS6ServiceManager”
HKLM...\StartupApproved\Run32: => “UpdReg”
HKLM...\StartupApproved\Run32: => “IAStorIcon”
HKLM...\StartupApproved\Run32: => “Razer Synapse”
HKLM...\StartupApproved\Run32: => “RoxWatchTray”
HKLM...\StartupApproved\Run32: => “SwitchBoard”
HKLM...\StartupApproved\Run32: => “THX Audio Control Panel”
HKLM...\StartupApproved\Run32: => “SunJavaUpdateSched”
HKLM...\StartupApproved\Run32: => “Malwarebytes Anti-Exploit”
HKLM...\StartupApproved\Run32: => “AdobeAAMUpdater-1.0”
HKLM...\StartupApproved\Run32: => “NvBackend”
HKU\S-1-5-21-3518905376-1918425772-3662548586-1001...\StartupApproved\StartupFolder: => “OneNote 2010 Screen Clipper and Launcher.lnk”
HKU\S-1-5-21-3518905376-1918425772-3662548586-1001...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-3518905376-1918425772-3662548586-1001...\StartupApproved\Run: => “Adobe Acrobat Synchronizer”
HKU\S-1-5-21-3518905376-1918425772-3662548586-1001...\StartupApproved\Run: => “CCleaner”

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7A11AD86-3C6A-4B03-B4A4-DA212E49D317}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{FA66B180-87B0-4AED-8D95-62DEAA9E80D0}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{3E753705-2CFB-4C61-BDCC-0C87772944EB}] => (Allow) C:\Users\Steve\AppData\Local\Programs\Opera\46.0.2 597.57\opera.exe
FirewallRules: [{FC902E1C-AA84-4A75-9376-49F2DDC763A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D7DFDE76-E2C7-45E7-A338-93389791AD70}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{816BFE8F-EDEE-4893-869A-0303FD28EA7D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{5F1BB780-5CC5-4639-95D6-942C725CBD47}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{75B91013-0768-42AC-9EFD-C282139A6ABD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{01F42F8E-FBDF-4D4D-B14F-607AD86CB4D0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{EFDD0739-968F-4A58-9FA7-7DF5D95D3D02}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{28E82F3A-6DDF-4447-A0B0-624050C69B51}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6971F1F3-9ACA-4EFD-9C9B-F61E8696D4DE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{D58E2BAB-2238-4ADE-9507-3DBD649DFF21}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{0BB5F32A-9C7A-48D9-9548-047E7724A4DE}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{72E0D46D-10DD-4AA7-89C9-C9235ED9938B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59F9780C-F89F-495D-BA36-DFC9012D84FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC4F7729-05AD-4582-A4C5-4F7024A3DF39}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3941113B-3E26-455C-B548-BC0F4DEB0340}] => (Allow) LPort=2869
FirewallRules: [{5737323D-30AB-4668-B8EE-8FA7DA735DD2}] => (Allow) LPort=1900
FirewallRules: [{6DF5FBCC-2E04-4135-9D6C-6334683BE0F2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FE592854-43E7-4176-9497-66136BB37806}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{35CBF863-999C-4578-9953-15F6D9A0A6CC}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{413689AE-A1F8-4714-849D-B713E837857A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21F80F42-4E2C-4784-B3F2-007CC335B197}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F60AF2E4-640A-425B-B2BD-7F4E49A726FC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C861ED61-0589-4DF6-AAC2-C3F98C7F7E07}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-07-2017 20:57:12 Windows Update
29-07-2017 03:34:52 Removed Java 8 Update 144

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (08/01/2017 04:24:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe”.
Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“ia64” ,publicKeyToken=“6595b64144ccf1df”,type=“win32”,ve rsion=“6.0.0.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/31/2017 03:38:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest.

Error: (07/31/2017 03:37:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “C:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.

Error: (07/30/2017 04:54:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe”.
Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“ia64” ,publicKeyToken=“6595b64144ccf1df”,type=“win32”,ve rsion=“6.0.0.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/30/2017 04:46:26 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: System.Xml.XmlExceptionUpdateLastUpdatedConfig192. 168.0.6

Error: (07/30/2017 04:45:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest.

Error: (07/30/2017 04:43:38 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “C:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.

Error: (07/29/2017 04:10:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe”.
Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“ia64” ,publicKeyToken=“6595b64144ccf1df”,type=“win32”,ve rsion=“6.0.0.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/29/2017 04:06:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest.

Error: (07/29/2017 04:05:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “C:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.
[HEADING=1]System errors:[/HEADING]
Error: (08/01/2017 05:02:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (08/01/2017 05:02:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (08/01/2017 04:57:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (08/01/2017 04:57:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (08/01/2017 04:52:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (08/01/2017 04:52:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (08/01/2017 04:47:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (08/01/2017 04:47:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (08/01/2017 04:43:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (08/01/2017 04:42:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2017-08-01 16:49:34.433
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-08-01 16:49:34.204
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-29 03:57:18.412
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-29 03:56:46.519
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-29 03:55:31.647
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-29 03:46:45.060
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-29 03:46:13.707
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-29 03:46:13.387
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-29 03:30:27.413
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Steve\AppData\Local\ Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-29 03:30:27.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Steve\AppData\Local\ Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 44%
Total physical RAM: 8182.92 MB
Available physical RAM: 4506.42 MB
Total Virtual: 10102.92 MB
Available Virtual: 5365.03 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:674.89 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

**mnisia** · 08-01-2017, 09:13 PM

Not finding Shortcut txt.

**Malnutrition** · 08-01-2017, 10:31 PM

Eliminate restrictive settings with this tool.
[ul]
[li]Temporarily disable your antivirus — Your antivirus may flag this tool as malware, it is safe to run I assure you.[/li]
[li]Download SupRestric.exe save to your desktop.[/li][li]Close all running programs.[/li][li]Double click the file to launch it.[/li][li]Windows: 7/8/10 Vista and run as administrator[/li][li]Click Yes at any prompt.[/li]
[li]The analysis takes only a few moments.[/li][li]The report is on the desktop ( CTR.txt )[/li][li]Copy paste report in next reply.[/li][li]A reboot is needed to complete the repairs.[/li][/ul]

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**mnisia** · 08-02-2017, 10:49 PM

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Steve (02-08-2017 18:24:21) Run:1
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available Profiles: Steve & DefaultAppPool)
Boot Mode: Normal[/HEADING]
fixlist content:

Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
RemoveProxy:
HKLM...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM → DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM → {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 → DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 → C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
CHR DefaultSearchURL: Default → hxxps://search.yahoo.com/search?fr=mcafee&type=C215US837D20110426&p={search Terms}
S2 0239901501187841mcinstcleanup; C:\WINDOWS\TEMP\023990~1.EXE -cleanup -nolog
S2 Bonjour Service; “C:\Program Files (x86)\Bonjour\mDNSResponder.exe”
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3518905376-1918425772-3662548586-1001
C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
C:\WINDOWS\System32\Tasks\Verizon Wireless Upgrade Assistant Update
C:\WINDOWS\System32\Tasks\PCDDataUploadTask
C:\WINDOWS\System32\Tasks{E236F5E3-EB2E-4D84-AA3C-FE4AF73342E4}
C:\WINDOWS\System32\Tasks{59944E75-8499-4A0B-B7F7-CC267C7182FC}
2016-06-11 23:06 - 2016-06-11 23:06 - 000000033 _____ () C:\Users\Steve\AppData\Roaming\AdobeWLCMCache.dat
2016-09-16 18:37 - 2016-09-16 21:10 - 000007933 _____ () C:\Users\Steve\AppData\Roaming\url.txt
2012-09-14 21:08 - 2016-08-10 19:35 - 000000600 _____ () C:\Users\Steve\AppData\Roaming\winscp.rnd
2013-07-27 23:17 - 2013-08-05 15:10 - 145394418 _____ () C:\Users\Steve\AppData\Local\ACCCx189.zip.aamdownl oad
2013-07-27 23:17 - 2013-08-05 15:10 - 000001811 _____ () C:\Users\Steve\AppData\Local\ACCCx189.zip.aamdownl oad.aamd
2013-02-14 19:44 - 2013-05-12 18:11 - 000001456 _____ () C:\Users\Steve\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-09-07 21:10 - 2012-09-14 22:01 - 000000600 _____ () C:\Users\Steve\AppData\Local\PUTTY.RND
2013-09-29 11:43 - 2013-09-29 11:43 - 000000017 _____ () C:\Users\Steve\AppData\Local\resmon.resmoncfg
2012-02-23 22:19 - 2012-02-23 22:19 - 000000000 _____ () C:\Users\Steve\AppData\Local\rx_image32.Cache
2017-03-10 18:29 - 2017-03-10 20:10 - 000000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32. bc
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
CustomCLSID: HKU\S-1-5-21-3518905376-1918425772-3662548586-1001_Classes\CLSID{0E270DAA-1BE6-48F2-AC49-A79589C16F3B}\InprocServer32 → %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => → No File
ContextMenuHandlers1: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => → No File
ContextMenuHandlers1-x32: [Notepad++] → {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files (x86)\Notepad++\NppShell_04.dll → No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] → {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => → No File
ContextMenuHandlers4: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => → No File
ContextMenuHandlers4: [Offline Files] → {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => → No File
ContextMenuHandlers5: [Gadgets] → {6B9228DA-9C15-419e-856C-19E768A13BDC} => → No File
ContextMenuHandlers6: [Offline Files] → {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => → No File
Task: {05568D31-BBE6-4CB5-A88C-E666DC011F13} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d → No File <==== ATTENTION
Task: {0C855300-441B-42AC-AA66-D0D89089C907} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {1291F7F5-7806-412A-9484-565DE8358B7C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {161897C7-2EB0-4B16-B3ED-53376C206846} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {18388806-6ECE-4A84-BCF1-B94584116D21} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2B33A801-7BC4-4BF9-B206-E08E6054EF51} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2E13C35B-7155-4578-ACF1-0B8A60901239} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd → No File <==== ATTENTION
Task: {2E4A9315-98CA-48B4-8D24-1C72E09DE819} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {322C1822-EED3-4054-9336-2013968D1F5A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d → No File <==== ATTENTION
Task: {33028CBE-7F32-48C5-A70E-988D12D3B7F1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [2017-07-21] ()
Task: {3686520B-B006-4460-9F9B-523C01A3F9D3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3A5F3AEA-E730-44EB-918F-0B812C32F187} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {3CC1B7EC-72D4-4EF5-82CA-290A1228E561} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {407C29E3-9E6F-4C8C-AA19-FCDC913B5542} - System32\Tasks\Verizon Wireless Upgrade Assistant Update Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2015-05-21] ()
Task: {42D088FD-805A-46FA-A7E2-EA8DEDBA846C} - System32\Tasks{59944E75-8499-4A0B-B7F7-CC267C7182FC} => C:\Windows\system32\pcalua.exe -a C:\LGMobileUpgrade\LGMOBILEAX\BYRLauncher.exe -d C:\LGMobileUpgrade\LGMOBILEAX
Task: {43B077FF-0D14-48F3-9C3F-E14FCE479B66} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4B4B7332-58ED-4BBC-B13F-629E096B8472} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {573D20B9-A0E1-43E5-988A-ACBCABE409E5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {61B81CA3-89C1-4B5B-9984-5DEF5351EF28} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {62A7BFF5-FF12-4892-8531-F0A988FF8652} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig → No File <==== ATTENTION
Task: {66E2E6D4-1BCB-44D4-AE52-E39EF170E081} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {76E07E4B-F33C-4988-8127-2918C072021F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {7D52DB34-FE7C-4DF3-B6C6-30EAA4CB6872} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.ex e [2017-06-28] (Dell Inc.)
Task: {7E59EF7A-2848-401E-A40E-1B2A6A15242A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d → No File <==== ATTENTION
Task: {7E6A706D-6B23-4F8B-A3CC-0364E8A1928E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [2017-07-21] ()
Task: {7FD7EAE3-8E6D-4D8F-8B56-F0C822EC86F6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-26] (Microsoft Corporation)
Task: {8069DAD5-CE5C-4912-AEED-BD116B780C2B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83B13107-B063-45C0-914D-1F967295648E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {85130557-900E-46A5-8318-6A8E76053B6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {862B0DBF-A9BB-4487-A4B5-894774C5CFB9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {8B441289-D895-461C-A99E-02781859DB36} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8FEBFC84-98F1-4753-9A06-7B30E45F071F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {92A20D1D-41D3-4C12-B60B-0647338C74BC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9CED3402-7833-4A1F-9889-8251AF421E37} - System32\Tasks{E236F5E3-EB2E-4D84-AA3C-FE4AF73342E4} => C:\Windows\system32\pcalua.exe -a C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\BYRAppUni nstall.exe -d C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client
Task: {A6272B46-E196-4C4F-9A6B-B851D72A94F5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B02FD196-7EA2-4171-AE44-74D2DF99BB30} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {B06BEB75-7052-4170-A765-6183C197356E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {BD13FFDE-FADF-4256-9189-762392260A7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B → No File <==== ATTENTION
Task: {BEE8FD6E-7F43-46BE-800B-7F84901338B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent → No File <==== ATTENTION
Task: {BFC331B8-4F9F-4A5B-AFA4-A5E6EA700D93} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent → No File <==== ATTENTION
Task: {C30CA81D-08A8-4389-ACA3-49AD0B458606} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3717063-C7C4-4AB2-A687-F218BCF8AA64} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d → No File <==== ATTENTION
Task: {C82DC40A-2D69-4DE0-8535-79D36CE46C07} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d → No File <==== ATTENTION
Task: {CE576902-A24B-4C45-8029-373A2E9806E9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CF25A834-4B67-414D-BB96-691D2F368BD2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess → No File <==== ATTENTION
Task: {D30A8E27-A2F5-466C-9036-991986398902} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC84FF58-BB65-48FB-9D9A-CAA06F793553} - \OfficeSoftwareProtectionPlatform\SvcRestartTask → No File <==== ATTENTION
Task: {DCC882C4-801C-46CF-9BEA-6B0212D1A0A5} - System32\Tasks\Verizon Wireless Upgrade Assistant Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2015-05-21] ()
Task: {ECC15AC3-8FDC-4339-A3E8-71B6B6275FB0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F40020BC-3CC9-408F-8F8E-7B2EB275AEDF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {F420EC79-F30C-43BC-A2D9-1472E7E8C043} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.ex e [2017-06-28] (Dell Inc.)
Task: {F596A317-101D-4626-A405-D6C1D11AECA4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: ipconfig /flushdns
reboot:
end

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\SunJavaUpdateSched => value removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\000000 000007 => key removed successfully
HKLM\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key removed successfully
HKLM\Software\Classes\CLSID{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
HKLM\Software\Classes\PROTOCOLS\Handler\ms-help => key removed successfully
HKLM\Software\Classes\CLSID{314111c7-a502-11d2-bbca-00c04f8ec294} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 => key removed successfully
Chrome DefaultSearchURL => removed successfully
HKLM\System\CurrentControlSet\Services\02399015011 87841mcinstcleanup => key removed successfully
0239901501187841mcinstcleanup => service removed successfully
HKLM\System\CurrentControlSet\Services\Bonjour Service => key removed successfully
Bonjour Service => service removed successfully
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3518905376-1918425772-3662548586-1001 => moved successfully
C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate => moved successfully
C:\WINDOWS\System32\Tasks\Verizon Wireless Upgrade Assistant Update => moved successfully
C:\WINDOWS\System32\Tasks\PCDDataUploadTask => moved successfully
C:\WINDOWS\System32\Tasks{E236F5E3-EB2E-4D84-AA3C-FE4AF73342E4} => moved successfully
C:\WINDOWS\System32\Tasks{59944E75-8499-4A0B-B7F7-CC267C7182FC} => moved successfully
C:\Users\Steve\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
C:\Users\Steve\AppData\Roaming\url.txt => moved successfully
C:\Users\Steve\AppData\Roaming\winscp.rnd => moved successfully
C:\Users\Steve\AppData\Local\ACCCx189.zip.aamdownl oad => moved successfully
C:\Users\Steve\AppData\Local\ACCCx189.zip.aamdownl oad.aamd => moved successfully
C:\Users\Steve\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Users\Steve\AppData\Local\PUTTY.RND => moved successfully
C:\Users\Steve\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\Steve\AppData\Local\rx_image32.Cache => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.400.32. bc => moved successfully
C:\Windows\logo_1.exe => moved successfully
C:\Windows\RUNDL132.EXE => moved successfully
C:\Windows\VDLL.DLL => moved successfully
C:\Windows\SysWOW64\runouce.exe => moved successfully
HKU\S-1-5-21-3518905376-1918425772-3662548586-1001_Classes\CLSID{0E270DAA-1BE6-48F2-AC49-A79589C16F3B} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\GDriveSharedOver lay => key removed successfully
HKLM\Software\Classes\CLSID{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
HKLM\Software\Classes*\ShellEx\ContextMenuHandlers \7-Zip => key removed successfully
HKLM\Software\Classes\CLSID{23170F69-40C1-278A-1000-000100020000} => key not found.
HKLM\Software\Classes*\ShellEx\ContextMenuHandlers \Notepad++ => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => key removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx \ContextMenuHandlers{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => key removed successfully
HKLM\Software\Classes\CLSID{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers\7-Zip => key removed successfully
HKLM\Software\Classes\CLSID{23170F69-40C1-278A-1000-000100020000} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHa ndlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{05568D3 1-BBE6-4CB5-A88C-E666DC011F13} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{05568D3 1-BBE6-4CB5-A88C-E666DC011F13} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{0C85530 0-441B-42AC-AA66-D0D89089C907} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0C85530 0-441B-42AC-AA66-D0D89089C907} => key removed successfully
C:\WINDOWS\System32\Tasks\PCDDataUploadTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDDataU ploadTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{1291F7F 5-7806-412A-9484-565DE8358B7C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1291F7F 5-7806-412A-9484-565DE8358B7C} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\OCURActivate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{161897C 7-2EB0-4B16-B3ED-53376C206846} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{161897C 7-2EB0-4B16-B3ED-53376C206846} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PBDADiscoveryW2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{1838880 6-6ECE-4A84-BCF1-B94584116D21} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1838880 6-6ECE-4A84-BCF1-B94584116D21} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\mcupdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2B33A80 1-7BC4-4BF9-B206-E08E6054EF51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2B33A80 1-7BC4-4BF9-B206-E08E6054EF51} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\DispatchRecoveryTasks => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2E13C35 B-7155-4578-ACF1-0B8A60901239} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2E13C35 B-7155-4578-ACF1-0B8A60901239} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2E4A931 5-98CA-48B4-8D24-1C72E09DE819} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2E4A931 5-98CA-48B4-8D24-1C72E09DE819} => key removed successfully
C:\WINDOWS\System32\Tasks\PCDEventLauncherTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEvent LauncherTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{322C182 2-EED3-4054-9336-2013968D1F5A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{322C182 2-EED3-4054-9336-2013968D1F5A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{33028CB E-7F32-48C5-A70E-988D12D3B7F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{33028CB E-7F32-48C5-A70E-988D12D3B7F1} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeB ackgroundTaskHandlerRegistration => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Office\OfficeBackgroundTaskHandlerRegistration => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{3686520 B-B006-4460-9F9B-523C01A3F9D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3686520 B-B006-4460-9F9B-523C01A3F9D3} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ReindexSearchRoot => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{3A5F3AE A-E730-44EB-918F-0B812C32F187} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3A5F3AE A-E730-44EB-918F-0B812C32F187} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\mcupdate_scheduled => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{3CC1B7E C-72D4-4EF5-82CA-290A1228E561} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3CC1B7E C-72D4-4EF5-82CA-290A1228E561} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\OCURDiscovery => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{407C29E 3-9E6F-4C8C-AA19-FCDC913B5542} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{407C29E 3-9E6F-4C8C-AA19-FCDC913B5542} => key removed successfully
C:\WINDOWS\System32\Tasks\Verizon Wireless Upgrade Assistant Update Initial Update => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Verizon Wireless Upgrade Assistant Update Initial Update => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{42D088F D-805A-46FA-A7E2-EA8DEDBA846C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{42D088F D-805A-46FA-A7E2-EA8DEDBA846C} => key removed successfully
C:\WINDOWS\System32\Tasks{59944E75-8499-4A0B-B7F7-CC267C7182FC} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{59944E75-8499-4A0B-B7F7-CC267C7182FC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{43B077F F-0D14-48F3-9C3F-E14FCE479B66} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{43B077F F-0D14-48F3-9C3F-E14FCE479B66} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\MediaCenterRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{4B4B733 2-58ED-4BBC-B13F-629E096B8472} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4B4B733 2-58ED-4BBC-B13F-629E096B8472} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\RegisterSearch => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{573D20B 9-A0E1-43E5-988A-ACBCABE409E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{573D20B 9-A0E1-43E5-988A-ACBCABE409E5} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PvrScheduleTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{61B81CA 3-89C1-4B5B-9984-5DEF5351EF28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{61B81CA 3-89C1-4B5B-9984-5DEF5351EF28} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Office\Office ClickToRun Service Monitor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{62A7BFF 5-FF12-4892-8531-F0A988FF8652} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{62A7BFF 5-FF12-4892-8531-F0A988FF8652} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{66E2E6D 4-1BCB-44D4-AE52-E39EF170E081} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{66E2E6D 4-1BCB-44D4-AE52-E39EF170E081} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PBDADiscovery => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{76E07E4 B-F33C-4988-8127-2918C072021F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{76E07E4 B-F33C-4988-8127-2918C072021F} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeT elemetryAgentFallBack => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Office\OfficeTelemetryAgentFallBack => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{7D52DB3 4-FE7C-4DF3-B6C6-30EAA4CB6872} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7D52DB3 4-FE7C-4DF3-B6C6-30EAA4CB6872} => key removed successfully
C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AnonymousRegistration => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{7E59EF7 A-2848-401E-A40E-1B2A6A15242A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7E59EF7 A-2848-401E-A40E-1B2A6A15242A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{7E6A706 D-6B23-4F8B-A3CC-0364E8A1928E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7E6A706 D-6B23-4F8B-A3CC-0364E8A1928E} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeB ackgroundTaskHandlerLogon => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Office\OfficeBackgroundTaskHandlerLogon => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{7FD7EAE 3-8E6D-4D8F-8B56-F0C822EC86F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7FD7EAE 3-8E6D-4D8F-8B56-F0C822EC86F6} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Subscription Maintenance => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Office\Office Subscription Maintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{8069DAD 5-CE5C-4912-AEED-BD116B780C2B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8069DAD 5-CE5C-4912-AEED-BD116B780C2B} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ConfigureInternetTimeService => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{83B1310 7-B063-45C0-914D-1F967295648E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{83B1310 7-B063-45C0-914D-1F967295648E} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\StartRecording => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{8513055 7-900E-46A5-8318-6A8E76053B6E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8513055 7-900E-46A5-8318-6A8E76053B6E} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeT elemetryAgentLogOn => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Office\OfficeTelemetryAgentLogOn => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{862B0DBF-A9BB-4487-A4B5-894774C5CFB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{862B0DB F-A9BB-4487-A4B5-894774C5CFB9} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\RecordingRestart => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{8B44128 9-D895-461C-A99E-02781859DB36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8B44128 9-D895-461C-A99E-02781859DB36} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Office\Office 15 Subscription Heartbeat => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{8FEBFC8 4-98F1-4753-9A06-7B30E45F071F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8FEBFC8 4-98F1-4753-9A06-7B30E45F071F} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\InstallPlayReady => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{92A20D1 D-41D3-4C12-B60B-0647338C74BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{92A20D1 D-41D3-4C12-B60B-0647338C74BC} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PBDADiscoveryW1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9CED340 2-7833-4A1F-9889-8251AF421E37} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9CED340 2-7833-4A1F-9889-8251AF421E37} => key removed successfully
C:\WINDOWS\System32\Tasks{E236F5E3-EB2E-4D84-AA3C-FE4AF73342E4} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{E236F5E3-EB2E-4D84-AA3C-FE4AF73342E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{A6272B4 6-E196-4C4F-9A6B-B851D72A94F5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A6272B4 6-E196-4C4F-9A6B-B851D72A94F5} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\SqlLiteRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{B02FD19 6-7EA2-4171-AE44-74D2DF99BB30} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B02FD19 6-7EA2-4171-AE44-74D2DF99BB30} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Automatic Updates => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Office\Office Automatic Updates => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{B06BEB7 5-7052-4170-A765-6183C197356E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B06BEB7 5-7052-4170-A765-6183C197356E} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PeriodicScanRetry => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{BD13FFD E-FADF-4256-9189-762392260A7D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{BD13FFD E-FADF-4256-9189-762392260A7D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{BEE8FD6 E-7F43-46BE-800B-7F84901338B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{BEE8FD6 E-7F43-46BE-800B-7F84901338B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{BFC331B 8-4F9F-4A5B-AFA4-A5E6EA700D93} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{BFC331B 8-4F9F-4A5B-AFA4-A5E6EA700D93} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{C30CA81 D-08A8-4389-ACA3-49AD0B458606} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C30CA81 D-08A8-4389-ACA3-49AD0B458606} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\UpdateRecordPath => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{C371706 3-C7C4-4AB2-A687-F218BCF8AA64} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C371706 3-C7C4-4AB2-A687-F218BCF8AA64} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{C82DC40 A-2D69-4DE0-8535-79D36CE46C07} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C82DC40 A-2D69-4DE0-8535-79D36CE46C07} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{CE57690 2-A24B-4C45-8029-373A2E9806E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{CE57690 2-A24B-4C45-8029-373A2E9806E9} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PvrRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{CF25A83 4-4B67-414D-BB96-691D2F368BD2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{CF25A83 4-4B67-414D-BB96-691D2F368BD2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{D30A8E2 7-A2F5-466C-9036-991986398902} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D30A8E2 7-A2F5-466C-9036-991986398902} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ActivateWindowsSearch => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DC84FF5 8-BB65-48FB-9D9A-CAA06F793553} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DC84FF5 8-BB65-48FB-9D9A-CAA06F793553} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSo ftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DCC882C 4-801C-46CF-9BEA-6B0212D1A0A5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DCC882C 4-801C-46CF-9BEA-6B0212D1A0A5} => key removed successfully
C:\WINDOWS\System32\Tasks\Verizon Wireless Upgrade Assistant Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Verizon Wireless Upgrade Assistant Update => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{ECC15AC 3-8FDC-4339-A3E8-71B6B6275FB0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{ECC15AC 3-8FDC-4339-A3E8-71B6B6275FB0} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ObjectStoreRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{F40020B C-3CC9-408F-8F8E-7B2EB275AEDF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F40020B C-3CC9-408F-8F8E-7B2EB275AEDF} => key removed successfully
C:\WINDOWS\System32\Tasks\SystemToolsDailyTest => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemTo olsDailyTest => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{F420EC7 9-F30C-43BC-A2D9-1472E7E8C043} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F420EC7 9-F30C-43BC-A2D9-1472E7E8C043} => key removed successfully
C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{F596A31 7-101D-4626-A405-D6C1D11AECA4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F596A31 7-101D-4626-A405-D6C1D11AECA4} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ehDRMInit => key removed successfully

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state Off =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16443159 B
Java, Flash, Steam htmlcache => 8334 B
Windows/system/drivers => 447101 B
Edge => 28306716 B
Chrome => 21625153 B
Firefox => 382588635 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6148 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 144804 B
systemprofile32 => 128 B
LocalService => 9842 B
NetworkService => 9704 B
Steve => 22546543 B
DefaultAppPool => 6148 B

RecycleBin => 0 B
EmptyTemp: => 456 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:30:38 ====

**Malnutrition** · 08-03-2017, 12:34 AM

Eliminate restrictive settings with this tool.
[ul]
[li]Temporarily disable your antivirus — Your antivirus may flag this tool as malware, it is safe to run I assure you.[/li]
[li]Download SupRestric.exe save to your desktop. ( Unzip it there)[/li]
[li]Close all running programs.[/li][li]Double click the file to launch it.[/li][li]Windows: 7/8/10 Vista and run as administrator[/li][li]Click Yes at any prompt.[/li]
[li]The analysis takes only a few moments.[/li][li]The report is on the desktop ( CTR.txt )[/li][li]Copy paste report in next reply.[/li][li]A reboot is needed to complete the repairs.[/li]
[/ul]
In your next reply, I need…

The SupRestric log.
Tell me What issues remain with your machine.

**mnisia** · 08-03-2017, 10:39 AM

Rapport de Contrôle restrictions Pierre13 (CTR version 2.4.0.0 ) du 03\08\2017 à 06:34:55
PC de Steve
Windows 10 Home (64 bits)

réparation erreur 2203 effectuée.

Contrôle présence restrictions

[TROJ_POWELIKS.B] clé feature_browser_emulation supprimée.
Autorisation installation sponsor Java(x86) supprimée.
Autorisation installation sponsor Java(x64) supprimée.
Restriction Affichage Documents récents supprimée.
Restriction Affichage Documents supprimée.
Restriction synchronisation en arrière-plan des flux d’informations et des Web Slices supprimée.
Restriction découverte des flux RSS et des Web Slices supprimée.
Restriction LowerFilters Bluetooth supprimée.
Pavé numérique activé.
Restriction utilisateur pour Windows Installer supprimée.
Recherche Windows Update rétablie.
Service Pare feu Windows activé.
Paramètres Pare feu Windows rétablis par défaut et activés.

238 restrictions contrôlées.

12 restriction(s) réparée(s).
Re démarrer le PC pour prendre en compte la ou les réparations.

Le rapport est sur le bureau (C:\Users\Steve\Desktop\CTR.txt)

I think this is what you are looking for not sure. The machine is acting better.

**Malnutrition** · 08-03-2017, 07:51 PM

Originally posted by mnisia

I think this is what you are looking for not sure.

Yes.

Originally posted by mnisia

The machine is acting better.

Sweet.

Originally posted by mnisia

When the machine starts up now note pad is on the desk top saying access denied.

Still having this issue?

I’d like to run a scan that looks deep into the system to make certain I have not missed anything what so ever…

Download Quick Diag to your desktop.
Very Important!! — Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.
g3n-h@ckm@n Tools: Image
Post the log that is generated in your next post.

**mnisia** · 08-03-2017, 08:04 PM

Yes I’m still getting the access denied with note pad

**Malnutrition** · 08-03-2017, 08:26 PM

OK, Lets see the new log, then after I check it and make sure there is nothing lurking on your machine I will send you instructions to remedy that issue.

**mnisia** · 08-04-2017, 09:52 AM

--------------- QuickDiag | g3n-h@ckm@n | V3_01.07.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 03/08/2017 16:07:19

Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-05:00) Eastern Time (US & Canada)
[Steve (Administrator)] - [STEVE-PC] (S-1-5-21-3518905376-1918425772-3662548586-1001)

System: Microsoft Windows 10 Home - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) → (1703)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Home|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: Studio XPS 9100 - Dell Inc. - IdNumber: 8MNRBP1 - UUID: 4C4C4544-004D-4E10-8052-B8C04F425031
Processor : X64 - 2800 Mhz - Intel(R) Core™ i7 CPU 930 @ 2.80GHz
Default System BIOS - - Dell Computer Corporation - S/N: 8MNRBP1 - A04 - DELL - 20101021
CoreTemp : ? Celsius

----------| Quick

---------- | SoundDevice

NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101& REV_1002\5&25211838&0&0001
NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101& REV_1002\5&25211838&0&0101
NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101& REV_1002\5&25211838&0&0201
NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101& REV_1002\5&25211838&0&0301
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_10280482& REV_1003\4&2D476A8&0&0201

---------- | Video

NVIDIA GeForce 310 - Resolution: 1680x1050 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,n vwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_0A66&SUBSYS_90601B0A&REV_A2\4&3A4 C116B&0&0038 - AdapterCompatibility: NVIDIA - RAM: 536870912
Inegrated Video Chipset DeviceName: NVIDIA GeForce 310 - DriverVersion: 21.21.13.4201 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84992 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35760 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42488 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35208 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:25 %
CPU #2 value:19 %
CPU #3 value:0 %
CPU #4 value:12 %
CPU #5 value:0 %
CPU #6 value:0 %
CPU #7 value:0 %
CPU #8 value:0 %
Total Overall CPU Usage value:7 %

---------- | Network

Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
NETGEAR WNA3100 N300 Wireless USB Adapter : SENT:867 bytes/sec / RECVD:867 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall → SEND Maxium:867 bytes/sec, / RECEIVE Maximum:867 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_E0001028&REV_03\03000 000684CE00000
NETGEAR WNA3100 N300 Wireless USB Adapter - Ethernet 802.3 - Netgear - Status: - PnPID : USB\VID_0846&PID_9020\113
WAN Miniport (SSTP) - - - Status: - PnPID :
WAN Miniport (IKEv2) - - - Status: - PnPID :
WAN Miniport (L2TP) - - - Status: - PnPID :
WAN Miniport (PPTP) - - - Status: - PnPID :
WAN Miniport (PPPOE) - - - Status: - PnPID :
WAN Miniport (IP) - - - Status: - PnPID :
WAN Miniport (IPv6) - - - Status: - PnPID :
WAN Miniport (Network Monitor) - - - Status: - PnPID :
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE

---------- | Memory

RAM = Total (MB) : 8379 | Free (MB) : 5515
Pagefile = Total (MB) : 8904 | Free (MB) : 5813
Virtual = Total (MB) : 4194 | Free (MB) : 3938

Physical Memory 0 : Capacity: 4294967296 - DIMM0 - Posit.: - Manufacturer: Manufacturer00 - PartNumber: BLT4G3D1608DT1TX0. - S/N: 21DA07A8
Physical Memory 2 : Capacity: 2147483648 - DIMM2 - Posit.: - Manufacturer: Hyundai - PartNumber: HMT125U6DFR8C-H9 - S/N: EB2B2331
Physical Memory 4 : Capacity: 2147483648 - DIMM4 - Posit.: - Manufacturer: Hyundai - PartNumber: HMT125U6DFR8C-H9 - S/N: E92B6331

---------- | SID Users

Administrator : [S-1-5-21-3518905376-1918425772-3662548586-500]
DefaultAccount : [S-1-5-21-3518905376-1918425772-3662548586-503]
Guest : [S-1-5-21-3518905376-1918425772-3662548586-501]
HomeGroupUser$ : [S-1-5-21-3518905376-1918425772-3662548586-1003]
Steve : [S-1-5-21-3518905376-1918425772-3662548586-1001]
Administrators : [S-1-5-32-544]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Remote Management Users : [S-1-5-32-580]
System Managed Accounts Group : [S-1-5-32-581]
Users : [S-1-5-32-545]
HelpLibraryUpdaters : [S-1-5-21-3518905376-1918425772-3662548586-1008]
HomeUsers : [S-1-5-21-3518905376-1918425772-3662548586-1000]
SQLServer2005SQLBrowserUser$STEVE-PC : [S-1-5-21-3518905376-1918425772-3662548586-1005]
SQLServerMSSQLServerADHelperUser$STEVE-PC : [S-1-5-21-3518905376-1918425772-3662548586-1004]
SQLServerMSSQLUser$Steve-PC$SQLEXPRESS : [S-1-5-21-3518905376-1918425772-3662548586-1006]
SQLServerSQLAgentUser$STEVE-PC$SQLEXPRESS : [S-1-5-21-3518905376-1918425772-3662548586-1007]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ → [Fixed] | [OS] | Total : 919.22 Go | Free : 675.21 Go → NTFS [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:658,645 bytes/sec, Written:188,184 bytes/sec Max Read:658,645 bytes/sec, Max Write:188,184 bytes/sec

Overall - Read Maximum:658,645 bytes/sec, Write Maximum:188,184 bytes/sec

DeviceID: \.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST31000528AS\4&2F621F8A&0&0200 00

---------- | Windows updates

Test 1 : Windows Is Activated
Test 2 : Windows Is Activated
Test 3 : Possible Fixed Windows (Notification Mode)

---------- | Browsers

IE : 11.0.15063.0 (© Microsoft Corporation.)
FF : 54.0.1.6388 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 60.0.3112.78 (Copyright 2016 Google Inc.)
SF : 5.34.57.2 (Copyright Apple Inc. 2007-2012)

Default : “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” -osint -url “”

---------- | FlashPlayer

FlashPlayer ActiveX : 26.0.0.137
FlashPlayer Plugin : 26.0.0.137

---------- | Security

FW : McAfee Firewall Enabled
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

460 | [Owner : SYSTEM | Parent : 4(System) | ???] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.15063.0) = C:\Windows\System32\smss.exe [18/03/2017 16:57:38] CPU Usage:0 %
720 | [Owner : SYSTEM | Parent : 712() | ???] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe [18/03/2017 16:57:38] CPU Usage:0 %
872 | [Owner : SYSTEM | Parent : 864() | ???] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe [18/03/2017 16:57:38] CPU Usage:0 %
896 | [Owner : SYSTEM | Parent : 712() | ???] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.15063.483) = C:\Windows\System32\wininit.exe [26/07/2017 09:48:36] CPU Usage:0 %
976 | [Owner : SYSTEM | Parent : 864() | 9.82 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.15063.483) = C:\Windows\System32\winlogon.exe [26/07/2017 09:48:36] CPU Usage:0 %
1000 | [Owner : SYSTEM | Parent : 896(wininit.exe) | ???] - (.Microsoft Corporation - Services and Controller app.) - (10.0.15063.0) = C:\Windows\System32\services.exe [18/03/2017 16:57:39] CPU Usage:0 %
260 | [Owner : SYSTEM | Parent : 896(wininit.exe) | 16.71 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.15063.483) = C:\Windows\System32\lsass.exe [26/07/2017 09:48:36] CPU Usage:0 %
668 | [Owner : SYSTEM | Parent : 1000(services.exe) | 3.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
652 | [Owner : UMFD-1 | Parent : 976(winlogon.exe) | 18.71 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe [26/07/2017 09:48:48] CPU Usage:0 %
704 | [Owner : UMFD-0 | Parent : 896(wininit.exe) | 13.84 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe [26/07/2017 09:48:48] CPU Usage:0 %
780 | [Owner : SYSTEM | Parent : 1000(services.exe) | 25.38 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1064 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 11.99 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1108 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.78 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1192 | [Owner : DWM-1 | Parent : 976(winlogon.exe) | 35.51 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.15063.0) = C:\Windows\System32\dwm.exe [18/03/2017 16:58:21] CPU Usage:0 %
1248 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.77 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1292 | [Owner : SYSTEM | Parent : 1000(services.exe) | 9.75 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1300 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 11.11 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1364 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.28 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1484 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 19.46 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1528 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.05 Mo] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.01.) - (8.17.13.4201) = C:\Windows\System32\nvvsvc.exe [26/07/2017 05:59:50] CPU Usage:0 %
1548 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 9.23 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1564 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.74 Mo] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.4201) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17/12/2016 06:20:40] CPU Usage:0 %
1632 | [Owner : SYSTEM | Parent : 1528(nvvsvc.exe) | 19.92 Mo] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.4201) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [26/07/2017 05:59:50] CPU Usage:0 %
1640 | [Owner : SYSTEM | Parent : 1528(nvvsvc.exe) | 14.03 Mo] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.01.) - (8.17.13.4201) = C:\Windows\System32\nvvsvc.exe [26/07/2017 05:59:50] CPU Usage:0 %
1688 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 19.37 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1740 | [Owner : SYSTEM | Parent : 1000(services.exe) | 15.71 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1748 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 7.76 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1860 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 12.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1964 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.74 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2032 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.45 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2040 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 9.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2080 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2088 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 8.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2220 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.29 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2248 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.34 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2256 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 8.23 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2376 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 12.41 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2460 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.39 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2468 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 8.33 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2476 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 12.54 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2484 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 6.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2688 | [Owner : SYSTEM | Parent : 1000(services.exe) | 15.47 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2792 | [Owner : SYSTEM | Parent : 1000(services.exe) | 11.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2868 | [Owner : SYSTEM | Parent : 1000(services.exe) | 16.85 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe [18/03/2017 16:58:24] CPU Usage:0 %
2908 | [Owner : SYSTEM | Parent : 2688(svchost.exe) | 6.72 Mo] - (.Microsoft Corporation - Windows Wireless LAN 802.11 Extensibility Framework.) - (10.0.15063.0) = C:\Windows\System32\wlanext.exe [18/03/2017 16:58:10] CPU Usage:0 %
2976 | [Owner : SYSTEM | Parent : 2908(wlanext.exe) | 5.99 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe [18/03/2017 16:57:35] CPU Usage:0 %
3068 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.93 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2140 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 7.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2144 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 8.15 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2724 | [Owner : SYSTEM | Parent : 1000(services.exe) | 11.04 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2716 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.84 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.22.5037) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [25/04/2017 09:12:12] CPU Usage:0 %
2700 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 10.66 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3040 | [Owner : SYSTEM | Parent : 1000(services.exe) | 9.73 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (4.2.0.574) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [04/09/2015 16:54:06] CPU Usage:0 %
3076 | [Owner : SYSTEM | Parent : 1000(services.exe) | 25.84 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3084 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.49 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3092 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.72 Mo] - (.Adobe Systems Incorporated - Adobe Update Service.) - (3.8.0.310) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [24/08/2016 08:45:06] CPU Usage:0 %
3100 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 14.06 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3108 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 9.99 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3116 | [Owner : SYSTEM | Parent : 1000(services.exe) | 11.46 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3148 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.44 Mo] - (.McAfee, Inc. - McAfee Process Validation Service.) - (15.6.0.2180) = C:\Windows\System32\mfevtps.exe [01/05/2016 18:12:28] CPU Usage:0 %
3184 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 7.3 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3204 | [Owner : SYSTEM | Parent : 1000(services.exe) | 18.26 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3252 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.63 Mo] - (.McAfee, Inc. - McAfee Management Service.) - (15.6.0.2180) = C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [01/05/2016 18:12:26] CPU Usage:0 %
3344 | [Owner : SYSTEM | Parent : 1000(services.exe) | 28.52 Mo] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.0.6.149) = C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [27/07/2017 16:37:00] CPU Usage:0 %
3352 | [Owner : SYSTEM | Parent : 1000(services.exe) | 48.21 Mo] - (.McAfee, Inc. - McAfee Module Core Service.) - (1.8.140.0) = C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [07/02/2017 06:11:58] CPU Usage:0 %
3492 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.04 Mo] - (.Intel Security, Inc. - Intel Security PEF Service.) - (1.6.122.0) = C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [01/05/2016 18:16:26] CPU Usage:0 %
3508 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.09 Mo] - (.Motorola - ForwardDemon.) - (1.0.0.0) = C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [15/08/2015 17:09:45] CPU Usage:0 %
3556 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.05 Mo] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2007.100.5500.0) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [22/09/2011 21:07:34] CPU Usage:0 %
3564 | [Owner : SYSTEM | Parent : 1000(services.exe) | 32.95 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8229.2103) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [24/01/2016 01:41:43] CPU Usage:0 %
3612 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.1 Mo] - (.- Wifi Service.) - (2.1.0.24) = C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [29/08/2016 22:34:24] CPU Usage:0 %
3648 | [Owner : SYSTEM | Parent : 1000(services.exe) | 16.45 Mo] - (.Copyright 2017. - ZAM.) - (2.74.0.76) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [24/07/2017 17:43:54] CPU Usage:0 %
3688 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 52.73 Mo] - (.Microsoft Corporation - SQL Server Windows NT - 64 Bit.) - (2007.100.5538.0) = C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [03/04/2015 19:15:26] CPU Usage:0 %
3740 | [Owner : SYSTEM | Parent : 1000(services.exe) | 11.41 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3748 | [Owner : SYSTEM | Parent : 1000(services.exe) | 5.81 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3760 | [Owner : SYSTEM | Parent : 1000(services.exe) | 66.99 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3768 | [Owner : SYSTEM | Parent : 1000(services.exe) | 16.64 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3776 | [Owner : SYSTEM | Parent : 1000(services.exe) | 20.89 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3784 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3864 | [Owner : SYSTEM | Parent : 1000(services.exe) | 18.04 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3884 | [Owner : SYSTEM | Parent : 1000(services.exe) | ???] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.483) = C:\Windows\System32\SecurityHealthService.exe [26/07/2017 09:49:11] CPU Usage:0 %
3968 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 13.52 Mo] - (.Microsoft Corporation - Message Queuing Service.) - (5.0.1.1) = C:\Windows\System32\mqsvc.exe [18/03/2017 16:56:51] CPU Usage:0 %
2980 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 5.68 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
4176 | [Owner : LOCAL SERVICE | Parent : 3084(svchost.exe) | 5.58 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe [18/03/2017 16:57:46] CPU Usage:0 %
4240 | [Owner : SYSTEM | Parent : 1000(services.exe) | 16.37 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
4448 | [Owner : SYSTEM | Parent : 1000(services.exe) | 239.08 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.479) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [25/07/2017 16:42:20] CPU Usage:0 %
4476 | [Owner : SYSTEM | Parent : 1000(services.exe) | 9.81 Mo] - (.Nero AG - NeroUpdate.) - (11.2.0.6) = C:\Program Files (x86)\Nero\Update\NASvc.exe [15/07/2014 09:46:00] CPU Usage:0 %
4588 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 7.79 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
4616 | [Owner : SYSTEM | Parent : 3252(mfemms.exe) | 12.79 Mo] - (.McAfee, Inc. - McAfee Process Validation Service.) - (15.6.0.2180) = C:\Windows\System32\mfevtps.exe [01/05/2016 18:12:28] CPU Usage:0 %
4340 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.06 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2644 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 6.93 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
5276 | [Owner : SYSTEM | Parent : 1000(services.exe) | 27.61 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe [26/07/2017 09:38:59] CPU Usage:0 %
6072 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 23.58 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.7.2046.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe [18/03/2017 16:59:43] CPU Usage:0 %
6192 | [Owner : Steve | Parent : 1000(services.exe) | 19.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
6244 | [Owner : Steve | Parent : 2032(svchost.exe) | 22.2 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe [18/03/2017 16:58:10] CPU Usage:0 %
6256 | [Owner : Steve | Parent : 3344(mcsacore.exe) | 30.7 Mo] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.0.6.149) = C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe [27/07/2017 16:37:02] CPU Usage:0 %
6472 | [Owner : Steve | Parent : 1000(services.exe) | 25.9 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
6644 | [Owner : SYSTEM | Parent : 1000(services.exe) | 19.25 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
6700 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 16.24 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.7.2046.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe [18/03/2017 16:59:43] CPU Usage:0 %
6740 | [Owner : NETWORK SERVICE | Parent : 780(svchost.exe) | 16.84 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2017 16:58:01] CPU Usage:0 %
6984 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 18.28 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
5140 | [Owner : Steve | Parent : 1740(svchost.exe) | 21.91 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe [18/03/2017 16:57:57] CPU Usage:0 %
7300 | [Owner : Steve | Parent : 7148() | 98.15 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.15063.447) = C:\Windows\explorer.exe [26/07/2017 09:48:47] CPU Usage:0 %
7912 | [Owner : SYSTEM | Parent : 1000(services.exe) | 15.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
8136 | [Owner : SYSTEM | Parent : 3252(mfemms.exe) | 57.08 Mo] - (.McAfee, Inc. - McAfee Cloud AV.) - (20.1.159.0) = C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe [03/07/2017 21:35:55] CPU Usage:2 %
772 | [Owner : Steve | Parent : 780(svchost.exe) | 62.74 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe [18/03/2017 16:56:41] CPU Usage:0 %
1768 | [Owner : Steve | Parent : 780(svchost.exe) | 93.62 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe [26/07/2017 09:39:07] CPU Usage:0 %
7064 | [Owner : SYSTEM | Parent : 3252(mfemms.exe) | 11.5 Mo] - (.McAfee, Inc. - McAfee Core Firewall Service.) - (15.6.0.2180) = C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [01/05/2016 18:16:03] CPU Usage:0 %
5156 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.42 Mo] - (.McAfee, Inc. - McAfee Core Firewall Service.) - (15.6.0.2180) = C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [01/05/2016 18:16:03] CPU Usage:0 %
8196 | [Owner : SYSTEM | Parent : 1000(services.exe) | 21.44 Mo] - (.Intel Security - AnalyticsSDK.) - (2.2.143.0) = C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalyt ics.exe [14/01/2017 10:44:05] CPU Usage:0 %
8204 | [Owner : SYSTEM | Parent : 1000(services.exe) | 57.38 Mo] - (.McAfee, Inc. - McAfee Service Host.) - (6.4.4016.0) = C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [01/05/2016 18:15:21] CPU Usage:0 %
8372 | [Owner : SYSTEM | Parent : 1000(services.exe) | 11.47 Mo] - (.McAfee, Inc. - McAfee Access Protection.) - (7.1.156.0) = C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe [07/02/2017 06:14:27] CPU Usage:0 %
8700 | [Owner : Steve | Parent : 3328() | 12.59 Mo] - (.Motorola Mobility LLC - MotoHelperAgent.) - (14.8.6.1) = C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe [15/04/2015 09:43:18] CPU Usage:0 %
9028 | [Owner : Steve | Parent : 780(svchost.exe) | 26.56 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe [18/03/2017 16:58:01] CPU Usage:0 %
9712 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 10.24 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
9232 | [Owner : Steve | Parent : 780(svchost.exe) | 32.15 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.332) = C:\Windows\System32\smartscreen.exe [26/07/2017 09:38:59] CPU Usage:0 %
3376 | [Owner : SYSTEM | Parent : 5276(SearchIndexer.exe) | 7.54 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.15063.447) = C:\Windows\System32\SearchProtocolHost.exe [26/07/2017 09:48:36] CPU Usage:0 %
9276 | [Owner : Steve | Parent : 780(svchost.exe) | 10.05 Mo] - (.-.) - (11.19.820.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x 64__kzf8qxf38zg5c\SkypeHost.exe [23/07/2017 05:05:56] CPU Usage:0 %
6400 | [Owner : LOCAL SERVICE | Parent : 2376(svchost.exe) | 15.84 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.15063.447) = C:\Windows\System32\audiodg.exe [26/07/2017 09:48:36] CPU Usage:0 %
2704 | [Owner : Steve | Parent : 3352(ModuleCoreService.exe) | 30.68 Mo] - (.McAfee, Inc. - McAfee Module Core Service.) - (1.8.140.0) = C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [07/02/2017 06:11:58] CPU Usage:0 %
2984 | [Owner : Steve | Parent : 2704(ModuleCoreService.exe) | 6.18 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe [18/03/2017 16:57:35] CPU Usage:0 %
3856 | [Owner : Steve | Parent : 4448(MBAMService.exe) | 20.94 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1068) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [25/07/2017 16:42:18] CPU Usage:0 %
2408 | [Owner : Steve | Parent : 780(svchost.exe) | 4.37 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.250) = C:\Windows\System32\SettingSyncHost.exe [26/07/2017 09:38:59] CPU Usage:0 %
4864 | [Owner : Steve | Parent : 7300(explorer.exe) | 9.52 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe [18/03/2017 16:56:44] CPU Usage:0 %
6416 | [Owner : Steve | Parent : 7300(explorer.exe) | 109.96 Mo] - (.Copyright 2017. - ZAM.) - (2.74.0.76) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [24/07/2017 17:43:54] CPU Usage:0 %
6488 | [Owner : Steve | Parent : 1740(svchost.exe) | 33.4 Mo] - (.McAfee, Inc. - McAfee.) - (9.1.151.0) = C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe [01/05/2016 18:16:15] CPU Usage:0 %
5284 | [Owner : SYSTEM | Parent : 1000(services.exe) | 19.18 Mo] - (.McAfee, Inc. - McAfee CSP Service Host.) - (2.5.312.0) = C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe [30/05/2017 21:21:26] CPU Usage:0 %
10912 | [Owner : Steve | Parent : 7300(explorer.exe) | 222.56 Mo] - (.Mozilla Corporation - Firefox.) - (54.0.1.6388) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [19/11/2016 13:04:59] CPU Usage:0 %
2832 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.17 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3244 | [Owner : Steve | Parent : 1000(services.exe) | 19.99 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
10492 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 10.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
10280 | [Owner : SYSTEM | Parent : 1000(services.exe) | 13.39 Mo] - (.Dell Inc. - Dell Data Vault Rules Processor.) - (5.2.1.55) = C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [20/06/2017 14:20:18] CPU Usage:0 %
3940 | [Owner : SYSTEM | Parent : 1000(services.exe) | 40.1 Mo] - (.Dell Inc. - DCCService.) - (1.4.15.0) = C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [21/12/2016 11:23:18] CPU Usage:0 %
7880 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
11380 | [Owner : SYSTEM | Parent : 1000(services.exe) | 46.76 Mo] - (.Dell Inc. - Dell Update Windows Service.) - (1.9.20.0) = C:\Program Files (x86)\Dell Update\DellUpService.exe [01/05/2017 15:27:48] CPU Usage:0 %
11780 | [Owner : SYSTEM | Parent : 780(svchost.exe) | 53.78 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2017 16:58:01] CPU Usage:0 %
11888 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.21 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
11860 | [Owner : Steve | Parent : 11380(DellUpService.exe) | 53.3 Mo] - (.Dell Inc. - Dell Update.) - (1.9.20.0) = C:\Program Files (x86)\Dell Update\DellUpTray.exe [01/05/2017 15:25:50] CPU Usage:0 %
12256 | [Owner : SYSTEM | Parent : 1000(services.exe) | 9.61 Mo] - (.Microsoft Corporation - Windows® installer.) - (5.0.15063.0) = C:\Windows\System32\msiexec.exe [18/03/2017 16:57:05] CPU Usage:0 %
12248 | [Owner : SYSTEM | Parent : 1000(services.exe) | 30.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
11884 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.23 Mo] - (.Intuit Inc. - Intuit Update Service.) - (4.0.11.0) = C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [27/04/2015 14:43:32] CPU Usage:0 %
9996 | [Owner : SYSTEM | Parent : 1000(services.exe) | 15.82 Mo] - (.Sonic Solutions - RoxWatch12 Module.) - (12.2.1.22) = C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [04/09/2010 03:15:22] CPU Usage:0 %
10388 | [Owner : SYSTEM | Parent : 1000(services.exe) | 55.15 Mo] - (.Dell Inc. - Service.) - (2.0.1.7) = C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [28/06/2017 16:49:30] CPU Usage:0 %
11540 | [Owner : SYSTEM | Parent : 1000(services.exe) | 21.93 Mo] - (.Dell Inc. - Dell Data Vault Data Collector Service.) - (5.2.1.55) = C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [20/06/2017 14:22:48] CPU Usage:0 %
11300 | [Owner : SYSTEM | Parent : 1000(services.exe) | 17.11 Mo] - (.Sonic Solutions - RoxMediaDB12 Module.) - (12.2.1.22) = C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [04/09/2010 03:14:26] CPU Usage:0 %
10908 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.06 Mo] - (.Dell Inc. - Dell Data Vault Data Collector Service API.) - (5.2.1.55) = C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [20/06/2017 14:23:02] CPU Usage:0 %
12524 | [Owner : LOCAL SERVICE | Parent : 780(svchost.exe) | 12.81 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2017 16:58:01] CPU Usage:0 %
12780 | [Owner : Steve | Parent : 11540(DDVDataCollector.exe) | 6.97 Mo] - (.Dell Inc. - DDV Nvidia Graphics Worker.) - (5.2.1.55) = C:\Program Files\Dell\DellDataVault\nvapiw.exe [20/06/2017 14:23:24] CPU Usage:0 %
11812 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.3 Mo] - (.Microsoft Corporation - Windows Modules Installer.) - (10.0.15063.0) = C:\Windows\servicing\TrustedInstaller.exe [18/03/2017 07:40:21] CPU Usage:0 %
13080 | [Owner : SYSTEM | Parent : 780(svchost.exe) | 8.77 Mo] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.15063.0) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_non e_9e914f9d2d85dacb\TiWorker.exe [18/03/2017 07:40:23] CPU Usage:0 %
12532 | [Owner : SYSTEM | Parent : 3252(mfemms.exe) | 56.7 Mo] - (.McAfee, Inc. - McAfee Scanner service.) - (1.5.0.2939) = C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [01/05/2016 18:16:58] CPU Usage:0 %
3696 | [Owner : SYSTEM | Parent : 1000(services.exe) | 9.52 Mo] - (.Motorola Mobility LLC - MotoHelper Service.) - (14.3.23.0) = C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [15/04/2015 09:44:32] CPU Usage:0 %
13268 | [Owner : SYSTEM | Parent : 5276(SearchIndexer.exe) | 6.26 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.15063.0) = C:\Windows\System32\SearchFilterHost.exe [18/03/2017 16:58:18] CPU Usage:0 %
13208 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.24 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
13100 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.95 Mo] - (.Microsoft Corporation - WMI Performance Reverse Adapter.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiApSrv.exe [18/03/2017 16:57:50] CPU Usage:0 %
3332 | [Owner : Steve | Parent : 7300(explorer.exe) | 40.37 Mo] - (.SosVirus - QuickDiag.) - (1.7.17.1) = C:\Users\Steve\Desktop\QuickDiag.exe [03/08/2017 16:05:12] CPU Usage:0 %
7548 | [Owner : NETWORK SERVICE | Parent : 780(svchost.exe) | 9.46 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [18/03/2017 16:58:50] CPU Usage:0 %

---------- | MD5

[MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - [26/07/2017 09:48:47] - (.© Microsoft Corporation. - Windows Explorer.) - [4733.81 Ko] - (10.0.15063.447) : C:\WINDOWS\Explorer.exe
[MD5.94912C1D73ADE68F2486ED4D8EA82DE6] - [18/03/2017 16:57:50] - (.© Microsoft Corporation. - Windows Command Processor.) - [265.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\cmd.exe
[MD5.31E45CAA8E7035ECD47E96A7377BE975] - [18/03/2017 16:57:38] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [17.28 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\csrss.exe
[MD5.2D29C0AFCC8225AFF6637F7362C22960] - [18/03/2017 16:58:21] - (.© Microsoft Corporation. - COM Surrogate.) - [20.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.90224339656D3CFEC43150209B4CD38E] - [26/07/2017 09:38:59] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [692.1 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\Kernel32.dll
[MD5.9936F9E94C6E3F47A158D7BFF020575A] - [26/07/2017 09:48:36] - (.© Microsoft Corporation. - Local Security Authority Process.) - [57.12 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\lsass.exe
[MD5.0E79A4C76CAAA0CFE9CA42C13E5AA086] - [26/07/2017 09:38:59] - (.© Microsoft Corporation. - Distributed COM Services.) - [1060 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\rpcss.dll
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - [18/03/2017 16:58:29] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [67 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.800D00D1A7ADA9E341CACDF287347584] - [18/03/2017 16:57:39] - (.© Microsoft Corporation. - Services and Controller app.) - [515.6 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\services.exe
[MD5.3120B24060924F9B94182A1432B2D7F9] - [18/03/2017 16:58:21] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [46.55 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\svchost.exe
[MD5.9F67071B597A3CCC8C11CE761CE88B04] - [18/03/2017 16:57:35] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1313.56 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\user32.dll
[MD5.46B72E05D0B9F489CA60DBD7361039B0] - [18/03/2017 16:58:21] - (.© Microsoft Corporation. - Userinit Logon Application.) - [31.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\userinit.exe
[MD5.B2DB5876B6F68D32E470F691C7088F3F] - [26/07/2017 09:48:36] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [310.77 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\Wininit.exe
[MD5.31E3287EF6D97C5864A301CEA75BBBA1] - [26/07/2017 09:48:36] - (.© Microsoft Corporation. - Windows Logon Application.) - [690 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\Winlogon.exe
[MD5.AC1928C2F7505BD556C552F153B062AB] - [18/03/2017 16:57:36] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [596.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.01733BEEE02E51F712330D5909BD701C] - [18/03/2017 16:56:26] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [28.41 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.71CCAFFF7D5E64E3D07BD96F2B2898EF] - [18/03/2017 16:56:26] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [189.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - [18/03/2017 16:57:39] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - [18/03/2017 16:56:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - [18/03/2017 16:57:47] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [147 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - [26/07/2017 09:48:36] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84.5 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.C6C8315E3262FAE460529C6DA2951682] - [18/03/2017 16:56:35] - (.© Microsoft Corporation. - i8042 Port Driver.) - [112.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - [18/03/2017 16:58:21] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - [18/03/2017 16:57:54] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [456.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.59F3D5FEF4A24871C07C279762DA8624] - [26/07/2017 09:48:36] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1213.41 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.30C2F67EC84EB11B22011620107E0325] - [18/03/2017 16:57:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [298 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.8D72D5038C5F91AFEF1B160FE524C2D9] - [26/07/2017 09:48:47] - (.© Microsoft Corporation. - NT File System Driver.) - [2272.91 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - [18/03/2017 16:56:26] - (.© Microsoft Corporation. - Parallel Port Driver.) - [95.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - [18/03/2017 16:58:07] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - [18/03/2017 16:59:55] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [179 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.DC0D1B5284152315F81894DAABBB2AF3] - [26/07/2017 09:48:37] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2618.91 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.892AB2637603A5E9507C39E61101C3C3] - [26/07/2017 09:38:59] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.91 Ko] - (10.0.15063.413) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - [18/03/2017 16:57:39] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [387.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications

---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 342.01.) - (21.21.13.4201) – C:\WINDOWS\SYSTEM32\nvwgf2umx.dll
(.Google.-.Google Drive shell extension.) - (2.34.5075.1619) – C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
(..-.Core Sync.) - (2.2.0.256) – C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
(..-..) - (16.0.8229.2045) – C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.15.2.0) – C:\WINDOWS\System32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
desktop - (desktop.ini [Startup]) - User: Steve-PC\Steve
OneNote 2010 Screen Clipper and Launcher - (OneNote 2010 Screen Clipper and Launcher.lnk [Startup]) - User: Steve-PC\Steve
OneDrive - (“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\ OneDrive.exe” /background [HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE...\Run]) - User: Steve-PC\Steve
Adobe Acrobat Synchronizer - (“C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe” [HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE...\Run]) - User: Steve-PC\Steve
CCleaner - (“C:\Program Files\CCleaner\CCleaner64.exe” /AUTO [HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE...\Run]) - User: Steve-PC\Steve
NETGEAR WNA3100 Genie - (C:\PROGRA~2\NETGEAR\WNA3100\WNA3100.exe [Common Startup]) - User: Public
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE...\Run]) - User: Public
RtHDVCpl - (C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [HKLM\SOFTWARE...\Run]) - User: Public
RunDLLEntry_THXCfg - (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [HKLM\SOFTWARE...\Run]) - User: Public
RunDLLEntry_EptMon - (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [HKLM\SOFTWARE...\Run]) - User: Public
NvBackend - (“C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe” [HKLM\SOFTWARE...\Run]) - User: Public
ZAM - (“C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /minimized [HKLM\SOFTWARE...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE...\Run]) - User: Public

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Command Processor]
“CompletionChar”=9
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=9

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Run]
“OneDrive”=“C:\Users\Steve\AppData\Local\Microsoft \OneDrive\OneDrive.exe” /background
“Adobe Acrobat Synchronizer”=“C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe”
“CCleaner”=“C:\Program Files\CCleaner\CCleaner64.exe” /AUTO

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“OneDrive”=0x03000000C35F46E246FED001
“Adobe Acrobat Synchronizer”=0x03000000702C4066C004D301
“CCleaner”=0x03000000F0E22667C004D301

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“Device”=hp LaserJet 1300 PCL 5,winspool,Ne02:
“IsMRUEstablished”=1
“LegacyDefaultPrinterMode”=0

[HKLM\Software\Microsoft\Command Processor]
“CompletionChar”=64
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
“SecurityHealth”=%ProgramFiles%\Windows Defender\MSASCuiL.exe
“RtHDVCpl”=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
“RunDLLEntry_THXCfg”=C:\Windows\system32\RunDLL32. exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
“RunDLLEntry_EptMon”=C:\Windows\system32\RunDLL32. exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
“NvBackend”=“C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe”
“ZAM”=“C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /minimized
“Malwarebytes TrayApp”=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [25/07/2017 16:42:18]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“SecurityHealth”=0x040000000000000000000000
“RtHDVCpl”=0x03000000C073726FC004D301
“AdobeAAMUpdater-1.0”=0x03000000123CBECB46FED001
“NvBackend”=0x03000000555621E846FED001
“RunDLLEntry_EptMon”=0x0300000010D35370C004D301
“RunDLLEntry_THXCfg”=0x03000000901DCF70C004D301
“mcui_exe”=0x03000000D09B8169C004D301

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32]
“Acrobat Assistant 8.0”=0x030000005BAC30D446FED001
“Adobe Creative Cloud”=0x03000000F877C6B046FED001
“AdobeCS6ServiceManager”=0x03000000377787B346FED00 1
“UpdReg”=0x030000007E05793B721ED101
“IAStorIcon”=0x030000004D52B5DA46FED001
“mcui_exe”=0x020000000000000000000000
“Razer Synapse”=0x03000000D53B83C146FED001
“RoxWatchTray”=0x0300000072EADDED46FED001
“SwitchBoard”=0x030000000EF415F446FED001
“THX Audio Control Panel”=0x03000000B30791F846FED001
“SunJavaUpdateSched”=0x030000001A46703A8467D101
“Malwarebytes Anti-Exploit”=0x0300000070F20D69C004D301
“AdobeAAMUpdater-1.0”=0x03000000B0555C68C004D301
“NvBackend”=0x030000007031B96AC004D301

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“AppInit_DLLs”=
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“DeviceNotSelectedTimeout”=15
“DwmInputUsesIoCompletionPort”=1
“EnableDwmInputProcessing”=7
“EnableMitInputProcessing”=7
“GDIProcessHandleQuota”=10000
“IconServiceLib”=IconCodecService.dll
“LoadAppInit_DLLs”=1
“NaturalInputHandler”=Ninput.dll
“ShutdownWarningDialogTimeout”=4294967295
“Spooler”=yes
“ThreadUnresponsiveLogTimeout”=500
“TransmissionRetryTimeout”=90
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000
“Win32kLastWriteTime”=1D2A02A4539A47C

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
“CompletionChar”=64
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=64

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run]
“THX Audio Control Panel”=“C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe” /r
“UpdReg”=C:\Windows\UpdReg.EXE [17/02/2011 01:46:30]
“RoxWatchTray”=“C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe”
“mcui_exe”=“C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
“SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37:14]
“Acrobat Assistant 8.0”=“C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe”
“AdobeCS6ServiceManager”=“C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e” -launchedbylogin
“Adobe Creative Cloud”=“C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe” --showwindow=false --onOSstartup=true
“Razer Synapse”=“C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe”

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“AppInit_DLLs”=
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“DeviceNotSelectedTimeout”=15
“DwmInputUsesIoCompletionPort”=1
“EnableDwmInputProcessing”=7
“EnableMitInputProcessing”=7
“GDIProcessHandleQuota”=10000
“IconServiceLib”=IconCodecService.dll
“LoadAppInit_DLLs”=0
“NaturalInputHandler”=Ninput.dll
“ShutdownWarningDialogTimeout”=4294967295
“Spooler”=yes
“ThreadUnresponsiveLogTimeout”=500
“TransmissionRetryTimeout”=90
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
“WebCheck”={E6FB5E20-DE35-11CF-9C87-00AA005127ED}

---------- | Win.ini :

---------- | System.ini :

---------- | Tasks List

CCleanerSkipUAC
CreateExplorerShellUnelevatedTask
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
McAfee Remediation (Prepare)
McAfeeLogon
OneDrive Standalone Update Task-S-1-5-21-3518905376-1918425772-3662548586-1001
Opera scheduled Autoupdate 1501022171
User_Feed_Synchronization-{BF02009D-C843-4079-8428-ABBD8A451EAB}

---------- | Startings up registry ¦ Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] : “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] : “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e” -launchedbylogin

---------- | Other keys

[HKLM\System\CurrentControlSet\Control\SecurityProv iders]
“SecurityProviders”=credssp.dll

[HKLM\System\CurrentControlSet\Control\Terminal Server]
“AllowRemoteRPC”=0
“DelayConMgrTimeout”=0
“DeleteTempDirsOnExit”=1
“fDenyTSConnections”=1
“fSingleSessionPerUser”=1
“NotificationTimeOut”=0
“PerSessionTempDir”=0
“ProductVersion”=5.1
“RCDependentServices”=CertPropSvc
SessionEnv
“SnapshotMonitors”=1
“StartRCM”=0
“TSUserEnabled”=0
“InstanceID”=0a75482f-528e-4aed-baef-1a21b5b
“GlassSessionId”=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
“AutoChkTimeout”=8
“BootExecute”=autocheck autochk *
“BootShell”=%SystemRoot%\system32\bootim.exe
“CriticalSectionTimeout”=2592000
“ExcludeFromKnownDlls”=
“GlobalFlag”=0
“HeapDeCommitFreeBlockThreshold”=0
“HeapDeCommitTotalFreeThreshold”=0
“HeapSegmentCommit”=0
“HeapSegmentReserve”=0
“InitConsoleFlags”=0
“NumberOfInitialSessions”=2
“ObjectDirectories”=\Windows
\RPC Control
“ProcessorControl”=2
“ProtectionMode”=1
“ResourceTimeoutCount”=648000
“RunLevelExecute”=WinInit
ServiceControlManager
“RunLevelValidate”=ServiceControlManager
“SETUPEXECUTE”=
“AutoChkSkipSystemPartition”=0

[HKLM\System\CurrentControlSet\Control]
“BootDriverFlags”=28
“CurrentUser”=USERNAME
“EarlyStartServices”=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc
“PreshutdownOrder”=UsoSvc
DeviceInstall
gpsvc
trustedinstaller
“SvcHostSplitThresholdInKB”=3670016
“WaitToKillServiceTimeout”=200
“SystemStartOptions”= NOEXECUTE=OPTIN
“SystemBootDevice”=multi(0)disk(0)rdisk(0)partitio n(3)
“FirmwareBootDevice”=multi(0)disk(0)rdisk(0)partit ion(2)
“LastBootSucceeded”=1
“LastBootShutdown”=1

[HKLM\System\CurrentControlSet\Control\lsa]
“auditbasedirectories”=0
“auditbaseobjects”=0
“Bounds”=0x0030000000200000
“crashonauditfail”=0
“fullprivilegeauditing”=0x00
“LimitBlankPasswordUse”=1
“NoLmHash”=1
“Notification Packages”=scecli
“Authentication Packages”=msv1_0
“disabledomaincreds”=0
“everyoneincludesanonymous”=0
“forceguest”=0
“LsaPid”=260
“ProductType”=3
“restrictanonymous”=0
“restrictanonymoussam”=1
“SamConnectedAccountsExist”=1
“SecureBoot”=1
“Security Packages”=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
livessp

---------- | .LNK with Arguments

c:\programdata\microsoft\windows\start menu\programs\wcf ria services v1.0 sp1\start here.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxp://go.microsoft.com/fwlink/?LinkID=144687) - Hidden: False - Status: OK
c:\programdata\microsoft\windows\start menu\programs\wcf ria services v1.0 sp1\wcf ria services v1.0 sp1 walkthrough.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxp://go.microsoft.com/fwlink/?LinkId=166921) - Hidden: False - Status: OK
c:\users\steve\my backup files\seagate back up12_14_14\backup\0313ed3a-4665-4bb3-9432-12f6e4b4aabc\20121205_125545_steve\c\documents and settings\all users\start menu\programs\pricegong\pricegong contact us.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://www.pricegong.com/ContactUs.aspx) - Hidden: False - Status: OK
c:\users\steve\my backup files\seagate back up12_14_14\backup\0313ed3a-4665-4bb3-9432-12f6e4b4aabc\20121205_125545_steve\c\documents and settings\all users\start menu\programs\pricegong\pricegong help.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://www.pricegong.com/Help.aspx) - Hidden: False - Status: OK
c:\users\steve\my backup files\seagate back up12_14_14\backup\0313ed3a-4665-4bb3-9432-12f6e4b4aabc\20121205_125545_steve\c\documents and settings\all users\start menu\programs\pricegong\pricegong homepage.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://www.pricegong.com) - Hidden: False - Status: OK

---------- | AppCertDlls

---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll → OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll → OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Control Panel\Desktop]
“ActiveWndTrackTimeout”=0
“BlockSendInputResets”=0
“CaretWidth”=1
“ClickLockTime”=1200
“CoolSwitchColumns”=7
“CoolSwitchRows”=3
“CursorBlinkRate”=530
“DockMoving”=1
“DragFromMaximize”=1
“DragFullWindows”=1
“DragHeight”=4
“DragWidth”=4
“FocusBorderHeight”=1
“FocusBorderWidth”=1
“FontSmoothing”=2
“FontSmoothingGamma”=0
“FontSmoothingOrientation”=1
“FontSmoothingType”=2
“ForegroundFlashCount”=7
“ForegroundLockTimeout”=200000
“LeftOverlapChars”=3
“MenuShowDelay”=400
“MouseWheelRouting”=2
“PaintDesktopVersion”=0
“Pattern”=0
“RightOverlapChars”=3
“ScreenSaveActive”=1
“SnapSizing”=1
“TileWallpaper”=0
“WallPaper”=C:\WINDOWS\web\wallpaper\Windows\img0. jpg [18/03/2017 16:56:56]
“WallpaperOriginX”=0
“WallpaperOriginY”=0
“WallpaperStyle”=10
“WheelScrollChars”=3
“WheelScrollLines”=3
“WindowArrangementActive”=1
“UserPreferencesMask”=0x9E3E078012000000
“Win8DpiScaling”=0
“DpiScalingVer”=4096
“MaxVirtualDesktopDimension”=1680
“MaxMonitorDimension”=1680
“TranscodedImageCount”=1
“LastUpdated”=4294967295
“TranscodedImageCache”=0x7AC301002B73030080070000B 004000008258A2D2AA0D20143003A005C00570049004E00440 04F00570053005C007700650062005C00770061006C006C007 00061007000650072005C00570069006E0064006F007700730 05C0069006D00670030002E006A00700067000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000000000000000000
“AutoColorization”=0
“PreferredUILanguages”=en-US
“WaitToKillAppTimeout”=200

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“NoDriveTypeAutoRun”=153
“NoRun”=0
“NoFolderOptions”=0
“NoControlPanel”=0

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{0E270DAA-1BE6-48F2-AC49-A79589C16F3B}”=1
“{018D5C66-4533-4307-9B53-224DE2ED1FE6}”=1

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ShellState”=0x2400000033A800000000000000000000000 0000001000000130000000000000062000000
“ExplorerStartupTraceRecorded”=1
“UserSignedIn”=1
“SIDUpdatedOnLibraries”=1
“TelemetrySalt”=6
“LocalKnownFoldersMigrated”=1
“AppReadinessLogonComplete”=1
“FirstRunTelemetryComplete”=1
“GlobalAssocChangedCounter”=11
“SlowContextMenuEntries”=0x0114020000000000C000000 0000000467F0A0000D15C59A677BF0A43A45218696685F7C78 E050000D3EFA9CCED290A43BA6DE6BBFF0A60C2F1040000AF7 5193DC6488E4FA182BE0E08FA86A9B3040000FB9A790967ADD 111ABCD00C04FC30936290E0000

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_SearchFiles”=2
“StartMenuAdminTools”=0
“ServerAdminUI”=0
“ShowCompColor”=1
“DontPrettyPath”=0
“ShowInfoTip”=1
“MapNetDrvBtn”=0
“WebView”=1
“Filter”=0
“SeparateProcess”=0
“AutoCheckSelect”=0
“IconsOnly”=0
“ShowTypeOverlay”=1
“ListviewAlphaSelect”=1
“ListviewShadow”=1
“TaskbarAnimations”=1
“StartMenuInit”=13
“TaskbarSizeMove”=1
“NavPaneShowAllFolders”=0
“AlwaysShowMenus”=0
“DisablePreviewDesktop”=0
“TaskbarSmallIcons”=0
“TaskbarGlomLevel”=0
“NavPaneExpandToCurrentFolder”=1
“Start_ShowMyComputer”=2
“Start_ShowControlPanel”=1
“Start_ShowMyDocs”=1
“Start_ShowMyGames”=0
“Start_ShowMyMusic”=0
“Start_ShowUser”=0
“Start_ShowMyPics”=0
“Start_MinMFU”=10
“Start_JumpListItems”=10
“Start_AdminToolsRoot”=0
“Start_PowerButtonAction”=2
“Start_TrackDocs”=1
“Start_TrackProgs”=0
“HideFileExt”=0
“SuperHidden”=1
“ShowSuperHidden”=1
“Hidden”=1
“HideIcons”=0
“ShowStatusBar”=1
“StoreAppsOnTaskbar”=1
“EnableStartMenu”=1
“ReindexedProfile”=1
“TaskbarStateLastRun”=0x0DE57B5900000000
“ShowTaskViewButton”=0
“Start_ShowRecentDocs”=1

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\WordWheelQuery]
“MRUListEx”=0x00000000FFFFFFFF
“0”=0x730068006F00720074006300750074000000

[HKLM\Software\Policies\Microsoft\Windows\System]
“DisableCMD”=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“DSCAutomationHostEnabled”=2
“EnableCursorSuppression”=1
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“ValidateAdminCodeSignatures”=0
“undockwithoutlogon”=1
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“DisableTaskMgr”=0
“DisableRegistryTools”=0
“EnableLinkedConnections”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“NoRecentDocsHistory”=0
“NoControlPanel”=0
“NoRun”=0
“NoFolderOptions”=0
“NoDriveTypeAutoRun”=153

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\ClassicStartMenu]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“DefaultValue”=2
“HKeyRoot”=2147483649
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“ValueName”=Hidden

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ActiveSetupDisabled”=0
“ActiveSetupTaskOverride”=1
“AsyncRunOnce”=1
“AsyncUpdatePCSettings”=1
“DisableAppInstallsOnFirstLogon”=1
“DisableResolveStoreCategories”=1
“DisableUpgradeCleanup”=1
“EarlyAppResolverStart”=1
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“FSIASleepTimeInMs”=60000
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“MachineOobeUpdates”=1
“NoWaitOnRoamingPayloads”=1
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“SmartScreenEnabled”=RequireAdmin
“MultipleInvokePromptMinimum”=10000
“GlobalAssocChangedCounter”=2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_TrackDocs”=1
“TaskbarSizeMove”=0
“HideFileExt”=0
“SuperHidden”=1
“ShowSuperHidden”=1
“Hidden”=1

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations]
“Application”= open %s file - Search

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windo ws\System]
“DisableCMD”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“DSCAutomationHostEnabled”=2
“EnableCursorSuppression”=1
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“ValidateAdminCodeSignatures”=0
“undockwithoutlogon”=1
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“DisableTaskMgr”=0
“DisableRegistryTools”=0
“EnableLinkedConnections”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“NoRecentDocsHistory”=0
“NoControlPanel”=0
“NoRun”=0
“NoFolderOptions”=0
“NoDriveTypeAutoRun”=153

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\ClassicStartMen u]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“DefaultValue”=2
“HKeyRoot”=2147483649
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“ValueName”=Hidden

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer]
“ActiveSetupDisabled”=0
“ActiveSetupTaskOverride”=1
“AsyncRunOnce”=1
“AsyncUpdatePCSettings”=1
“DisableAppInstallsOnFirstLogon”=1
“DisableResolveStoreCategories”=1
“DisableUpgradeCleanup”=1
“EarlyAppResolverStart”=1
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“FSIASleepTimeInMs”=60000
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“MachineOobeUpdates”=1
“NoWaitOnRoamingPayloads”=1
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced]
“Start_TrackDocs”=1
“TaskbarSizeMove”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Associations]
“Application”= open %s file - Search

---------- | Winlogon

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ExcludeProfileDirs”=AppData\Local;AppData\LocalLo w;$Recycle.Bin;OneDrive;Work Folders
“BuildNumber”=15063
“FirstLogon”=0
“PUUActive”=0x3A3934BC010000000600220038D600004FDD 000014930200D10000000200060022D8E979A9110B0046F302 00E246000060430000F6040000000000002B9401004C040000 B0000000CABCAC06930CD30138D60000000000000100000000 000000
“DP”=0xCE0058000E000000060000003A3934BC04300100000 00000CABCAC06930CD301E90549D8920CD3017800010000000 00000000000000000000000000000000000AEB600000000000 000000000000000000000000000000000
“ParseAutoexec”=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“AutoRestartShell”=1
“Background”=0 0 0
“CachedLogonsCount”=10
“DebugServerCommand”=no
“DefaultDomainName”=
“DisableBackButton”=1
“EnableSIHostIntegration”=1
“ForceUnlockLogon”=0
“LegalNoticeCaption”=
“LegalNoticeText”=
“PasswordExpiryWarning”=5
“PowerdownAfterShutdown”=0
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“ReportBootOk”=1
“Shell”=explorer.exe
“ShellCritical”=0
“ShellInfrastructure”=sihost.exe
“SiHostCritical”=0
“SiHostReadyTimeOut”=0
“SiHostRestartCountLimit”=0
“SiHostRestartTimeGap”=0
“VMApplet”=SystemPropertiesPerformance.exe /pagefile
“WinStationsDisabled”=0
“LastLogOffEndTimePerfCounter”=209496342732
“ShutdownFlags”=2147483687
“Userinit”=C:\Windows\system32\userinit.exe,
“AutoAdminLogon”=0
“DefaultUserName”=Steve
“ShutdownWithoutLogon”=0
“scremoveoption”=0
“DisableCad”=1
“EnableFirstLogonAnimation”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
“DefaultDomainName”=
“DefaultUserName”=
“EnableSIHostIntegration”=1
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“Shell”=explorer.exe
“ShellCritical”=0
“SiHostCritical”=0
“SiHostReadyTimeOut”=0
“SiHostRestartCountLimit”=0
“SiHostRestartTimeGap”=0

---------- | Associations

[HKLM\Software\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\Classes.com]
“”=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.reg]
“”=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
“”=regedit.exe “%1”

[HKLM\Software\Classes.scr]
“”=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
“”=“%1” /S

[HKLM\Software\Classes.bat]
“”=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.cmd]
“”=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.pif]
“”=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.inf]
“”=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes.url]
“”=InternetShortcut

[HKLM\Software\Classes.lnk]
“”=lnkfile

[HKLM\Software\Classes.hta]
“”=htafile
“Content Type”=application/hta

[HKLM\Software\Classes\htafile\Shell\Open\Command]
“”=C:\WINDOWS\SysWOW64\mshta.exe “%1” %*

[HKLM\Software\Classes\InternetShortcut]
“EditFlags”=2
“FriendlyTypeName”=@C:\WINDOWS\system32\ieframe.dl l,-10046
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“IsShortcut”=
“NeverShowExt”=
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
“”=Internet Shortcut

[HKLM\Software\Classes\Application.Manifest]
“”=Application Manifest
“BrowserFlags”=4096
“EditFlags”=4259840
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\Classes\Application.Reference]
“”=Application Reference
“EditFlags”=131072
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201
“IsShortcut”=
“NeverShowExt”=

[HKLM\Software\Classes\Folder]
“”=Folder
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKLM\Software\WOW6432Node\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Op en\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.com]
“”=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.reg]
“”=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Op en\Command]
“”=regedit.exe “%1”

[HKLM\Software\WOW6432Node\Classes.scr]
“”=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Op en\Command]
“”=“%1” /S

[HKLM\Software\WOW6432Node\Classes.bat]
“”=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.cmd]
“”=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.pif]
“”=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.inf]
“”=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Op en\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes.url]
“”=InternetShortcut

[HKLM\Software\WOW6432Node\Classes.lnk]
“”=lnkfile

[HKLM\Software\WOW6432Node\Classes.hta]
“”=htafile
“Content Type”=application/hta

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Op en\Command]
“”=C:\WINDOWS\SysWOW64\mshta.exe “%1” %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
“EditFlags”=2
“FriendlyTypeName”=@C:\WINDOWS\system32\ieframe.dl l,-10046
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“IsShortcut”=
“NeverShowExt”=
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
“”=Internet Shortcut

[HKLM\Software\WOW6432Node\Classes\Application.Mani fest]
“”=Application Manifest
“BrowserFlags”=4096
“EditFlags”=4259840
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\WOW6432Node\Classes\Application.Refe rence]
“”=Application Reference
“EditFlags”=131072
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201
“IsShortcut”=
“NeverShowExt”=

[HKLM\Software\WOW6432Node\Classes\Folder]
“”=Folder
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\FIREFOX.EX E\Shell\open\Command]
“”=“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\FIREFOX.EX E\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\OperaStabl e\Shell\open\Command]
“”=“C:\Users\Steve\AppData\Local\Programs\Opera\La uncher.exe”
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\OperaStabl e\InstallInfo]
“ReinstallCommand”=“C:\Users\Steve\AppData\Local\P rograms\Opera\Launcher.exe” --makedefaultbrowser

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\PALEMOON.E XE\Shell\open\Command]
“”=“C:\Program Files\Pale Moon\palemoon.exe”
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\PALEMOON.E XE\InstallInfo]
“ReinstallCommand”=“C:\Program Files\Pale Moon\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Avant.Brow ser\Shell\open\Command]
“”=C:\Program Files (x86)\Avant Browser\avant.exe [28/06/2017 22:35:00]
[HKLM\Software\Clients\StartMenuInternet\Avant.Brow ser\InstallInfo]
“ReinstallCommand”=

[HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command]
“”=“C:\Program Files\Mozilla Firefox\firefox.exe”
[HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo]
“ReinstallCommand”=“C:\Program Files\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Firefox-6F940AC27A98DD61\Shell\open\Command]
“”=“C:\Program Files\Waterfox\waterfox.exe”
[HKLM\Software\Clients\StartMenuInternet\Firefox-6F940AC27A98DD61\InstallInfo]
“ReinstallCommand”=“C:\Program Files\Waterfox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EX E\Shell\open\Command]
“”=“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EX E\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [18/03/2017 22:29:53]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

[HKLM\Software\Clients\StartMenuInternet\PALEMOON.E XE\Shell\open\Command]
“”=“C:\Program Files\Pale Moon\palemoon.exe”
[HKLM\Software\Clients\StartMenuInternet\PALEMOON.E XE\InstallInfo]
“ReinstallCommand”=“C:\Program Files\Pale Moon\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Safari.exe \Shell\open\Command]
“”=“C:\Program Files (x86)\Safari\Safari.exe”
[HKLM\Software\Clients\StartMenuInternet\Safari.exe \InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Safari\Safari.exe” /reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Avant.Browser\Shell\open\Command]
“”=C:\Program Files (x86)\Avant Browser\avant.exe [28/06/2017 22:35:00]
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Avant.Browser\InstallInfo]
“ReinstallCommand”=

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Firefox-308046B0AF4A39CB\Shell\open\Command]
“”=“C:\Program Files\Mozilla Firefox\firefox.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Firefox-308046B0AF4A39CB\InstallInfo]
“ReinstallCommand”=“C:\Program Files\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Firefox-6F940AC27A98DD61\Shell\open\Command]
“”=“C:\Program Files\Waterfox\waterfox.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Firefox-6F940AC27A98DD61\InstallInfo]
“ReinstallCommand”=“C:\Program Files\Waterfox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\FIREFOX.EXE\Shell\open\Command]
“”=“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\FIREFOX.EXE\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [18/03/2017 22:29:53]
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\PALEMOON.EXE\Shell\open\Command]
“”=“C:\Program Files\Pale Moon\palemoon.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\PALEMOON.EXE\InstallInfo]
“ReinstallCommand”=“C:\Program Files\Pale Moon\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Safari.exe\Shell\open\Command]
“”=“C:\Program Files (x86)\Safari\Safari.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Safari.exe\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Safari\Safari.exe” /reinstall

---------- | AppcompatFlags

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
“SIGN.MEDIA=1BA1796A setup.exe”=1
“C:\Users\Steve\Downloads\wrar393.exe”=1
“C:\Users\Steve\Downloads\rpsetup.exe”=1
“SIGN.MEDIA=7239C InstallMgr.exe”=1
“C:\Users\Steve\Downloads\DMSetup.exe”=1
“C:\Users\Steve\Downloads\Firefox Setup 4.0.1.exe”=1
“SIGN.MEDIA=262E7674 setup.exe”=1
“C:\Users\Steve\nero11v2.exe”=1
“C:\Users\Steve\Downloads\wlsetup-web.exe”=1
“C:\Users\Steve\Adobe Dreamweaver CS3\Adobe CS3\Setup.exe”=1
“C:\Users\Steve\Dream_Weaver_8.0\Dreamweaver8-en.exe”=1
“E:\TL_Bootstrap.exe”=1
“C:\Users\Steve\Downloads\winscp439setup.exe”=1
“C:\Users\Steve\Downloads\ChromeSetup.exe”=1
“C:\Users\Steve\Downloads\dotnetfx35setup.exe”=1
“C:\Users\Steve\Downloads\Firefox Setup 17.0.1.exe”=1
“C:\Users\Steve\Downloads\UseNeXTSetup_5.41.exe”=1
“C:\Users\Steve\Downloads\GrabIt172b6.exe”=1
“C:\Users\Steve\Downloads\AdobeDownloadAssistant.e xe”=1
“SIGN.MEDIA=10ED24 SETUP.EXE”=1
“E:\VerizonSWUpgradeAssistantLauncher.exe”=1
“C:\Users\Steve\Downloads\Cisco Packet Tracer 6.0.1 for Windows (with tutorials).exe”=1
“C:\Users\Steve\Downloads\jre-7u45-windows-i586.exe”=1
“C:\Users\Steve\Downloads\jxpiinstall.exe”=1
“SIGN.MEDIA=2189E0FA Setup.exe”=1
“C:\Users\Steve\Downloads\ChromeSetup(1).exe”=1
“SIGN.MEDIA=9BE9E VerizonWirelessUpgradeAssistantSetup.exe”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6584_81_64_02.exe”=1
“C:\Program Files\Dell\SupportAssist\uninstaller.exe”=1
“C:\Users\Steve\Downloads\mbam-setup-2.1.4.1018.exe”=1
“C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe”=1
“C:\Users\Steve\Downloads\mwav.exe”=1
“C:\Users\Steve\Downloads\DriverSupport.exe”=1
“C:\Users\Steve\Downloads\R302955.exe”=1
“C:\dell\drivers\R266204\setup.exe”=1
“C:\Program Files (x86)\InstallShield Installation Information{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe”=33
“C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6664_10_64_02.exe”=1
“C:\Users\Steve\AppData\Local\Temp\nso3718.tmp\Set up.exe”=1
“C:\Users\Steve\Downloads\AVSAudioConverter.exe”=1
“C:\Users\Steve\Downloads\cdbxp_setup_4.5.6.5844.e xe”=1
“C:\Users\Steve\Downloads\picard-setup-1.3.2.exe”=1
“C:\Users\Steve\Downloads\rcsetup152.exe”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6664_93_64_02.exe”=1
“C:\Users\Steve\AppData\Local\Temp\nsaD162.tmp\Set up.exe”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6745_47_64_02.exe”=1
“C:\Users\Steve\AppData\Local\Temp\nsu9FFC.tmp\Set up.exe”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6793_01_64_03.exe”=1
“C:\Users\Steve\AppData\Local\Temp\nsg6636.tmp\Set up.exe”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6817_107_64_02.exe”=1
“C:\Users\Steve\AppData\Local\Temp\nsdF9.tmp\Setup .exe”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6817_133_64_02.exe”=1
“C:\Users\Steve\AppData\Local\Temp\nsj2645.tmp\Set up.exe”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6855_61_64_02.exe”=1
“C:\Users\Steve\AppData\Local\Temp\nsy3442.tmp\Set up.exe”=1
“C:\dell\drivers\R266194\Setup.exe”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6855_72_64_02.exe”=1
“C:\Users\Steve\AppData\Local\Temp\nsl1DF.tmp\Setu p.exe”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6855_212_64_02.exe”=1
“C:\Users\Steve\AppData\Local\Temp\nsdFA29.tmp\Set up.exe”=1
“C:\Users\Steve\AppData\Roaming\PCDr\Update\Binari es\full_dsc_6875_402_64_02.exe”=1
“C:\Users\Steve\AppData\Local\Temp\nsl44CD.tmp\Set up.exe”=1
“C:\Users\Steve\AppData\Local\Programs\Opera\Launc her.exe”=32

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.5892.0626\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C03802000BA5020001000000 000000000000000A002100006A920CE5B7BAD0010000000100 000000
“C:\Users\Steve\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe”=0x5341435001000000000000000700000028000000 90852900E2D52900010000000000000000000106710200006A 920CE5B7BAD001000000000000000002000000280000000000 000080010000000000000000000000000000000000007A3200 00000000000200000002000000
“C:\Users\Steve\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe”=0x53414350010000000000000007000000280000 007847070018800700010000000000000000000006F1020000 6A920CE5B7BAD0010000000000000000050000001000000000 00000000000000000000000000000002000000280000000000 0000000000400000000000000000000000000000000042310D 00000000000100000001000000
“C:\Program Files (x86)\WinRAR\WinRAR.exe”=0x53414350010000000000000 0070000002800000000DC0F00A002100001000000000000000 00001060021000019B4C529E312D1010000000000000000020 00000280000000000000000000000000000000000000000000 000000000001C820801000000002D0000002D000000
“C:\Users\Steve\Desktop\A Bootable USB\A Bootable USB\A Bootable USB.exe”=0x534143500100000000000000070000002800000 00EEB0F0055780400010000000000000000000006712200006 A920CE5B7BAD00100000000000000000500000010000000000 00000000000000000000000000000020000005000000000000 00000000040000000000000000000000000000000008378650 10000000005000000010000000000000000000000001000000 000000000000000000000007B1000000000000004000000000 00000
“C:\Users\Steve\Downloads\MediaCreationTool.exe”=0 x534143500100000000000000070000002800000030E516013 EC9170101000000000000000000000A002100006A920CE5B7B AD001000000000000000005000000100000000000000000000 00000000000000000000200000028000000000000000000004 0000000000000000000000000000000008C2F0000000000000 100000001000000
“C:\Users\Steve\Downloads\MediaCreationToolx64.exe ”=0x5341435001000000000000000700000028000000C01C2D 01A8E42D0101000000000000000000000A00210000EDA4DCB1 B3BAD001000000000000000002000000280000000000000000 00004000000000000000000000000000000000D67825000000 00000100000001000000
“C:\Users\Steve\Downloads\MediaCreationTool(1).exe ”=0x534143500100000000000000070000002800000030E516 013EC9170101000000000000000000000A002100006A920CE5 B7BAD001000000000000000005000000100000000000000000 00000000000000000000000200000028000000000000000000 0040000000000000000000000000000000007E0D0000000000 000100000001000000
“C:\Users\Steve\Downloads\MediaCreationTool(2).exe ”=0x534143500100000000000000070000002800000030E516 013EC9170101000000000000000000000A002100006A920CE5 B7BAD001000000000000000005000000100000000000000000 00000000000000000000000200000028000000000000000000 0040000000000000000000000000000000009D270000000000 000100000001000000
“C:\Users\Steve\Downloads\MediaCreationToolx64(1). exe”=0x5341435001000000000000000700000028000000C01 C2D01A8E42D0101000000000000000000000A00210000EDA4D CB1B3BAD001000000000000000002000000280000000000000 000000040000000000000000000000000000000001A2528000 00000000200000002000000
“C:\Program Files (x86)\Nero\Nero 11\Nero Express\NeroExpress.exe”=0x53414350010000000000000 00700000028000000288DDB01435EDC0101000000000000000 0000106712200006A920CE5B7BAD0010000000000000000020 00000280000000000000000000000000000000000000000000 00000000000D6A60F00000000000100000001000000
“C:\Program Files (x86)\Nero\Nero 11\Nero Burning ROM\nero.exe”=0x5341435001000000000000000700000028 0000002893DB015ACFDB010100000000000000000001067122 00006A920CE5B7BAD001000000000000000002000000280000 00000000000000001000000000000000000000000000000000 78340B00000000000400000004000000
“C:\Program Files (x86)\UseNeXT\UseNeXT.exe”=0x534143500100000000000 000070000002800000000E6410000000000010000000000000 000000306F102000033504C2B57DFD10100000000000000000 20000002800000000000000000000000000000000000000000 000000000000031AE340A000000004300000043000000
“C:\Program Files (x86)\WinSCP\WinSCP.exe”=0x53414350010000000000000 0070000002800000058658C00C5308D0001000000000000000 00002067122000019B4C529E312D1010000000000000000020 00000280000000000000000000000000000000000000000000 00000000000DA150000000000000300000003000000
“C:\Users\Steve\Desktop\AVSAudioConverter.exe”=0x5 341435001000000000000000700000028000000481A3300000 00000010000000000000000000105712000006A920CE5B7BAD 00100000000000000000200000028000000000000000000000 000040000000000000000000000000000014D1500000000000 B0000000B000000
“C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe”=0x5341435001000000000000000700 000028000000B0BE6800266469000100000000000000000000 0A73220000EDA4DCB1B3BAD001000000000000000002000000 28000000000000000000000000000000000000000000000000 000000BE530000000000000100000001000000
“C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe”=0x53414350010000000000 0000070000002800000000B40E000000000001000000000000 0000000006F10000006A920CE5B7BAD0010000000000000000 02000000280000000000000000000000001000000000000000 00000000000000FB43DD00000000000100000001000000
“C:\Program Files (x86)\MusicBrainz Picard\picard.exe”=0x53414350010000000000000007000 0002800000000A201003433010001000000000000000000000 6710200006A920CE5B7BAD0010000000000000000020000002 80000000000000000000000000000000000000000000000000 0000082840000000000000100000001000000
“C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe”=0x5341435001000 000000000000700000028000000687C0B00A6230C000100000 0000000000000000A00210000EDA4DCB1B3BAD001000000000 00000000200000028000000000000000000000000000000000 00000000000000000000062020000000000000200000002000 000
“C:\Users\Steve\Downloads\MCPR.exe”=0x534143500100 00000000000007000000280000004062710053727100010000 000000000000000306000100006A920CE5B7BAD00100000000 00000000050000001000000000000000000000000000000000 00000002000000280000000000000000000040000000000000 000000000000000000008E9C00000000000001000000010000 00
“C:\Program Files\McAfee\MSC\mcsync.exe”=0x5341435001000000000 00000070000002800000010F01D00FB761E000100000000000 0000000000A00210000EDA4DCB1B3BAD001000000000000000 00200000028000000000000000000004000000000000000000 0000000000000003F4E0000000000000200000002000000
“C:\Users\Steve\Downloads\Support-LogMeInRescue.exe”=0x53414350010000000000000007000 00028000000A0FD17006B5A180001000000000000000000000 A002100006A920CE5B7BAD0010000000000000000050000001 00000000000000000000000000000000000000002000000280 00000000000000000000000000000000000000000000000000 0005A060300000000000100000001000000
“C:\Users\Steve\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe”=0x534143500100 00000000000007000000280000006073320025A93200010000 00000000000000000A002100006A920CE5B7BAD00100000000 00000000020000002800000000000000000000000000000000 00000000000000000000002329000000000000010000000100 0000
“C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe”=0x5341435001000000000000 00070000002800000030D80900A2550A000100000000000000 0000030600210000EDA4DCB1B3BAD001000000000000000002 00000028000000000000000000000000000000000000000000 0000000000000E1D0000000000000100000001000000
“C:\Program Files\McAfee Security Scan\3.11.149\McUICnt.exe”=0x534143500100000000000 000070000002800000030D80900A2550A00010000000000000 00000030600210000EDA4DCB1B3BAD00100000000000000000 20000002800000000000000000000000000000000000000000 0000000000000EA2F0000000000000100000001000000
“C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe”=0x5341435001000000000000 000700000028000000E8040100602701000100000000000000 00000106000100006A920CE5B7BAD001000000000000000002 00000028000000000000000000000000000000000000000000 000000000000384A0000000000000100000001000000
“C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe”=0x5341435001000000000000 000700000028000000E88417008A8318000100000000000000 000001060001000019B4C529E312D1010000000100000000
“C:\Users\Steve\Downloads\JavaSetup8u66.exe”=0x534 143500100000000000000070000002800000060EA0800BADD0 90001000000000000000000000A712200006A920CE5B7BAD00 10000000000000000020000002800000000000000000000400 0000000000000000000000000000000394B020000000000010 0000001000000
“C:\Users\Steve\Downloads\mwav.exe”=0x534143500100 0000000000000700000028000000F04A3409B42F3509010000 000000000000000105710000006A920CE5B7BAD00100000000 00000000020000002800000000000000000800400000000000 00000000000000000000008A8C9A2A00000000010000000100 0000
“C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE”=0x5341435001000000000000000700000 028000000E0F2300097E931000100000000000000000001060 00100006A920CE5B7BAD001000000000000000002000000280 00000000000000000000000000000000000000000000000000 000633B0000000000000100000001000000
“C:\Program Files\McAfee Security Scan\3.11.266\McUICnt.exe”=0x534143500100000000000 000070000002800000010DA090079170A00010000000000000 00000030600010000EDA4DCB1B3BAD00100000000000000000 20000002800000000000000000000000000000000000000000 0000000000000B5010A00000000000300000003000000
“C:\Program Files (x86)\Motorola Mobility\VZW_DeviceSoftwareUpdate\VSUA.exe”=0x5341 43500100000000000000070000002800000030010F0084C90F 0001000000000000000000000A712000006A920CE5B7BAD001 00000000000000000200000028000000000000000000004000 0000000000000000000000000000008A530100000000000600 000006000000
“SIGN.MEDIA=9BE9E VerizonWirelessUpgradeAssistantSetup.exe”=0x534143 5001000000000000000700000028000000308D0A00E3E20A00 0100000000000000000001060001000019B4C529E312D10100 00000000000000020000005000000000000000000000000000 00000000000000000000000000009411000000000000060000 00050000000000000080000000000000000000000000000000 00000000E00C0000000000000100000000000000
“C:\Users\Steve\AppData\Local\Temp\VerizonWireless UpgradeAssistantUpdate_1.4.7.exe”=0x53414350010000 00000000000700000028000000C47C9F020000000001000000 0000000000000106000100006A920CE5B7BAD0010000008000 00000002000000280000000000000000000040000000000000 00000000000000000000A7381D000000000001000000010000 00
“C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\BackItUp.exe”=0x5341435001000000000000000 70000002800000028EB6700AB4F68000100000000000000000 00106F122000019B4C529E312D101000000000000000002000 00028000000000000000000000000000000000000000000000 000000000FB970000000000000300000003000000
“C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE”=0x5341435001000000000 000000700000028000000A0B615009E7116000100000000000 00000000106000100006A920CE5B7BAD001000000010000000 0
“C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE”=0x534143500100000000000 0000700000028000000A04E37019D433801010000000000000 000000106000100006A920CE5B7BAD0010000000100000000
“C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE”=0x5341435001000000000 000000700000028000000A886F3004FBFF3000100000000000 00000000106000100006A920CE5B7BAD001000000010000000 0
“C:\Users\Steve\Downloads\Setup.X86.en-US_O365HomePremRetail_680f6dad-16aa-4720-b541-93222f0b35cc_TX_PR_.exe”=0x53414350010000000000000 00700000028000000C0D830002E4E310001000000000000000 000000A002100006A920CE5B7BAD0010000000000000000020 00000280000000000000000000000000000000000000000000 0000000000017301400000000000100000001000000
“C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE”=0x5341435001000 000000000000700000028000000C08EF0002882F1000100000 0000000000000000A002100006A920CE5B7BAD001000000110 0000000
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6281.1202\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C88002006A18030001000000 000000000000000A002100006A920CE5B7BAD0010000000100 000000
“C:\Users\Steve\Downloads\ADE_4.5_Installer.exe”=0 x5341435001000000000000000700000028000000204082005 97F8200010000000000000000000006710200006A920CE5B7B AD001000000000000000002000000280000000000000000000 00000000000000000000000000000000000B0B22C000000000 00100000001000000
“C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe”=0x53414350010000000000000 00700000028000000D80A3F000D913F0001000000000000000 000000AF120000019B4C529E312D1010000000000000000020 00000280000000000000000000000040000000000000000000 00000000000FF547303000000001D0000001D000000
“C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE”=0x5341435001000 000000000000700000028000000C0601C00D0A91C000100000 0000000000000000A002100006A920CE5B7BAD001000000010 0000000
“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe”=0x53414350010000000000000007 00000028000000C0CE10009211110003000000000000000000 0106000100006A920CE5B7BAD0010000000000000000020000 00280000000000000000000010000000000000000000000000 000000009B1F0700000000000100000001000000
“C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHBS.EXE”=0x53414350010000000000000007000 0002800000090CE050013B6060003000000000000000000010 6000100006A920CE5B7BAD0010000000000000000020000002 80000000000000000000000000000000000000000000000000 00000FDD50000000000000100000001000000
“C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe”=0x534143500100000000000 0000700000028000000E862350054FC3500010000000000000 00000000A712200006A920CE5B7BAD00100000000000000000 20000002800000000000000000000000000000000000000000 000000000000088A01000000000000100000001000000
“C:\Users\Steve\Downloads\mvt.exe”=0x5341435001000 0000000000007000000280000007039030006B703000100000 00000000000000306000100006A920CE5B7BAD001000000000 00000000200000028000000000000000000004000000000000 0000000000000000000002F170700000000000200000002000 000
“C:\Program Files (x86)\PrivaZer\PrivaZer.exe”=0x5341435001000000000 0000007000000280000008852DA00F578DA000100000000000 000000001060001000033504C2B57DFD101000000000000000 00200000028000000000000000000004000000000000000000 000000000000000486AC501000000000400000004000000
“C:\Users\Steve\Downloads\eset_nod32_antivirus_liv e_installer.exe”=0x5341435001000000000000000700000 028000000C84E2B00EB8F2B0001000000000000000000000A0 02100006A920CE5B7BAD001000000000000000002000000280 00000000000000000004000000000000000000000000000000 000274F0700000000000100000001000000
“C:\Users\Steve\Downloads\esetsmartinstaller_enu.e xe”=0x5341435001000000000000000700000028000000C8CE 2B00B9E72B0001000000000000000000000A712000006A920C E5B7BAD0010000000000000000020000002800000000000000 00000000000000000000000000000000000000005851A20000 0000000100000001000000
“C:\Program Files\ESET\ESET NOD32 Antivirus\eeclnt.exe”=0x53414350010000000000000007 00000028000000C8CC00009F91010001000000000000000000 000A00210000EDA4DCB1B3BAD0010000000000000000050000 00100000000000000000000000000000000000000002000000 28000000000000000000004000000000000000000000000000 0000003F270000000000000200000002000000
“C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe”=0x5341435001 000000000000000700000028000000C8DE0100F9D002000300 0000000000000000000A712000006A920CE5B7BAD001000000 00000000000200000028000000000000000008000000000000 00000000000000000000000095230000000000000100000001 000000
“C:\Users\Steve\Downloads\AdwCleaner.exe”=0x534143 50010000000000000007000000280000000004170000000000 01000000000000000000000A002100006A920CE5B7BAD00100 00000000000000
“C:\Program Files (x86)\Driver Support\Uninstall.exe”=0x5341435001000000000000000 700000028000000E8D401008C1502000300000000000000000 00306000100006A920CE5B7BAD001000000000000000002000 00028000000000000000000000000000000000000000000000 00000000011070400000000000100000001000000
“C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe”=0x534 143500100000000000000070000002800000061CB0A0000000 000030000000000000000000106000100006A920CE5B7BAD00 10000000000000000020000002800000000000000000000000 00000000000000000000000000000007623000000000000010 0000001000000
“C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe”=0 x534143500100000000000000070000002800000065E70A000 0000000030000000000000000000106000100006A920CE5B7B AD001000000000000000002000000280000000000000000000 00000000000000000000000000000000000011200000000000 00100000001000000
“C:\Program Files (x86)\DVD Decrypter\uninstall.exe”=0x53414350010000000000000 007000000280000000DFC00000000000003000000000000000 0000105710000006A920CE5B7BAD0010000000000000000020 00000280000000000000000080000000000000000000000000 0000000000051240000000000000100000001000000
“C:\Program Files (x86)\DVD Shrink\unins000.exe”=0x534143500100000000000000070 0000028000000C92D010000000000030000000000000000000 105412000006A920CE5B7BAD00100000000000000000200000 02800000000000000000800000000000000000000000000000 000000075110000000000000100000001000000
“C:\Users\Steve\Downloads\esetsmartinstaller_enu(1 ).exe”=0x5341435001000000000000000700000028000000C 8CE2B00B9E72B0001000000000000000000000A712000006A9 20CE5B7BAD0010000000000000000020000002800000000000 000000000000000000000000000000000000000000068E0F50 1000000000100000001000000
“C:\Users\Steve\Downloads\MediaCreationTool(3).exe ”=0x5341435001000000000000000700000028000000507919 015BC4190101000000000000000000000A002100006A920CE5 B7BAD001000000000000000002000000280000000000000000 00004000000000000000000000000000000000EF1181000000 00000100000001000000
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6281.1202_1\FileSyncConfig.exe”=0x534143500100 0000000000000700000028000000C88002006A180300010000 00000000000000000A0021000019B4C529E312D10100000001 00000000
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6301.0127\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C8800200726B030001000000 000000000000000A0021000019B4C529E312D1010000000100 000000
“C:\Users\Steve\Downloads\Adware_Removal_Tool_by_T SA.exe”=0x5341435001000000000000000700000028000000 A8B00A00864A0B0001000000000000000000000AF122000019 B4C529E312D101000000000000000005000000100000000000 00000000000000000000000000000200000028000000000000 0000000040000000000000000000000000000000004C263000 000000000100000001000000
“C:\Users\Steve\Desktop\Desk top items\AVSAudioConverter.exe”=0x5341435001000000000 000000700000028000000481A3300000000000100000000000 000000001057120000033504C2B57DFD101000000000000000 00100000004000000010000000200000028000000000000000 00000004004000000000000400000000000000093110F03000 000002000000020000000
“C:\Program Files (x86)\CDBurnerXP\unins000.exe”=0x53414350010000000 00000000700000028000000C91818000000000003000000000 00000000003060001000033504C2B57DFD1010000000000000 00002000000280000000000000000000000000000000000000 00000000000000000E4980000000000000200000002000000
“C:\Users\Steve\Downloads\cdbxp_setup_4.5.6.5844.e xe”=0x53414350010000000000000007000000280000008038 56000AB956000100000000000000000003060001000019B4C5 29E312D1010000000000000000020000002800000000000000 000000000000000000000000000000000000000053601D0000 0000000100000001000000
“C:\Users\Steve\Desktop\Usenext Files\wizard\Nero 2016 Platinum v17.0.02000 + Crack (TechTools\setup_contentpack.exe”=0x53414350010000 000000000007000000280000004863ED2F5C85ED2F01000000 00000000000001067102000019B4C529E312D1010000000000 00000002000000280000000000000000000000000000000000 00000000000000000000968B17000000000002000000020000 00
“C:\Program Files (x86)\Nero\Nero 11\Nero Vision\NeroVision.exe”=0x5341435001000000000000000 700000028000000288513003B1514000100000000000000000 001067122000019B4C529E312D101000000000000000002000 00028000000000000000000000000000000000000000000000 00000000037E90000000000000100000001000000
“C:\Program Files (x86)\Nero\Uninstall.exe”=0x5341435001000000000000 000700000028000000A9F90800000000000300000000000000 000000067100000019B4C529E312D101000000000000000002 00000028000000000000000008000000000000000000000000 00000000000086E10000000000000100000001000000
“C:\ProgramData\Uninstall{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}\setup.exe”=0x53414350010000000000000 00700000028000000F0613B00FE6B3B0003000000000000000 00001060021000019B4C529E312D1010000000000000000020 00000280000000000000000000000000000000000000000000 00000000000625D0000000000000100000001000000
“C:\ProgramData\Uninstall{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe”=0x53414350010000000000000 00700000028000000F02B3B00DB763B0003000000000000000 00001067122000019B4C529E312D1010000000000000000050 00000100000000000000000000000000000000000000002000 00028000000000000000000000000008000000000000000800 000000000B3260000000000000100000001000000010000000 400000001000000
“C:\Program Files (x86)\WinRAR\Uninstall.exe”=0x53414350010000000000 0000070000002800000000D80100599A020003000000000000 00000001060021000019B4C529E312D1010000000000000000 02000000280000000000000000000000000000000000000000 00000000000000E3160000000000000100000001000000
“C:\Users\Steve\Desktop\Usenext Files\wizard\WinRAR 5.30 Beta 2 Registered Version by Tallguy29\WinRAR 5.30 Beta 2 (x64).exe”=0x5341435001000000000000000700000028000 0006AF41F00000000000100000000000000000003060001000 059193B14E312D101000000000000000002000000280000000 00000000000000000000000000000000000000000000000267 40000000000000100000001000000
“C:\Users\Steve\Downloads\Support-LogMeInRescue(1).exe”=0x53414350010000000000000007 000000280000002850180015E9180001000000000000000000 000A0021000019B4C529E312D1010000000000000000050000 00100000000000000000000000000000000000000002000000 28000000000000000000000000000000000000000000000000 00000025630C00000000000100000001000000
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe”=0x534143500100000000000000050000 00100000000000000000000000000000000000000007000000 28000000E0759700E487970001000000000000000000000A71 22000033504C2B57DFD1010000000000000000020000002800 00000000000000000040000000000000000000000000000000 00D9291F00000000000500000005000000
“C:\Program Files (x86)\Broderbund\The Print Shop\ps.exe”=0x53414350010000000000000007000000280 0000000406B000000000001000000000000000000010571200 00033504C2B57DFD1010000000000000000020000002800000 0000000000000000000040200000000000000000000000000D 46D1301000000000200000002000000
“C:\Users\Steve\Downloads\mvt(1).exe”=0x5341435001 0000000000000007000000280000007039030006B703000100 000000000000000003060001000019B4C529E312D101000000 00000000000200000028000000000000000000004000000000 000000000000000000000000062F0200000000000100000001 000000
“C:\Users\Steve\Downloads\mvt(2).exe”=0x5341435001 0000000000000007000000280000007039030006B703000100 000000000000000003060001000019B4C529E312D101000000 00000000000200000028000000000000000000004000000000 00000000000000000000000028890600000000000100000001 000000
“C:\Users\Steve\Downloads\mvt(3).exe”=0x5341435001 0000000000000007000000280000007039030006B703000100 000000000000000003060001000019B4C529E312D101000000 00000000000200000028000000000000000000004000000000 000000000000000000000000D5510100000000000100000001 000000
“C:\Users\Steve\Downloads\mvt(4).exe”=0x5341435001 0000000000000007000000280000007039030006B703000100 000000000000000003060001000019B4C529E312D101000000 00000000000200000028000000000000000000004000000000 000000000000000000000000CA972B00000000000100000001 000000
“C:\Users\Steve\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe”=0x534143500100 000000000000070000002800000010D73C002F3A3D00010000 00000000000000000A0021000019B4C529E312D10100000000 00000000050000001000000000000000000000000000000000 00000002000000280000000000000000000040000000000000 00000000000000000000390600000000000001000000010000 00
“C:\Users\Steve\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\lmi_rescue.exe”=0x534143500100 000000000000070000002800000010D73C002F3A3D00010000 00000000000000000A0021000019B4C529E312D10100000000 00000000050000001000000000000000000000000000000000 00000002000000280000000000000000000040000000000000 00000000000000000000EB0500000000000001000000010000 00
“C:\Program Files\McAfee Security Scan\uninstall.exe”=0x5341435001000000000000000700 000028000000407C05001BA805000300000000000000000001 060001000019B4C529E312D101000000000000000002000000 28000000000000000000000000000000000000000000000000 000000A42B0000000000000100000001000000
“C:\Program Files\McAfee\MSC\mcuihost.exe”=0x53414350010000000 0000000070000002800000018B10E00E0AB0F0003000000000 000000000000A0021000059193B14E312D1010000000000000 00002000000280000000000000000000000000000000000000 0000000000000000050630300000000000100000001000000
“SIGN.IE=07EF508 McAfeeSetup-AutoLogin.exe”=0x534143500100000000000000070000002 800000008F57E00C5297F0001000000000000000000000A002 1000019B4C529E312D10100000000000000000200000028000 00000000000000000400000000000000000000000000000000 0D40C0600000000000100000001000000
“C:\Users\Steve\Downloads\getnzb-setup-v742581.exe”=0x53414350010000000000000007000000280 0000090999F002680A00001000000000000000000030600010 00019B4C529E312D1010000000000000000020000002800000 00000000000000000000000000000000000000000000000006 3931303000000000100000001000000
“C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe”=0x5341435001000000000000000700 000028000000D0767608D53B77080100000000000000000000 0A00210000D5B3B31A57DFD101000000000000000002000000 28000000000000000000000000000000000000000000000000 000000D67DE400000000000800000008000000
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”=0x53414350010000 00000000000700000028000000D8E6100028D3110001000000 000000000000000A7122000019B4C529E312D1010000000000 00000002000000280000000000000000000000000000000000 00000000000000000000FC5300000000000001000000010000 00
“C:\Program Files\Adobe\Adobe InDesign CC 2015\InDesign.exe”=0x53414350010000000000000007000 00028000000D00E5C008D665C0001000000000000000000000 A7322000059193B14E312D1010000000000000000020000002 80000000000000000000000000000000000000000000000000 0000060635500000000000200000002000000
“C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe”=0x5341435001000000000000000700000028000 000C04C2300C564230001000000000000000000000A0021000 033504C2B57DFD101000000000000000002000000280000000 000000000000000000000000000000000000000000000007FD 15100000000000400000004000000
“C:\Windows\SysWOW64\Macromed\Temp{AA15560B-B1C1-4AE0-A540-AE196E039413}\InstallFlashPlayer.exe”=0x5341435001 000000000000000700000028000000C0089B00FA4F9B000100 0000000000000000000A0021000059193B14E312D101000000 00000000000200000028000000000000000000000000000000 00000000000000000000000057160000000000000100000001 000000
“C:\Users\Steve\Downloads\mbae_premium.exe”=0x5341 435001000000000000000700000028000000089D1C00580C1D 000100000000000000000002060001000019B4C529E312D101 00000000000000000200000028000000000000000000004000 000000000000000000000000000000F6900000000000000100 000001000000
“C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe”=0x534143500100000000000000070000 0028000000D0252800659A280001000000000000000000000A 7122000019B4C529E312D10100000000000000000200000028 00000000000000000000000000000000000000000000000000 0000BD050000000000000100000001000000
“SIGN.MEDIA=1750764 Autorun.exe”=0x53414350010000000000000007000000280 0000048A70600B4E2060001000000000000000000010671200 00019B4C529E312D1010000000000000000020000002800000 00000000080080040000000000000000000000000000000002 1703100000000000200000002000000
“C:\Users\Steve\Desktop\Usenext Files\wizard\The Beatles Abbey Road 1969 Stereo Remaster 2014 -\The Beatles Abbey Road 1969 Stereo Remaster 2014.exe”=0x53414350010000000000000007000000280000 00B7F00E060000000001000000000000000000010671020000 19B4C529E312D1010000000000000000020000002800000000 0000000000000000000200000000000000000000000000B41E EA01000000000200000002000000
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6381.0405\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C0BA02005C1F030001000000 000000000000000A0021000033504C2B57DFD1010000000100 000000
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6390.0509\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000C8BA020001D3020001000000 000000000000000A0021000033504C2B57DFD1010000000100 000000
“C:\Program Files (x86)\Windows Media Player\wmplayer.exe”=0x534143500100000000000000070 0000028000000008C020019300300010000000100000000000 00A7122000033504C2B57DFD1010000000000000000
“C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe”=0x534143500100000000000000070 0000028000000089F37002B043800010000000000000000000 00A00210000D5B3B31A57DFD10100000000000000000500000 01000000000000000000000000000000000000000020000002 80000000000000000000040000000000000000000000000000 00000E2040000000000000200000002000000
“C:\Program Files\McAfee.com\Agent\mcagent.exe”=0x534143500100 0000000000000700000028000000F0241100BE141200010000 00000000000000000A00210000D5B3B31A57DFD10100000000 00000000020000002800000000000000000000000000000000 00000000000000000000002105000000000000020000000200 0000
“C:\Program Files\WinRAR\Uninstall.exe”=0x53414350010000000000 00000700000028000000909D03003B21040001000000000000 000000000A00210000D5B3B31A57DFD1010000000000000000 02000000280000000000000000000000000000000000000000 00000000000000C5010000000000000100000001000000
“C:\Users\Steve\Downloads\R266194.exe”=0x534143500 10000000000000007000000280000008844EA04A04AEA04010 0000000000000000000067102000033504C2B57DFD10100000 00000000000020000002800000000000000000000400000000 0000000000000000000000000A5D4000000000000010000000 1000000
“C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe”=0x53414350 01000000000000000700000028000000600A01008EA3010001 00000000000000000001060001000033504C2B57DFD1010000 00000000000002000000280000000000000000000000000000 00000000000000000000000000650400000000000001000000 01000000
“C:\Users\Steve\Downloads\JavaUninstallTool.exe”=0 x534143500100000000000000070000002800000018AA1100D 6E4110001000000000000000000000A7122000033504C2B57D FD101000000000000000002000000280000000000000000000 04000000000000000000000000000000000BA9F00000000000 00100000001000000
“C:\Users\Steve\Downloads\JavaSetup8u111.exe”=0x53 4143500100000000000000070000002800000040400B00A6CF 0B0001000000000000000000000A7122000033504C2B57DFD1 01000000000000000002000000280000000000000000000040 00000000000000000000000000000000CDEB19000000000001 00000001000000
“C:\Program Files (x86)\Dell Customer Connect\DCCTrayApp.exe”=0x534143500100000000000000 070000002800000078DF1000C7511100010000000000000000 00000AF1220000E63F486B2AA0D20100000000000000000200 00002800000000000000000000000000000000000000000000 0000000000FA560000000000002600000026000000
“C:\Users\Steve\Downloads\burnsetup.exe”=0x5341435 00100000000000000070000002800000010970D0099AB0D000 1000000000000000000000A0021000033504C2B57DFD101000 00000000000000200000028000000000000000000004000000 00000000000000000000000000068760A00000000000100000 001000000
“C:\Users\Steve\Downloads\cdbxp_setup_4.5.7.6521_m inimal.exe”=0x534143500100000000000000070000002800 0000402F52007D985200010000000000000000000306000100 0033504C2B57DFD10100000000000000000200000028000000 000000000000000000000000000000000000000000000000AD BD7B00000000000100000001000000
“C:\Users\Steve\Downloads\TurboTax_Deluxe_2015_Fed eral__State_Taxes_-Tax_Preparation_Software-_PC_Download_Old_Version.exe”=0x534143500100000000 00000007000000280000004064140711CE1407010000000000 0000000000067100000033504C2B57DFD10100000000000000 00020000002800000000000000000000000000000000000000 0000000000000000D9C8E51E000000000100000001000000
“C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe”=0x53414350010000000000000 00700000028000000508C1C0096501D0001000000000000000 000000A71220000E63F486B2AA0D2010000000000000000020 00000280000000000000000000000000000000000000000000 00000000000FF591A08000000000200000002000000
“C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe”=0x5341435001000000000 00000070000002800000070B41A00795F1B000100000000000 0000000000A8021000033504C2B57DFD101000000000000000 00200000028000000000000000000000000000000000000000 000000000000000C8E30000000000000100000001000000
“C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe”=0x534143500100000000000000 0700000028000000507A0900D5C30900010000000000000000 0001060001000033504C2B57DFD10100000000000000000200 00002800000000000000000000000000000000000000000000 000000000055AC0500000000000100000001000000
“C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE”=0x53414350010000 00000000000700000028000000C0A61D00BD9F1E0001000000 000000000000000A0021000033504C2B57DFD1010000009100 000000
“C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE”=0x5341435001000000 000000000700000028000000C0DA1902D8661A020100000000 0000000000000A0021000033504C2B57DFD101000000910000 0000
“C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe”=0x534143500 1000000000000000700000028000000C8EA3D0045E03E00010 00000000000000000000A00210000D5B3B31A57DFD10100000 00000000000020000002800000000000000000000000000000 000000000000000000000000010FB790100000000070000000 7000000
“C:\Users\Steve\Downloads\FRST.exe”=0x534143500100 000000000000070000002800000000221B00484D1B00010000 00000000000000000A0021000033504C2B57DFD10100000000 00000000050000001000000000000000000000000000000000 00000002000000280000000000000000000040000000000000 00000000000000000000BE1700000000000001000000010000 00
“C:\Program Files\Dell\SupportAssist\pcdlauncher.exe”=0x534143 5001000000000000000700000028000000D813070002790700 01000000000000000000000A00210000D5B3B31A57DFD10100 00000000000000020000002800000000000000000000000000 00000000000000000000000000006806000000000000010000 0001000000
“C:\Users\Steve\Downloads\FRST64.exe”=0x5341435001 000000000000000700000028000000005A240093E424000100 0000000000000000000A00210000D5B3B31A57DFD101000000 00000000000200000028000000000000000000004000000000 00000000000000000000000000DD0700000000000100000001 000000
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”=0x534143500100000000000000070 0000028000000C8F3070014AF0800010000000000000000000 00A00210000E63F486B2AA0D2010000000100000000
“C:\Users\Steve\Downloads\aswmbr.exe”=0x5341435001 000000000000000700000028000000005A4F00000000000100 0000000000000000000A7122000033504C2B57DFD101000000 00000000000500000010000000000000000000000000000000 00000000020000002800000000000000000000400000000000 0000000000000000000000F9FD030000000000040000000400 0000
“C:\Program Files\WinRAR\WinRAR.exe”=0x53414350010000000000000 0070000002800000090AB1700BE9B180001000000000000000 000000A00210000E78E163C2AA0D2010000000000000000020 00000280000000000000000000000000000000000000000000 000000000004B6A1002000000000A0000000A000000
“C:\Users\Steve\Downloads\Desktop\FRST64.exe”=0x53 41435001000000000000000700000028000000005A240093E4 240001000000000000000000000A00210000D5B3B31A57DFD1 010000000000000000
“C:\Users\Steve\Downloads\esetonlinescanner_enu.ex e”=0x534143500100000000000000070000002800000080126 700FBD7670001000000000000000000000A0021000033504C2 B57DFD1010000000000000000
“C:\Users\Steve\Downloads\Adware Removal Tool by TSA(1).exe”=0x534143500100000000000000070000002800 0000A87A0B0004E60B0001000000000000000000000AF12200 0033504C2B57DFD1010000000000000000
“C:\Users\Steve\Downloads\Desktop\aswmbr(1).exe”=0 x5341435001000000000000000700000028000000005A4F000 000000001000000000000000000000A7122000033504C2B57D FD101000000000000000005000000100000000000000000000 00000000000000000000200000028000000000000000000004 000000000000000000000000000000000089A0B00000000000 100000001000000
“C:\Users\Steve\Downloads\RogueKiller_portable64.e xe”=0x534143500100000000000000070000002800000048EE 9301DE3D940101000000000000000000000A00210000D5B3B3 1A57DFD1010000000000000000020000002800000000000000 000000400000000000000000000000000000000052A1690000 0000000100000001000000
“C:\Users\Steve\Downloads\JRT.exe”=0x5341435001000 00000000000070000002800000048501B0027F11B000100000 000000000000001067102000033504C2B57DFD101000000000 00000000500000010000000000000000000000000000000000 00000020000002800000000000000000000400000000000000 00000000000000000004C81190000000000010000000100000 0
“C:\Users\Steve\Downloads\adwcleaner_7.0.0.0.exe”= 0x5341435001000000000000000700000028000000C88B7C00 6CAA7C0001000000000000000000000A7122000033504C2B57 DFD10100000000000000000500000010000000000000000000 00000000000000000000020000002800000000000000000000 40040000000000000000000000000000000D3A030000000000 0100000001000000
“C:\Users\Steve\Downloads\ZHPDiag3.exe”=0x53414350 0100000000000000070000002800000080912A00AAAC2A0001 00000000000000000003060001000033504C2B57DFD1010000 00000000000002000000280000000000000000000040000000 00000000000000000000000000A45D1D000000000001000000 01000000
“C:\Users\Steve\Downloads\ZHPDiag3(1).exe”=0x53414 3500100000000000000070000002800000080912A00AAAC2A0 00100000000000000000003060001000033504C2B57DFD1010 00000000000000005000000100000000000000000000000000 00000000000000200000028000000000000000000004000000 00000000000000000000000000044220200000000000200000 002000000
“C:\Users\Steve\Downloads\ZHPDiag3(2).exe”=0x53414 3500100000000000000070000002800000080912A00AAAC2A0 00100000000000000000003060001000033504C2B57DFD1010 00000000000000005000000100000000000000000000000000 00000000000000200000028000000000000000000004000000 0000000000000000000000000006CD20800000000000200000 002000000
“C:\Users\Steve\Downloads\ZHPDiag3(3).exe”=0x53414 3500100000000000000070000002800000080912A00AAAC2A0 00100000000000000000003060001000033504C2B57DFD1010 00000000000000005000000100000000000000000000000000 00000000000000200000028000000000000000000004000000 0000000000000000000000000006F310A00000000000200000 002000000
“C:\Users\Steve\Downloads\ccsetup532.exe”=0x534143 500100000000000000070000002800000038BC940091CD9400 01000000000000000000000A0021000033504C2B57DFD10100 00000000000000020000002800000000000000000000400000 00000000000000000000000000003CB7030000000000010000 0001000000
“C:\Users\Steve\Downloads\ZHPCleaner(1).exe”=0x534 1435001000000000000000700000028000000803D2B00F7A52 B000100000000000000000003060001000033504C2B57DFD10 10000000000000000020000002800000000000000000000400 00000000000000000000000000000006C4D0F0000000000010 0000001000000
“C:\Users\Steve\Downloads\Zemana.AntiMalware.Setup .exe”=0x534143500100000000000000070000002800000090 8D640002B9733B01000000000000000000000A002100003350 4C2B57DFD10100000000000000000200000028000000000000 000000004000000000000000000000000000000000B773C900 000000000100000001000000
“C:\Windows\System32\UNPUXWorker.exe”=0x5341435001 00000000000000070000002800000060570100D7A301000100 0000000000000000000A73220000D5B3B31A57DFD101000000 00000000000200000028000000000000000000004000000000 0000000000000000000000004F000000000000000200000002 000000
“C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe”=0x534143500100000000000000070 00000280000009038ED00C927EE00010000000000000000000 00A0021000033504C2B57DFD10100000000000000000200000 02800000000000000000000000000000000000000000000000 000000033020000000000000100000001000000
“C:\Users\Steve\Desktop\ZHPFix(2).exe”=0x534143500 100000000000000070000002800000051BC350000000000010 00000000000000000000A41220000E63F486B2AA0D20100000 00000000000020000002800000000000000000000400000000 0000000000000000000000000633B000000000000020000000 2000000
“C:\Users\Steve\AppData\Roaming\ZHP\ZHPCleaner.exe ”=0x5341435001000000000000000700000028000000803D2B 00F7A52B0001000000000000000000030600010000E63F486B 2AA0D201000000000000000005000000100000000000000000 00000000000000000000000200000028000000000000000000 004000000000000000000000000000000000322A3A00000000 000200000002000000
“C:\Users\Steve\Downloads\PatchMyPC(1).exe”=0x5341 435001000000000000000700000028000000203F090082330A 0001000000000000000000000AF5220000D5B3B31A57DFD101 00000000000000000200000028000000000000000000004000 000000000000000000000000000000E0778A00000000000100 000001000000
“C:\Program Files (x86)\Skype\Phone\Skype.exe”=0x5341435001000000000 000000700000028000000E0F5A701CC87A8010100000000000 0000000000A0021000033504C2B57DFD101000000000000000 00200000028000000000000000000001000000000000000000 00000000000000021050000000000000100000001000000
“C:\Program Files\Notepad++\notepad++.exe”=0x53414350010000000 00000000700000028000000B05A2D0009742D0001000000000 000000000000A00210000D5B3B31A57DFD1010000000000000 00002000000280000000000000000000000000000000000000 000000000000000008E1F0000000000000100000001000000
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6816.0313\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000787C03003765040001000000 000000000000000A00210000E63F486B2AA0D2010000000100 000000
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\U pdate\OneDriveSetup.exe”=0x53414350010000000000000 00700000028000000D05E9301F3E9930101000000000000000 000000A00210000E63F486B2AA0D2010000000100000000
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6917.0607\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000D09A0300AA58040001000000 000000000000000A71200000E63F486B2AA0D2010000000100 000000
“C:\Users\Steve\Desktop\HiJackThis.exe”=0x53414350 0100000000000000070000002800000050841100A385110001 000000000000000000000A00210000E63F486B2AA0D2010000 00000000000002000000280000000000000000000040000000 00000000000000000000000000DF300C020000000001000000 01000000
“C:\Users\Steve\Downloads\Zemana.AntiMalware.Setup (1).exe”=0x534143500100000000000000070000002800000 0908D640002B9733B01000000000000000000000A00210000E 63F486B2AA0D20100000000000000000200000028000000000 000000000004000000000000000000000000000000000D9DE8 E02000000000100000001000000
“C:\Users\Steve\Downloads\zoek(1).exe”=0x534143500 100000000000000070000002800000000FA130000000000010 00000000000000000010671020000E63F486B2AA0D20100000 00000000000050000001000000000000000000000000000000 00000000002000000280000000000000000000040001000000 00000000000000000000000122B88000000000002000000020 00000
“C:\Users\Steve\Downloads\ZHPFix\ZHPFix(2).exe”=0x 534143500100000000000000070000002800000051BC350000 00000001000000000000000000000A41220000E63F486B2AA0 D2010000000000000000020000005000000000000000000000 40000000000000000000000000000000003B59000000000000 02000000010000000000000000000000000000000000000000 000000000000003B470000000000000200000000000000
“C:\Program Files (x86)\ZHPFix\ZHPhep.exe”=0x53414350010000000000000 0070000002800000000421D000000000001000000000000000 000020671220000E63F486B2AA0D2010000000000000000020 00000500000000000000000000040000000000000000000000 000000000007D6317000000000002000000010000000000000 00000000000000000000000000000000000000000145D00000 00000000200000000000000
“C:\Users\Steve\Downloads\SecurityCheck.exe”=0x534 143500100000000000000070000002800000037DE070065BC0 10001000000000000000000010600010000E63F486B2AA0D20 10000000000000000050000001000000000000000000000000 00000000000000002000000280000000000000000000040000 00000000000000000000000000000947B01000000000001000 00001000000
“C:\Users\Steve\Downloads\JavaSetup8u144.exe”=0x53 4143500100000000000000070000002800000040460B009AF3 0B0001000000000000000000000A71220000E63F486B2AA0D2 01000000000000000002000000280000000000000000000040 0000000000000000000000000000000021B001000000000001 00000001000000
“C:\Program Files\Internet Explorer\iexplore.exe”=0x5341435001000000000000000 70000002800000040930C00D5A10C000100000001000000000 0000A00210000E78E163C2AA0D2010000000000000000
“C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssvagent.exe”=0x534143 500100000000000000070000002800000040D00000706A0100 01000000000000000000010600010000E63F486B2AA0D20100 00000000000000020000002800000000000000000000000000 00000000000000000000000000004E00000000000000020000 0002000000
“C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe”=0x53414350 01000000000000000700000028000000C8524300FD12440001 000000000000000000000A00210000E78E163C2AA0D2010000 00000000000002000000280000000000000000000000000000 00000000000000000000000000995301000000000001000000 01000000
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\S tandaloneUpdater\OneDriveSetup.exe”=0x534143500100 0000000000000700000028000000D0F2A6017F93A701010000 00000000000000000A00210000E63F486B2AA0D20100000001 00000000
“C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6943.0625\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000D0960300F48A040001000000 000000000000000A71200000E63F486B2AA0D2010000000100 000000
“C:\Users\Steve\Downloads\JavaSetup8u144(1).exe”=0 x534143500100000000000000070000002800000040460B009 AF30B0001000000000000000000000A71220000E63F486B2AA 0D201000000000000000002000000280000000000000000000 04000000000000000000000000000000000D15C01000000000 00100000001000000
“C:\Program Files\WindowsApps\DriverToaster_1.3.0.0_x86__rqs2n t378nwsp\DriverToaster.exe”=0x53414350010000000000 00000700000028000000009200000000000001000000000000 000000000AF5220000E63F486B2AA0D2010000000000000000 02000000280000000000000000000000000000000000000000 0000000000000028090000000000000200000002000000
“C:\Users\Steve\Downloads\zoek(2).exe”=0x534143500 100000000000000070000002800000000FA130000000000010 00000000000000000010671020000E63F486B2AA0D20100000 00000000000020000002800000000000000000000400000000 00000000000000000000000001CED2C0100000000020000000 2000000
“C:\Users\Steve\AppData\Local\Temp\A737.tmp\zoek-delete.bat”=0x534143500100000000000000070000002800 0000008A030013800400010000000000000000000105001000 00E63F486B2AA0D2010000000000000000
“C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE”=0x53414350010000 0000000000070000002800000030409601D091960101000000 000000000000000A00210000E63F486B2AA0D2010000009100 000000
“C:\Users\Steve\Downloads\PatchMyPC(2).exe”=0x5341 435001000000000000000700000028000000203F090082330A 0001000000000000000000000AF5220000E78E163C2AA0D201 00000000000000000200000028000000000000000000004000 00000000000000000000000000000011860800000000000100 000001000000
“C:\Users\Steve\Downloads\jre-8u144-windows-x64(1).exe”=0x534143500100000000000000070000002800 00004064E503EAB4E50301000000000000000000000A732200 00E78E163C2AA0D20100000000000000000200000028000000 000000000000004000000000000000000000000000000000A4 320100000000000100000001000000
“C:\Users\Steve\Downloads\SecurityCheck(1).exe”=0x 534143500100000000000000070000002800000037DE070065 BC010001000000000000000000010600010000E63F486B2AA0 D2010000000000000000050000001000000000000000000000 00000000000000000002000000280000000000000000000000 00000000000000000000000000000000BD0010000000000002 00000002000000
“C:\Users\Steve\Downloads\FRST64(1).exe”=0x5341435 00100000000000000070000002800000000562400C31825000 1000000000000000000000A00210000E78E163C2AA0D201000 00000000000000200000028000000000000000000004000000 0000000000000000000000000003B7C8205000000000300000 003000000
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”=0x5341 43500100000000000000070000002800000058531500F10716 0001000000000000000000000A00210000E78E163C2AA0D201 0000000100000000
“C:\Users\Steve\Desktop\SupRestric.exe”=0x53414350 0100000000000000070000002800000000501200CE49130001 000000000000000000000A00210000E63F486B2AA0D2010000 00000000000005000000100000000000000000000000000000 00000000000200000028000000000000000000004000000000 0000000000000000000000004C2A0000000000000100000001 000000
“C:\Users\Steve\Desktop\QuickDiag.exe”=0x534143500 1000000000000000700000028000000A835470019334800010 00000000000000000000A00210000E63F486B2AA0D20100000 00000000000020000002800000000000000000000400000000 0000000000000000000000000D13B000000000000010000000 1000000

---------- | IFEO

---------- | Mountpoints2

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“”=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“Beep”=#USR:Control Panel\Sound
“CoolSwitch”=USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“Spooler”=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SwapMouseButtons”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“Beep”=#USR:Control Panel\Sound
“CoolSwitch”=USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SwapMouseButtons”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
“windows”=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
“cval”=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
“VistaSp1”=131455394471959679

[HKLM\SOFTWARE\Microsoft\Windows Defender]
“ProductAppDataPath”=C:\ProgramData\Microsoft\Wind ows Defender
“ProductIcon”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
“ProductLocalizedName”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
“RemediationExe”=%ProgramFiles%\Windows Defender\MSASCui.exe
“DisableAntiSpyware”=1
“ProductType”=2
“ManagedDefenderProductType”=0
“ProductStatus”=0
“InstallTime”=0x78EACE00A9FDD001
“DisableAntiVirus”=1
“InstallLocation”=C:\Program Files\Windows Defender
“PassiveMode”=0
“LastEnabledTime”=0xDB3729F93E08D301

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall”=1

---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)

---------- | Hosts
127.0.0.1 localhost

---------- | Ping

Pinging google.com [2607:f8b0:4009:813::200e] with 32 bytes of data:
Request timed out.
Reply from 2607:f8b0:4009:813::200e: time=31ms
Reply from 2607:f8b0:4009:813::200e: time=40ms
Reply from 2607:f8b0:4009:813::200e: time=42ms

Ping statistics for 2607:f8b0:4009:813::200e:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 42ms, Average = 37ms

---------- | @

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Internet Explorer\Main]
“Anchor Underline”=yes
“Disable Script Debugger”=yes
“DisableScriptDebuggerIE”=yes
“Display Inline Images”=yes
“Do404Search”=0x01000000
“Save_Session_History_On_Exit”=no
“Show_FullURL”=no
“Show_StatusBar”=yes
“Show_ToolBar”=yes
“Show_URLinStatusBar”=yes
“Show_URLToolBar”=yes
“Use_DlgBox_Colors”=yes
“UseClearType”=no
“XMLHTTP”=1
“Local Page”=C:\WINDOWS\system32\blank.htm
“Cache_Update_Frequency”=Once_Per_Session
“Search Page”= http://www.google.com
“NoUpdateCheck”=0
“Enable Browser Extensions”=yes
“Play_Background_Sounds”=yes
“Play_Animations”=yes
“Start Page”= MSN
“DisableFirstRunCustomize”=0
“CompatibilityFlags”=0
“FullScreen”=no
“Window_Placement”=0x2C0000000000000001000000FFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFF8D0100001E0000008806000 0AF020000
“Use FormSuggest”=yes
“NotifyDownloadComplete”=yes
“Error Dlg Displayed On Every Error”=no
“IconCache”=0xiih2c
“DownloadWindowPlacement”=0x2C00000000000000000000 00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0E010000AF000000 E60500008F020000
“AutoHide”=yes
“OperationalData”=13
“ImageStoreRandomFolder”=fm9o54e
“IE10TourNoShow”=1
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“ScriptDebugger_EnableHiddenTabs”=0
“StatusBarWeb”=1
“ForceGDIPlus”=0
“AlwaysShowMenus”=0
“ShutdownWaitForOnUnload”=0
“DNSPreresolution”=8
“SpellChecking”=1
“LangToolsBroker”={5bbd58bb-993e-4c17-8af6-3af8e908fca8}
“DisablePasswordReveal”=0
“DisableRequiresActiveXPrompt”=
“GotoIntranetSiteForSingleWordEntry”=0
“AutoSearch”=1
“SuppressScriptDebuggerDialog”=0
“PredictedViewExpansion”=100
“PredictedViewChangeThreshold”=10
“PredictedViewChangeThresholdPaint”=10
“ContentLayerCacheExpansion”=300
“RenderingLoopMaxTime”=250
“NscSingleExpand”=0
“Friendly http errors”=yes
“CSS_Compat”=doctype
“Expand Alt Text”=no
“Display Inline Videos”=1
“Use Stylesheets”=1
“SmoothScroll”=1
“Show image placeholders”=0
“Disable Diagnostics Mode”=no
“Move System Caret”=no
“Enable AutoImageResize”=yes
“UseThemes”=1
“UseHR”=0
“Q300829”=0
“Cleanup HTCs”=0
“XDomainRequest”=1
“DOMStorage”=1
“EnableAlternativeCodec”=yes
“JScriptProfileCacheEventDelay”=5000
“CrossfadeMinTimeoutInMS”=30000
“CrossfadeMaxTimeoutInMS”=30000
“CrossfadeCurrentTimeoutInMS”=30000
“ScrollTimeoutInMS”=6000
“IE10RunOnceLastShown”=1
“IE10RunOnceLastShown_TIMESTAMP”=0xE5DD9C591A07D30 1
“IE10RunOncePerInstallCompleted”=1
“IE10TourShown”=0
“IE10RecommendedSettingsNo”=0
“FrameTabWindow”=1
“AdminTabProcs”=1
“SessionMerging”=1
“FrameMerging”=1
“HangRecovery”=1
“DesktopTransparentCoverWindowTime”=8
“TSEnable”=1
“Isolation64Bit”=0
“IsolationImmersive”=PMEM
“TabShutdownDelay”=60000
“FrameShutdownDelay”=0
“MinIEEnabled”=1
“RunSpartanBrowser”=0
“RefcountTracker”=0
“TabDragOnSingleProc”=0
“ForceBFCacheCandidacyPass”=0
“Fasterback”=1
“BackForwardInstrumentation”=0
“EdgeSwitchingOSBuildNumber”=10586.th2_release.160 906-1759
“First Home Page”= Get to Know Microsoft Edge
“Start Page_TIMESTAMP”=0x72C4D1B6856ED201
“SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy”=
“IE10RunOnceCompletionTime”=0xBD4A7BC6B510D201
“IE11EdgeNotifyTime”=0xF576C92E2007D301
“EdgeReminderRemainingCount”=5

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“DisableCachingOfSSLPages”=0
“IE5_UA_Backup_Flag”=5.0
“PrivacyAdvanced”=1
“SecureProtocols”=2688
“CertificateRevocation”=1
“EnableNegotiate”=1
“MigrateProxy”=1
“ProxyEnable”=0
“ProxyHttp1.1”=1
“User Agent”=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
“EmailName”=IEUser@
“PrivDiscUiShown”=1
“EnableHttp1_1”=1
“WarnOnIntranet”=1
“MimeExclusionListForCache”=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
“AutoConfigProxy”=wininet.dll
“UseSchannelDirectly”=0x01000000
“WarnOnPost”=0x01000000
“UrlEncoding”=0
“ZonesSecurityUpgrade”=0xA9C9808FB605D301
“WarnonZoneCrossing”=0
“EnableAutodial”=0
“NoNetAutodial”=0
“GlobalUserOffline”=1
“EnableHTTP2”=1
“BackgroundConnections”=1
“SyncMode5”=4
“EnableSSL3Fallback”=1
“EnablePunycode”=1
“ShowPunycode”=0
“CreateUriCacheSize”=80
“CoInternetCombineIUriCacheSize”=80
“SecurityIdIUriCacheSize”=30
“SpecialFoldersCacheSize”=8

[HKLM\Software\Microsoft\Internet Explorer\Main]
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“AutoHide”=yes
“Anchor_Visitation_Horizon”=0x01000000
“Cache_Percent_of_Disk”=0x0A000000
“Default_Page_URL”= MSN
“Default_Search_URL”= Search - Microsoft Bing
“Default_Secondary_Page_URL”=
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Extensions Off Page”=about:NoAdd-ons
“Local Page”=C:\Windows\System32\blank.htm
“Placeholder_Height”=0x1A000000
“Placeholder_Width”=0x1A000000
“Search Page”= Search - Microsoft Bing
“Security Risk Page”=about:SecurityRisk
“Use_Async_DNS”=yes
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
“DisableRandomFlighting”=0
“EnableLegacyEdgeSwitching”=1
“Start Page”= MSN
“TabProcGrowth”=Medium
“Print_Background”=0
“AlwaysShowMenus”=0
“StatusBarWeb”=1
“Check_Associations”=yes
“FrameAuto”=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“Home”=270
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“PostNotCached”=res://ieframe.dll/repost.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix]
“”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes]
“ftp”=ftp://
“home”=http://
“mosaic”=http://
“www”=http://
“gopher”=gopher://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“ActiveXCache”=C:\Windows\Downloaded Program Files
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“MinorVersion”=0
“WarnOnIntranet”=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“AutoHide”=yes
“Start Page”= MSN
“Anchor_Visitation_Horizon”=0x01000000
“Cache_Percent_of_Disk”=0x0A000000
“Default_Page_URL”= MSN
“Default_Search_URL”= Search - Microsoft Bing
“Default_Secondary_Page_URL”=
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Extensions Off Page”=about:NoAdd-ons
“Local Page”=C:\Windows\SysWOW64\blank.htm
“Placeholder_Height”=0x1A000000
“Placeholder_Width”=0x1A000000
“Search Page”= Search - Microsoft Bing
“Security Risk Page”=about:SecurityRisk
“Use_Async_DNS”=yes
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“Home”=270
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“PostNotCached”=res://ieframe.dll/repost.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\DefaultPrefix]
“”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\Prefixes]
“ftp”=ftp://
“home”=http://
“mosaic”=http://
“www”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Internet settings]
“ActiveXCache”=C:\Windows\Downloaded Program Files
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“MinorVersion”=0
“WarnOnIntranet”=1

---------- | Proxy

[HKLM\System\CurrentControlSet\Services\NLASVC\Para meters\Internet\Manualproxies]

---------- | reparsepoint

---------- | Detection of offsets

---------- | Notify

---------- | Execution FileExts

---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ GoogleDriveBlacklisted] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} – C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [21/03/2017 08:15:16]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ GoogleDriveSynced] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} – C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [21/03/2017 08:15:16]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ GoogleDriveSyncing] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} – C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [21/03/2017 08:15:16]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ AccExtIco1] - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} – C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [22/05/2016 19:33:48]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ AccExtIco2] - {853B7E05-C47D-4985-909A-D0DC5C6D7303} – C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [22/05/2016 19:33:48]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ AccExtIco3] - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} – C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [22/05/2016 19:33:48]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} – C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [23/02/2016 14:16:40]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} – C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [23/02/2016 14:16:40]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} – C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [23/02/2016 14:16:40]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\EnhancedStorageS hell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} – C:\Windows\System32\EhStorShell.dll [18/03/2017 16:57:23]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} –

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=

---------- | Toolbar

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“Locked”=1

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“ITBar7Layout”=0x130000000000000000000000300000001 00000000000000001000000000700005E01000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
“DownloadRetries”=4
“Version”=5
“UpgradeTime”=0xA9C9808FB605D301
“ShowSearchSuggestionsInAddressGlobal”=1
“DefaultPackCorrection”=1
“KnownProvidersUpgradeTime”=0xA9C9808FB605D301

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{47833539-D0C5-4125-9FA8-0819E2EAAC93}”=0x00

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
“{47833539-D0C5-4125-9FA8-0819E2EAAC93}”=0x00

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) -
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) -
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{0000036B-C524-4050-81A0-243669A86B9F}] : () -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}] : (@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -

---------- | SearchScopes

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66}] - (Google) - Google {searchTerms} :
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0C755E98-7D34-4B11-A63A-5F01EB9ABAE7}] - (Bing) - Search - Microsoft Bing {searchTerms}&src=IE-SearchBox :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{AB62CE37-C53F-4D77-9489-308327D58331}] - (Bing) - Search - Microsoft Bing {searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] → (Java™ Plug-In SSV Helper) :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}] → (Adobe Acrobat Create PDF Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [18/12/2015 11:42:36]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] → (McAfee WebAdvisor BHO) : c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [27/07/2017 16:37:02]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}] → (Java™ Plug-In 2 SSV Helper) :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{F4971EE7-DAA0-4053-9964-665D8EE6A077}] → (Adobe Acrobat Create PDF from Selection) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [18/12/2015 11:42:36]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{FFCB3198-32F3-4E8B-9539-4324694ED664}] → (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [03/01/2017 16:16:24]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] → (Windows Live Messenger Companion Helper) : C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [08/03/2012 18:14:38]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}] → (Adobe Acrobat Create PDF Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [18/12/2015 11:42:36]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] → (McAfee WebAdvisor BHO) : c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [27/07/2017 16:37:02]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{DDA57003-0068-4ed2-9D32-4D1EC707D94D}] → (Microsoft Web Test Recorder 10.0 Helper) : c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.Visua lStudio.QualityTools.RecorderBarBHO100.dll [19/03/2010 15:02:22]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{F4971EE7-DAA0-4053-9964-665D8EE6A077}] → (Adobe Acrobat Create PDF from Selection) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [18/12/2015 11:42:36]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{FFCB3198-32F3-4E8B-9539-4324694ED664}] → (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [03/01/2017 16:16:24]

---------- | Chrome

C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\extensions\fheoggkfdfchfphceeifdbepao oicaho = : McAfee® WebAdvisor - McAfee® WebAdvisor - permissions:[tabs\u003Call_urls>downloadsnativeMessagingwebRequ est] - https://clients2.google.com/service/update2/crx
C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccm gmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoe jaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleuserco ntent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\fheoggkfdfc hfphceeifdbepaooicaho]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions \efaidnbmnnnibpcajpcglclefindmkaj]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions \fheoggkfdfchfphceeifdbepaooicaho]

---------- | Opera

---------- | Firefox

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default\Extensions\djziggy@gmail.com : : em:internalNameLavaFox_V1-Blue</em:internalName> - : http://zigboom.com/
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default\Extensions\html5notifications@paxal.net.xpi

[HKLM\Software\mozilla\Firefox\Extensions]
“{4ED1F68A-5463-4931-9384-8FFF5ED91D92}”=C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensio ns]
“{4ED1F68A-5463-4931-9384-8FFF5ED91D92}”=C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
“web2pdfextension.15@web2pdf.adobedotcom”=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
[HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.137 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_ 137.dll
[HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=11.144.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1 .dll
[HKLM\Software\MozillaPlugins@java.com/JavaPlugin,version=11.144.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll
[HKLM\Software\MozillaPlugins@mcafee.com/MSC,version=10] - (McAfee Total Protection MIME Plugin) : c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
[HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
[HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect] - () : C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.137 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 137.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) : C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@mcafee.com/MSC,version=10] - (McAfee Total Protection MIME Plugin) : c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins@mcafee.com/MVT] - (McAfee Virtual Technician Plugin) : C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/WLPG,version=15.4.3555.0308] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Acrobat] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeExManDetect] - () : C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default\Prefs.js

user_pref(“browser.startup.homepage”, " https://www.facebook.com/ ");
user_pref(“browser.startup.homepage_override.build ID”, “20170628075643”);
user_pref(“browser.startup.homepage_override.mston e”, “54.0.1”);
user_pref(“extensions.blocklist.pingCountTotal”, 47);
user_pref(“extensions.blocklist.pingCountVersion”, 8);
user_pref(“extensions.bootstrappedAddons”, “{"followonsearch@mozilla.com":{"version":"0.9.1","type":"extension","descripto r":"C:\\Users\\Steve\\AppData\\Roaming\\Mozilla\\F irefox\\Profiles\\jor6jyfq.default\\features\\{9ce ac2f2-d6e9-4988-8742-dc8df3ba128e}\\followonsearch@mozilla.com.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"shield-recipe-client@mozilla.org":{"version":"1.0.0","type":"extension","descripto r":"C:\\Users\\Steve\\AppData\\Roaming\\Mozilla\\F irefox\\Profiles\\jor6jyfq.default\\features\\{9ce ac2f2-d6e9-4988-8742-dc8df3ba128e}\\shield-recipe-client@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"e10srollout@mozilla.org":{"version":"1.85","type":"extension","descriptor ":"C:\\Users\\Steve\\AppData\\Roaming\\Mozilla\\Fi refox\\Profiles\\jor6jyfq.default\\features\\{9cea c2f2-d6e9-4988-8742-dc8df3ba128e}\\e10srollout@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"firefox@getpocket.com":{"version":"1.0.5","type":"extension","descripto r":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"webcompat@mozilla.org":{"version":"1.1","type":"extension","descriptor" :"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"aushelper@mozilla.org":{"version":"2.0","type":"extension","descriptor" :"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"screenshots@mozilla.org":{"version":"6.6.0","type":"extension","descripto r":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false }}”);
user_pref(“extensions.databaseSchema”, 19);
user_pref(“extensions.e10s.rollout.blocklist”, “”);
user_pref(“extensions.e10s.rollout.hasAddon”, false);
user_pref(“extensions.e10s.rollout.policy”, “50allmpc”);
user_pref(“extensions.e10sBlockedByAddons”, true);
user_pref(“extensions.e10sMultiBlockedByAddons”, true);
user_pref(“extensions.enabledAddons”, “html5notifications%40paxal.net:1.2.2.1-signed.1-signed,%7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:5.0.559.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0.1”);
user_pref(“extensions.followonsearch.cohortSample” , “0.370093”);
user_pref(“extensions.getAddons.cache.lastUpdate”, 1501714642);
user_pref(“extensions.getAddons.databaseSchema”, 5);
user_pref(“extensions.hotfix.lastVersion”, “20170302.01”);
user_pref(“extensions.lastAppVersion”, “54.0.1”);
user_pref(“extensions.lastPlatformVersion”, “54.0.1”);
user_pref(“extensions.pendingOperations”, false);
user_pref(“extensions.shield-recipe-client.api_url”, " https://normandy.cdn.mozilla.net/api/v1 ");
user_pref(“extensions.shield-recipe-client.dev_mode”, false);
user_pref(“extensions.shield-recipe-client.enabled”, true);
user_pref(“extensions.shield-recipe-client.logging.level”, 50);
user_pref(“extensions.shield-recipe-client.startup_delay_seconds”, 300);
user_pref(“extensions.shield-recipe-client.user_id”, “88603497-a800-459d-ba8d-04eaa46aa1db”);
user_pref(“extensions.systemAddonSet”, “{"schema":1,"directory":"{9ceac2f2-d6e9-4988-8742-dc8df3ba128e}","addons":{"followonsearch@mozilla.com":{"version":"0.9.1"},"shield-recipe-client@mozilla.org":{"version":"1.0.0"},"e10srollout@mozilla.org":{"version":"1.85"}}}”);
user_pref(“extensions.ui.dictionary.hidden”, true);
user_pref(“extensions.ui.experiment.hidden”, true);
user_pref(“extensions.ui.lastCategory”, “addons://updates/recent”);
user_pref(“extensions.ui.locale.hidden”, true);
user_pref(“extensions.xpiState”, “{"app-profile":{"djziggy@gmail.com":{"d":"C:\\Users\\Steve\\AppData\\Roaming\\Mozill a\\Firefox\\Profiles\\jor6jyfq.default\\extensions \\djziggy@gmail.com","e":false,"v":"2.5.2","st":1472525803824,"mt":15 01620122288},"html5notifications@paxal.net":{"d":"C:\\Users\\Steve\\AppData\\Roaming\\Mozill a\\Firefox\\Profiles\\jor6jyfq.default\\extensions \\html5notifications@paxal.net.xpi","e":true,"v":"1.2.2.1-signed.1-signed","st":1462041409246}},"app-system-addons":{"e10srollout@mozilla.org":{"d":"C:\\Users\\Steve\\AppData\\Roaming\\Mozill a\\Firefox\\Profiles\\jor6jyfq.default\\features\\ {9ceac2f2-d6e9-4988-8742-dc8df3ba128e}\\e10srollout@mozilla.org.xpi","e":true,"v":"1.85","st":1501016039572},"followonsearch@mozilla.com":{"d":"C:\\Users\\Steve\\AppData\\Roaming\\Mozill a\\Firefox\\Profiles\\jor6jyfq.default\\features\\ {9ceac2f2-d6e9-4988-8742-dc8df3ba128e}\\followonsearch@mozilla.com.xpi","e":true,"v":"0.9.1","st":1501016039483},"shield-recipe-client@mozilla.org":{"d":"C:\\Users\\Steve\\AppData\\Roaming\\Mozill a\\Firefox\\Profiles\\jor6jyfq.default\\features\\ {9ceac2f2-d6e9-4988-8742-dc8df3ba128e}\\shield-recipe-client@mozilla.org.xpi","e":true,"v":"1.0.0","st":1501016039532}},"a pp-system-defaults":{"aushelper@mozilla.org":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi","e":true,"v":"2.0","st":1500796756761},"e10srollout@mozilla.org":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\e10srollout@mozilla.org.xpi","e":false,"v":"1.50","st":1500796756761},"firefox@getpocket.com":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi","e":true,"v":"1.0.5","st":1500796756745},"screenshots@mozilla.org":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi","e":true,"v":"6.6.0","st":1500796756886},"webcompat@mozilla.org":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi","e":true,"v":"1.1","st":1500796756698}},"app-global":{"{972ce4c6-7e08-4474-a285-3208198ce6fd}":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi","e":false,"v":"54.0.1","st":150 0796756776}},"winreg-app-global":{"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}":{"d":"C:\\Program Files (x86)\\McAfee\\SiteAdvisor\\saffplg.xpi","e":true, "v":"5.0.559.0","st":1500583462000},"web2pdfextension.15@web2pdf.adobedotcom":{"d":"C:\\Program Files (x86)\\Adobe\\Acrobat DC\\Acrobat\\Browser\\WCFirefoxExtn","e":false,"v" :"15.01.03","st":1463157154745,"mt":1491352710000} }}”);

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default

[Profile0] - Name=default → Profiles/jor6jyfq.default

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters]
“DhcpNameServer”=209.18.47.62 209.18.47.61
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{3a1b2148-2a78-4084-ac04-ccbabaddbe37}]
“DhcpNameServer”=209.18.47.62 209.18.47.61
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{3a1b2148-2a78-4084-ac04-ccbabaddbe37}]
“DhcpNameServer”=209.18.47.62 209.18.47.61

---------- | Applications

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Classes\Applications\firefox.exe] : “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” “%1”
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Classes\Applications\opera.exe] : “C:\Users\Steve\AppData\Local\Programs\Opera\Launc her.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\Acrobat.exe] : “C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\Adobe Audition CC.exe] : “C:\Program Files\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\devenv.exe] : “c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\dreamweaver.exe] : “C:\Program Files\Adobe\Adobe Dreamweaver CC 2015\dreamweaver.exe”, “%1”
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : “C:\Windows\eHome\ehshell.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\expressburn.exe] : “C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe” “%L”
[HKLM\SOFTWARE\Classes\Applications\foobar2000.exe] : “C:\Program Files (x86)\foobar2000\foobar2000.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1
[HKLM\SOFTWARE\Classes\Applications\Illustrator.exe] : “C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\ImageReady.exe] : “C:\Program Files (x86)\Adobe\Photoshop CS\ImageReady.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : “C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : “C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE” “%1”
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\Photoshop.exe] : “C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : “%SystemRoot%\System32\provtool.exe” “%1” /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\VSLauncher.exe] : “c:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer. dll] : “C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe” /LaunchPhotoViewer /v “%1”
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Acr obat.exe] : “C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Ado be Audition CC.exe] : “C:\Program Files\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\dev env.exe] : “c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\dre amweaver.exe] : “C:\Program Files\Adobe\Adobe Dreamweaver CC 2015\dreamweaver.exe”, “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehs hell.exe] : “C:\Windows\eHome\ehshell.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\exp ressburn.exe] : “C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe” “%L”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\foo bar2000.exe] : “C:\Program Files (x86)\foobar2000\foobar2000.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iex plore.exe] : “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Ill ustrator.exe] : “C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Ima geReady.exe] : “C:\Program Files (x86)\Adobe\Photoshop CS\ImageReady.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Mov ieMaker.exe] : “C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSO XMLED.EXE] : “C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\not epad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Pho toshop.exe] : “C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\pho toviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\pro vtool.exe] : “%SystemRoot%\System32\provtool.exe” “%1” /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\VSL auncher.exe] : “c:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLX PhotoViewer.dll] : “C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe” /LaunchPhotoViewer /v “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmp layer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wor dpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
“rdxgroup”=RetailDemo
“Camera”=FrameS
“DevicesFlow”=DevicesFlowUserSvc
“smbsvcs”=lanmanserver
browser
“iissvcs”=w3svc
was

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=PlugPlay
DcomLaunch
DeviceInstall
“smbsvcs”=lanmanserver
“iissvcs”=w3svc
was

---------- | SvcHost - Netsvcs (Whitelist)

TokenBroker - %SystemRoot%\System32\TokenBroker.dll : %SystemRoot%\system32\svchost.exe -k netsvcs

---------- | Software

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\AdblockPlus]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Adobe]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\AppDataLow]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Avant Browser]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\AVS4YOU]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Broderbund Software]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Canneverbe Limited]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Caphyon]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Companion Software]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Creative Tech]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Dell]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\DivXNetworks]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\e-academy Inc.]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\EffectMgr]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\ej-technologies]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Eyeball]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Freeware]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Geek Uninstaller]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\GetNZB]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Google]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\GRETECH]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Hewlett-Packard]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\IM Providers]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\InstallShield]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Intuit]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\JavaSoft]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Kivuto Solutions Inc.]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\LG Electronics Inc]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Licenses]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Local AppWizard-Generated Applications]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\LowRegistry]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Macromedia]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Macrovision]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Malwarebytes]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Martin Prikryl]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\McAfee]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Mindscape]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Mine]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Mozilla]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\MozillaPlugins]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\MusicBrainz]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\NCH Software]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\NCH Swift Sound]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Netscape]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Newsoft Folder Selector]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\ODBC]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Opera Software]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Parsons Technology]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Piriform]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Policies]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\PrivaZer]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Quark]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Realtek]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Roxio]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Shemes]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Siber Systems]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\SimonTatham]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Skype]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Sonic]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\sysinternals]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\The Learning Company]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Trolltech]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Windows Live Writer]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\WinRAR]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Wow6432Node]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\ZebHelpProcess Helper]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Zemana]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\ZHP]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\AppDataLow\Software\Adobe]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\AppDataLow\Software\Macromedia]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\PrivacySettingsBef oreCreatorsUpdate]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Adblock Plus for IE]
[HKLM\Software\Adobe]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Canneverbe Limited]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\Dell]
[HKLM\Software\Dell Inc.]
[HKLM\Software\DellShared]
[HKLM\Software\ESET]
[HKLM\Software\Fingertapps]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\Intel Security]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\Martin Prikryl]
[HKLM\Software\McAfee]
[HKLM\Software\McAfee.com]
[HKLM\Software\McAfee.logging]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\Microsoft]
[HKLM\Software\Minnetonka Audio Software]
[HKLM\Software\Motorola]
[HKLM\Software\Motorola Mobility]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Network Associates]
[HKLM\Software\Notepad++]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Patch My PC]
[HKLM\Software\PC-Doctor]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\SiteAdvisor]
[HKLM\Software\Sonic]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\TrendMicro]
[HKLM\Software\Waves Audio]
[HKLM\Software\Windows]
[HKLM\Software\WinRAR]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Zemana]
[HKLM\Software\ZmnGlobalSDK]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResource Manager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\PrivacySettingsBef oreCreatorsUpdate]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnosti cs]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnostic sProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr ictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFir ewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Adobe Systems]
[HKLM\Software\WOW6432Node\Adware Removal Tool by TSA]
[HKLM\Software\WOW6432Node\AdwCleaner]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Aimersoft]
[HKLM\Software\WOW6432Node\AppDataLow]
[HKLM\Software\WOW6432Node\Apple Computer, Inc.]
[HKLM\Software\WOW6432Node\Aspell]
[HKLM\Software\WOW6432Node\Aspell-en]
[HKLM\Software\WOW6432Node\AVS4YOU]
[HKLM\Software\WOW6432Node\Broderbund Software]
[HKLM\Software\WOW6432Node\Canneverbe Limited]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\Companion Software]
[HKLM\Software\WOW6432Node\Creative Tech]
[HKLM\Software\WOW6432Node\Cyberlink]
[HKLM\Software\WOW6432Node\Debug]
[HKLM\Software\WOW6432Node\Dell]
[HKLM\Software\WOW6432Node\DellShared]
[HKLM\Software\WOW6432Node\Digital Camera]
[HKLM\Software\WOW6432Node\ej-technologies]
[HKLM\Software\WOW6432Node\foobar2000]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\GRETECH]
[HKLM\Software\WOW6432Node\illiminable]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Intel Corporation]
[HKLM\Software\WOW6432Node\Intuit]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\LG Electronics]
[HKLM\Software\WOW6432Node\LogMeIn Rescue]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Macrovision]
[HKLM\Software\WOW6432Node\Malwarebytes Anti-Exploit]
[HKLM\Software\WOW6432Node\Malwarebytes’ Anti-Malware]
[HKLM\Software\WOW6432Node\Martin Prikryl]
[HKLM\Software\WOW6432Node\MAXSOFT-OCRON]
[HKLM\Software\WOW6432Node\McAfee]
[HKLM\Software\WOW6432Node\McAfee.com]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\MicroVision]
[HKLM\Software\WOW6432Node\MicroWorld]
[HKLM\Software\WOW6432Node\MimarSinan]
[HKLM\Software\WOW6432Node\Motorola]
[HKLM\Software\WOW6432Node\Motorola Mobility]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\MusicBrainz]
[HKLM\Software\WOW6432Node\NCH Software]
[HKLM\Software\WOW6432Node\Nero]
[HKLM\Software\WOW6432Node\NETGEAR]
[HKLM\Software\WOW6432Node\Network Associates]
[HKLM\Software\WOW6432Node\NewSoft]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OldTimer Tools]
[HKLM\Software\WOW6432Node\Parsons Technology]
[HKLM\Software\WOW6432Node\Quark]
[HKLM\Software\WOW6432Node\Razer]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Roxio]
[HKLM\Software\WOW6432Node\SERCOMM]
[HKLM\Software\WOW6432Node\SiteAdvisor]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\Software]
[HKLM\Software\WOW6432Node\Sonic]
[HKLM\Software\WOW6432Node\SyncIntegrationClients]
[HKLM\Software\WOW6432Node\TLC]
[HKLM\Software\WOW6432Node\TrendMicro]
[HKLM\Software\WOW6432Node\Verizon Wireless]
[HKLM\Software\WOW6432Node\Windows]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\WSWNA3100]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickN ote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Enterp riseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStor age]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Script edDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr ictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFir ewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives

---------- | C:

[28/07/2017 03:34:38] - |SHD| - [258] - C:$RECYCLE.BIN
[21/02/2016 00:46:29] - |HD| - [49501] - C:$SysReset
[18/03/2017 23:20:18] - |HD| - [2522787547] - C:$WINDOWS.~BT
[21/02/2016 11:51:23] - |HD| - [490503] - C:$Windows.~WS
[16/12/2013 04:01:25] - |D| - [90708896] - C:\4e6b2952c54768d61a29e4323e29e2
[17/02/2014 04:05:57] - |D| - [88567024] - C:\7cde3e97728e3fc0584dd4d71a
[14/11/2013 04:02:15] - |D| - [82896128] - C:\8f65be0b8cdecedb22c086c913db9a81
[25/04/2011 10:00:15] - |D| - [12927334] - C:\AA Golf and frey
[09/05/2015 19:43:32] - |D| - [2006015] - C:\AdwCleaner
[17/06/2011 08:05:30] - |D| - [15925255] - C:\art
[18/05/2011 13:43:39] - |D| - [77369] - C:\bank statements
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/07/2015 18:48:30] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[09/10/2013 03:02:32] - |SHD| - [40438544] - C:\Config.Msi
[17/02/2011 03:03:28] - |D| - [427171187] - C:\dell
[MD5.A039B1CD58719F893F7C3FBE0A2B4A69] - [17/02/2011 03:27:00] - |RAH| - (.-.) - [54108] - (0.0.0.0) - C:\dell.sdr
[30/07/2015 17:51:49] - |SHD| - [0] - C:\Documents and Settings
[25/04/2011 09:12:33] - |D| - [10938997] - C:\Dolls
[17/02/2011 03:09:27] - |D| - [176041553] - C:\Drivers
[10/07/2011 18:23:35] - |D| - [497434] - C:\Enoch
[21/02/2016 12:15:41] - |D| - [3269516968] - C:\ESD
[23/07/2017 04:57:51] - |D| - [356894031] - C:\FRST
[MD5.62CD92CCE6312C40FE9FB0906435EF04] - [06/07/2015 05:30:48] - |A| - (.-.) - [327] - (0.0.0.0) - C:\ftconfig.ini
[15/05/2016 07:54:58] - |D| - [0] - C:\GetNZB Downloads
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/07/2017 06:24:49] - |ASH| - (.-.) - [6435311616] - (0.0.0.0) - C:\hiberfil.sys
[26/07/2017 09:29:12] - |D| - [779770] - C:\inetpub
[17/02/2011 01:40:07] - |D| - [97878] - C:\Intel
[02/06/2015 07:46:22] - |D| - [12966323] - C:\LGMobileUpgrade
[03/05/2013 20:22:08] - |D| - [914139] - C:\lj1300
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/04/2013 09:25:03] - |A| - (.-.) - [0] - (0.0.0.0) - C:\log.txt
[10/09/2015 01:42:33] - |D| - [0] - C:\Logs
[MD5.800B746FDC4D80469AFC7E5E9B510C9C] - [01/12/2006 23:37:14] - |A| - (.© Microsoft Corporation. - Microsoft® Debug Information Accessor.) - [904704] - (8.0.50727.762) - C:\msdia80.dll
[27/03/2011 09:32:53] - |RHD| - [629004367] - C:\MSOCache
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/02/2011 03:03:29] - |ASH| - (.-.) - [536870912] - (0.0.0.0) - C:\pagefile.sys
[18/03/2017 17:03:28] - |D| - [0] - C:\PerfLogs
[25/02/2011 19:52:50] - |D| - [0] - C:\Photos
[18/03/2017 17:03:28] - |RD| - [24309076914] - C:\Program Files
[18/03/2017 17:03:28] - |RD| - [20675332957] - C:\Program Files (x86)
[18/03/2017 17:03:29] - |HD| - [7014722679] - C:\ProgramData
[03/08/2017 16:06:37] - |D| - [262062] - C:\QuickDiag
[MD5.4DBE4EA0D99E0044F751619992BCCF7E] - [03/08/2017 16:07:19] - |A| - (.-.) - [228708] - (0.0.0.0) - C:\QuickDiag.txt
[26/07/2017 06:44:54] - |SHD| - [0] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/02/2016 00:47:10] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Recovery.txt
[MD5.DCD359948D402BED91E76EEB336552F1] - [01/05/2016 17:46:55] - |A| - (.-.) - [248] - (0.0.0.0) - C:\rescue.info
[MD5.EC88306499A81C7FF6E0C9D2BFEFF03E] - [06/05/2013 21:55:56] - |A| - (.-.) - [27474] - (0.0.0.0) - C:\RPSetup.exe.log
[27/07/2017 16:35:49] - |D| - [12832] - C:\SecurityCheck
[MD5.B74ADB85C4EFE01BC55EB323A09ED196] - [01/05/2016 17:46:55] - |A| - (.-.) - [2559] - (0.0.0.0) - C:\session.log
[MD5.FF36DCCF0000A420A9D06C421CB0ED78] - [25/07/2017 16:43:46] - |A| - (.-.) - [1705] - (0.0.0.0) - C:\STEVE-PC.rtf
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/10/2015 02:32:14] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[17/02/2011 03:32:09] - |SHD| - [0] - C:\System Volume Information
[17/02/2011 01:45:28] - |D| - [0] - C:\Temp
[18/03/2017 07:40:20] - |RD| - [133134940075] - C:\Users
[MD5.F9161FA127754A54D7367DA4D93C4AE8] - [19/03/2010 19:58:20] - |A| - (.-.) - [551424] - (0.0.0.0) - C:\VS_EXPBSLN_x64_enu.MSI
[18/03/2017 07:40:20] - |D| - [61548339805] - C:\Windows
[26/07/2017 09:51:26] - |D| - [34245694016] - C:\Windows.old
[MD5.CC83D7D0C43AD1349EC2950D6A46166F] - [26/07/2017 16:30:40] - |A| - (.-.) - [7889] - (0.0.0.0) - C:\zoek-results.log
[MD5.530E012BF6308D22DD43618DFF87F143] - [27/07/2017 22:04:16] - |A| - (.-.) - [125479] - (0.0.0.0) - C:\zoek-results2017-07-26-212745.log
[26/07/2017 16:27:17] - |D| - [402353736] - C:\zoek_backup

---------- | C:\WINDOWS

[18/03/2017 17:03:29] - |D| - [802] - C:\WINDOWS\addins
[18/03/2017 17:03:29] - |D| - [45029507] - C:\WINDOWS\appcompat
[18/03/2017 17:03:29] - |D| - [12417120] - C:\WINDOWS\AppPatch
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\AppReadiness
[18/03/2017 17:03:28] - |RD| - [1103366716] - C:\WINDOWS\assembly
[25/02/2011 09:40:08] - |D| - [932] - C:\WINDOWS\BBSTORE
[18/03/2017 17:03:29] - |D| - [639657] - C:\WINDOWS\bcastdvr
[MD5.293283CF350E00AF8C4A2770BDBF4D50] - [26/07/2017 09:38:59] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [64512] - (10.0.15063.413) - C:\WINDOWS\bfsvc.exe
[18/03/2017 17:03:29] - |D| - [38058315] - C:\WINDOWS\Boot
[MD5.66AC02EE76A4659E515A085C5C817676] - [26/07/2017 05:57:39] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[18/03/2017 17:03:29] - |D| - [2447448] - C:\WINDOWS\Branding
[MD5.51E88C02A2150BC3B69B32F839209A62] - [17/03/2011 15:01:56] - |A| - (.-.) - [1878] - (0.0.0.0) - C:\WINDOWS\Ca536a.ini
[18/03/2017 16:51:24] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.6B99374BD7BD2A78BF610FC52C499ED6] - [26/07/2017 06:29:12] - |A| - (.-.) - [26158] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[MD5.F471CF70EE6D49C5650A4D5295531435] - [18/03/2017 22:31:53] - |A| - (.-.) - [34390] - (0.0.0.0) - C:\WINDOWS\Core.xml
[MD5.D28C91EAF16A2EF538268D1179801416] - [17/02/2011 03:26:59] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\csup.txt
[MD5.CE7EA4FD479F7E540EDB01931ED77193] - [17/02/2011 01:46:30] - |RAH| - (.-.) - [159] - (0.0.0.0) - C:\WINDOWS\ctfile.rfc
[18/03/2017 17:03:29] - |D| - [8970858] - C:\WINDOWS\Cursors
[18/03/2017 17:03:29] - |D| - [3] - C:\WINDOWS\debug
[MD5.64533FF57D88EECC2A3FF8DFEC69B687] - [17/03/2011 15:01:56] - |A| - (.-.) - [423] - (0.0.0.0) - C:\WINDOWS\dext536.ini
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [26/07/2017 06:41:45] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[18/03/2017 17:03:29] - |D| - [4404396] - C:\WINDOWS\diagnostics
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [26/07/2017 06:41:45] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[18/03/2017 22:29:16] - |D| - [0] - C:\WINDOWS\DigitalLocker
[10/04/2012 06:58:49] - |D| - [0] - C:\WINDOWS\Downloaded Installations
[18/03/2017 17:03:29] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.3E2DE0B043057BF7C53F4EC1377F232B] - [02/10/2015 23:57:05] - |A| - (.-.) - [68182] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG
[MD5.773AF4403D04EA34DEEE71A6F6B63C5B] - [18/03/2017 17:05:44] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[14/07/2009 03:45:02] - |D| - [0] - C:\WINDOWS\ehome
[18/03/2017 17:03:29] - |HD| - [44632] - C:\WINDOWS\ELAMBKUP
[15/04/2012 15:39:01] - |D| - [106864] - C:\WINDOWS\en
[18/03/2017 22:29:16] - |D| - [96256] - C:\WINDOWS\en-US
[MD5.35BA8929C6584405ECB150BEF40721DD] - [09/05/2015 15:23:45] - |A| - (.-.) - [9119] - (0.0.0.0) - C:\WINDOWS\ESCAN.LOG
[MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - [26/07/2017 09:48:47] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [4847424] - (10.0.15063.447) - C:\WINDOWS\explorer.exe
[18/03/2017 17:03:29] - |RSD| - [618805560] - C:\WINDOWS\Fonts
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[MD5.C6FCFB2F65B0C54CE7A3F32266812F1C] - [09/05/2015 15:23:12] - |A| - (.-.) - [1586] - (0.0.0.0) - C:\WINDOWS\general.log
[18/03/2017 17:03:29] - |D| - [54115823] - C:\WINDOWS\Globalization
[18/03/2017 17:03:29] - |D| - [52523884] - C:\WINDOWS\Help
[MD5.E064A38A807C83ADC8AD9E1B54C85CF9] - [26/07/2017 09:38:59] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [975360] - (10.0.15063.413) - C:\WINDOWS\HelpPane.exe
[MD5.40CBB6FF53388188A2CDA538D5F26A59] - [18/03/2017 16:57:33] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.15063.0) - C:\WINDOWS\hh.exe
[18/03/2017 22:31:25] - |D| - [14070424] - C:\WINDOWS\HoloShell
[MD5.4031BA464F7E3CDE54A73E4612CD7141] - [26/07/2017 06:00:23] - |A| - (.-.) - [28414] - (0.0.0.0) - C:\WINDOWS\iis.log
[MD5.4A3D2DDEEE12A918871D737BD219D4BF] - [26/07/2017 06:05:26] - |A| - (.-.) - [31684] - (0.0.0.0) - C:\WINDOWS\iis_gather.log
[18/03/2017 17:03:29] - |D| - [173056368] - C:\WINDOWS\IME
[18/03/2017 17:03:29] - |RD| - [8335288] - C:\WINDOWS\ImmersiveControlPanel
[18/03/2017 17:01:21] - |D| - [190192805] - C:\WINDOWS\INF
[18/03/2017 17:03:29] - |D| - [1367431565] - C:\WINDOWS\InfusedApps
[18/03/2017 17:03:29] - |D| - [38340109] - C:\WINDOWS\InputMethod
[18/03/2017 17:03:29] - |SHDC| - [39302349683] - C:\WINDOWS\Installer
[MD5.515E4684008E955DE0C81E6A7AEA1C2A] - [17/03/2011 15:03:38] - |A| - (.Copyright InstallShield Corporation, Inc. 1990-1997 - InstallShield® unInstaller.) - [306688] - (5.51.138.0) - C:\WINDOWS\IsUninst.exe
[18/03/2017 17:03:29] - |D| - [94096] - C:\WINDOWS\L2Schemas
[MD5.8DDEB4A9F4665D98F2867852CCCC0C15] - [09/05/2015 15:23:12] - |A| - (.-.) - [56] - (0.0.0.0) - C:\WINDOWS\Lic.***
[18/03/2017 17:03:29] - |D| - [3833380] - C:\WINDOWS\LiveKernelReports
[18/03/2017 07:40:24] - |D| - [21835519] - C:\WINDOWS\Logs
[18/03/2017 17:03:29] - |RSD| - [27807331] - C:\WINDOWS\Media
[MD5.D29393CA2D21713419826AEEABCB2FE9] - [20/02/2016 22:02:48] - |A| - (.-.) - [1253355818] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [18/03/2017 16:57:03] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[18/03/2017 17:03:28] - |RD| - [887972402] - C:\WINDOWS\Microsoft.NET
[18/03/2017 17:03:29] - |D| - [2938] - C:\WINDOWS\Migration
[18/03/2017 17:03:29] - |RD| - [487308] - C:\WINDOWS\MiracastView
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [13/07/2009 22:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\WINDOWS\msdfmap.ini
[17/02/2011 01:48:27] - |HD| - [0] - C:\WINDOWS\msdownld.tmp
[MD5.98E5FFFE6FC7D659E0B83F85547EB980] - [19/08/2015 03:00:36] - |A| - (.-.) - [263458] - (0.0.0.0) - C:\WINDOWS\msxml4-KB2758694-enu.LOG
[MD5.F60A9D3A9461F68DE0FCCEBB0C6CB31A] - [18/03/2017 16:58:25] - |A| - (.© Microsoft Corporation. - Notepad.) - [246784] - (10.0.15063.0) - C:\WINDOWS\notepad.exe
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/02/2011 18:56:42] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\nsreg.dat
[18/03/2017 22:30:43] - |D| - [219754] - C:\WINDOWS\OCR
[18/03/2017 17:03:29] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[25/07/2017 19:26:22] - |DC| - [521140498] - C:\WINDOWS\Panther
[27/07/2017 22:01:28] - |D| - [0] - C:\WINDOWS\PCHEALTH
[18/03/2017 17:03:29] - |D| - [30147209] - C:\WINDOWS\Performance
[MD5.C1278A801B3524D5C677A0B575491C2E] - [17/09/2016 04:46:59] - |A| - (.-.) - [43992] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[18/03/2017 17:03:29] - |D| - [1121835] - C:\WINDOWS\PLA
[18/03/2017 17:03:29] - |D| - [2580605] - C:\WINDOWS\PolicyDefinitions
[26/07/2017 05:56:39] - |D| - [14935757] - C:\WINDOWS\Prefetch
[18/03/2017 17:03:29] - |RD| - [2168600] - C:\WINDOWS\PrintDialog
[18/03/2017 17:03:29] - |D| - [2884514] - C:\WINDOWS\Provisioning
[15/04/2013 15:56:33] - |D| - [3609] - C:\WINDOWS\pss
[MD5.A3B1FC6C72EA944C2E1B359A19CB40AB] - [18/03/2017 16:57:08] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [321024] - (10.0.15063.0) - C:\WINDOWS\regedit.exe
[18/03/2017 17:03:29] - |D| - [1139988] - C:\WINDOWS\Registration
[18/03/2017 17:03:29] - |D| - [5690630] - C:\WINDOWS\rescache
[18/03/2017 17:03:29] - |D| - [3660232] - C:\WINDOWS\Resources
[MD5.DD336E295FA5EFF115F7ED1A83AE55EF] - [24/12/2016 07:31:07] - |A| - (.Realtek Semiconductor Corp. Copyright (C) 2010 - RtlExUpd DLL for setup utility function.) - [1247776] - (1.0.2.0) - C:\WINDOWS\RtlExUpd.dll
[MD5.8421150D61873FF1E7A86B2FA4C1D98D] - [26/04/2016 10:12:36] - |A| - (.(c) Realtek Semiconductor Corp. - Realtek USB Audio Installation Extenstion.) - [208600] - (0.0.0.1) - C:\WINDOWS\RUAudExD.DLL
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\SchCache
[18/03/2017 17:03:29] - |D| - [121229] - C:\WINDOWS\schemas
[18/03/2017 17:03:29] - |D| - [9291474] - C:\WINDOWS\security
[26/07/2017 09:33:06] - |D| - [47563768] - C:\WINDOWS\ServiceProfiles
[18/03/2017 07:40:20] - |D| - [71879723] - C:\WINDOWS\servicing
[18/03/2017 17:06:43] - |D| - [42] - C:\WINDOWS\Setup
[MD5.46219271328615214495A244DDC5A50F] - [26/07/2017 05:58:56] - |A| - (.-.) - [40019] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/07/2017 05:58:56] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[18/03/2017 17:03:29] - |D| - [41940992] - C:\WINDOWS\ShellExperiences
[30/10/2015 05:07:13] - |D| - [180224] - C:\WINDOWS\ShellNew
[18/03/2017 22:30:18] - |D| - [3757408] - C:\WINDOWS\SKB
[17/02/2011 01:40:59] - |D| - [134394420] - C:\WINDOWS\SoftwareDistribution
[18/03/2017 17:03:29] - |D| - [107844082] - C:\WINDOWS\Speech
[18/03/2017 17:03:29] - |D| - [64451109] - C:\WINDOWS\Speech_OneCore
[MD5.31F324879B791EBF76E0005D1ABDE10E] - [18/03/2017 16:58:24] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.15063.0) - C:\WINDOWS\splwow64.exe
[MD5.2664EEEE55F34BC4FAAA8EE41393D2CD] - [30/07/2015 18:25:21] - |A| - (.-.) - [31856] - (0.0.0.0) - C:\WINDOWS\Starter.xml
[MD5.F11B376A27E94E5F2A0E34A4FCC70A88] - [06/07/2012 07:17:53] - |A| - (.Copyright© 2011 McAfee, Inc. - McAfee Labs® GetSusp™ Utility Driver.) - [16200] - (3.0.0.224) - C:\WINDOWS\stinger.sys
[01/04/2012 10:30:04] - |D| - [0] - C:\WINDOWS\Sun
[29/01/2014 21:35:38] - |D| - [354137600] - C:\WINDOWS\symbols
[18/03/2017 17:03:29] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [13/07/2009 22:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[18/03/2017 07:40:20] - |D| - [6144810118] - C:\WINDOWS\System32
[18/03/2017 17:03:29] - |D| - [189863988] - C:\WINDOWS\SystemApps
[18/03/2017 17:03:29] - |D| - [19345839] - C:\WINDOWS\SystemResources
[18/03/2017 07:40:24] - |AD| - [1620126383] - C:\WINDOWS\SysWOW64
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\TAPI
[13/07/2009 23:20:14] - |D| - [6] - C:\WINDOWS\Tasks
[27/07/2017 23:21:27] - |D| - [1169315] - C:\WINDOWS\Temp
[MD5.80914E8DE687BFA8DE765E5090B82590] - [17/02/2011 01:46:35] - |A| - (.-.) - [1247] - (0.0.0.0) - C:\WINDOWS\THXCfg_APOIM.ini
[MD5.7E7FBA46533FA06B640102A4F534C0E5] - [17/02/2011 01:46:35] - |A| - (.-.) - [1247] - (0.0.0.0) - C:\WINDOWS\THXCfg_HP_APOIM.ini
[MD5.DB447A583C4B5225A257F281B0F1F427] - [17/02/2011 01:46:35] - |A| - (.-.) - [1264] - (0.0.0.0) - C:\WINDOWS\THXCfg_SP_APOIM.ini
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\tracing
[18/03/2017 17:03:29] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.C0792EA1BA08CA6E6420C9BB8E14CB3E] - [18/03/2017 16:58:54] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[25/07/2017 19:11:29] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2
[MD5.ADCB4772E89D6C8EBF8B05AD140D6DBA] - [09/05/2015 15:30:40] - |A| - (.-.) - [5814] - (0.0.0.0) - C:\WINDOWS\UPDLL.LOG
[MD5.C419DF63E0121D72411285780C2FC6CC] - [17/02/2011 01:46:30] - |A| - (.Copyright (c) Creative Technology Ltd. 2000 - Creative UpdReg.) - [90112] - (1.0.2.0) - C:\WINDOWS\Updreg.EXE
[18/03/2017 17:03:29] - |D| - [12420] - C:\WINDOWS\Vss
[18/03/2017 17:03:30] - |D| - [19203458] - C:\WINDOWS\Web
[MD5.DF2DCEFB63BD5C4E837249ADF7FA4AC9] - [13/07/2009 22:34:57] - |A| - (.-.) - [926] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [18/03/2017 16:58:27] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [14/07/2009 01:10:55] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.6E6947D6368FA11E9146C4767F31286E] - [18/03/2017 16:58:42] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [10240] - (10.0.15063.0) - C:\WINDOWS\winhlp32.exe
[18/03/2017 07:40:20] - |D| - [6891926266] - C:\WINDOWS\WinSxS
[MD5.4860944ABF2F8EAB74039A3A132B9995] - [08/03/2012 18:37:20] - |A| - (.© 2010 Microsoft Corporation. - Windows Live Photos Screen Saver.) - [302448] - (15.4.3555.308) - C:\WINDOWS\WLXPGSS.SCR
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [18/03/2017 16:56:51] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.ECEB16331FDDE0EBD7BE30BE085AD3D9] - [18/03/2017 16:58:25] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.15063.0) - C:\WINDOWS\write.exe
[MD5.B214C571D960D44AF3065D7533BAC423] - [24/07/2017 17:44:01] - |A| - (.-.) - [272574] - (0.0.0.0) - C:\WINDOWS\ZAM.krnl.trace
[MD5.89EE65AB0F999B8C7FA35E97E96F8B72] - [24/07/2017 17:44:01] - |A| - (.-.) - [56070] - (0.0.0.0) - C:\WINDOWS\ZAM_Guard.krnl.trace
[MD5.CC7AA7B42CF418FC3D926913490048F8] - [27/07/2017 23:21:28] - |A| - (.-.) - [24064] - (5.0.0.0) - C:\WINDOWS\zoek-delete.exe
[MD5.18556ED6EA953C31F1C4953D2F210C78] - [17/03/2011 15:04:35] - |A| - (.Copyright© 1990-1998 InstallShield Software Corporation, Phone: (847) 240-9111 - InstallShield Resources.) - [129536] - (5.50.131.0) - C:\WINDOWS_isres.dll

---------- | C:\WINDOWS\System32\GroupPolicy

---------- | Systemroot\System

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[06/11/2003 01:36:34] - C:\WINDOWS\Installer\199c36a.msi : (Intell® Integrated Performance Primitives RTI 4.0 - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/12/2015 14:49:15] - C:\WINDOWS\Installer\1a3f34c8.msi : (Installers - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/08/2012 02:42:50] - C:\WINDOWS\Installer\1a52c06f.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/08/2012 02:42:56] - C:\WINDOWS\Installer\1a52c081.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/03/2011 04:29:12] - C:\WINDOWS\Installer\1b9d3c39.msi : (PreEmptive Solutions’ post-build instrumentation services provide obfuscation, tamper defense, shelf life, and runtime intelligence functionality. - PreEmptive Solutions LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/01/2010 00:55:26] - C:\WINDOWS\Installer\1e391e.msi : (Crystal Reports for Visual Studio Setup - SAP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/03/2007 06:59:56] - C:\WINDOWS\Installer\22da218.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2007 23:43:40] - C:\WINDOWS\Installer\22da21e.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/03/2007 08:24:02] - C:\WINDOWS\Installer\22da224.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/03/2007 08:02:54] - C:\WINDOWS\Installer\22da22a.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/03/2007 00:12:02] - C:\WINDOWS\Installer\22da230.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2007 09:37:04] - C:\WINDOWS\Installer\22da236.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/03/2007 22:15:02] - C:\WINDOWS\Installer\22da23c.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2007 10:06:16] - C:\WINDOWS\Installer\22da243.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/03/2007 22:57:10] - C:\WINDOWS\Installer\22da249.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/03/2007 06:06:48] - C:\WINDOWS\Installer\22da250.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/03/2007 02:39:28] - C:\WINDOWS\Installer\22da256.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/02/2007 03:38:34] - C:\WINDOWS\Installer\22da25c.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2007 10:29:22] - C:\WINDOWS\Installer\22da262.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2007 10:40:52] - C:\WINDOWS\Installer\22da268.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/03/2007 11:37:22] - C:\WINDOWS\Installer\22da26e.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/03/2007 05:08:54] - C:\WINDOWS\Installer\22da274.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/03/2007 06:56:00] - C:\WINDOWS\Installer\22da27b.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2015 05:08:40] - C:\WINDOWS\Installer\25879cd6.msi : (Update Service - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2015 05:08:40] - C:\WINDOWS\Installer\25879cd9.msi : (Program Updates - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2015 05:08:40] - C:\WINDOWS\Installer\25879cdc.msi : (Federal Tax Forms - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2015 05:08:40] - C:\WINDOWS\Installer\25879ce0.msi : (Help and Support - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2015 05:08:40] - C:\WINDOWS\Installer\25879ce3.msi : (Fuego Tax Forms - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2016 00:05:08] - C:\WINDOWS\Installer\25e4cc9d.msi : (New York - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812c72.msi : (Nero 2016 Content Pack - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:58] - C:\WINDOWS\Installer\27812cef.msi : (Nero 12 Disc Menus Basic - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:57] - C:\WINDOWS\Installer\27812dd8.msi : (Nero 12 Kwik Themes Basic - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812dde.msi : (Nero 12 Image Samples - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:23:07] - C:\WINDOWS\Installer\27812eac.msi : (Nero 12 Effects Basic - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:47] - C:\WINDOWS\Installer\27812eb2.msi : (Nero Family and Events Themes - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:47] - C:\WINDOWS\Installer\27812eb8.msi : (Nero Football (Soccer) Themes - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:47] - C:\WINDOWS\Installer\27812ebe.msi : (Nero Retro Film Themes - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:47] - C:\WINDOWS\Installer\27812fa1.msi : (Nero 12 PiP Effects Basic - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fa7.msi : (Nero 12 PiP Effects 1 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fad.msi : (Nero Platinum Effects 12 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fb3.msi : (Nero Prerequisites - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fb9.msi : (Nero 12 Video Transitions 1 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:23:07] - C:\WINDOWS\Installer\27812fc0.msi : (Nero 12 Cliparts - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:23:06] - C:\WINDOWS\Installer\27812fc6.msi : (Nero 12 Disc Menus 1 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:23:01] - C:\WINDOWS\Installer\27812fcc.msi : (Nero 12 Disc Menus 2 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:58] - C:\WINDOWS\Installer\27812fd2.msi : (Nero 12 Disc Menus 3 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:57] - C:\WINDOWS\Installer\27812fd8.msi : (Nero Abstract Themes - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:52] - C:\WINDOWS\Installer\27812fde.msi : (Nero Holiday and Sports Themes - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fe4.msi : (Nero 12 Video Samples - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fe9.msi : (Nero Update - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/10/2015 23:55:50] - C:\WINDOWS\Installer\287610.msi : (Emily - Razer Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/11/2011 22:54:06] - C:\WINDOWS\Installer\366a0ed.msi : ( -) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/06/2015 07:44:17] - C:\WINDOWS\Installer\37063.msi : (LG Verizon UnitedDrivers - LG Electronics) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/04/2017 06:09:50] - C:\WINDOWS\Installer\3b4f5c24.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/01/2014 18:52:30] - C:\WINDOWS\Installer\3d9707.msi : ( - Kivuto Solutions Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/11/2014 19:08:10] - C:\WINDOWS\Installer\3dba7d07.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/10/2010 10:40:44] - C:\WINDOWS\Installer\3dd136.msi : (RBVirtualFolder 64 bit installer - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/02/2017 19:28:34] - C:\WINDOWS\Installer\424db953.msi : (Dell Customer Connect Installer - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/07/2017 11:56:06] - C:\WINDOWS\Installer\4310b834.msi : (Dell Update Installer - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/02/2013 18:20:36] - C:\WINDOWS\Installer\4e46971.msi : (Adobe Download Assistant - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2017 16:33:59] - C:\WINDOWS\Installer\4ecfcb8.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2017 16:38:19] - C:\WINDOWS\Installer\4ecfe9f.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/07/2017 03:37:39] - C:\WINDOWS\Installer\5280175.msi : (Java SE Runtime Environment 8 Update 144 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/07/2017 03:38:45] - C:\WINDOWS\Installer\5280179.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2017 18:07:09] - C:\WINDOWS\Installer\5423a69.msi : (Adblock Plus for IE - Eyeo GmbH) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2017 18:07:20] - C:\WINDOWS\Installer\5423a6d.msi : (Adobe Shockwave Player 12.2 - Adobe Systems, Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/04/2012 11:23:58] - C:\WINDOWS\Installer\55d57a2.msi : (Safari Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2011 12:54:52] - C:\WINDOWS\Installer\5eaf26d.msi : ( - McAfee) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/05/2017 16:51:30] - C:\WINDOWS\Installer\61a2983e.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/01/2010 17:59:58] - C:\WINDOWS\Installer\65d6.msi : ( - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/11/2010 20:49:46] - C:\WINDOWS\Installer\65e1.msi : ( - eBay Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/10/2010 23:36:02] - C:\WINDOWS\Installer\65f9.msi : (Dell MusicStage - Fingertapps) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/02/2011 01:48:20] - C:\WINDOWS\Installer\6600.msi : (DELLST~1|Dell Stage - ArcSoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:39:48] - C:\WINDOWS\Installer\66c9.msi : (Blank Project Template - Sonic Solutions) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:41:52] - C:\WINDOWS\Installer\66d0.msi : (Roxio Easy Media Creator 8 - ¹«Ë¾Ãû³Æ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:40:54] - C:\WINDOWS\Installer\66e4.msi : (Roxio Creator Starter - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:40:50] - C:\WINDOWS\Installer\66f3.msi : (PhotoShowTouch - Sonic Solutions) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:40:18] - C:\WINDOWS\Installer\66fa.msi : (Roxio Express Labeler 3 - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:39:22] - C:\WINDOWS\Installer\6701.msi : (Sonic CinePlayer Decoder Pack - Sonic Solutions) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:39:10] - C:\WINDOWS\Installer\6719.msi : (Roxio File Backup - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:39:04] - C:\WINDOWS\Installer\6732.msi : (Roxio BackOnTrack - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:38:52] - C:\WINDOWS\Installer\6752.msi : (Roxio Activation Module - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/10/2010 16:11:50] - C:\WINDOWS\Installer\6776.msi : (Dell Getting Started Guide - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/11/2015 17:22:06] - C:\WINDOWS\Installer\795ee502.msi : ( - Motorola Mobility) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/01/2002 19:36:16] - C:\WINDOWS\Installer\9ea208.msi : (QuarkXPress - Quark, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/05/2017 22:08:24] - C:\WINDOWS\Installer\a117539a.msi : (Dell Update - SupportAssist Update Plugin - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/03/2017 12:59:36] - C:\WINDOWS\Installer\b571c269.msi : (Google Drive - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/12/2014 11:17:54] - C:\WINDOWS\Installer\c8338.msi : ( - Motorola Mobility LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/05/2013 09:35:53] - C:\WINDOWS\Installer\cd18c7d.msi : (Adobe Widget Browser - Adobe Systems Incorporated.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/05/2013 09:36:28] - C:\WINDOWS\Installer\cd18c83.msi : (Adobe Help - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/04/2012 16:58:20] - C:\WINDOWS\Installer\d8ad4c2.msi : (Blank Project Template - Adobe) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/04/2012 16:58:20] - C:\WINDOWS\Installer\d8ad4ca.msi : (Blank Project Template - Adobe) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/04/2012 16:58:18] - C:\WINDOWS\Installer\d8ad4f0.msi : (PDF Settings CS6 - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/10/2013 11:35:41] - C:\WINDOWS\Installer\e6fe240.msi : (Adobe Content Viewer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/07/2017 21:20:38] - C:\WINDOWS\Installer\e862cb60.msi : (Dell SupportAssist Agent - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 04:42:22] - C:\WINDOWS\Installer\fc2a5.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%*.in*

[18/03/2017 16:56:50] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[17/02/2011 01:46:35] - [5262] - C:\WINDOWS\System32\MBEptMon.ini
[17/02/2011 01:46:35] - [5262] - C:\WINDOWS\System32\MCEptMon.ini
[26/07/2017 06:00:56] - [1202892] - C:\WINDOWS\System32\PerfStringBackup.INI
[18/03/2017 16:58:24] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[17/02/2011 01:46:35] - [6507] - C:\WINDOWS\System32\THXCfg64.ini
[18/03/2017 16:57:50] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[17/03/2011 15:01:56] - [423] - C:\WINDOWS\Syswow64\dext536.ini
[18/03/2017 16:59:49] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[10/07/2012 21:13:45] - [2395] - C:\WINDOWS\Syswow64\lgAxconfig.ini
[26/07/2017 06:00:44] - [975864] - C:\WINDOWS\Syswow64\PerfStringBackup.INI
[18/03/2017 16:58:48] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.A681527B9F23DD5F1A6C8D3F621E814E] - |A| - [18/03/2017 16:57:20] - (.-.) - [14.73 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
[MD5.5FDD24FAC55C4D679046EE4ECA3F7D46] - |A| - [26/07/2017 09:48:47] - (.-.) - [552.6 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
[MD5.094CC83DED57C0364C03D70C5187AC70] - |N| - [15/04/2013 15:56:33] - (.-.) - [2.26 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\Adobe Gamma Loader.lnk.CommonStartup
[MD5.5700476B03FB5996A3A3AFF1C7A86DB3] - |N| - [15/04/2013 15:56:33] - (.-.) - [1.27 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
[MD5.72AD8158696FD270EDB234929C18AC94] - |A| - [02/08/2017 18:43:21] - (.-.) - [28.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/08/2017 18:44:46] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CMcUploader.log
[MD5.00000000000000000000000000000000] - |D| - [02/08/2017 18:43:20] - [6.9 Ko] - C:\WINDOWS\Temp\CreativeCloud
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/08/2017 04:13:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/08/2017 04:13:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [03/08/2017 16:04:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\JET96E2.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [02/08/2017 18:46:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\JETDC67.tmp
[MD5.822C5DCBD567E2B2CA51BF4696B326A0] - |A| - [02/08/2017 18:36:34] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [02/08/2017 18:41:47] - [1084 Ko] - C:\WINDOWS\Temp\NVIDIA Corporation
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/08/2017 16:01:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver( 20170803160112DEC).log
[MD5.39A906B659BC11D6EAB5ABE59660E896] - |A| - [03/08/2017 03:57:59] - (.-.) - [12.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\STEVE-PC-20170803-0357.log
[MD5.D67BB34659876CC89B368C7BC7C32AD1] - |A| - [03/08/2017 16:01:10] - (.-.) - [10 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\STEVE-PC-20170803-1601.log
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:16] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.00000000000000000000000000000000] - |D| - [29/01/2014 21:42:47] - [338.16 Ko] - C:\WINDOWS\System32\1033
[MD5.9DF265FDB32441BB6ECB7065B24F1294] - |AH| - [14/07/2009 00:45:49] - (.-.) - [21.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.9DF265FDB32441BB6ECB7065B24F1294] - |AH| - [14/07/2009 00:45:49] - (.-.) - [21.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 16:57:42] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [18/03/2017 16:58:18] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [18/03/2017 16:57:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 16:58:17] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32@EnrollmentToastIcon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [18/03/2017 16:58:29] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32@language_notification_icon.png
[MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [18/03/2017 16:58:29] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 16:58:21] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [18/03/2017 16:58:18] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WiFiNotificationIcon.png
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [18/03/2017 16:57:53] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [18/03/2017 16:56:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WindowsUpdateToastIcon.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [18/03/2017 16:58:13] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [18/03/2017 16:58:13] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WwanSimLockIcon.png
[MD5.E21E74D118E16FF9BA42A6F87F34E9B0] - |A| - [18/03/2017 16:57:00] - (.-.) - [435.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.6EFDA8DB98B0C9100D79680C0B6C7FFF] - |A| - [17/02/2011 01:46:30] - (.-.) - [225.5 Ko] - (1.0.262.0) - C:\WINDOWS\System32\APOMgr64.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [2480.52 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [273.5 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.EFFD0ABB4DDD2CCDD511F903D042AD5B] - |A| - [18/03/2017 16:57:05] - (.-.) - [77.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.B13766AFE48C3CF775F53CE90488F7DE] - |A| - [18/03/2017 16:57:03] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [90.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.4B307488C9D3D1030DEC61FA4DAC7EE0] - |RA| - [18/03/2017 16:59:10] - (.-.) - [116.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureBrackets.hcp
[MD5.DC112F4CFDF23AAF5CB0F46BE92CB1CE] - |RA| - [18/03/2017 16:59:10] - (.-.) - [122.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureCountdown.hcp
[MD5.F80C2CB1D5A28528D662B0DDF440F0F3] - |RA| - [18/03/2017 16:59:10] - (.-.) - [17.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureToast.hcp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:20] - [76609.74 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [30944.78 Ko] - C:\WINDOWS\System32\catroot2
[MD5.505F03C9B60B104107C83A3402850E19] - |A| - [17/02/2011 01:46:30] - (.-.) - [87 Ko] - (1.0.62.0) - C:\WINDOWS\System32\CmdRtr64.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [3068.72 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [357.5 Ko] - C:\WINDOWS\System32\Com
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:20] - [336023.91 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [47.64 Ko] - C:\WINDOWS\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [300.5 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [295 Ko] - C:\WINDOWS\System32\da-DK
[MD5.75BC227ACD70C906785DB11F853165E4] - |A| - [18/03/2017 16:58:29] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [190.86 Ko] - C:\WINDOWS\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [333 Ko] - C:\WINDOWS\System32\de-DE
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [18/03/2017 16:57:05] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [18/03/2017 17:03:37] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.46BBA24DEED94A68F244D5DBA4161948] - |A| - [30/07/2015 17:55:12] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DESKTOP-VRKVT78_Administrator_HistoryPrediction.bin
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [870 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.E82380D30048D73E4D4CB8C925F6E721] - |A| - [18/03/2017 16:57:58] - (.-.) - [90.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:22] - [7492.54 Ko] - C:\WINDOWS\System32\Dism
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:22] - [1126.54 Ko] - C:\WINDOWS\System32\downlevel
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:02:55] - [99494.42 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:20] - [2489007.1 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [17/03/2012 20:43:19] - [0 Ko] - C:\WINDOWS\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [149 Ko] - C:\WINDOWS\System32\dsc
[MD5.DE6E5B926B9610EF56BDE4D0C786D5BD] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [492.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll
[MD5.D18563EACBA8F6A2A72D2F0E5FB2BA85] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Boost COM DLL.) - [1084.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll
[MD5.B507F4F5B3511AF5CC3C5B25F350553C] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [259.27 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll
[MD5.8166DC224B2A94F6AFDF679830EBA6E1] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS GFX APO.) - [120.27 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGFXAPO64.dll
[MD5.AF4C3EF86948E6C29AC0AAC90A35961B] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS LFX APO.) - [120.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLFXAPO64.dll
[MD5.2BBA69E37995CD5F7B55EAB7E2C0585F] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Limiter COM DLL.) - [262.27 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll
[MD5.7C13EC4E581AF7AA8807DE3B6E131440] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [307.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll
[MD5.1DA288F5CE50BAF239B3DB2FFE406403] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1150.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll
[MD5.02D7167E5E263D2F3BA549D257911450] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1294.27 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll
[MD5.789C3C3FDCA799F905861961F39BE174] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [463.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll
[MD5.B438E6C7A6C395E0C2B31E80112C3ACE] - |A| - [26/07/2017 09:48:36] - (.-.) - [31.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [329.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.6D56926413AB840FABEFDB68FD939DED] - |A| - [03/10/2015 02:58:07] - (.-.) - [22.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:16] - [3368.5 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [242.5 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [41439.11 Ko] - C:\WINDOWS\System32\en-US
[MD5.044EEC41BB39C3F8FC6175DAEAADDB35] - |A| - [17/02/2011 01:46:35] - (.Copyright (C) 2009 -.) - [21 Ko] - (1.0.0.2) - C:\WINDOWS\System32\EptMon64.dll
[MD5.D5ACF04BA5A9D7D92387CA1D5C8E8A6D] - |A| - [17/02/2011 01:46:35] - (.Copyright (c) 2009 Creative Technology Ltd. -.) - [138 Ko] - (0.0.0.6) - C:\WINDOWS\System32\EptMon64.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [322 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [266 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [239 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [03/05/2011 07:24:17] - [154.5 Ko] - C:\WINDOWS\System32\EventProviders
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [28407.16 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [300.5 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.B2FBC7C854CD32622D3AC2C22DFF6657] - |A| - [26/07/2017 05:55:55] - (.-.) - [5102.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [273 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [330 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [18/03/2017 16:57:02] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |HD| - [13/07/2009 23:20:11] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 23:20:11] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [260.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.762F865F75F21FCB260E7C95404B5110] - |A| - [18/03/2017 16:58:18] - (.-.) - [122.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.7B7859030FF4D38A912A7BCC4A1B3B5E] - |A| - [18/03/2017 16:59:09] - (.-.) - [14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HolographicShareInterop.ProxyS tub.dll
[MD5.BA287DEB65C43E5EDD24A49871C0A3B2] - |A| - [07/05/2008 20:59:36] - (.-.) - [18.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HPEACLHN.HPI
[MD5.C835670705596AE67EE7E0AE92A12071] - |A| - [07/05/2008 20:59:34] - (.Copyright (C) 1999 - LanguageMonitor.) - [47.5 Ko] - (61.53.25.9) - C:\WINDOWS\System32\HPZLLLHN.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [249 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [304.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:31:25] - [31.52 Ko] - C:\WINDOWS\System32\Hydrogen
[MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [18/03/2017 16:58:01] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.6DF9BA3AD0CD866EE939C4C49CEA7B30] - |A| - [18/03/2017 16:57:35] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [25951.17 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [5848.46 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.479B7966309A411BF4FC34898AC96557] - |A| - [18/03/2017 16:58:10] - (.-.) - [134.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [6446.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [326.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [236 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [233.5 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [18/03/2017 16:57:05] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [79.18 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [15906.33 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [244.5 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [246.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [58707.89 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 23:20:11] - [0 Ko] - C:\WINDOWS\System32\manifeststore
[MD5.0ECBE652DF11AFF8629225DE4497956B] - |A| - [17/02/2011 03:12:40] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [318.27 Ko] - (2.2.7.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll
[MD5.87B5AB256A5A068EDDA0F4B4FAC728CC] - |A| - [17/02/2011 03:12:40] - (.Copyright © 1996-2007 -.) - [2145.77 Ko] - (5.9.7.0) - C:\WINDOWS\System32\MaxxAudioEQ.dll
[MD5.25D74864274539330DCC4234140D11AF] - |A| - [17/02/2011 03:12:40] - (.Copyright (c) 2006-2009 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [593.59 Ko] - (1.0.19.0) - C:\WINDOWS\System32\MBAPO64.dll
[MD5.51ABC892625A3643312EED429891E51F] - |A| - [17/02/2011 01:46:35] - (.-.) - [5.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBEptMon.ini
[MD5.E8B2CB14CA0238566BDB20BD2A06D733] - |A| - [26/07/2017 09:38:59] - (.-.) - [760 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.4398FC24DCF85FD2B6BA3D042B41C136] - |A| - [17/02/2011 03:12:40] - (.Copyright (c) 2006-2009 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [386.59 Ko] - (1.0.15.106) - C:\WINDOWS\System32\MBTHX64.dll
[MD5.04CFE870C30640C9A369E0FE8C654B98] - |A| - [17/02/2011 03:12:40] - (.Copyright (c) 2006-2008 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [77.09 Ko] - (1.0.0.110) - C:\WINDOWS\System32\MBWrp64.dll
[MD5.A5C2F411EB72515B727BF13655B63910] - |A| - [17/02/2011 01:46:35] - (.-.) - [5.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MCEptMon.ini
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [18/03/2017 16:57:05] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.31E7520068D87A40E7E5BA247A961A1E] - |A| - [01/05/2016 18:12:28] - (.Copyright© 1995-2017 McAfee, Inc. - McAfee Process Validation Service.) - [335.49 Ko] - (15.6.0.2180) - C:\WINDOWS\System32\mfevtps.exe
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 09:33:06] - [1141.29 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [6389.46 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [47456.11 Ko] - C:\WINDOWS\System32\migwiz
[MD5.BFCAC401B7FB654756E39BB4A536B934] - |A| - [23/07/2013 14:25:50] - (.Copyright (C) Motorola Inc 2006 - Class-Installer DLL for Motorola USB Devices.) - [15.25 Ko] - (1.1.0.0) - C:\WINDOWS\System32\mot_ci.dll
[MD5.00000000000000000000000000000000] - |D| - [15/07/2013 03:00:49] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [4308.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 09:29:13] - [12308.28 Ko] - C:\WINDOWS\System32\msmq
[MD5.18403DE4979A328F21279DECB2E4298F] - |A| - [18/03/2017 16:56:51] - (.-.) - [3.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqpub.mof
[MD5.E0640DE5407EEE4C6E16D839243B71F9] - |A| - [18/03/2017 16:56:51] - (.-.) - [8.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqtrc.mof
[MD5.3ED9AC3EE11EE2C16E2E41F0DC4BAD42] - |A| - [18/03/2017 16:56:51] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqtrcRemove.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [6 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [290 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [640 Ko] - C:\WINDOWS\System32\NDF
[MD5.6EF71C58C8E923B1F07A875755932328] - |A| - [26/07/2017 05:56:07] - (.-.) - [30.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [18/03/2017 16:57:02] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [85 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [311.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
[MD5.04653A68FFC7EAD514D6FDDB20328872] - |A| - [13/01/2010 20:52:32] - (.-.) - [248.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvApps.xml
[MD5.E62F8C2605B246BAF65ADE943D9F4397] - |A| - [26/07/2017 05:59:50] - (.-.) - [7337.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin
[MD5.D2F97628565A5682B5BA22A468220178] - |A| - [17/02/2011 03:12:12] - (.-.) - [21.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvdisp.nvu
[MD5.EB811062A64AE9B418DC03EE2EFC9D40] - |A| - [14/11/2016 05:30:58] - (.-.) - [25.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb
[MD5.0BE0B15C2653804118B767D8117A72B4] - |A| - [13/01/2010 20:52:32] - (.-.) - [66.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvwsApps.xml
[MD5.C9246EF96F14CB2F0C393F73A20590D8] - |A| - [18/03/2017 17:03:38] - (.-.) - [15.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [18/03/2017 16:57:12] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [14299.16 Ko] - C:\WINDOWS\System32\oobe
[MD5.42D2360079B1DF3230024AE920737367] - |A| - [18/03/2017 16:57:05] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.F19AF6C2D43F1541046A2A8E0849EB05] - |A| - [18/03/2017 17:05:34] - (.-.) - [215.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [18/03/2017 17:05:34] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.213D7CAA56B096B79CADDEF40730DD08] - |A| - [18/03/2017 17:05:34] - (.-.) - [955.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.27A6232B60603C969353A004958034EC] - |A| - [26/07/2017 06:00:56] - (.-.) - [1174.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [310 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [634 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [18/03/2017 16:57:54] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [311.5 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [307 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.E374D08058345975D8767670F79C4A4C] - |A| - [27/07/2015 09:21:08] - (.Copyright © 2014 Razer Inc. All rights reserved - RazerCoinstaller.) - [87.02 Ko] - (0.0.0.5) - C:\WINDOWS\System32\RazerCoinstaller.dll
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [18/03/2017 16:58:01] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.D9DF00023703568AE6B4303E3C5C90BB] - |A| - [18/03/2017 16:57:47] - (.-.) - [8.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.99C7924C7268BABB5C4E3CFD2EE03331] - |A| - [18/03/2017 16:57:47] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [251.5 Ko] - C:\WINDOWS\System32\ro-RO
[MD5.5245E1443EE4DC110DF9217E1D0AEB0A] - |A| - [17/02/2011 03:12:40] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [300.7 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.95A95297D5689F61F1FBC6A328075356] - |A| - [17/02/2011 03:12:40] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [300.7 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.00000000000000000000000000000000] - |D| - [29/01/2014 21:43:38] - [0 Ko] - C:\WINDOWS\System32\RsFx
[MD5.483849E481652C22BAFC8052414B3099] - |A| - [17/02/2011 03:12:40] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [197.2 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.CDB380C1138EDCDC5BE166DE887D581C] - |A| - [17/02/2011 03:12:40] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [74.7 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.CB3CF9915ED7888FDBAF3694775DCCC7] - |A| - [17/02/2011 03:12:40] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [96.7 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.6B0EBD56951F62D4E86B7CBE8613B05A] - |A| - [17/02/2011 03:12:40] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [364.2 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [18/03/2017 16:59:52] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [18/03/2017 16:58:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [253 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [249 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 05:56:01] - [3744.76 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:18] - [45.92 Ko] - C:\WINDOWS\System32\slmgr
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [18/03/2017 16:57:05] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:20] - [12617.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.76F8BDA4D4AA4AA4C4D84C2E2660E6FF] - |A| - [18/03/2017 16:57:05] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [7480.91 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [11493.63 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [135546.68 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [9848.58 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [03/05/2011 07:25:18] - [1775.5 Ko] - C:\WINDOWS\System32\SPReview
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [251.5 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.5128BC123224124D67397A1BE698431C] - |A| - [18/03/2017 16:57:16] - (.-.) - [56.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [17/02/2011 03:12:41] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |A| - [17/02/2011 03:12:41] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [17/02/2011 03:12:41] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [17/02/2011 03:12:41] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [10008 Ko] - C:\WINDOWS\System32\sru
[MD5.E042A078EDE878E1F489D08F045D2205] - |A| - [18/03/2017 16:57:05] - (.-.) - [368.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [296 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:22] - [1595.52 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [905.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [590.1 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:47:48] - [693.46 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [18/03/2017 16:58:24] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [234 Ko] - C:\WINDOWS\System32\th-TH
[MD5.76B59C460C95503032E35F00BE125F7D] - |A| - [17/02/2011 01:46:35] - (.Copyright (C) 2009 -.) - [17.5 Ko] - (1.3.0.0) - C:\WINDOWS\System32\THXCfg64.dll
[MD5.D5ACF04BA5A9D7D92387CA1D5C8E8A6D] - |A| - [17/02/2011 01:46:35] - (.Copyright (c) 2009 Creative Technology Ltd. -.) - [138 Ko] - (0.0.0.6) - C:\WINDOWS\System32\THXCfg64.exe
[MD5.3121A832B0E95BBEF7A40CA68789F65D] - |A| - [17/02/2011 01:46:35] - (.-.) - [6.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\THXCfg64.ini
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [293 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [18/03/2017 16:58:18] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [18/03/2017 16:58:18] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials. xslt
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [247 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [21/07/2017 12:11:41] - [2199.72 Ko] - C:\WINDOWS\System32\UNP
[MD5.00000000000000000000000000000000] - |D| - [24/02/2011 11:43:30] - [0 Ko] - C:\WINDOWS\System32\Wat
[MD5.80007E259BCB3C0534AF73E9E1DB81EC] - |A| - [17/02/2011 03:12:41] - (.Copyright © 1996-2007 - General Library for Plug-Ins.) - [2655.77 Ko] - (1.2.3.4) - C:\WINDOWS\System32\WavesGUILib.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [77869.99 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:18] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [95375.75 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [18/03/2017 16:57:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [30/07/2015 18:42:06] - [0 Ko] - C:\WINDOWS\System32\wfp
[MD5.39958498B29E8AFB975A5C813BD07151] - |A| - [10/09/2015 01:45:10] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-NNT08T7CH0A_Administrator_HistoryPrediction.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [76166.44 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.E074DCD31BA803167EDED069D3943391] - |A| - [29/07/2017 03:38:25] - (.Copyright © 2017 - Java™ Platform SE binary.) - [107.56 Ko] - (8.0.1440.1) - C:\WINDOWS\System32\WindowsAccessBridge-64.dll
[MD5.558D9282D5CEA82B2253B88017552F33] - |A| - [18/03/2017 16:58:18] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dl l
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [9623.75 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [69684 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [4744.09 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:18] - [100.11 Ko] - C:\WINDOWS\System32\winrm
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [18/03/2017 16:58:17] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [18/03/2017 16:58:01] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.19820EEC2D1A4D264F051B789F79D51A] - |A| - [26/07/2017 09:38:59] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [208 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [203 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:18] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.00000000000000000000000000000000] - |D| - [29/01/2014 21:42:47] - [338.66 Ko] - C:\WINDOWS\SysWOW64\1033
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 16:58:44] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 16:58:54] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 16:58:51] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@VpnToastIcon.png
[MD5.00000000000000000000000000000000] - |AD| - [25/07/2017 18:07:22] - [33877.48 Ko] - C:\WINDOWS\SysWOW64\Adobe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:24] - [1998.91 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.0318EF37B87CE585BAFB81FCE93D7D1F] - |A| - [17/02/2011 01:46:30] - (.-.) - [173.5 Ko] - (1.0.262.0) - C:\WINDOWS\SysWOW64\APOMngr.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [255 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 09:29:13] - [12.45 Ko] - C:\WINDOWS\SysWOW64\BestPractices
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [234 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 23:20:14] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot2
[MD5.FE02416988970A924C302C8E448BB703] - |A| - [17/02/2011 01:46:30] - (.-.) - [72 Ko] - (1.0.62.0) - C:\WINDOWS\SysWOW64\CmdRtr.DLL
[MD5.00000000000000000000000000000000] - |D| - [17/06/2011 10:22:25] - [1966.15 Ko] - C:\WINDOWS\SysWOW64\Color
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [314 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [298.59 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [47.64 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.1CF0529D445499506E9DDD3103891352] - |A| - [25/02/2011 09:32:25] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - Connection Manager Control.) - [80 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\CONNMGR.OCX
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [275 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [311 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [16/02/2017 19:28:42] - [0 Ko] - C:\WINDOWS\SysWOW64\Dell
[MD5.64533FF57D88EECC2A3FF8DFEC69B687] - |A| - [17/03/2011 15:01:56] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\dext536.ini
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [201.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [5895.52 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.926BCC297B7F9C3F484F84C83AD88773] - |A| - [09/05/2015 15:21:21] - (.Copyright © MicroWorld Technologies Inc. - eScan Empty Container.) - [152.73 Ko] - (2.0.0.8) - C:\WINDOWS\SysWOW64\eEmpty.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [306.5 Ko] - C:\WINDOWS\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:18] - [3117.5 Ko] - C:\WINDOWS\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [223 Ko] - C:\WINDOWS\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [34366.38 Ko] - C:\WINDOWS\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [300 Ko] - C:\WINDOWS\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [244.5 Ko] - C:\WINDOWS\SysWOW64\es-MX
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [220 Ko] - C:\WINDOWS\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [24114.66 Ko] - C:\WINDOWS\SysWOW64\F12
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI
[MD5.00B63254CADD65A267437C699A1FBA95] - |A| - [16/06/2015 16:31:08] - (.- Microsoft® Forms DLL.) - [1218.66 Ko] - (15.0.4737.1000) - C:\WINDOWS\SysWOW64\FM20.DLL
[MD5.2E3D0E3185C825AFE912F19FFE5B1CDD] - |A| - [01/10/2012 21:34:38] - (.- Microsoft® Forms International DLL.) - [31.14 Ko] - (15.0.4420.1017) - C:\WINDOWS\SysWOW64\FM20ENU.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [250.5 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [307 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [243 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.2927ADFC93821B344BA524BCF9889A51] - |A| - [18/03/2017 16:58:54] - (.-.) - [109.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [229 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [283 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.5219029E9DF510AC03C5BE92A6B72D7A] - |A| - [25/02/2011 09:32:30] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - Application Support File.) - [88 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\ImageServerMI.dll
[MD5.90AAEEF5B19E2C4A54CE8390B442CE01] - |A| - [25/02/2011 09:32:25] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - Application Support File.) - [44 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\ImportClient.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [8338.94 Ko] - C:\WINDOWS\SysWOW64\inetsrv
[MD5.98E24B48D08BB4C26D00F6877AB92F31] - |A| - [17/03/2011 15:01:56] - (.-.) - [32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\infcpy.dll
[MD5.24E1434E899B3EC4E3CD4CA56AA63BC6] - |A| - [18/03/2017 16:58:54] - (.-.) - [114.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [221.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [17/03/2011 15:04:54] - [16216 Ko] - C:\WINDOWS\SysWOW64\ipp20
[MD5.007407AB49924B40750B3976FD657B98] - |A| - [17/03/2011 15:03:40] - (.-.) - [40 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\IPPCPUID.DLL
[MD5.F5828E28301A6BB0F8953387DF68DCDC] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [36 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfbmp11n.dll
[MD5.FB8EA3C207B13E11431382FC3888DDDA] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [278.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\LFCMP11n.DLL
[MD5.BBEC3A597A6A7603D86E13E3634093C3] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [30.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfeps11n.dll
[MD5.11DE62A50DFC9B0A5FAE1ABFAFF71A1C] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [79.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lffax11n.dll
[MD5.987F202D2EDD56F00147ACD0CBACCB2A] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [40.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfgif11n.dll
[MD5.8D3CDD3ABB133526407FE57CD5505AC4] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [25.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfpcd11n.dll
[MD5.C8A32AA8830DEF259794C90F7ADCB930] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [32.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfpcx11n.dll
[MD5.E2320435BE26E03EBB1FD9256886AC72] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [168 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\Lfpng11n.dll
[MD5.0F76CD55A9CC3013F244A6DB88790367] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [55 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfpsd11n.dll
[MD5.C66F8220234603EC8ADEA942042376DF] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [148.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lftif11n.dll
[MD5.09F4129675CE57F2B14D647ED91C9EC6] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [58 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfwmf11n.dll
[MD5.A90A15A0BF7328C75040D94349B2AD8D] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [27 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfwpg11n.dll
[MD5.70CB93BC4219F83AA3F16FF4194EE01E] - |A| - [10/07/2012 21:13:45] - (.-.) - [2.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\lgAxconfig.ini
[MD5.B70E2C66006328D0FD087549B0648511] - |A| - [21/02/2003 11:01:32] - (.Copyright © 2001 - Guide Runtime Library.) - [176 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\libguide40.dll
[MD5.ABD99C090DC8DE24311769827095CCA8] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [256.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\LTDIS11n.dll
[MD5.68FE12C5785B30B360BACE26A867FBAA] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [116 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\ltfil11n.DLL
[MD5.824C1F22548A2A949CD1F77DA4253221] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [124.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\ltimg11n.dll
[MD5.0268E31EA510A41900B2A3CDC25E6520] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [383 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\ltkrn11n.dll
[MD5.B782098F7ADC4AD566D1602E8E0A9EFA] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Windows.) - [44.86 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\ltvdd11w.drv
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [75366.79 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 23:20:14] - [0 Ko] - C:\WINDOWS\SysWOW64\manifeststore
[MD5.53407BDDFBB93BFBC2F2E7948F05A7AC] - |A| - [17/02/2011 03:12:40] - (.Copyright (c) 2006-2009 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [518.59 Ko] - (1.0.19.0) - C:\WINDOWS\SysWOW64\MBAPO32.dll
[MD5.326495339BBAC1A334457831EBD39EA0] - |A| - [17/02/2011 03:12:40] - (.Copyright (c) 2006-2009 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [300.59 Ko] - (1.0.15.106) - C:\WINDOWS\SysWOW64\MBTHX32.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [3813.72 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [814.41 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc
[MD5.18403DE4979A328F21279DECB2E4298F] - |A| - [18/03/2017 16:59:50] - (.-.) - [3.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqpub.mof
[MD5.E0640DE5407EEE4C6E16D839243B71F9] - |A| - [18/03/2017 16:59:50] - (.-.) - [8.88 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqtrc.mof
[MD5.3ED9AC3EE11EE2C16E2E41F0DC4BAD42] - |A| - [18/03/2017 16:59:50] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqtrcRemove.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [271 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [290 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.F19EF622B44422E5DDB75D0AE1ACB427] - |A| - [29/08/2016 22:34:25] - (.Copyright © 2005-2009 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [94.52 Ko] - (4.1.0.1753) - C:\WINDOWS\SysWOW64\Packet.dll
[MD5.D63A50478341E027570E806B8253B9B3] - |A| - [26/07/2017 06:00:44] - (.-.) - [952.99 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [288 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.343236A65DAADED872E57646EAD06D5A] - |A| - [25/02/2011 09:32:28] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - PMAppBuilder Module.) - [776 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\PMAppBuilder.dll
[MD5.338B076F59DFD9CE5DFDC50EBD1BE0F9] - |A| - [25/02/2011 09:32:28] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - PMovieServer Module.) - [100 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\PMovieServer.dll
[MD5.7F292D50B164D82303BC329DB3377399] - |A| - [25/02/2011 09:32:30] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - PretzelSpellCheck Module.) - [52 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\PretzelSpellCheck.dll
[MD5.F5D9ACA163DEEA9DCF42B29C60CD17F6] - |A| - [25/02/2011 09:39:52] - (.(c) 1999 Broderbund - ExpressIt.com Graphics Display Plugin v,2,2,5,0.) - [188 Ko] - (2.2.5.0) - C:\WINDOWS\SysWOW64\PretzlDn.dll
[MD5.0C118EFBB4F7A0E5B83FB238B6A0B972] - |A| - [25/02/2011 09:39:52] - (.Copyright (c) 1999 Broderbund - ExpressIt Upload Plugin v,2,5,4,0.) - [240 Ko] - (2.5.4.0) - C:\WINDOWS\SysWOW64\PretzlUp.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:19] - [550.35 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [290.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [285.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.12BDA5627846E7BB34BE67314FDC7158] - |A| - [25/02/2011 09:32:28] - (.- PTABIMP3 MFC Application.) - [29.38 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\Ptabimp3.exe
[MD5.F04A90F917BA10AE2DCBE859870F4DEA] - |A| - [29/08/2016 22:34:25] - (.-.) - [52.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\pthreadVC.dll
[MD5.D9244612ED58ECB77B4F486FBCEA9D24] - |A| - [25/02/2011 09:32:28] - (.Copyright © 1994, Parsons Technology, Inc. - DLL Version Verification Tool.) - [21.33 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\PTSAAB30.DLL
[MD5.53F4D179EE4DCBED53BB1BB6DE783CA5] - |A| - [25/02/2011 09:32:28] - (.Copyright © 1994, Parsons Technology, Inc. - DLL Version Verification Tool.) - [99 Ko] - (4.0.2.0) - C:\WINDOWS\SysWOW64\Ptsaab32.dll
[MD5.1D17C5755D9DBC72771C0A031F224D7B] - |A| - [25/02/2011 09:32:28] - (.Copyright © 1994, Parsons Technology, Inc. - DLL Version Verification Tool.) - [48.88 Ko] - (4.0.2.0) - C:\WINDOWS\SysWOW64\PTSAABDB.DLL
[MD5.034120E269F8B3AAD07BC108598BC538] - |A| - [25/02/2011 09:32:28] - (.-.) - [113.91 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Ptsaci40.dll
[MD5.E62669815BF1C131EDFDF5ADEAAA8F10] - |A| - [25/02/2011 09:32:28] - (.Copyright © 1994, Parsons Technology, Inc. - DLL Version Verification Tool.) - [94.5 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\Ptsacx40.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.388A2B0896FB788B292B1D5B0E893AD4] - |A| - [15/05/2015 22:44:13] - (.-.) - [32.06 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\rnd_chunk.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [230.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.51DC4F92C235FE68BE59ED16E64AD42C] - |A| - [26/04/2016 10:12:33] - (.-.) - [1.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\RtkMsgs.dll
[MD5.0BE719C4DE682B6521535F229D6B9E5E] - |A| - [11/08/2015 07:08:40] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer Audio Manager.) - [412 Ko] - (1.0.38.0) - C:\WINDOWS\SysWOW64\rzaudiodll.dll
[MD5.99BBCF6B6648D0751B905419B534BD97] - |A| - [11/08/2015 07:08:42] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzDeviceDLL Manager.) - [1169.5 Ko] - (1.0.38.0) - C:\WINDOWS\SysWOW64\rzdevicedll.dll
[MD5.035CCFD1566C717CE4C1A1C4C1CE79DB] - |A| - [11/08/2015 07:08:52] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzDeviceDLL Manager.) - [88 Ko] - (1.0.38.0) - C:\WINDOWS\SysWOW64\rzdevinfo.dll
[MD5.4FE516F1AFAD6DE8AC0CC13CC86E1D68] - |A| - [11/08/2015 07:08:46] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzDisplayDLL Manager.) - [114.5 Ko] - (1.0.38.0) - C:\WINDOWS\SysWOW64\rzdisplaydll.dll
[MD5.FDF599C8B3A35AAF41CFB86B1D056727] - |A| - [08/07/2015 02:58:28] - (.Copyright (C) 2014 - Razer Analytics IPC.) - [9.5 Ko] - (1.0.0.5) - C:\WINDOWS\SysWOW64\RzStats.IPC.dll
[MD5.6EC9BA3CC7A422C90E0739D836FDB456] - |A| - [11/08/2015 07:08:52] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzTouchDll.) - [152 Ko] - (1.0.38.0) - C:\WINDOWS\SysWOW64\rztouchdll.dll
[MD5.604E07596BAA1C7DE760DAF5A84DE910] - |A| - [15/07/2015 23:13:46] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzVirtualDev Manager.) - [85.5 Ko] - (1.0.37.0) - C:\WINDOWS\SysWOW64\rzvirtualdev.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [231 Ko] - C:\WINDOWS\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [228.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:19] - [45.92 Ko] - C:\WINDOWS\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
[MD5.6513A2A5631F1C79BDC6968000C4A624] - |A| - [17/03/2011 15:01:56] - (.Copyright @ 2001~2002 - SP5X_32.) - [128 Ko] - (1.2.2.1) - C:\WINDOWS\SysWOW64\SP5X_32.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [4125.41 Ko] - C:\WINDOWS\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [8255.15 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [1271.66 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [31.88 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [231.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.FA4B7023057BF988816AC7FB33450B5B] - |A| - [25/02/2011 09:32:30] - (.Copyright © 1995 Wintertree Software Inc. - Sentry Spelling-Checker Engine.) - [111.5 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\SSCE4132.DLL
[MD5.1291A61F0F4A49E5F4C869E677F67C57] - |A| - [18/03/2017 16:58:39] - (.-.) - [300 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [276.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:19] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [215 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [273.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.0819D1B753573B8B471893A5754FC09A] - |A| - [17/03/2011 15:03:40] - (.-.) - [148.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UninstIPP.isu
[MD5.475DBB32B37621219C81120420225F74] - |A| - [25/02/2011 09:39:52] - (.Copyright © 1999 - Player File.) - [472 Ko] - (2.0.0.4764) - C:\WINDOWS\SysWOW64\vroom.dll
[MD5.17B939C710CD6A12B1AC16263C32D95A] - |A| - [25/02/2011 09:39:52] - (.Copyright © 2000 - vroomlib.) - [172 Ko] - (1.0.0.392) - C:\WINDOWS\SysWOW64\vroomlib.dll
[MD5.B38E8159A7E6CB979BF704E8652278B4] - |A| - [25/02/2011 09:39:52] - (.Copyright © 2001 - Stand alone player.) - [68 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\vroomsap.exe
[MD5.BC15DBC1257C1478393DF2B4FBB169D0] - |A| - [25/02/2011 09:32:29] - (.Copyright 1989-1994, Btrieve Technologies, Inc. - Microkernel Database Engine Resources.) - [4.18 Ko] - (6.15.2.0) - C:\WINDOWS\SysWOW64\WBT32RES.DLL
[MD5.4A4D0D055D1E26426AA56897AAD84103] - |A| - [25/02/2011 09:32:29] - (.Copyright 1989-1994, Btrieve Technologies, Inc. - Microkernel Database Engine.) - [309.68 Ko] - (6.15.2.0) - C:\WINDOWS\SysWOW64\WBTR32.EXE
[MD5.AA18E74BCACA1D8F64383D5F4E4AA685] - |A| - [25/02/2011 09:32:29] - (.Copyright (c) 1982-1994 Btrieve Technologies, Inc. - Btrieve Requester.) - [16.11 Ko] - (6.15.2.0) - C:\WINDOWS\SysWOW64\WBTRCALL.DLL
[MD5.ACDC7F5F927DD048A578AE1547003E06] - |A| - [25/02/2011 09:32:29] - (.Copyright 1989-1994, Btrieve Technologies, Inc. - Microkernel Database Engine Interface.) - [17.29 Ko] - (6.15.2.0) - C:\WINDOWS\SysWOW64\WBTRLOCL.DLL
[MD5.39B116A1A555B8FED12B90BC0A6E6F89] - |A| - [25/02/2011 09:32:29] - (.Copyright 1982-1994 Btrieve Technologies, Inc. - Btrieve Requester Resource DLL.) - [4.03 Ko] - (6.15.1.0) - C:\WINDOWS\SysWOW64\WBTRVRES.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:19] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.D676BC75BD566BC91BFEC3D4EDA42655] - |A| - [18/03/2017 16:58:54] - (.-.) - [84.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dl l
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [7792.81 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [4744.1 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:19] - [100.11 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.DAE5F233818083AF69E2E5133A50A2CB] - |A| - [29/08/2016 22:34:25] - (.Copyright © 2005-2009 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [274.52 Ko] - (4.1.0.1753) - C:\WINDOWS\SysWOW64\wpcap.dll
[MD5.B6F89F4C37052969C0E5A8CF47C103D5] - |A| - [26/07/2017 09:39:25] - (.-.) - [58.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [197.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [192 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“!Do not use this registry key”=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
“AppData”=C:\Users\Steve\AppData\Roaming [26/07/2017 06:02:18]
“Local AppData”=C:\Users\Steve\AppData\Local [26/07/2017 06:02:18]
“{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}”=C:\Users\Steve\AppData\Roaming\Micr osoft\Windows\Libraries [23/02/2011 17:45:15]
“My Video”=C:\Users\Steve\Videos [23/02/2011 17:40:16]
“My Pictures”=C:\Users\Steve\Pictures [23/02/2011 17:40:16]
“Desktop”=C:\Users\Steve\Desktop [23/02/2011 17:40:16]
“History”=C:\Users\Steve\AppData\Local\Microsoft\W indows\History [23/02/2011 17:40:16]
“NetHood”=C:\Users\Steve\AppData\Roaming\Microsoft \Windows\Network Shortcuts [26/07/2017 06:02:18]
“{56784854-C6CB-462B-8169-88E350ACB882}”=C:\Users\Steve\Contacts [23/02/2011 17:45:07]
“{00BCFC5A-ED94-4E48-96A1-3F6217F21990}”=C:\Users\Steve\AppData\Local\Micros oft\Windows\RoamingTiles [03/10/2015 12:09:29]
“Cookies”=C:\Users\Steve\AppData\Local\Microsoft\W indows\INetCookies [23/02/2011 17:40:16]
“Favorites”=C:\Users\Steve\Favorites [23/02/2011 17:40:16]
“SendTo”=C:\Users\Steve\AppData\Roaming\Microsoft\ Windows\SendTo [17/09/2016 04:25:05]
“Start Menu”=C:\Users\Steve\AppData\Roaming\Microsoft\Win dows\Start Menu [17/09/2016 04:25:05]
“My Music”=C:\Users\Steve\Music [23/02/2011 17:40:16]
“Programs”=C:\Users\Steve\AppData\Roaming\Microsof t\Windows\Start Menu\Programs [17/09/2016 04:25:05]
“Recent”=C:\Users\Steve\AppData\Roaming\Microsoft\ Windows\Recent [23/02/2011 17:40:16]
“CD Burning”=C:\Users\Steve\AppData\Local\Microsoft\Wi ndows\Burn\Burn [26/07/2017 06:48:38]
“PrintHood”=C:\Users\Steve\AppData\Roaming\Microso ft\Windows\Printer Shortcuts [26/07/2017 06:02:18]
“{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}”=C:\Users\Steve\Searches [23/02/2011 17:45:15]
“{374DE290-123F-4565-9164-39C4925E467B}”=C:\Users\Steve\Downloads [23/02/2011 17:40:16]
“{A520A1A4-1780-4FF6-BD18-167343C5AF16}”=C:\Users\Steve\AppData\LocalLow [23/02/2011 17:40:16]
“Startup”=C:\Users\Steve\AppData\Roaming\Microsoft \Windows\Start Menu\Programs\Startup [23/02/2011 17:45:15]
“Administrative Tools”=C:\Users\Steve\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Administrative Tools [23/02/2011 17:45:15]
“Personal”=C:\Users\Steve\Downloads\Documents [23/02/2011 17:40:16]
“{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}”=C:\Users\Steve\Links [23/02/2011 17:40:16]
“Cache”=C:\Users\Steve\AppData\Local\Microsoft\Win dows\INetCache [26/07/2017 06:02:18]
“Templates”=C:\Users\Steve\AppData\Roaming\Microso ft\Windows\Templates [26/07/2017 06:02:18]
“{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}”=C:\Users\Steve\Saved Games [23/02/2011 17:40:16]
“Fonts”=C:\WINDOWS\Fonts [18/03/2017 17:03:29]

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“AppData”=%USERPROFILE%\AppData\Roaming
“Cache”=%USERPROFILE%\AppData\Local\Microsoft\Wind ows\INetCache
“Cookies”=%USERPROFILE%\AppData\Local\Microsoft\Wi ndows\INetCookies
“Desktop”=%USERPROFILE%\Desktop
“Favorites”=%USERPROFILE%\Favorites
“History”=%USERPROFILE%\AppData\Local\Microsoft\Wi ndows\History
“Local AppData”=%USERPROFILE%\AppData\Local
“My Music”=%USERPROFILE%\Music
“My Pictures”=%USERPROFILE%\Pictures
“My Video”=%USERPROFILE%\Videos
“NetHood”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Network Shortcuts
“PrintHood”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Printer Shortcuts
“Programs”=%USERPROFILE%\AppData\Roaming\Microsoft \Windows\Start Menu\Programs
“Recent”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\Recent
“SendTo”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\SendTo
“Start Menu”=%USERPROFILE%\AppData\Roaming\Microsoft\Wind ows\Start Menu
“Startup”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup
“Templates”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Templates
“{374DE290-123F-4565-9164-39C4925E467B}”=%USERPROFILE%\Downloads
“Personal”=C:\Users\Steve\Downloads\Documents [23/02/2011 17:40:16]
“{F42EE2D3-909F-4907-8871-4C22FC0BF756}”=%USERPROFILE%\Downloads\Documents

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/03/2017 17:03:29]
“Common AppData”=C:\ProgramData [18/03/2017 17:03:29]
“Common Desktop”=C:\Users\Public\Desktop [13/07/2009 23:20:08]
“Common Documents”=C:\Users\Public\Documents [13/07/2009 23:20:08]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 17:03:29]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 17:03:29]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 17:03:29]
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [13/07/2009 23:20:08]
“CommonMusic”=C:\Users\Public\Music [13/07/2009 23:20:08]
“CommonPictures”=C:\Users\Public\Pictures [13/07/2009 23:20:08]
“CommonVideo”=C:\Users\Public\Videos [13/07/2009 23:20:08]
“OEM Links”=C:\ProgramData\OEM\Links

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“Common AppData”=%ProgramData%
“Common Desktop”=%PUBLIC%\Desktop
“Common Documents”=%PUBLIC%\Documents
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es
“CommonMusic”=%PUBLIC%\Music
“CommonPictures”=%PUBLIC%\Pictures
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Shell Folders]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/03/2017 17:03:29]
“Common AppData”=C:\ProgramData [18/03/2017 17:03:29]
“Common Desktop”=C:\Users\Public\Desktop [13/07/2009 23:20:08]
“Common Documents”=C:\Users\Public\Documents [13/07/2009 23:20:08]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 17:03:29]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 17:03:29]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 17:03:29]
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [13/07/2009 23:20:08]
“CommonMusic”=C:\Users\Public\Music [13/07/2009 23:20:08]
“CommonPictures”=C:\Users\Public\Pictures [13/07/2009 23:20:08]
“CommonVideo”=C:\Users\Public\Videos [13/07/2009 23:20:08]
“OEM Links”=C:\ProgramData\OEM\Links

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\User Shell Folders]
“Common AppData”=%ProgramData%
“Common Desktop”=%PUBLIC%\Desktop
“Common Documents”=%PUBLIC%\Documents
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es
“CommonMusic”=%PUBLIC%\Music
“CommonPictures”=%PUBLIC%\Pictures
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads

---------- | [Public]

---------- | [Steve]

[26/07/2017 06:02:18] - |D| - [11140807459] - C:\Users\Steve\AppData\Local
[23/02/2011 17:40:16] - |D| - [61697209] - C:\Users\Steve\AppData\LocalLow
[26/07/2017 06:02:18] - |D| - [834659129] - C:\Users\Steve\AppData\Roaming
[24/02/2011 10:47:42] - |D| - [302070292] - C:\Users\Steve\AppData\Local\Adobe
[24/01/2016 14:12:16] - |D| - [2331] - C:\Users\Steve\AppData\Local\Adobe_Systems_Incorpo rate
[26/07/2017 06:02:18] - |SHD| - [124796305832] - C:\Users\Steve\AppData\Local\Application Data
[15/05/2015 22:50:12] - |D| - [2844786] - C:\Users\Steve\AppData\Local\Apps
[02/06/2016 18:03:52] - |D| - [0] - C:\Users\Steve\AppData\Local\CEF
[14/10/2013 21:59:34] - |D| - [2094146] - C:\Users\Steve\AppData\Local\Citrix
[09/10/2015 11:55:50] - |D| - [30105680] - C:\Users\Steve\AppData\Local\Comms
[17/09/2016 15:09:09] - |D| - [2628900] - C:\Users\Steve\AppData\Local\ConnectedDevicesPlatf orm
[29/07/2017 03:50:18] - |D| - [0] - C:\Users\Steve\AppData\Local\DBG
[23/02/2011 17:46:05] - |D| - [12288] - C:\Users\Steve\AppData\Local\Dell
[01/03/2011 16:32:13] - |D| - [25412] - C:\Users\Steve\AppData\Local\Dell Edoc Viewer
[06/05/2011 10:37:39] - |D| - [1067475] - C:\Users\Steve\AppData\Local\Diagnostics
[29/01/2014 18:53:17] - |D| - [970240] - C:\Users\Steve\AppData\Local\e-academy Inc
[15/01/2013 23:26:36] - |D| - [0] - C:\Users\Steve\AppData\Local\ElevatedDiagnostics
[14/03/2015 10:06:21] - |SHD| - [0] - C:\Users\Steve\AppData\Local\EmieBrowserModeList
[09/05/2015 15:23:31] - |A| - [149128] - C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
[15/05/2016 07:54:36] - |D| - [41486] - C:\Users\Steve\AppData\Local\GetNZB
[04/10/2012 20:09:58] - |D| - [124594924] - C:\Users\Steve\AppData\Local\Google
[26/07/2017 06:02:18] - |SHD| - [130] - C:\Users\Steve\AppData\Local\History
[02/08/2017 18:41:49] - |AH| - [153517] - C:\Users\Steve\AppData\Local\IconCache.db
[10/03/2017 18:31:57] - |D| - [2818] - C:\Users\Steve\AppData\Local\IsolatedStorage
[13/11/2015 19:15:49] - |D| - [13301631] - C:\Users\Steve\AppData\Local\LogMeIn Rescue Applet
[14/06/2012 06:58:52] - |D| - [0] - C:\Users\Steve\AppData\Local\Macromedia
[26/07/2017 06:02:18] - |D| - [821122552] - C:\Users\Steve\AppData\Local\Microsoft
[23/02/2011 19:22:35] - |D| - [276216] - C:\Users\Steve\AppData\Local\Microsoft Games
[30/01/2012 19:41:56] - |D| - [0] - C:\Users\Steve\AppData\Local\Microsoft Help
[03/10/2015 12:48:41] - |D| - [79107] - C:\Users\Steve\AppData\Local\MicrosoftEdge
[23/02/2011 18:56:38] - |D| - [155163776] - C:\Users\Steve\AppData\Local\Mozilla
[12/09/2015 15:33:57] - |D| - [24387089] - C:\Users\Steve\AppData\Local\MusicBrainz
[24/03/2012 18:27:24] - |D| - [125145] - C:\Users\Steve\AppData\Local\Nero
[24/03/2012 18:27:32] - |D| - [2354] - C:\Users\Steve\AppData\Local\Nero_AG
[28/07/2017 00:50:52] - |D| - [0] - C:\Users\Steve\AppData\Local\NetworkTiles
[17/03/2011 15:12:25] - |D| - [94046] - C:\Users\Steve\AppData\Local\NewSoft
[03/10/2015 21:45:29] - |D| - [3408] - C:\Users\Steve\AppData\Local\NVIDIA
[03/10/2015 12:09:27] - |D| - [296494038] - C:\Users\Steve\AppData\Local\Packages
[09/05/2015 11:23:20] - |D| - [1186348] - C:\Users\Steve\AppData\Local\PrivaZer
[09/09/2013 20:28:10] - |D| - [130878455] - C:\Users\Steve\AppData\Local\Programs
[03/10/2015 12:10:06] - |D| - [0] - C:\Users\Steve\AppData\Local\Publishers
[03/10/2015 00:02:56] - |D| - [294] - C:\Users\Steve\AppData\Local\Razer
[03/10/2015 00:02:54] - |D| - [864] - C:\Users\Steve\AppData\Local\Razer_Inc
[27/03/2011 09:27:49] - |D| - [4341760] - C:\Users\Steve\AppData\Local\SoftGrid Client
[23/02/2011 17:40:16] - |D| - [20916] - C:\Users\Steve\AppData\Local\SoftThinks
[29/07/2017 03:32:30] - |D| - [10173007] - C:\Users\Steve\AppData\Local\Temp
[26/07/2017 06:02:18] - |SHD| - [476532] - C:\Users\Steve\AppData\Local\Temporary Internet Files
[03/10/2015 12:09:24] - |D| - [15425536] - C:\Users\Steve\AppData\Local\TileDataLayer
[23/07/2017 03:34:18] - |D| - [0] - C:\Users\Steve\AppData\Local\UNP
[23/02/2011 17:45:05] - |D| - [9135238734] - C:\Users\Steve\AppData\Local\VirtualStore
[27/02/2011 08:06:16] - |D| - [118784] - C:\Users\Steve\AppData\Local\Windows Live
[27/02/2011 08:05:51] - |D| - [651503] - C:\Users\Steve\AppData\Local\Windows Live Writer
[24/07/2017 17:42:46] - |D| - [64619142] - C:\Users\Steve\AppData\Local\Zemana
[23/07/2017 22:45:21] - |D| - [556201] - C:\Users\Steve\AppData\Local\ZHP
[25/07/2017 18:07:11] - |AD| - [6419843] - C:\Users\Steve\AppData\LocalLow\Adblock Plus for IE
[01/03/2011 19:11:08] - |D| - [1447552] - C:\Users\Steve\AppData\LocalLow\Adobe
[02/12/2014 14:35:54] - |SHD| - [0] - C:\Users\Steve\AppData\LocalLow\EmieBrowserModeLis t
[21/05/2014 09:09:36] - |SHD| - [0] - C:\Users\Steve\AppData\LocalLow\EmieSiteList
[02/06/2014 12:02:53] - |SHD| - [0] - C:\Users\Steve\AppData\LocalLow\EmieUserList
[23/02/2011 17:40:29] - |SD| - [1808677] - C:\Users\Steve\AppData\LocalLow\Microsoft
[27/11/2016 14:58:13] - |D| - [0] - C:\Users\Steve\AppData\LocalLow\Mozilla
[15/12/2015 21:50:36] - |D| - [22876160] - C:\Users\Steve\AppData\LocalLow\Oracle
[23/02/2011 18:52:04] - |D| - [29144977] - C:\Users\Steve\AppData\LocalLow\Sun
[23/02/2011 17:46:03] - |D| - [302604787] - C:\Users\Steve\AppData\Roaming\Adobe
[04/05/2014 17:03:29] - |D| - [1256826] - C:\Users\Steve\AppData\Roaming\AdobeMuse
[25/07/2017 18:38:07] - |D| - [1527] - C:\Users\Steve\AppData\Roaming\AIMP
[05/09/2015 10:36:56] - |D| - [234760] - C:\Users\Steve\AppData\Roaming\AVS4YOU
[07/09/2015 18:50:52] - |D| - [1800] - C:\Users\Steve\AppData\Roaming\Canneverbe Limited
[26/10/2013 14:47:37] - |D| - [0] - C:\Users\Steve\AppData\Roaming\chc
[12/05/2013 01:56:10] - |D| - [66646] - C:\Users\Steve\AppData\Roaming\chc.4875E02D9FB21EE 389F73B8D1702B320485DF8CE.1
[06/05/2016 20:50:31] - |D| - [0] - C:\Users\Steve\AppData\Roaming\com.adobe.AdobeMuse CC.2015.1
[25/09/2013 19:49:35] - |D| - [35160] - C:\Users\Steve\AppData\Roaming\com.adobe.dmp.conte ntviewer
[14/02/2013 18:21:33] - |D| - [16513] - C:\Users\Steve\AppData\Roaming\com.adobe.downloada ssistant.AdobeDownloadAssistant
[04/05/2013 14:01:59] - |D| - [111797036] - C:\Users\Steve\AppData\Roaming\com.adobe.formscent ral.FormsCentralForAcrobat
[23/02/2011 17:45:32] - |D| - [4183] - C:\Users\Steve\AppData\Roaming\Dell
[23/02/2011 17:45:24] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Dell Touch Zone
[04/12/2012 18:03:37] - |D| - [7196] - C:\Users\Steve\AppData\Roaming\e-academy Inc
[17/03/2011 21:08:07] - |D| - [4150] - C:\Users\Steve\AppData\Roaming\EyeballChatAvatars
[16/10/2012 21:41:09] - |D| - [23737] - C:\Users\Steve\AppData\Roaming\FileZilla
[23/07/2017 11:25:27] - |D| - [16230] - C:\Users\Steve\AppData\Roaming\Geek Uninstaller
[21/07/2017 12:42:13] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Google
[12/01/2013 09:15:39] - |D| - [602] - C:\Users\Steve\AppData\Roaming\GrabIt
[25/07/2017 18:39:09] - |D| - [0] - C:\Users\Steve\AppData\Roaming\GRETECH
[23/02/2011 17:45:09] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Identities
[23/04/2011 19:24:06] - |D| - [0] - C:\Users\Steve\AppData\Roaming\InstallShield
[23/02/2011 17:45:25] - |D| - [306] - C:\Users\Steve\AppData\Roaming\Intel Corporation
[10/03/2017 18:30:21] - |D| - [14280494] - C:\Users\Steve\AppData\Roaming\Intuit
[23/02/2011 18:45:24] - |D| - [3727865] - C:\Users\Steve\AppData\Roaming\Macromedia
[23/02/2011 17:56:36] - |D| - [299] - C:\Users\Steve\AppData\Roaming\Macrovision
[25/08/2012 15:33:32] - |D| - [18043179] - C:\Users\Steve\AppData\Roaming\McAfee
[23/02/2011 17:40:16] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Media Center Programs
[26/07/2017 06:02:18] - |SD| - [110586983] - C:\Users\Steve\AppData\Roaming\Microsoft
[18/02/2014 21:10:01] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Microsoft Corporation
[15/08/2015 17:07:39] - |D| - [1505] - C:\Users\Steve\AppData\Roaming\Motorola
[15/08/2015 17:09:51] - |D| - [174] - C:\Users\Steve\AppData\Roaming\Motorola Mobility
[23/02/2011 18:46:57] - |D| - [57761878] - C:\Users\Steve\AppData\Roaming\Mozilla
[12/09/2015 15:33:57] - |D| - [17127] - C:\Users\Steve\AppData\Roaming\MusicBrainz
[03/03/2017 11:51:25] - |D| - [11190795] - C:\Users\Steve\AppData\Roaming\NCH Software
[11/03/2011 18:48:33] - |D| - [2226] - C:\Users\Steve\AppData\Roaming\NCH Swift Sound
[17/03/2012 20:54:07] - |D| - [262978] - C:\Users\Steve\AppData\Roaming\Nero
[11/10/2012 19:12:14] - |AD| - [2360259] - C:\Users\Steve\AppData\Roaming\Notepad++
[15/05/2016 20:24:38] - |D| - [2771885] - C:\Users\Steve\AppData\Roaming\NVIDIA
[30/07/2017 04:43:18] - |D| - [3285915] - C:\Users\Steve\AppData\Roaming\PCDr
[14/02/2013 18:50:40] - |D| - [0] - C:\Users\Steve\AppData\Roaming\PDAppFlex
[24/04/2012 21:06:35] - |D| - [236663] - C:\Users\Steve\AppData\Roaming\Quark
[11/03/2011 18:49:01] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Recordpad
[23/02/2011 17:45:26] - |D| - [111472597] - C:\Users\Steve\AppData\Roaming\Roxio
[23/02/2011 18:41:12] - |D| - [25483884] - C:\Users\Steve\AppData\Roaming\Roxio Log Files
[03/10/2015 00:21:10] - |D| - [2815882] - C:\Users\Steve\AppData\Roaming\Skype
[27/03/2011 09:27:49] - |D| - [926418] - C:\Users\Steve\AppData\Roaming\SoftGrid Client
[15/09/2013 18:31:08] - |D| - [0] - C:\Users\Steve\AppData\Roaming\StageManager.BD0928 18F67280F4B42B04877600987F0111B594.1
[15/12/2015 21:51:49] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Sun
[25/08/2012 11:47:37] - |D| - [387] - C:\Users\Steve\AppData\Roaming\TechCheck
[27/03/2011 09:27:14] - |D| - [0] - C:\Users\Steve\AppData\Roaming\TP
[11/12/2012 20:31:25] - |D| - [44262895] - C:\Users\Steve\AppData\Roaming\UseNeXT
[27/02/2011 08:05:51] - |D| - [295] - C:\Users\Steve\AppData\Roaming\Windows Live Writer
[25/02/2011 20:01:45] - |D| - [12] - C:\Users\Steve\AppData\Roaming\WinRAR
[23/07/2017 22:45:21] - |D| - [9095075] - C:\Users\Steve\AppData\Roaming\ZHP
[23/02/2011 17:45:15] - |ASH| - [174] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\desktop.ini
[17/09/2016 04:25:05] - |RD| - [49246] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs
[26/07/2017 06:02:18] - |RD| - [3888] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessibility
[26/07/2017 06:02:18] - |RD| - [4237] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories
[23/02/2011 17:45:15] - |RD| - [174] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Administrative Tools
[05/09/2015 14:19:29] - |D| - [1045] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\AVS4YOU
[26/07/2017 06:46:15] - |ASH| - [174] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\desktop.ini
[13/11/2015 19:15:50] - |A| - [2336] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Intel Security.lnk
[25/02/2011 09:39:48] - |D| - [981] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Internet Explorer
[13/11/2015 19:21:24] - |A| - [2411] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\LogMeIn Rescue.lnk
[26/07/2017 06:02:18] - |D| - [170] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Maintenance
[01/02/2016 12:36:18] - |A| - [2336] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Microsoft Support.lnk
[03/03/2017 11:49:46] - |A| - [2379] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\NCH Suite.lnk
[03/10/2015 12:13:29] - |A| - [2409] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\OneDrive.lnk
[25/07/2017 18:36:14] - |A| - [1394] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Opera Browser.lnk
[09/05/2015 11:23:30] - |D| - [3955] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\PrivaZer
[17/06/2011 10:22:26] - |D| - [2334] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\QuarkXPress Passport
[23/02/2011 17:45:15] - |RD| - [174] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup
[26/07/2017 06:02:18] - |RD| - [3496] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\System Tools
[03/10/2015 14:31:33] - |D| - [3778] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Windows 7 USB DVD Download Tool
[26/07/2017 06:02:18] - |RD| - [7238] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Windows PowerShell
[19/03/2016 22:08:37] - |D| - [4337] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\WinRAR
[23/02/2011 17:45:15] - |A| - [174] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\desktop.ini
[13/02/2014 10:00:30] - |A| - [0] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

---------- | C:\ProgramData

[17/02/2011 01:43:10] - |D| - [2205812079] - C:\ProgramData\Adobe
[25/07/2017 18:36:52] - |D| - [38307184] - C:\ProgramData\Apple Computer
[26/07/2017 06:44:53] - |SHD| - [81276435378] - C:\ProgramData\Application Data
[05/09/2015 10:36:58] - |D| - [0] - C:\ProgramData\AVS4YOU
[19/03/2012 06:53:28] - |D| - [4194316] - C:\ProgramData\boost_interprocess
[07/09/2015 18:51:00] - |D| - [0] - C:\ProgramData\Canneverbe Limited
[17/02/2011 01:46:16] - |D| - [136] - C:\ProgramData\Creative
[17/02/2011 01:48:00] - |D| - [51311130] - C:\ProgramData\Dell
[26/07/2017 06:44:53] - |SHD| - [35996] - C:\ProgramData\Desktop
[26/07/2017 06:44:53] - |SHD| - [278] - C:\ProgramData\Documents
[26/07/2017 06:44:53] - |SHD| - [0] - C:\ProgramData\Favorites
[17/02/2011 01:46:10] - |D| - [28892] - C:\ProgramData\FLEXnet
[01/05/2016 18:16:27] - |D| - [384] - C:\ProgramData\Intel Security
[10/03/2017 18:27:37] - |D| - [49026316] - C:\ProgramData\Intuit
[10/07/2012 21:13:08] - |D| - [3932731] - C:\ProgramData\LGMOBILEAX
[10/04/2012 07:00:00] - |D| - [1701] - C:\ProgramData\Macromedia
[17/02/2011 01:56:03] - |D| - [3264865] - C:\ProgramData\Macrovision
[15/04/2015 12:18:07] - |D| - [372992784] - C:\ProgramData\Malwarebytes
[25/06/2016 11:45:43] - |D| - [20133368] - C:\ProgramData\Malwarebytes Anti-Exploit
[17/02/2011 01:53:07] - |D| - [1632449743] - C:\ProgramData\McAfee
[18/03/2017 17:03:29] - |SD| - [1894589770] - C:\ProgramData\Microsoft
[30/01/2012 19:41:56] - |D| - [318890] - C:\ProgramData\Microsoft Help
[26/07/2017 06:49:04] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[25/03/2014 17:05:49] - |D| - [0] - C:\ProgramData\Microsoft Visual Studio
[02/08/2017 18:46:36] - |A| - [159] - C:\ProgramData\Microsoft.SqlServer.Compact.400.32. bc
[09/05/2015 15:21:04] - |D| - [46043136] - C:\ProgramData\MicroWorld
[15/08/2015 17:09:53] - |D| - [68610] - C:\ProgramData\Motorola
[02/05/2012 19:55:50] - |D| - [38065] - C:\ProgramData\Mozilla
[03/03/2017 11:49:40] - |D| - [78708] - C:\ProgramData\NCH Software
[11/03/2011 18:48:40] - |D| - [0] - C:\ProgramData\NCH Swift Sound
[19/03/2016 12:23:54] - |D| - [2530441] - C:\ProgramData\Nero
[17/03/2011 15:05:03] - |D| - [2680] - C:\ProgramData\Newsoft
[26/07/2017 05:59:55] - |D| - [2649076] - C:\ProgramData\NVIDIA
[26/07/2017 05:59:35] - |D| - [3646643] - C:\ProgramData\NVIDIA Corporation
[10/11/2013 17:55:46] - |D| - [84018950] - C:\ProgramData\Oracle
[03/07/2017 21:26:33] - |D| - [5443744] - C:\ProgramData\PC-Doctor for Windows
[24/12/2016 17:35:05] - |D| - [0] - C:\ProgramData\PC-Doctor, Inc
[29/07/2017 03:41:59] - |D| - [102416094] - C:\ProgramData\PCDr
[22/06/2014 03:18:34] - |D| - [552130] - C:\ProgramData\PreEmptive Solutions
[09/05/2015 11:23:20] - |D| - [71] - C:\ProgramData\privazer
[17/06/2011 10:16:08] - |D| - [4096] - C:\ProgramData\Quark
[02/10/2015 23:44:35] - |D| - [327187266] - C:\ProgramData\Razer
[14/02/2013 18:47:09] - |D| - [17036] - C:\ProgramData\regid.1986-12.com.adobe
[18/03/2017 17:03:29] - |AD| - [7422] - C:\ProgramData\regid.1991-06.com.microsoft
[23/07/2017 20:09:36] - |D| - [1530361] - C:\ProgramData\RogueKiller
[17/02/2011 01:56:27] - |D| - [19628] - C:\ProgramData\Roxio
[03/10/2015 00:20:32] - |D| - [130363392] - C:\ProgramData\Skype
[17/02/2011 01:57:07] - |D| - [101974] - C:\ProgramData\Sonic
[26/07/2017 06:44:53] - |SHD| - [361843] - C:\ProgramData\Start Menu
[29/07/2017 03:41:58] - |D| - [4876159] - C:\ProgramData\SupportAssist
[17/02/2011 01:47:38] - |D| - [36864] - C:\ProgramData\Temp
[26/07/2017 06:44:53] - |SHD| - [0] - C:\ProgramData\Templates
[17/02/2011 01:58:05] - |D| - [4746336] - C:\ProgramData\Uninstall
[18/03/2017 17:03:29] - |D| - [11845] - C:\ProgramData\USOPrivate
[26/07/2017 06:07:02] - |D| - [593920] - C:\ProgramData\USOShared
[27/03/2011 11:38:29] - |D| - [0] - C:\ProgramData\VirtualizedApplications
[22/06/2014 03:03:29] - |D| - [20662619] - C:\ProgramData\VS
[18/03/2017 22:31:25] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[25/07/2017 18:09:04] - |A| - [1998] - C:\ProgramData\Microsoft\Windows\Start Menu\Avant Browser.lnk
[18/03/2017 17:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[17/02/2011 01:48:23] - |A| - [2074] - C:\ProgramData\Microsoft\Windows\Start Menu\PhotoStage.lnk
[18/03/2017 17:03:29] - |RD| - [357597] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[24/01/2016 01:46:17] - |A| - [2458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
[18/03/2017 17:03:29] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[18/03/2017 17:03:29] - |RD| - [18359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[14/05/2016 10:34:55] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[18/03/2017 17:03:29] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[11/05/2013 13:03:12] - |D| - [14374] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[06/05/2016 20:41:08] - |A| - [2469] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
[06/05/2016 20:41:09] - |A| - [2116] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
[11/05/2013 13:15:26] - |A| - [1196] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
[06/05/2016 21:00:57] - |A| - [1120] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
[09/04/2012 08:25:43] - |A| - [1101] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[14/02/2013 18:45:05] - |A| - [1039] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[14/02/2013 18:44:32] - |A| - [1175] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[05/10/2013 11:35:44] - |A| - [1099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[22/09/2016 18:52:00] - |A| - [1228] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[09/04/2012 08:26:45] - |A| - [1194] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[24/01/2016 14:12:03] - |A| - [2263] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
[14/02/2013 18:21:31] - |A| - [1045] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[06/05/2016 21:09:13] - |A| - [1111] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
[09/04/2012 08:30:10] - |A| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS3.lnk
[11/05/2013 09:40:00] - |A| - [1237] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
[09/04/2012 08:26:53] - |A| - [1405] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[14/02/2013 18:42:18] - |A| - [1525] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[09/04/2012 08:27:17] - |A| - [1207] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS3.lnk
[14/02/2013 18:42:23] - |A| - [1359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[11/05/2013 10:00:43] - |A| - [1213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Fireworks CS6.lnk
[11/05/2013 09:36:30] - |A| - [999] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[06/05/2016 20:57:16] - |A| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
[11/05/2013 10:44:18] - |A| - [1520] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
[11/05/2013 10:45:18] - |A| - [1656] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
[01/10/1999 07:56:15] - |A| - [2071] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS.lnk
[06/05/2016 21:52:46] - |A| - [1049] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InCopy CC 2015.lnk
[06/05/2016 20:00:15] - |A| - [1075] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
[11/05/2013 12:03:24] - |A| - [1201] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS6.lnk
[06/05/2016 21:20:04] - |A| - [1031] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
[06/05/2016 21:41:42] - |A| - [1165] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk
[11/05/2013 11:59:44] - |A| - [1092] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
[06/05/2016 20:50:32] - |A| - [1031] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2015.lnk
[06/05/2016 19:28:28] - |A| - [1087] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
[01/10/1999 07:56:15] - |A| - [2064] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
[14/02/2013 18:47:04] - |A| - [1077] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[14/02/2013 18:46:07] - |A| - [1213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[06/05/2016 21:32:02] - |A| - [1153] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk
[11/05/2013 09:35:55] - |A| - [1099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[25/07/2017 18:38:10] - |D| - [4055] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
[11/10/2012 21:08:35] - |D| - [6497] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspell
[25/07/2017 18:38:25] - |A| - [1094] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[25/07/2017 18:09:04] - |D| - [5194] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avant Browser
[05/09/2015 14:19:01] - |D| - [5784] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[24/07/2017 17:01:30] - |D| - [965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[03/03/2017 12:03:11] - |A| - [1735] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[17/02/2011 01:46:27] - |D| - [4415] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[17/02/2011 01:44:56] - |D| - [8499] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[23/02/2011 17:40:32] - |A| - [1979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[17/02/2011 01:48:01] - |D| - [4150] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage
[18/03/2017 17:03:33] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[16/03/2012 23:22:47] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[24/01/2016 01:46:17] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
[03/03/2017 11:49:40] - |A| - [1281] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[25/07/2017 18:38:32] - |A| - [1188] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[14/07/2009 01:32:38] - |RD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[15/05/2016 07:54:35] - |D| - [1072] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetNZB
[27/08/2014 12:30:46] - |A| - [2350] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[17/05/2013 17:00:22] - |D| - [7546] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[12/01/2013 09:11:45] - |D| - [4079] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt
[18/03/2017 16:59:54] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[17/02/2011 01:41:59] - |RD| - [1624] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[29/07/2017 03:38:24] - |D| - [6626] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[18/03/2017 17:03:29] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[25/07/2017 16:42:24] - |D| - [4042] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[13/02/2016 19:47:21] - |D| - [4428] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[18/02/2013 08:54:29] - |D| - [13682] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[24/01/2016 01:46:17] - |D| - [5109] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
[29/08/2012 10:45:28] - |A| - [2543] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[12/05/2012 03:01:58] - |D| - [2340] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[18/02/2014 14:13:57] - |D| - [1338] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[22/06/2014 03:03:36] - |D| - [868] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[29/01/2014 21:41:41] - |D| - [3727] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[18/02/2014 14:16:48] - |D| - [134] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[18/02/2014 13:57:26] - |D| - [47036] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[18/03/2017 16:57:42] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[30/04/2011 09:00:21] - |A| - [1007] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[12/09/2015 15:33:13] - |A| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
[03/03/2017 11:49:40] - |A| - [2171] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
[29/08/2016 22:34:23] - |D| - [3494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Genie
[25/07/2017 16:39:48] - |D| - [885] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[23/12/2016 10:34:49] - |D| - [4998] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[24/01/2016 01:46:17] - |A| - [2437] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
[24/01/2016 01:46:17] - |A| - [2451] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
[25/07/2017 18:36:36] - |A| - [968] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
[24/01/2016 01:46:17] - |A| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
[18/03/2017 16:58:04] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[09/05/2015 11:23:30] - |A| - [1903] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[24/01/2016 01:46:17] - |A| - [2445] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
[17/03/2012 11:46:58] - |D| - [4089] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidShare Manager
[02/10/2015 23:55:59] - |D| - [1967] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[17/02/2011 01:57:17] - |D| - [2164] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
[25/07/2017 18:36:55] - |A| - [2519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[25/07/2017 16:39:32] - |D| - [2139] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[23/04/2011 19:25:07] - |D| - [129] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
[18/03/2017 17:03:29] - |RD| - [1102] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[18/03/2017 17:03:29] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[25/02/2011 09:32:53] - |D| - [6562] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Print Shop
[10/03/2017 18:29:10] - |D| - [2547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
[11/12/2012 20:31:16] - |D| - [1881] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[16/01/2016 18:11:06] - |D| - [2681] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Wireless Software Upgrade Assistant - Motorola
[25/07/2017 18:37:56] - |A| - [965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[22/06/2014 03:03:44] - |D| - [2248] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
[17/02/2011 01:52:01] - |RD| - [4582] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[17/02/2011 01:51:45] - |A| - [2488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[17/02/2011 01:52:00] - |A| - [1307] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[17/02/2011 01:51:57] - |A| - [1376] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[26/07/2017 06:21:01] - |A| - [1519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[19/03/2016 22:08:37] - |D| - [4265] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[25/07/2017 16:39:58] - |A| - [1148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
[24/01/2016 01:46:17] - |A| - [2495] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
[26/07/2017 07:00:31] - |D| - [1241] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[25/07/2017 16:26:51] - |D| - [1942] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[18/03/2017 17:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[29/08/2016 22:34:23] - |A| - [928] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk

---------- | C:\Program Files (x86)

[17/02/2011 01:43:09] - |AD| - [6897593251] - C:\Program Files (x86)\Adobe
[14/02/2013 18:21:31] - |AD| - [3054581] - C:\Program Files (x86)\Adobe Download Assistant
[21/02/2016 21:15:55] - |D| - [1264] - C:\Program Files (x86)\Adware Removal Tool by TSA
[17/03/2012 06:57:06] - |D| - [2034] - C:\Program Files (x86)\Aimersoft
[25/07/2017 18:38:06] - |D| - [41502744] - C:\Program Files (x86)\AIMP
[11/10/2012 21:06:57] - |D| - [7577844] - C:\Program Files (x86)\Aspell
[25/07/2017 18:38:19] - |AD| - [65600375] - C:\Program Files (x86)\Audacity
[25/07/2017 18:09:00] - |AD| - [15407522] - C:\Program Files (x86)\Avant Browser
[05/09/2015 10:36:08] - |D| - [24288909] - C:\Program Files (x86)\AVS4YOU
[25/02/2011 09:32:30] - |D| - [1242637663] - C:\Program Files (x86)\Broderbund
[19/03/2016 10:51:53] - |AD| - [19770345] - C:\Program Files (x86)\CDBurnerXP
[18/03/2017 17:03:28] - |D| - [3512058400] - C:\Program Files (x86)\Common Files
[17/02/2011 01:46:24] - |D| - [5412596] - C:\Program Files (x86)\Creative
[17/02/2011 01:47:51] - |D| - [100531287] - C:\Program Files (x86)\Dell
[16/02/2017 19:28:41] - |AD| - [10108978] - C:\Program Files (x86)\Dell Customer Connect
[17/02/2011 01:48:15] - |D| - [48474866] - C:\Program Files (x86)\Dell Stage
[02/03/2011 19:53:35] - |D| - [291] - C:\Program Files (x86)\Dell Touch Software Suite
[21/07/2017 11:57:30] - |AD| - [2410327] - C:\Program Files (x86)\Dell Update
[18/03/2017 17:03:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[25/07/2017 18:38:29] - |AD| - [10689714] - C:\Program Files (x86)\foobar2000
[15/05/2016 07:54:33] - |AD| - [44530621] - C:\Program Files (x86)\GetNZB
[04/10/2012 20:10:01] - |D| - [525595999] - C:\Program Files (x86)\Google
[12/01/2013 09:11:44] - |AD| - [7763102] - C:\Program Files (x86)\GrabIt
[25/07/2017 18:39:03] - |D| - [102344636] - C:\Program Files (x86)\GRETECH
[18/02/2014 13:57:26] - |AD| - [217744] - C:\Program Files (x86)\HTML Help Workshop
[18/02/2014 14:12:09] - |D| - [762806] - C:\Program Files (x86)\IIS
[17/02/2011 01:40:06] - |HD| - [105986607] - C:\Program Files (x86)\InstallShield Installation Information
[17/02/2011 01:40:06] - |D| - [1747837] - C:\Program Files (x86)\Intel
[18/03/2017 17:03:28] - |D| - [2642764] - C:\Program Files (x86)\Internet Explorer
[02/06/2015 07:44:40] - |D| - [8673282] - C:\Program Files (x86)\LG Electronics
[01/05/2016 17:46:55] - |D| - [4404167] - C:\Program Files (x86)\LogMeIn Rescue RC - 29fe62a4-8e94-4e6b-8edc-3dac8b4aaf7d
[26/04/2011 14:49:59] - |D| - [44177749] - C:\Program Files (x86)\McAfee
[13/10/2012 05:56:41] - |D| - [102916319] - C:\Program Files (x86)\Microsoft Analysis Services
[18/02/2014 14:12:13] - |D| - [1361193] - C:\Program Files (x86)\Microsoft ASP.NET
[18/02/2014 13:57:26] - |AD| - [13921187] - C:\Program Files (x86)\Microsoft F#
[17/02/2011 01:47:29] - |AD| - [2487182867] - C:\Program Files (x86)\Microsoft Office
[29/01/2014 21:35:37] - |D| - [672406449] - C:\Program Files (x86)\Microsoft SDKs
[12/05/2012 03:01:10] - |AD| - [42892246] - C:\Program Files (x86)\Microsoft Silverlight
[29/01/2014 21:37:58] - |AD| - [47167096] - C:\Program Files (x86)\Microsoft SQL Server
[17/02/2011 01:51:55] - |AD| - [7523635] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[29/01/2014 21:37:45] - |D| - [610104] - C:\Program Files (x86)\Microsoft Synchronization Services
[29/01/2014 21:36:10] - |AD| - [2187322630] - C:\Program Files (x86)\Microsoft Visual Studio 10.0
[29/01/2014 21:43:04] - |AD| - [416343] - C:\Program Files (x86)\Microsoft Visual Studio 9.0
[18/03/2017 17:03:28] - |D| - [8816199] - C:\Program Files (x86)\Microsoft.NET
[15/08/2015 17:09:42] - |D| - [233595] - C:\Program Files (x86)\Motorola
[15/08/2015 17:09:42] - |AD| - [38552595] - C:\Program Files (x86)\Motorola Mobility
[19/11/2016 13:04:58] - |AD| - [93297041] - C:\Program Files (x86)\Mozilla Firefox
[02/05/2012 19:55:50] - |D| - [306679] - C:\Program Files (x86)\Mozilla Maintenance Service
[26/07/2017 09:29:12] - |AD| - [4263062] - C:\Program Files (x86)\MSBuild
[29/08/2012 10:44:51] - |D| - [66395929] - C:\Program Files (x86)\MSECache
[15/08/2015 17:09:35] - |AD| - [154033] - C:\Program Files (x86)\MSXML 4.0
[12/09/2015 15:33:09] - |D| - [33049789] - C:\Program Files (x86)\MusicBrainz Picard
[06/05/2016 21:00:25] - |D| - [0] - C:\Program Files (x86)\My Company Name
[03/03/2017 11:49:39] - |D| - [2866720] - C:\Program Files (x86)\NCH Software
[17/03/2012 20:42:46] - |AD| - [1824747] - C:\Program Files (x86)\Nero
[29/08/2016 22:34:23] - |D| - [35353359] - C:\Program Files (x86)\NETGEAR
[15/05/2015 22:57:48] - |D| - [244902383] - C:\Program Files (x86)\NVIDIA Corporation
[09/05/2015 11:23:20] - |AD| - [20282199] - C:\Program Files (x86)\PrivaZer
[17/06/2011 10:15:47] - |D| - [81535044] - C:\Program Files (x86)\Quark
[17/03/2012 11:46:55] - |AD| - [15228475] - C:\Program Files (x86)\RapidShareManager
[02/10/2015 23:44:31] - |AD| - [282424270] - C:\Program Files (x86)\Razer
[15/05/2015 23:03:13] - |D| - [21135568] - C:\Program Files (x86)\Realtek
[26/07/2017 09:29:12] - |D| - [387624459] - C:\Program Files (x86)\Reference Assemblies
[17/02/2011 01:56:03] - |AD| - [139794537] - C:\Program Files (x86)\Roxio
[25/07/2017 18:36:52] - |AD| - [107588802] - C:\Program Files (x86)\Safari
[25/07/2017 16:39:31] - |RD| - [90056045] - C:\Program Files (x86)\Skype
[24/12/2016 07:31:07] - |HD| - [0] - C:\Program Files (x86)\Temp
[10/03/2017 18:27:51] - |D| - [330241115] - C:\Program Files (x86)\TurboTax
[26/07/2017 05:59:47] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[11/12/2012 20:31:14] - |AD| - [10275581] - C:\Program Files (x86)\UseNeXT
[25/02/2011 09:39:47] - |D| - [123749] - C:\Program Files (x86)\Web Publish
[18/03/2017 17:03:28] - |D| - [1982400] - C:\Program Files (x86)\Windows Defender
[17/02/2011 01:51:35] - |AD| - [153536314] - C:\Program Files (x86)\Windows Live
[18/03/2017 17:03:28] - |D| - [5924864] - C:\Program Files (x86)\Windows Mail
[18/03/2017 22:30:02] - |D| - [3243161] - C:\Program Files (x86)\Windows Media Player
[18/03/2017 17:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform
[18/03/2017 17:03:28] - |D| - [7450818] - C:\Program Files (x86)\Windows NT
[18/03/2017 17:03:28] - |D| - [5358912] - C:\Program Files (x86)\Windows Photo Viewer
[18/03/2017 17:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices
[18/03/2017 17:03:28] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[18/03/2017 17:03:28] - |D| - [3075066] - C:\Program Files (x86)\WindowsPowerShell
[14/09/2012 21:08:38] - |AD| - [32988638] - C:\Program Files (x86)\WinSCP
[24/07/2017 17:43:54] - |AD| - [18430346] - C:\Program Files (x86)\Zemana AntiMalware
[25/07/2017 16:26:51] - |AD| - [7240109] - C:\Program Files (x86)\ZHPFix

---------- | C:\Program Files

[25/07/2017 18:07:10] - |AD| - [7343690] - C:\Program Files\Adblock Plus for IE
[14/02/2013 18:44:59] - |AD| - [15838385118] - C:\Program Files\Adobe
[24/07/2017 17:01:29] - |AD| - [21409616] - C:\Program Files\CCleaner
[25/07/2017 16:37:50] - |D| - [21705723] - C:\Program Files\CDBurnerXP
[18/03/2017 17:03:28] - |D| - [1541133129] - C:\Program Files\Common Files
[11/02/2015 20:49:07] - |AD| - [347541581] - C:\Program Files\Dell
[17/02/2011 01:39:02] - |D| - [1533801] - C:\Program Files\Dell Inc
[17/02/2011 01:59:29] - |D| - [12589] - C:\Program Files\dell stage
[03/07/2017 21:26:27] - |D| - [22224764] - C:\Program Files\Dell Support Center
[18/03/2017 17:03:33] - |ASH| - [174] - C:\Program Files\desktop.ini
[14/07/2009 01:32:38] - |D| - [0] - C:\Program Files\DVD Maker
[18/02/2014 14:12:09] - |D| - [2472343] - C:\Program Files\IIS
[18/03/2017 17:03:28] - |D| - [2643703] - C:\Program Files\Internet Explorer
[29/07/2017 03:37:56] - |D| - [187650141] - C:\Program Files\Java
[25/07/2017 16:42:18] - |D| - [209729044] - C:\Program Files\Malwarebytes
[01/05/2016 18:15:21] - |AD| - [221589551] - C:\Program Files\McAfee
[01/05/2016 18:15:21] - |D| - [3638754] - C:\Program Files\McAfee.com
[14/07/2009 01:32:38] - |D| - [184] - C:\Program Files\Microsoft Games
[29/01/2014 21:35:37] - |D| - [68120314] - C:\Program Files\Microsoft Help Viewer
[27/03/2011 09:27:21] - |D| - [17068590] - C:\Program Files\Microsoft Office
[24/01/2016 01:41:45] - |D| - [8836480] - C:\Program Files\Microsoft Office 15
[12/05/2012 03:01:10] - |AD| - [55725526] - C:\Program Files\Microsoft Silverlight
[29/01/2014 21:41:06] - |AD| - [1330619174] - C:\Program Files\Microsoft SQL Server
[29/01/2014 21:37:50] - |AD| - [4421503] - C:\Program Files\Microsoft SQL Server Compact Edition
[18/02/2014 14:16:38] - |D| - [4603442] - C:\Program Files\Microsoft Sync Framework
[29/01/2014 21:37:50] - |D| - [343335] - C:\Program Files\Microsoft Synchronization Services
[29/01/2014 21:35:37] - |D| - [1616966] - C:\Program Files\Microsoft Visual Studio 10.0
[29/01/2014 21:42:58] - |D| - [7674] - C:\Program Files\Microsoft Visual Studio 9.0
[02/10/2015 23:36:41] - |D| - [546664] - C:\Program Files\Microsoft.NET
[15/08/2015 17:08:44] - |D| - [8366] - C:\Program Files\Motorola Mobility LLC
[25/07/2017 18:35:49] - |AD| - [106443300] - C:\Program Files\Mozilla Firefox
[26/07/2017 09:29:12] - |AD| - [44479] - C:\Program Files\MSBuild
[25/07/2017 16:39:44] - |D| - [7514639] - C:\Program Files\Notepad++
[26/07/2017 05:59:26] - |D| - [936532159] - C:\Program Files\NVIDIA Corporation
[25/07/2017 18:36:35] - |AD| - [93561115] - C:\Program Files\Pale Moon
[26/07/2017 05:59:57] - |D| - [15235680] - C:\Program Files\Realtek
[12/09/2015 17:58:00] - |AD| - [10892600] - C:\Program Files\Recuva
[26/07/2017 09:29:12] - |D| - [45899158] - C:\Program Files\Reference Assemblies
[23/02/2011 18:41:56] - |AD| - [987616] - C:\Program Files\Roxio
[30/07/2015 17:52:28] - |HD| - [0] - C:\Program Files\Uninstall Information
[21/07/2017 12:11:41] - |AD| - [6432951] - C:\Program Files\UNP
[25/07/2017 18:37:40] - |AD| - [161946548] - C:\Program Files\Waterfox
[18/03/2017 17:03:28] - |RD| - [16284110] - C:\Program Files\Windows Defender
[17/02/2011 01:51:12] - |D| - [7709639] - C:\Program Files\Windows Live
[18/03/2017 17:03:28] - |D| - [6145536] - C:\Program Files\Windows Mail
[18/03/2017 22:30:02] - |D| - [4763837] - C:\Program Files\Windows Media Player
[18/03/2017 17:03:28] - |D| - [49688] - C:\Program Files\Windows Multimedia Platform
[18/03/2017 17:03:28] - |D| - [7717058] - C:\Program Files\Windows NT
[18/03/2017 17:03:28] - |D| - [6162752] - C:\Program Files\Windows Photo Viewer
[18/03/2017 17:03:28] - |D| - [49696] - C:\Program Files\Windows Portable Devices
[18/03/2017 17:03:28] - |D| - [95352] - C:\Program Files\Windows Security
[18/03/2017 17:03:28] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[18/03/2017 17:03:28] - |HD| - [2944368363] - C:\Program Files\WindowsApps
[18/03/2017 17:03:28] - |D| - [3323870] - C:\Program Files\WindowsPowerShell
[19/03/2016 22:08:24] - |AD| - [6013669] - C:\Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[17/02/2011 01:43:09] - |AD| - [2284149866] - C:\Program Files (x86)\Common Files\Adobe
[14/02/2013 18:21:29] - |AD| - [28735915] - C:\Program Files (x86)\Common Files\Adobe AIR
[01/09/1999 07:29:16] - |D| - [68096] - C:\Program Files (x86)\Common Files\Adobe Systems Shared
[05/09/2015 10:36:11] - |D| - [147726722] - C:\Program Files (x86)\Common Files\AVSMedia
[25/02/2011 09:32:28] - |D| - [72830515] - C:\Program Files (x86)\Common Files\Broderbund
[27/03/2011 09:27:21] - |AD| - [123224] - C:\Program Files (x86)\Common Files\DESIGNER
[17/03/2011 15:01:57] - |D| - [28672] - C:\Program Files (x86)\Common Files\DSC303
[17/02/2011 01:44:57] - |D| - [11786971] - C:\Program Files (x86)\Common Files\InstallShield
[10/03/2017 18:28:20] - |AD| - [115058079] - C:\Program Files (x86)\Common Files\Intuit
[29/07/2017 03:38:46] - |D| - [1942088] - C:\Program Files (x86)\Common Files\Java
[17/02/2011 01:46:04] - |D| - [1045622] - C:\Program Files (x86)\Common Files\Macrovision Shared
[17/02/2011 01:53:09] - |D| - [8772318] - C:\Program Files (x86)\Common Files\mcafee
[18/02/2014 13:57:26] - |AD| - [30030176] - C:\Program Files (x86)\Common Files\Merge Modules
[18/03/2017 17:03:28] - |AD| - [432629379] - C:\Program Files (x86)\Common Files\Microsoft Shared
[16/01/2016 18:11:05] - |D| - [707584] - C:\Program Files (x86)\Common Files\MSSoap
[17/02/2011 01:56:18] - |AD| - [4506416] - C:\Program Files (x86)\Common Files\PX Storage Engine
[17/02/2011 01:55:59] - |AD| - [82576006] - C:\Program Files (x86)\Common Files\Roxio Shared
[18/03/2017 17:03:28] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[25/07/2017 16:39:32] - |AD| - [2574296] - C:\Program Files (x86)\Common Files\Skype
[17/02/2011 01:56:19] - |AD| - [1479374] - C:\Program Files (x86)\Common Files\Sonic Shared
[26/07/2017 06:09:42] - |D| - [41095079] - C:\Program Files (x86)\Common Files\SpeechEngines
[17/02/2011 01:57:31] - |AD| - [732768] - C:\Program Files (x86)\Common Files\SureThing Shared
[18/03/2017 17:03:28] - |D| - [9902379] - C:\Program Files (x86)\Common Files\System
[17/02/2011 01:48:34] - |D| - [233554153] - C:\Program Files (x86)\Common Files\Windows Live

---------- | C:\Program Files\Common files

[14/02/2013 18:40:42] - |D| - [536955122] - C:\Program Files\Common files\Adobe
[01/05/2016 18:15:01] - |D| - [4149329] - C:\Program Files\Common files\AV
[01/05/2016 18:15:09] - |D| - [20640598] - C:\Program Files\Common files\Intel Security
[01/05/2016 18:12:19] - |D| - [799236690] - C:\Program Files\Common files\McAfee
[18/03/2017 17:03:28] - |AD| - [163940390] - C:\Program Files\Common files\microsoft shared
[15/08/2015 17:08:43] - |D| - [5335071] - C:\Program Files\Common files\Motorola Shared
[18/03/2017 17:03:28] - |D| - [2702] - C:\Program Files\Common files\Services
[26/07/2017 06:09:31] - |D| - [599040] - C:\Program Files\Common files\SpeechEngines
[18/03/2017 17:03:28] - |D| - [10274187] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [26/07/2017 06:34:24] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.0DE5E566750F8A394D155275F577B574] - [26/07/2017 06:34:21] - |A| - [2220] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : “C:\Program Files\CCleaner\CCleaner.exe”
[MD5.D04D2BB4B8DDD39736AC4F6E8C0C5CF1] - [26/07/2017 06:34:21] - |A| - [2590] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnele vatedTask : C:\WINDOWS\Explorer.exe
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:21] - |D| - [0] - C:\WINDOWS\System32\Tasks\Event Viewer Tasks
[MD5.C644064EC7A695D945E86CFBA53B9F44] - [26/07/2017 06:34:21] - |A| - [3120] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.B3CDC7D9043D7B724D620CE0761FF975] - [26/07/2017 06:34:21] - |A| - [3344] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.257F08CE924A1594DBAABBED2115EA1E] - [26/07/2017 06:34:21] - |A| - [4034] - C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse : C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50 .1291.1\mcdatrep.exe
[MD5.61F4601EB8FEEAF995F69A072B075DD4] - [26/07/2017 06:34:21] - |A| - [4222] - C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse : C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50 .1291.1\mcdatrep.exe
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:21] - |D| - [4544] - C:\WINDOWS\System32\Tasks\McAfee
[MD5.6A9DCEA5A4B3D1E7CB7D63D964B2D167] - [26/07/2017 06:34:21] - |A| - [2382] - C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare) : C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe
[MD5.7A7BD72C5599AA88240E119D9F59CCA5] - [26/07/2017 06:34:21] - |A| - [2470] - C:\WINDOWS\System32\Tasks\McAfeeLogon : C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
[MD5.00000000000000000000000000000000] - [18/03/2017 17:03:29] - |D| - [563750] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:24] - |D| - [0] - C:\WINDOWS\System32\Tasks\NCH Software
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:24] - |D| - [0] - C:\WINDOWS\System32\Tasks\NCH Swift Sound
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:24] - |D| - [0] - C:\WINDOWS\System32\Tasks\OfficeSoftwareProtection Platform
[MD5.BC6896DEB29DA2BFF71E469CA81CCA1C] - [26/07/2017 06:34:24] - |A| - [3576] - C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1501022171 : C:\Users\Steve\AppData\Local\Programs\Opera\launch er.exe
[MD5.256A98468C0BBB973444A5F26F6E142F] - [26/07/2017 06:34:24] - |A| - [4154] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{BF02009D-C843-4079-8428-ABBD8A451EAB} : C:\WINDOWS\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:24] - |D| - [3852] - C:\WINDOWS\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedacces s\Parameters\FirewallPolicy\FirewallRules]
“WCF-NetTcpActivator-In-TCP-64bit”=v2.27|Action=Allow|Active=TRUE|Dir=In|Proto col=6|LPort=808|Svc=NetTcpActivator|Name=@%systemr oot%\Microsoft.NET\Framework64\v4.0.30319\ServiceM odelEvents.dll,-2000|Desc=@%systemroot%\Microsoft.NET\Framework64\ v4.0.30319\ServiceModelEvents.dll,-2001|EmbedCtxt=@%systemroot%\Microsoft.NET\Framewo rk64\v4.0.30319\ServiceModelEvents.dll,-2002|
“IIS-WebServerRole-HTTPS-In-TCP”=v2.27|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|LPort=443|App=System|Name=@%windir%\system32\i netsrv\iisres.dll,-30502|Desc=@%windir%\system32\inetsrv\iisres.dll,-30512|EmbedCtxt=@%windir%\system32\inetsrv\iisres. dll,-30503|
“IIS-WebServerRole-HTTP-In-TCP”=v2.27|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|LPort=80|App=System|Name=@%windir%\system32\in etsrv\iisres.dll,-30500|Desc=@%windir%\system32\inetsrv\iisres.dll,-30510|EmbedCtxt=@%windir%\system32\inetsrv\iisres. dll,-30501|
“MDNS-Out-UDP”=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=17|LPort=5353|App=%SystemRoot%\system32\svchost .exe|Svc=dnscache|Name=@%SystemRoot%\system32\fire wallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi .dll,-37302|
“MDNS-In-UDP”=v2.27|Action=Allow|Active=TRUE|Dir=In|Protoco l=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svch ost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\f irewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi .dll,-37302|
“WirelessDisplay-Infra-In-TCP”=v2.27|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|LPort=7250|App=%systemroot%\system32\CastSrv.e xe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
“WirelessDisplay-Out-UDP”=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=17|App=%systemroot%\system32\WUDFHost.exe|Name= @wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD

A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“Netlogon-TCP-RPC-In”=v2.27|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe| Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
“Netlogon-NamedPipe-In”=v2.27|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
“DeliveryOptimization-UDP-In”=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol =17|LPort=7680|App=%SystemRoot%\system32\svchost.e xe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll ,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
“DeliveryOptimization-TCP-In”=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol =6|LPort=7680|App=%SystemRoot%\system32\svchost.ex e|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
“WiFiDirect-KM-Driver-Out-UDP”=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“WiFiDirect-KM-Driver-In-UDP”=v2.27|Action=Allow|Active=TRUE|Dir=In|Protoco l=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“WiFiDirect-KM-Driver-Out-TCP”=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“WiFiDirect-KM-Driver-In-TCP”=v2.27|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper”=v2.27|Action=Allow|Active=FALSE|Dir=In|P rotocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@ firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
“Wininit-Shutdown-In-Rule-TCP-RPC”=v2.27|Action=Allow|Active=FALSE|Dir=In|Protoc ol=6|LPort=RPC|App=%systemroot%\system32\wininit.e xe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|

---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class{05f5cf e2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) → @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{126476 0F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{13e42d fa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) → @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class{146bf2 52-9f25-4209-a6dd-c45a1180abc4}] : (AndroidUsbDeviceClass) → @oem89.inf,%ClassName%;Android Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class{14b62f 50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) → @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{1ed2bb f9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) → @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class{25dbce 51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) → @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class{268c95 a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) → @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2a9fe5 32-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) → @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2db153 74-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) → @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B648}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B649}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{36fc9e 60-c465-11cf-8056-444553540000}] : (USB) → @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3e3f06 74-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) → @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3f966b d9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) → @oem97.inf,%ClassName%;Android Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class{43675d 81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) → @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4658ee 7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) → @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48721b 56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) → @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48d3eb c4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) → @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{49ce6a c8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) → @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 65-e325-11ce-bfc1-08002be10318}] : (CDROM) → @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 66-e325-11ce-bfc1-08002be10318}] : (Computer) → @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 67-e325-11ce-bfc1-08002be10318}] : (DiskDrive) → @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 68-e325-11ce-bfc1-08002be10318}] : (Display) → @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 69-e325-11ce-bfc1-08002be10318}] : (FDC) → @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6a-e325-11ce-bfc1-08002be10318}] : (HDC) → @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6b-e325-11ce-bfc1-08002be10318}] : (Keyboard) → @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6c-e325-11ce-bfc1-08002be10318}] : (MEDIA) → @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6d-e325-11ce-bfc1-08002be10318}] : (Modem) → @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6e-e325-11ce-bfc1-08002be10318}] : (Monitor) → @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6f-e325-11ce-bfc1-08002be10318}] : (Mouse) → @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 70-e325-11ce-bfc1-08002be10318}] : (MTD) → @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 71-e325-11ce-bfc1-08002be10318}] : (MultiFunction) → @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 72-e325-11ce-bfc1-08002be10318}] : (Net) → @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 73-e325-11ce-bfc1-08002be10318}] : (NetClient) → @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 74-e325-11ce-bfc1-08002be10318}] : (NetService) → @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 75-e325-11ce-bfc1-08002be10318}] : (NetTrans) → @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 77-e325-11ce-bfc1-08002be10318}] : (PCMCIA) → @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 78-e325-11ce-bfc1-08002be10318}] : (Ports) → @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 79-e325-11ce-bfc1-08002be10318}] : (Printer) → @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) → @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7d-e325-11ce-bfc1-08002be10318}] : (System) → @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7e-e325-11ce-bfc1-08002be10318}] : (Unknown) → @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 80-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) → @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4fc954 1c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) → @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50127d c3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) → @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50906c b8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) → @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class{509994 4a-f6b9-4057-a056-8c550228544c}] : (Memory) → @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50dd52 30-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) → @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5175d3 34-c371-4806-b3ba-71fd53c9258d}] : (Sensor) → @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{533c5b 84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) → @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53966c b1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) → @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53ccb1 49-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) → @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53d29e f7-377c-4d14-864b-eb3a85769359}] : (Biometric) → @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class{563083 1c-06c9-4856-b327-f5d32586e060}] : (Proximity) → @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5989fc e8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) → @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5aea00 1d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) → @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5c4c33 32-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) → @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5d1b9a aa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) → @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{62f9c7 41-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) → @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{645ad9 9b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) → @PerceptionSimulationSixDof.inf,%ClassName%;Percep tion Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6a0a8e 78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) → @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c1-810f-11d0-bec7-08002be2092f}] : (1394) → @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c5-810f-11d0-bec7-08002be2092f}] : (Infrared) → @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c6-810f-11d0-bec7-08002be2092f}] : (Image) → @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6d8078 84-7d21-11cf-801c-08002be10318}] : (TapeDrive) → @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6FAE73 B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71a27c dd-812a-11d0-bec7-08002be2092f}] : (Volume) → @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71aa14 f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) → @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{72631e 54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) → @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class{745a17 a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) → @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{772e18 f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) → @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class{78A1C3 41-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{7ebefb c0-3200-11d2-b4c2-00a0c9697d07}] : (61883) → @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class{81C874 65-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8503c9 11-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) → @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{87ef9a d1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) → @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88a1c3 42-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) → @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88bae0 32-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) → @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class{89786f f1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) → @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8ecc05 5d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) → @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{990a2b d7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) → @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9d6d66 a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) → @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9da2b8 0f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) → @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a588 a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) → @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a701 c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) → @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A3E32D BA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A73C93 F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b1d1a1 69-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) → @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b6a945 de-134c-4279-9a66-61a63c6f0dc5}] : (Network Infrastructure Devices) → @oem31.inf,%ClassName%;Network Infrastructure Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b86dff 51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) → @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{bbbe87 34-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) → @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c06ff2 65-ae09-48f0-812c-16753d7cba83}] : (AVC) → @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c16652 3c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) → @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c243ff bd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) → @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c30ece a0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) → @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c7bc9b 22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) → @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class{cdcf09 39-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) → @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{ce5939 ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) → @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d02bc3 da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) → @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d421b0 8e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) → @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d48179 be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) → @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d54650 0a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) → @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d61255 3d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) → @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d61ca3 65-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) → @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d94ee5 d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) → @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class{db4f6d dd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) → @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e0cbf0 6c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) → @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e2f84c e7-8efa-411c-aa69-97454ca4cb57}] : (Extension) → @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e55fa6 f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) → @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{eec5ad 98-8080-425f-922a-dabf3de3f69a}] : (WPD) → @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f2e7dd 72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) → @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f3586b af-b5aa-49b5-8d6c-0569284c639f}] : (Compression) → @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f72fe0 d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) → @oem8.inf,%ClassName%;ADB Interface
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f75a86 c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) → @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f8ecaf a6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) → @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{fe8f15 72-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) → @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{feb8d0 79-0681-11d4-9531-0060089abc08}] : (MOTUSB) → @oem64.inf,%MotDev.ClassName%;Motorola USB Device
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] → ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] → elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] → ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[02/05/2017 11:07:48] - (15.6.0.2180) - (McAfee, Inc. - McAfee Link Driver) - C:\WINDOWS\system32\drivers\mfehidk.sys
[17/02/2011 01:56:39] - (3.1.1.0) - (Corel Corporation - Px Engine Device Driver for 64-bit (x86-64) Windows) - C:\WINDOWS\System32\Drivers\PxHlpa64.sys
[29/08/2016 22:34:23] - (1.0.0.12) - (SerComm Corporation - Customize NDIS User mode I/O Driver) - C:\WINDOWS\system32\DRIVERS\scmndisp.sys
[29/01/2016 07:01:56] - (15.6.0.2180) - (McAfee, Inc. - Anti-Virus Mini-Firewall Driver) - C:\WINDOWS\system32\drivers\mfewfpk.sys
[24/07/2017 17:43:56] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\WINDOWS\System32\drivers\zamguard64.sys
[24/07/2017 17:43:56] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\WINDOWS\System32\drivers\zam64.sys
[25/07/2017 16:42:22] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\mbae64.sys
[09/12/2016 12:45:46] - (21.21.13.4201) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 342.01) - C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
[11/04/2017 10:01:43] - (1.4.2.0) - (Dell Inc. - DDDriver.sys) - C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys
[11/04/2017 10:01:43] - (3.0.1.4) - (Dell Computer Corporation - DellProf.sys) - C:\WINDOWS\system32\drivers\DellProf.sys
[09/12/2016 12:39:04] - (1.3.30.1) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys
[20/01/2017 10:07:50] - (15.6.0.2180) - (McAfee, Inc. - McAfee Arbitrary Access Control Driver) - C:\WINDOWS\system32\drivers\mfeaack.sys
[20/01/2017 10:07:50] - (15.6.0.2180) - (McAfee, Inc. - Anti-Virus File System Filter Driver) - C:\WINDOWS\system32\drivers\mfeavfk.sys
[29/01/2016 07:01:56] - (15.6.0.2180) - (McAfee, Inc. - McAfee Core Firewall Engine Driver) - C:\WINDOWS\system32\drivers\mfefirek.sys
[07/04/2017 02:42:02] - (1.5.0.2580) - (McAfee, Inc. - Event Driver) - C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
[20/01/2017 10:07:50] - (15.6.0.2180) - (McAfee, Inc. - AAC Protected Launch Plugin Driver) - C:\WINDOWS\system32\drivers\mfeplk.sys
[03/10/2015 12:12:36] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver) - C:\WINDOWS\system32\DRIVERS\Dot4.sys
[03/10/2015 12:12:36] - (8.0.0.67) - (Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver) - C:\WINDOWS\System32\drivers\Dot4Prt.sys
[13/08/2015 11:19:08] - (1.0.38.0) - (Razer Inc - Razer RzEndPt) - C:\WINDOWS\System32\drivers\rzdaendpt.sys
[03/10/2015 12:14:26] - (1.0.39.1) - (Razer Inc - Razer Rzudd Engine) - C:\WINDOWS\System32\drivers\rzudd.sys
[13/08/2015 11:19:08] - (1.0.38.0) - (Razer Inc - Razer Keyboard Device) - C:\WINDOWS\System32\drivers\rzvkeyboard.sys
[02/10/2015 23:58:47] - (1.0.2.6230) - (Razer, Inc. - Razer Overlay Support) - C:\Windows\system32\drivers\rzpmgrk.sys
[02/10/2015 23:58:59] - (1.0.12.6087) - (Razer, Inc. - Razer Overlay Support) - C:\Windows\system32\drivers\rzpnk.sys
[27/07/2017 16:37:00] - (1.0.0.115) - (McAfee, Inc. - McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
[29/01/2016 07:01:56] - (15.6.0.2180) - (McAfee, Inc. - McAfee Personal Firewall IDS Plugin) - C:\WINDOWS\system32\drivers\cfwids.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () → System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) → System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) → System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () → System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () → System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () → System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () → System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport’s Miniport Driver) → System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) → System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) → System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) → System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () → System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) → System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) → System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) → System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) → System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) → System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) → system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) → System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () → System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) → System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) → System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) → System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () → System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) → System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) → system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () → System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () → System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () → System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () → System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () → System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () → System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () → System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () → System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () → System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () → System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - mfeelamk (McAfee Inc. mfeelamk) → system32\drivers\mfeelamk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mfehidk (McAfee Inc. mfehidk) → system32\drivers\mfehidk.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mfewfpk (McAfee Inc. mfewfpk) → system32\drivers\mfewfpk.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) → System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () → System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) → System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () → System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) → system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () → System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () → System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) → System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) → System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () → System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () → System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) → System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) → system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () → System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () → System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - PxHlpa64 (PxHlpa64) → System32\Drivers\PxHlpa64.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) → System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) → System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) → System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - SCMNdisP (@oem94.inf,%SCMNDISP_Desc%;General NDIS Protocol Driver) → system32\DRIVERS\scmndisp.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - SiSRaid2 () → System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () → System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) → System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () → System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsof t Standard SATA AHCI Driver) → System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) → System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) → System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) → System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () → System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) → System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) → System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) → System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) → System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) → System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) → System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) → System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () → System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) → System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) → system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) → System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) → system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy .SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) → System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) → \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) → system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () → \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () → \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) → \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) → system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) → System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) → ??\C:\WINDOWS\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) → system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) → System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) → \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) → system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) → System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) → \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) → system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) → System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) → system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) → \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) → System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM (ZAM Helper Driver) → ??\C:\WINDOWS\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) → ??\C:\WINDOWS\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: True
S2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) → system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: False
R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) → \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) → system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) → \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) → \SystemRoot\system32\drivers\MBAMChameleon.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) → \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) → system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) → system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) → system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) → system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) → system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rzpmgrk (rzpmgrk) → ??\C:\Windows\system32\drivers\rzpmgrk.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rzpnk (rzpnk) → ??\C:\Windows\system32\drivers\rzpnk.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) → System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) → system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) → System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) → System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) → \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.2038824260EFDFFA6F78D9BEF767622D] - [17/03/2011 15:01:56] - (.Copyright (C) 2001-2003 - Bulk IO Test Driver.) - [10.79 Ko] - (1.2.0.0) - C:\WINDOWS\Syswow64\Drivers\Bulk536.sys
[MD5.48FED7D4EF20020BC6020200256CB8B3] - [17/03/2011 15:01:56] - (.Copyright (C) 2001-2003 Digital Camera - Digital Camera Driver.) - [502.79 Ko] - (2.2.0.5) - C:\WINDOWS\Syswow64\Drivers\Ca536av.sys

---------- | Uninstall

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Opera 46.0.2597.57] : (Opera Stable 46.0.2597.57.-.Opera Software) → “C:\Users\Steve\AppData\Local\Programs\Opera\Launc her.exe” /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\AddressBook] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Branding] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\CCleaner] : (CCleaner.-.Piriform) → “C:\Program Files\CCleaner\uninst.exe”
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Dell Support Center] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE40] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IEData] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Mozilla Firefox 54.0.1 (x64 en-US)] : (Mozilla Firefox 54.0.1 (x64 en-US).-.Mozilla) → “C:\Program Files\Mozilla Firefox\uninstall\helper.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) → “C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Notepad++] : (Notepad++ (64-bit x64).-.Notepad++ Team) → C:\Program Files\Notepad++\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Pale Moon 27.4.0 (x64 en-US)] : (Pale Moon 27.4.0 (x64 en-US).-.Moonchild Productions) → “C:\Program Files\Pale Moon\uninstall\helper.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\PC-Doctor for Windows] : (Dell SupportAssist.-.Dell) → C:\Program Files\Dell\SupportAssist\uninstaller.exe /arp
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Recuva] : (Recuva.-.Piriform) → “C:\Program Files\Recuva\uninst.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Waterfox 54.0.1 (x64 en-US)] : (Waterfox 54.0.1 (x64 en-US).-.Waterfox Ltd) → “C:\Program Files\Waterfox\uninstall\helper.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WIC] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WinRAR archiver] : (WinRAR 5.40 (64-bit).-.win.rar GmbH) → C:\Program Files\WinRAR\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{0090A87C-3E0E-43D4-AA71-A71B06563A4A}] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{26A24AE4-039D-4CA4-87B4-2F64180144F0}] : (Java 8 Update 144 (64-bit).-.Oracle Corporation) → MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180144F0}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{27986EDD-C9EC-4B52-B92F-06D073F0AA52}] : (Motorola Mobile Drivers Installation 6.4.0.-.Motorola Mobility LLC) → MsiExec.exe /X{27986EDD-C9EC-4B52-B92F-06D073F0AA52}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.1.2.1733.-.Malwarebytes) → “C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe”
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}] : (Roxio File Backup.-.Roxio) → MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{7E265513-8CDA-4631-B696-F40D983F3B07}_is1] : (CDBurnerXP.-.CDBurnerXP) → “C:\Program Files\CDBurnerXP\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{90881C8E-6C4F-4662-9923-85AFCA058C44}] : (Dell SupportAssistAgent.-.Dell) → MsiExec.exe /X{90881C8E-6C4F-4662-9923-85AFCA058C44}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}] : (RBVirtualFolder64Inst.-.Roxio, Inc.) → MsiExec.exe /I{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA 3D Vision Driver 342.01.-.NVIDIA Corporation) → “C:\WINDOWS\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL”,Uni nstallPackage Display.3DVision
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (NVIDIA Control Panel 342.01.-.NVIDIA Corporation) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Graphics Driver 342.01.-.NVIDIA Corporation) → “C:\WINDOWS\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL”,Uni nstallPackage Display.Driver
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB] : (NVIDIA 3D Vision Controller Driver 270.57.-.NVIDIA Corporation) → “C:\Windows\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL”,Unins tallPackage Display.NVIRUSB
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA PhysX System Software 9.17.0524.-.NVIDIA Corporation) → “C:\WINDOWS\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL”,Uni nstallPackage Display.PhysX
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (NVIDIA Update 10.4.0.-.NVIDIA Corporation) → “C:\WINDOWS\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL”,Uni nstallPackage Display.Update
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA HD Audio Driver 1.3.30.1.-.NVIDIA Corporation) → “C:\WINDOWS\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL”,Uni nstallPackage HDAudio.Driver
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) →
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{D600D357-5CB9-4DE9-8FD4-14E208BD1970}] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{EEA45885-F3E3-4E7D-8435-E9C21D36C141}] : (Dell Update - SupportAssist Update Plugin.-.Dell Inc.) → MsiExec.exe /I{EEA45885-F3E3-4E7D-8435-E9C21D36C141}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{EF79C448-6946-4D71-8134-03407888C054}] : (Shared C Run-time for x64.-.McAfee) → MsiExec.exe /I{EF79C448-6946-4D71-8134-03407888C054}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{F6FCA281-09CC-4753-990C-937B93A52C94}] : (Adblock Plus for IE (32-bit and 64-bit).-.Eyeo GmbH) → MsiExec.exe /X{F6FCA281-09CC-4753-990C-937B93A52C94}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\6103-4188-8184-5707] : (RapidShare Manager 2.-.RapidShare AG) → C:\Program Files (x86)\RapidShareManager\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\AddressBook] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe AIR] : (Adobe AIR.-.Adobe Systems Incorporated) → c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe Creative Cloud] : (Adobe Creative Cloud.-.Adobe Systems Incorporated) → “C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe Digital Editions 4.5] : (Adobe Digital Editions 4.5.-.Adobe Systems Incorporated) → “C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 26 NPAPI.-.Adobe Systems Incorporated) → C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_ 0_0_137_Plugin.exe -maintain plugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\AdobeMuse] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe_7328fdfcb73660ec8b11d5a3d 5c6232] : (Adobe Dreamweaver CS3.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c 6232\Setup.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\AIMP] : (AIMP.-.AIMP DevTeam) → C:\Program Files (x86)\AIMP\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Aspell English Dictionary_is1] : (Aspell English Dictionary-0.50-2.-.GNU) → “C:\Program Files (x86)\Aspell\unins001.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Audacity®_is1] : (Audacity 2.1.3.-.Audacity Team) → “C:\Program Files (x86)\Audacity\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\AvantBrowser] : (Avant Browser (remove only).-.Avant Force) → “C:\Program Files (x86)\Avant Browser\uninst.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\AVS Audio Converter_is1] : (AVS Audio Converter version 7.-.Online Media Technologies Ltd.) → “C:\Program Files (x86)\AVS4YOU\AVSAudioConverter\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D170 2B320485DF8CE.1] : (Adobe Help Manager.-.Adobe Systems Incorporated) → msiexec /qb /x {AF37176A-78CA-545B-34EF-8B6A21514DD1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\com.adobe.dmp.contentviewer] : (Adobe® Content Viewer.-.Adobe Systems Incorporated) → msiexec /qb /x {92094051-CDDB-D9BA-426C-975526525429}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\com.adobe.downloadassistant.Ado beDownloadAssistant] : (Adobe Download Assistant.-.Adobe Systems Incorporated) → msiexec /qb /x {5E21B617-F52E-BB10-92F9-C8AB2C799A8A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\com.adobe.WidgetBrowser] : (Adobe Widget Browser.-.Adobe Systems Incorporated.) → msiexec /qb /x {EFBE6DD5-B224-96E5-72B9-68D328CB12A6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\ExpressBurn] : (Express Burn Disc Burning Software.-.NCH Software) → “C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe” -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\foobar2000] : (foobar2000 v1.3.16.-.Peter Pawlowski) → “C:\Program Files (x86)\foobar2000\uninstall.exe” _?=C:\Program Files (x86)\foobar2000
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\GetNZB_is1] : (GetNZB version 1.401.-.) → “C:\Program Files (x86)\GetNZB\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\GNU Aspell_is1] : (GNU Aspell 0.50-3.-.GNU) → “C:\Program Files (x86)\Aspell\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\GOM Player] : (GOM Player.-.GOM & Company) → “C:\Program Files (x86)\GRETECH\GOMPlayer\Uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) → “C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.78\Insta ller\setup.exe” --uninstall --system-level
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\GrabIt_is1] : (GrabIt 1.7.2 Beta 6 (build 1008).-.Ilan Shemes) → “C:\Program Files (x86)\GrabIt\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE40] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IEData] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\ILST_19_2_1] : (Adobe Illustrator CC 2015.-.Adobe Systems Incorporated) → “C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HDCore\Uninstaller.exe” --uninstall=1 --sapCode=ILST --productVersion=19.2.1 --productAdobeCode={ILST-19.2.1-ADBEADBEADBEADBEADBEADBE} --productName=“Adobe Illustrator CC 2015” --mode=2
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield Uninstall Information] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Intel® Integrated Performance Primitives 1.1] : (.-.) → C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\McAfee Virtual Technician] : (McAfee Virtual Technician.-.McAfee, Inc.) → C:\Program Files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Mozilla Firefox 54.0.1 (x86 en-US)] : (Mozilla Firefox 54.0.1 (x86 en-US).-.Mozilla) → “C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MSC] : (McAfee AntiVirus Plus.-.McAfee, Inc.) → C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MusicBrainz Picard] : (MusicBrainz Picard.-.MusicBrainz) → C:\Program Files (x86)\MusicBrainz Picard\uninst.exe
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\NVIDIA StereoUSB Driver] : (NVIDIA 3D Vision Controller Driver.-.NVIDIA Corporation) → “C:\Program Files (x86)\InstallShield Installation Information{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe” -runfromtemp -l0x0009 -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\NVIDIAStereo] : (NVIDIA Stereoscopic 3D Driver.-.NVIDIA Corporation) → “C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe” /uninstall /ask
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\PrivaZer] : (PrivaZer.-.Goversoft LLC) → C:\Program Files (x86)\PrivaZer\privazer_remover.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Shockwave] : (Shockwave.-.) → C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\INSTALL.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\THX TruStudio PC] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\THXAudioCP] : (.-.Creative Technology Limited) → RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe” -l0x9 /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\TurboTax 2015] : (TurboTax 2015.-.Intuit, Inc) → C:\Program Files (x86)\TurboTax\Deluxe 2015\Installer\TurboTax 2015 Installer.exe /u /t /a
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\UseNeXT by Tangysoft_is1] : (UseNeXT by Tangysoft.-.Tangysoft Ltd.) → “C:\Program Files (x86)\UseNeXT\unins001.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WIC] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\winscp3_is1] : (WinSCP 5.9.6.-.Martin Prikryl) → “C:\Program Files (x86)\WinSCP\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\ZHPFix_is1] : (ZHPFix 2015.-.Nicolas Coolman) → “C:\Program Files (x86)\ZHPFix\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}] : (Nero 2016 Content Pack.-.Nero AG) → MsiExec.exe /I{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{010A785B-F920-4350-821B-6309909C20BB}] : (THX TruStudio PC.-.Creative Technology Limited) → RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{010A785B-F920-4350-821B-6309909C20BB}\setup.exe” -l0x9 /remove
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{04AF207D-9A77-465A-8B76-991F6AB66245}] : (Adobe Help Viewer CS3.-.Adobe Systems Incorporated) → MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{05C6B128-1B40-4495-9CB9-090B368BFA0A}] : (Nero Video Samples.-.Nero AG) → MsiExec.exe /X{05C6B128-1B40-4495-9CB9-090B368BFA0A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{0650BB10-BCF4-400A-85EE-04097E3046C6}] : (Adobe Setup.-.Adobe Systems Incorporated) → MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{08B32819-6EEF-4057-AEDA-5AB681A36A23}] : (Adobe Bridge Start Meeting.-.Adobe Systems Incorporated) → MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{08D0C864-211B-4095-8C3E-2D2CAB64CDA9}] : (TurboTax 2015 WinPerFedFormset.-.Intuit Inc.) → MsiExec.exe /I{08D0C864-211B-4095-8C3E-2D2CAB64CDA9}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{08D2E121-7F6A-43EB-97FD-629B44903403}] : (Microsoft_VC90_CRT_x86.-.Adobe) → MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{0A46A65D-89AC-464C-8026-3CD44960BD04}] : (Realtek USB Audio.-.Realtek Semiconductor Corp.) → “C:\Program Files (x86)\InstallShield Installation Information{0A46A65D-89AC-464C-8026-3CD44960BD04}\Setup.exe” -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}] : (Razer Synapse.-.Razer Inc.) → MsiExec.exe /I{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{0FAC7130-BEC5-47A5-8813-1D339B8326ED}] : (Adobe Media Encoder CC 2015.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{0FAC7130-BEC5-47A5-8813-1D339B8326ED}”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{150D88F1-40AF-4678-A39D-BCE2332F34E5}] : (Nero Abstract Themes.-.Nero AG) → MsiExec.exe /X{150D88F1-40AF-4678-A39D-BCE2332F34E5}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{185F9795-9663-4F13-9EF9-307A282ADB5A}] : (ph.-.Your Company Name) → MsiExec.exe /I{185F9795-9663-4F13-9EF9-307A282ADB5A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1A3ADB5A-2491-4F7A-BD6D-5F8C9B4714B0}] : (Digital Camera3.0M.-.) → RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{1A3ADB5A-2491-4F7A-BD6D-5F8C9B4714B0}\Setup.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1AA5BD63-6614-44B2-88A7-605191EDB835}] : (Dotfuscator Software Services - Community Edition.-.PreEmptive Solutions) → MsiExec.exe /X{1AA5BD63-6614-44B2-88A7-605191EDB835}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1B6F5E51-575E-4693-BCA2-7543570D076D}] : (Nero Kwik Themes Basic.-.Nero AG) → MsiExec.exe /X{1B6F5E51-575E-4693-BCA2-7543570D076D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}] : (Nero Video Transitions 1.-.Nero AG) → MsiExec.exe /X{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F03217065FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83216024FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83216026FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83216029FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83217009FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83217011FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83217021FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83217051FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83217055FB}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}] : (Nero Cliparts.-.Nero AG) → MsiExec.exe /X{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{29F67D84-3A70-456E-806A-52301B02070B}] : (Nero Effects Basic.-.Nero AG) → MsiExec.exe /X{29F67D84-3A70-456E-806A-52301B02070B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{2A075BB4-E976-4278-BF3F-E5C6945D84C0}] : (bl.-.Your Company Name) → MsiExec.exe /I{2A075BB4-E976-4278-BF3F-E5C6945D84C0}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{3250260C-7A95-4632-893B-89657EB5545B}] : (PhotoShowExpress.-.Sonic Solutions) → MsiExec.exe /I{3250260C-7A95-4632-893B-89657EB5545B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}] : (McAfee WebAdvisor.-.McAfee, Inc.) → C:\Program Files (x86)\McAfee\SiteAdvisor\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{38C72D42-0672-43B1-9E05-E7631684F9A1}] : (Adobe Premiere Pro CC 2015.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{38C72D42-0672-43B1-9E05-E7631684F9A1}”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{39EA6AA6-F891-4D70-867D-839DA49948D2}] : (Adobe Shockwave Player 12.2.-.Adobe Systems, Inc) → MsiExec.exe /X{39EA6AA6-F891-4D70-867D-839DA49948D2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}] : (Skype™ 7.38.-.Skype Technologies S.A.) → MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{3DD1FE66-5536-41E3-B786-70068887B3F4}] : (The Print Shop 12.-.) → RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{3DD1FE66-5536-41E3-B786-70068887B3F4}\setup.exe” anything
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}] : (Dell MusicStage.-.Fingertapps) → MsiExec.exe /X{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4817D846-700B-474E-A31B-80892B3E92E3}] : (Adobe After Effects CS6.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{4817D846-700B-474E-A31B-80892B3E92E3}”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4869414E-7AEA-4C8E-BE1C-8D40977FD517}] : (Adobe Illustrator CS6.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{4869414E-7AEA-4C8E-BE1C-8D40977FD517}”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4D25D881-7183-462F-95C8-990CA1944E0B}] : (Nero PiP Effects 1.-.Nero AG) → MsiExec.exe /X{4D25D881-7183-462F-95C8-990CA1944E0B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}] : (Nero Holiday and Sports Themes.-.Nero AG) → MsiExec.exe /X{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{51C91B84-7B46-4FE7-8999-8228CFA75F89}] : (Intel(R) Integrated Performance Primitives RTI 4.0.-.Intel Corporation) → MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}] : (Roxio BackOnTrack.-.Roxio) → MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}] : (Adobe Download Assistant.-.Adobe Systems Incorporated) → MsiExec.exe /I{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}] : (Prerequisite installer.-.Nero AG) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) → MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}] : (Nero Update.-.Nero AG) → MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}] : (Roxio Express Labeler 3.-.Roxio) → MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}] : (Roxio Creator Starter.-.Roxio) → C:\ProgramData\Uninstall{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe /x {6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC} {lang}=ENU
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}] : (Adobe Asset Services CS3.-.Adobe Systems Incorporated) → MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{6FF818ED-865F-4C55-A073-DD6C9CE7B6A8}] : (TurboTax 2015 wrapper.-.Intuit Inc.) → MsiExec.exe /I{6FF818ED-865F-4C55-A073-DD6C9CE7B6A8}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{709316AD-161C-4D5C-9AE7-0B3A822DA271}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}] : (Adobe Photoshop CS6.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{793C2BF7-A4FE-4608-91C9-9282C5801C21}] : (Adobe Photoshop CC 2015.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{793C2BF7-A4FE-4608-91C9-9282C5801C21}”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}] : (Nero Football (Soccer) Themes.-.Nero AG) → MsiExec.exe /X{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}] : (Adobe Dreamweaver CS3.-.Adobe Systems Incorporated) → MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{7E265513-8CDA-4631-B696-F40D983F3B07}_is1] : (CDBurnerXP.-.CDBurnerXP) → “C:\Program Files (x86)\CDBurnerXP\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}] : (Adobe Lightroom.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{839A3566-AED6-4787-A849-5CBE2B1DC6AE}] : (Adobe Audition CC 2015.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{839A3566-AED6-4787-A849-5CBE2B1DC6AE}”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}] : (Nero Retro Film Themes.-.Nero AG) → MsiExec.exe /X{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver For Windows 7.-.Realtek) → C:\Program Files (x86)\InstallShield Installation Information{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{895D0391-459F-4D45-B8DD-13F0DE70C66E}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}] : (Nero Platinum Effects 12.-.Nero AG) → MsiExec.exe /X{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8C9AA2C1-D07A-48E8-9DD8-471A072947F4}] : (Adobe AIR.-.Adobe Systems Incorporated) → MsiExec.exe /I{8C9AA2C1-D07A-48E8-9DD8-471A072947F4}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}] : (Adobe Device Central CS3.-.Adobe Systems Incorporated) → MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}] : (Adobe Type Support.-.Adobe Systems Incorporated) → MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1] : (Zemana AntiMalware.-.Zemana Ltd.) → “C:\Program Files (x86)\Zemana AntiMalware\unins000.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{90176341-0A8B-4CCC-A78D-F862228A6B95}] : (Adobe Anchor Service CS3.-.Adobe Systems Incorporated) → MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{92094051-CDDB-D9BA-426C-975526525429}] : (Adobe® Content Viewer.-.Adobe Systems Incorporated) → MsiExec.exe /I{92094051-CDDB-D9BA-426C-975526525429}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}] : (Microsoft_VC80_CRT_x86.-.Adobe) → MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{955BF340-C379-4375-AA2F-F3BCB2A498AB}] : (Nero Family and Events Themes.-.Nero AG) → MsiExec.exe /X{955BF340-C379-4375-AA2F-F3BCB2A498AB}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{9A00EC4E-27E1-42C4-98DD-662F32AC8870}] : (Sonic CinePlayer Decoder Pack.-.Sonic Solutions) → MsiExec.exe /I{9A00EC4E-27E1-42C4-98DD-662F32AC8870}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{9B0619A0-D501-11E5-B16B-FB3EC5F53981}] : (Adobe Muse CC 2015.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{9B0619A0-D501-11E5-B16B-FB3EC5F53981}”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{9BEDD987-AC68-44D2-8803-EC0650F6C43F}] : (Verizon Wireless Software Upgrade Assistant for Motorola.-.Motorola Mobility) → “C:\Program Files (x86)\InstallShield Installation Information{9BEDD987-AC68-44D2-8803-EC0650F6C43F}\setup.exe” -runfromtemp -l0x0409 -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{9C9824D9-9000-4373-A6A5-D0E5D4831394}] : (Adobe Bridge CS3.-.Adobe Systems Incorporated) → MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{9EF1DB49-6D32-1014-93B7-EB62FA572532}] : (Adobe InCopy CC 2015.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{9EF1DB49-6D32-1014-93B7-EB62FA572532}”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{A121EEDE-C68F-461D-91AA-D48BA226AF1C}] : (Roxio Activation Module.-.Roxio) → MsiExec.exe /I{A121EEDE-C68F-461D-91AA-D48BA226AF1C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{A1238426-ECDF-4639-BE2F-8D12A97AE23C}] : (Google Drive.-.Google, Inc.) → MsiExec.exe /X{A1238426-ECDF-4639-BE2F-8D12A97AE23C}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}] : (Adobe CMaps.-.Adobe Systems Incorporated) → MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}] : (Adobe Dreamweaver CS6.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) → MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AB43784D-1EE5-4111-95C8-918B25EFDC4B}] : (LG VZW United Drivers.-.LG Electronics) → MsiExec.exe /X{AB43784D-1EE5-4111-95C8-918B25EFDC4B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}] : (Crystal Reports for Visual Studio.-.SAP) → MsiExec.exe /I{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-0804-1033-1959-001824166751}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-0804-1033-1959-001824184103}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-0804-1033-1959-001824191728}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-0804-1033-1959-001824225037}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-0804-1033-1959-001824225037}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-1033-FFFF-7760-000000000006}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-1033-FFFF-7760-0C0F074E4100}] : (Adobe Acrobat DC.-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-1033-FFFF-7760-0C0F074E4100}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-7AD7-1033-7B44-AB0000000001}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{ACE49D50-19CD-44A6-B192-46F985283B26}] : (Nero PiP Effects Basic.-.Nero AG) → MsiExec.exe /X{ACE49D50-19CD-44A6-B192-46F985283B26}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AF37176A-78CA-545B-34EF-8B6A21514DD1}] : (Adobe Help Manager.-.Adobe Systems Incorporated) → MsiExec.exe /I{AF37176A-78CA-545B-34EF-8B6A21514DD1}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}] : (DirectX 9 Runtime.-.Sonic Solutions) → MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{B0119415-6743-4707-AB4D-1928F5E81FDD}] : (TurboTax 2015 WinPerReleaseEngine.-.Intuit Inc.) → MsiExec.exe /I{B0119415-6743-4707-AB4D-1928F5E81FDD}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{B0F1B758-60D6-41F7-93D9-212A448813FE}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}] : (Adobe Camera Raw 4.0.-.Adobe Systems Incorporated) → MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{B48A745E-B79A-417F-8775-421EF44C92D1}] : (TurboTax 2015 WinPerFuegoContent.-.Intuit Inc.) → MsiExec.exe /I{B48A745E-B79A-417F-8775-421EF44C92D1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}] : (Adobe Default Language CS3.-.Adobe Systems Incorporated) → MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}] : (Adobe Flash Professional CS6.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{BDC1955D-38D6-4747-8B0A-B2B7CFEA1E7D}] : (TurboTax 2015 WinPerTaxSupport.-.Intuit Inc.) → MsiExec.exe /I{BDC1955D-38D6-4747-8B0A-B2B7CFEA1E7D}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{BE5F3842-8309-4754-92D5-83E02E6077A3}] : (Adobe Extension Manager CS3.-.Adobe Systems Incorporated) → MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}] : (PDF Settings CS6.-.Adobe Systems Incorporated) → MsiExec.exe /I{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C2425F91-1F7B-4037-9A05-9F290184798D}] : (NETGEAR WNA3100 wireless USB 2.0 adapter.-.NETGEAR) → “C:\Program Files (x86)\InstallShield Installation Information{C2425F91-1F7B-4037-9A05-9F290184798D}\setup.exe” -runfromtemp -l0x0409 -removeonly -PanelRemove
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}] : (Adobe ExtendScript Toolkit 2.-.Adobe Systems Incorporated) → MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}] : (Nero Image Samples.-.Nero AG) → MsiExec.exe /X{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C779648B-410E-4BBA-B75B-5815BCEFE71D}] : (Safari.-.Apple Inc.) → MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C935F091-75FD-752B-B19D-6AAE0D24B05B}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}] : (Adobe Fireworks CS6.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{CE675FBD-75C3-45F1-B6AF-8D250861D536}] : (Nero Disc Menus 3.-.Nero AG) → MsiExec.exe /X{CE675FBD-75C3-45F1-B6AF-8D250861D536}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{CFB770D7-8D43-1014-922B-CC2715FADE3F}] : (Adobe InDesign CS6.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{CFB770D7-8D43-1014-922B-CC2715FADE3F}”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D0DFF92A-492E-4C40-B862-A74A173C25C5}] : (Adobe Version Cue CS3 Client.-.Adobe Systems Incorporated) → MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}] : (Adobe PDF Library Files.-.Adobe Systems Incorporated) → MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D7BC4B40-9339-48CE-8F01-4D6A734FAE10}] : (TurboTax 2015 wnyiper.-.Intuit Inc.) → MsiExec.exe /I{D7BC4B40-9339-48CE-8F01-4D6A734FAE10}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{DBFD0312-6E55-1014-8952-E78D43BC0147}] : (Adobe InDesign CC 2015.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{DBFD0312-6E55-1014-8952-E78D43BC0147}”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}] : (.-.Creative Technology Limited) → RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe” -l0x9
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E040B65B-8683-4228-8C33-D44A141E40EA}] : (Secure Download Manager.-.Kivuto Solutions Inc.) → MsiExec.exe /I{E040B65B-8683-4228-8C33-D44A141E40EA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}] : (Nero Disc Menus Basic.-.Nero AG) → MsiExec.exe /X{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E4335E82-17B3-460F-9E70-39D9BC269DB3}] : (Dell PhotoStage.-.ArcSoft) → MsiExec.exe /I{E4335E82-17B3-460F-9E70-39D9BC269DB3}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E452F262-D655-45E3-9BDB-3E6AE19B83C5}] : (Notepad++.-.Notepad++ Team) → MsiExec.exe /X{E452F262-D655-45E3-9BDB-3E6AE19B83C5}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E69AE897-9E0B-485C-8552-7841F48D42D8}] : (Adobe Update Manager CS3.-.Adobe Systems Incorporated) → MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}] : (Adobe Dreamweaver CC 2015.-.Adobe Systems Incorporated) → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID=“DWA_UI” --appletVersion=“2.0” --mode=“Uninstall” --mediaSignature=“{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{EEBF1676-AF87-4266-93D8-0C14A34C4217}] : (Nero Disc Menus 1.-.Nero AG) → MsiExec.exe /X{EEBF1676-AF87-4266-93D8-0C14A34C4217}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{EF56258E-0326-48C5-A86C-3BAC26FC15DF}] : (Roxio Creator Starter.-.Roxio) → MsiExec.exe /I{EF56258E-0326-48C5-A86C-3BAC26FC15DF}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{EF79C448-6946-4D71-8134-03407888C054}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{EFB21DE7-8C19-4A88-BB28-A766E16493BC}] : (Adobe Photoshop CS.-.Adobe Systems, Inc.) → RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe” -l0x9
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}] : (Adobe Widget Browser.-.Adobe Systems Incorporated.) → MsiExec.exe /I{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}] : (Roxio Creator Starter.-.Roxio) → MsiExec.exe /I{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) → C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F47C37A4-7189-430A-B81D-739FF8A7A554}] : (Consumer In-Home Service Agreement.-.Dell Inc.) → MsiExec.exe /I{F47C37A4-7189-430A-B81D-739FF8A7A554}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F8A9085D-4C7A-41a9-8A77-C8998A96C421}] : (Intel(R) Control Center.-.Intel Corporation) → C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F933562A-45B5-4730-8A5E-0D282AA9866B}] : (Verizon Software Upgrade Assistant.-.Motorola Mobility) → MsiExec.exe /I{F933562A-45B5-4730-8A5E-0D282AA9866B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}] : (Nero Disc Menus 2.-.Nero AG) → MsiExec.exe /X{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{FF0B0792-F6E7-4627-B820-EA50617E223B}] : (QuarkXPress 6.1.-.Quark, Inc.) → MsiExec.exe /I{FF0B0792-F6E7-4627-B820-EA50617E223B}

---------- | Ports

---------- | Installer

[HKCR\Installer\Products\00006109C80000000000000000 F01FEC] : Office 16 Click-to-Run Extensibility Component
[HKCR\Installer\Products\00006109C80090400000000000 F01FEC] : Office 16 Click-to-Run Localization Component
[HKCR\Installer\Products\00006109DD0000000100000000 F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration
[HKCR\Installer\Products\00006109F80000000100000000 F01FEC] : Office 16 Click-to-Run Licensing Component
[HKCR\Installer\Products\01BB05604FCBA00458EE4090E7 03646C] : Adobe Setup
[HKCR\Installer\Products\043FB559973C5734AAF23FCB2B 4A89BA] : Nero Family and Events Themes → C:\WINDOWS\Installer{955BF340-C379-4375-AA2F-F3BCB2A498AB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\04B4CB7D9339EC84F810D4A637 F4EA01] : TurboTax 2015 wnyiper
[HKCR\Installer\Products\05D94ECADC916A441B29649F58 82B362] : Nero PiP Effects Basic → C:\WINDOWS\Installer{ACE49D50-19CD-44A6-B192-46F985283B26}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\09AB59D18F4FCE748A2844C199 3DC0E1] : MSXML 4.0 SP3 Parser (KB2758694)
[HKCR\Installer\Products\13353B9B4E7BC5E4FBC4B78C87 6521D4] : Adobe Default Language CS3
[HKCR\Installer\Products\14367109B8A0CCC47AD88F2622 A8B659] : Adobe Anchor Service CS3
[HKCR\Installer\Products\15049029BDDCAB9D24C6795562 254592] : Adobe® Content Viewer
[HKCR\Installer\Products\15E5F6B1E5753964CB2A573475 D070D6] : Nero Kwik Themes Basic → C:\WINDOWS\Installer{1B6F5E51-575E-4693-BCA2-7543570D076D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\182ACF6FCC90357499C039B739 5AC249] : Adblock Plus for IE (32-bit and 64-bit) → C:\WINDOWS\Installer{F6FCA281-09CC-4753-990C-937B93A52C94}\program_icon
[HKCR\Installer\Products\18796D2C293F81145A7A7C9E3C D8FB2C] : Adobe ExtendScript Toolkit 2
[HKCR\Installer\Products\188D52D43817F264598C99C01A 49E4B0] : Nero PiP Effects 1 → C:\WINDOWS\Installer{4D25D881-7183-462F-95C8-990CA1944E0B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1C2AA9C8A70D8E84D98D74A170 92744F] : Adobe AIR
[HKCR\Installer\Products\1C79E9FA1347D6248A5DBA4E90 590C1B] : DirectX 9 Runtime → C:\Windows\Installer{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1DD3F5240B3BC2E498E095AA2D CEEED5] :
[HKCR\Installer\Products\1F764691F11C67F458B88521DA 8CB349] : MSXML 4.0 SP3 Parser
[HKCR\Installer\Products\1F88D051FA0487643AD9CB2E33 F2435E] : Nero Abstract Themes → C:\WINDOWS\Installer{150D88F1-40AF-4678-A39D-BCE2332F34E5}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\2483F5EB90384574295D380EE2 06773A] : Adobe Extension Manager CS3
[HKCR\Installer\Products\262F254E556D3E54B9BDE3A61E B9385C] : Notepad++
[HKCR\Installer\Products\28E5334E3B71F064E907939DCB 62D93B] : Dell PhotoStage → C:\Windows\Installer{E4335E82-17B3-460F-9E70-39D9BC269DB3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\29F618052561C7A49BCB846F28 47C2B4] : Messenger Companion → C:\Windows\Installer{50816F92-1652-4A7C-B9BC-48F682742C4B}\CompanionIcon
[HKCR\Installer\Products\2D4102660540DE73BAEA51C788 21B7BE] : Visual Studio 2010 Prerequisites - English
[HKCR\Installer\Products\2E8086E8D316DCF4182AC6F88A 0E3321] : Adobe Type Support
[HKCR\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1 DEA86C] : Razer Synapse → C:\Windows\Installer{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\2F32C211630C04D4EB4DC04BB7 5F55C5] : Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU → C:\Windows\Installer{112C23F2-C036-4D40-BED4-0CB47BF5555C}\ProductIcon
[HKCR\Installer\Products\36DB5AA141662B44887A061519 DE8B53] : Dotfuscator Software Services - Community Edition → C:\Windows\Installer{1AA5BD63-6614-44B2-88A7-605191EDB835}\DfIcon.ico
[HKCR\Installer\Products\375E4A382C2EBF64D96AA6B2BB 5F5A88] : Nero Retro Film Themes → C:\WINDOWS\Installer{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\384482F5D8EEE744EBEBB21FB3 804CFB] : Prerequisite installer → C:\WINDOWS\Installer{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3C29A53407D22EC40972BC8CAE 0625CF] :
[HKCR\Installer\Products\3CB65822398FFBC4592F1E6FC3 2D1BBA] : Nero Video Transitions 1 → C:\WINDOWS\Installer{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\429D14CA86C85DB47A1AA04E71 C6136A] : Crystal Reports for Visual Studio → C:\Windows\Installer{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}\CR.ico
[HKCR\Installer\Products\43688B8A09F7F2046BA6682479 556F5A] : eBay → c:\Windows\Installer{A8B88634-7F90-402F-B66A-86429755F6A5}_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\468C0D80B1125904C8E3D2C2BA 46DC9A] : TurboTax 2015 WinPerFedFormset
[HKCR\Installer\Products\474AB2D8604F0174A94E4D2FD2 120FDD] : Adobe Device Central CS3
[HKCR\Installer\Products\48D76F9207A3E65408A62503B1 2070B0] : Nero Effects Basic → C:\WINDOWS\Installer{29F67D84-3A70-456E-806A-52301B02070B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4A73C74F9817A0348BD137F98F 7A5A45] : Consumer In-Home Service Agreement
[HKCR\Installer\Products\4BB570A2679E8724FBF35E6C49 D5480C] : bl → C:\WINDOWS\Installer{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF24681 10440F] : Java 8 Update 144 (64-bit) → C:\Program Files\Java\jre1.8.0_144\bin\javaws.exe
[HKCR\Installer\Products\5149110B34767074BAD491825F 8EF1DD] : TurboTax 2015 WinPerReleaseEngine
[HKCR\Installer\Products\52FD6C4C95E0EE642BB4FD7894 8DFFA3] : Nero Image Samples → C:\WINDOWS\Installer{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\58854AEE3E3FD7E448539E2CD1 631C14] : Dell Update - SupportAssist Update Plugin → C:\WINDOWS\Installer{EEA45885-F3E3-4E7D-8435-E9C21D36C141}\PluginIcon
[HKCR\Installer\Products\5979F581366931F4E99F03A782 A2BDA5] : ph → C:\WINDOWS\Installer{185F9795-9663-4F13-9EF9-307A282ADB5A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5B6E18EFB2567E043B2B17176C 2F79AD] : Nero Disc Menus 2 → C:\WINDOWS\Installer{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5DD6EBFE422B5E69279B863D82 BC216A] : Adobe Widget Browser
[HKCR\Installer\Products\5E1F9BD7BCA9D0147ACDA7D320 C30E54] : Dell Getting Started Guide → C:\Windows\Installer{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6116D6C8427B0184F8D20D746E 7B6DE8] : Mesh Runtime
[HKCR\Installer\Products\6248321AFDCE9364EBF2D8219A A72EC3] : Google Drive → C:\WINDOWS\Installer{A1238426-ECDF-4639-BE2F-8D12A97AE23C}\DriveIcon
[HKCR\Installer\Products\6761FBEE78FA6624398DC0413A C42471] : Nero Disc Menus 1 → C:\WINDOWS\Installer{EEBF1676-AF87-4266-93D8-0C14A34C4217}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\67BCB71E42995DB46B6D053D04 B7E447] : Nero Disc Menus Basic → C:\WINDOWS\Installer{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA3301FFFF7706C0F070 E41400] : Adobe Acrobat DC → C:\WINDOWS\Installer{AC76BA86-1033-FFFF-7760-0C0F074E4100}_SC_Acrobat.ico
[HKCR\Installer\Products\68AB67CA408033019195008142 220573] : Adobe Refresh Manager → C:\WINDOWS\Installer{AC76BA86-0804-1033-1959-001824225037}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA73301B744CAF070 E41400] : Adobe Acrobat Reader DC → C:\WINDOWS\Installer{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\6AA6AE93198F07D468D738D94A 99842D] : Adobe Shockwave Player 12.2 → C:\WINDOWS\Installer{39EA6AA6-F891-4D70-867D-839DA49948D2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6C1C2E92A67D3D1489F0E643A6 9A6A8A] : Nero Cliparts → C:\WINDOWS\Installer{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6DAFD6D95E90E5444A5B3A88EF BE9DD0] : RBVirtualFolder64Inst → C:\Windows\Installer{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6E8A266FCD4F2A1409E1C8110F 44DBCE] : MSXML 4.0 SP2 (KB973688)
[HKCR\Installer\Products\7040BB568CC47CD459E2E3FEFD 5006A2] : Nero Update → C:\WINDOWS\Installer{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\716B12E5E25F01BB299F8CBAC2 97A9A8] : Adobe Download Assistant
[HKCR\Installer\Products\77EAAEFBF7DB43542B68C9C54B 96E71B] : PDF Settings CS6
[HKCR\Installer\Products\798EA96EB0E9C584582587144F D8248D] : Adobe Update Manager CS3
[HKCR\Installer\Products\7BD4C90EC03660F46A13E87A32 9932FA] : D3DX10
[HKCR\Installer\Products\7C5F01C7F00F3DB41A017C2D04 2DDD52] : Adobe Dreamweaver CS3
[HKCR\Installer\Products\818DCFD4A63092246AD7FC71CD 64D129] : Windows 10 Update and Privacy Settings
[HKCR\Installer\Products\821B6C5004B15944C99B90B063 B8AFA0] : Nero Video Samples → C:\WINDOWS\Installer{05C6B128-1B40-4495-9CB9-090B368BFA0A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\833DA5B8CBA7BCE4C9C286F748 EADD1B] : Nero Platinum Effects 12 → C:\WINDOWS\Installer{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\844C97FE649617D41843300487 880C45] : Shared C Run-time for x64
[HKCR\Installer\Products\88B9552DD9CC84B418BB4F29AB 9A4CC8] : Adobe PDF Library Files
[HKCR\Installer\Products\91823B80FEE67504EAADA56B18 3AA632] : Adobe Bridge Start Meeting
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446E B8552E] : Google Update Helper
[HKCR\Installer\Products\969D73F00621E9143B80FED792 BAED02] : Web Deployment Tool → C:\Windows\Installer{0F37D969-1260-419E-B308-EF7D29ABDE20}\MSDeployIcon.exe
[HKCR\Installer\Products\9866FB3BD18A8D04A968A44CCA 9DCFC1] : Adobe Camera Raw 4.0
[HKCR\Installer\Products\99E80CA9B0328e74791254777B 1F42AE] :
[HKCR\Installer\Products\9D4289C9000937346A5A0D5E4D 383149] : Adobe Bridge CS3
[HKCR\Installer\Products\9FF27AF446DD8A34784036081A F1115D] : Dell Customer Connect → C:\WINDOWS\Installer{4FA72FF9-DD64-43A8-8704-6380A11F11D5}\dnd.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745 894BAC] : Google Update Helper
[HKCR\Installer\Products\A1006E9D3CD50264FAA7086BDC 8446D5] : WCF RIA Services V1.0 SP1 → C:\Windows\Installer{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}\icon.ico
[HKCR\Installer\Products\A265339F5B540374A8E5D082A2 9A68B6] : Verizon Software Upgrade Assistant → C:\WINDOWS\Installer{F933562A-45B5-4730-8A5E-0D282AA9866B}_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\A29FFD0DE29404C48B267AA471 C3525C] : Adobe Version Cue CS3 Client
[HKCR\Installer\Products\A32460A5C012BF9459E0BCE08B 5CEC7C] : Roxio BackOnTrack → C:\Windows\Installer{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}\BackupCentral.exe
[HKCR\Installer\Products\A419E7B35D3992A429BBFAC8F3 664C13] : Skype™ 7.38 → C:\WINDOWS\Installer{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe
[HKCR\Installer\Products\A4DCCF5E9161BA84BA730E6A87 DFF31F] :
[HKCR\Installer\Products\A67173FAAC87B54543FEB8A612 15D41D] : Adobe Help Manager
[HKCR\Installer\Products\A6C64DD86500CEF47BA082BB61 1A1FF1] : MSVCRT
[HKCR\Installer\Products\A7DD5FF682EF93448BFCE1A94F AEA016] : Adobe Asset Services CS3
[HKCR\Installer\Products\AC3BA730042A70C45B8EB17E15 6A8AB7] :
[HKCR\Installer\Products\AF36219FD4EBD934C9A0E22740 0E9E3E] : Dell Update → C:\WINDOWS\Installer{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}\dnd.ico
[HKCR\Installer\Products\B7AE13AA7197000449B9839EF1 48A852] : Internet Explorer
[HKCR\Installer\Products\B846977CE014ABB47BB58551CB FE7ED1] : Safari → C:\WINDOWS\Installer{C779648B-410E-4BBA-B75B-5815BCEFE71D}\Installer.ico
[HKCR\Installer\Products\C062052359A7236498B39856E7 5B45B5] : PhotoShowExpress → C:\Windows\Installer{3250260C-7A95-4632-893B-89657EB5545B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C4C5B60FE2D842B4D934A754EE 6C8C87] : Roxio Creator Starter
[HKCR\Installer\Products\CA161E091FE633F4B90B940B86 082EB0] :
[HKCR\Installer\Products\D48734BA5EE11114598C19B852 FECDB4] : LG VZW United Drivers → C:\Windows\Installer{AB43784D-1EE5-4111-95C8-918B25EFDC4B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D5591CDB6D837474B8A02B7BFC AEE1D7] : TurboTax 2015 WinPerTaxSupport
[HKCR\Installer\Products\D56941F2B76595E4DABEA0C21C 3EDAFD] : Sql Server Customer Experience Improvement Program → c:\Windows\Installer{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}\ARPIco
[HKCR\Installer\Products\D702FA4077A9A564B86799F1A6 6B2654] : Adobe Help Viewer CS3
[HKCR\Installer\Products\DB242B2AD8FF0484D9AA1907AE EB5CC9] : Adobe CMaps
[HKCR\Installer\Products\DBF576EC3C571F546BFAD85280 165D63] : Nero Disc Menus 3 → C:\WINDOWS\Installer{CE675FBD-75C3-45F1-B6AF-8D250861D536}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DDA39468D428E8B4DB27C8D5DC 5CA217] : MSXML 4.0 SP2 (KB954430)
[HKCR\Installer\Products\DDE68972CE9C25B49BF2600D37 0FAA25] : Motorola Mobile Drivers Installation 6.4.0 → C:\Windows\Installer{27986EDD-C9EC-4B52-B92F-06D073F0AA52}_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\DE48D40557EA58F46AB8BBD3C4 3B1E96] : Nero Holiday and Sports Themes → C:\WINDOWS\Installer{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DE818FF6F56855C40A37DDC6C9 7E6B8A] : TurboTax 2015 wrapper
[HKCR\Installer\Products\E4CE00A91E724C2489DD66F223 CA8807] : Sonic CinePlayer Decoder Pack → C:\Windows\Installer{9A00EC4E-27E1-42C4-98DD-662F32AC8870}\CPIcon.exe
[HKCR\Installer\Products\E547A84BA97BF714785724E14F C4291D] : TurboTax 2015 WinPerFuegoContent
[HKCR\Installer\Products\E85265FE62305C848AC6B3CA62 CF51FD] : Roxio Creator Starter → C:\Windows\Installer{EF56258E-0326-48C5-A86C-3BAC26FC15DF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E8C18809F4C62664993258FAAC 50C844] : Dell SupportAssistAgent → C:\WINDOWS\Installer{90881C8E-6C4F-4662-9923-85AFCA058C44}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\EDEE121AF86CD16419AA4DB82A 62FAC1] : Roxio Activation Module → C:\Windows\Installer{A121EEDE-C68F-461D-91AA-D48BA226AF1C}\RoxioCentral.exe
[HKCR\Installer\Products\F5132B06F0863BE48BDDCCCD68 7ACCBA] : Roxio File Backup → C:\Windows\Installer{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}\BackupCentral.exe
[HKCR\Installer\Products\F60730A4A66673047777F57284 67D401] : Java Auto Updater
[HKCR\Installer\Products\F7AC5766B15EA6F4994D8F0F21 C4E6AA] : Roxio Express Labeler 3
[HKCR\Installer\Products\FB4A7DB746AEEFB49A3DF3CDB9 E6CF32] : Nero Football (Soccer) Themes → C:\WINDOWS\Installer{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\FDA1A8E3C27BEF74586F7F7AC3 84F7C6] : Dell MusicStage → C:\Windows\Installer{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}\MusicStage.exe
[HKCR\Installer\Products\FFC5F60053DEFA14B9A25FB2F0 45B54F] : Nero 2016 Content Pack → C:\WINDOWS\Installer{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}\ARPPRODUCTICON.exe

---------- | ADS

@C:\WINDOWS\System32:Win32App_1
@C:\WINDOWS\Syswow64:Win32App_1

---------- | Drives

Disk: 0 Size=954G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors

0 0 DE-UNKNWN 39M No No 63 80,262
1 1 07-NTFS 13G Yes No 81,920 25,686,016
2 2 07-NTFS 941G No No 25,767,936 927,753,728

---------- | MBR

Windows Version:
Windows Information: (build 9200), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Computer Corporation
System Manufacturer: Dell Inc.
System Product Name: Studio XPS 9100
Logical Drives Mask: 0x00000014

Analysis of file “C:\QuickDiag\MBR.bin”:
Dell Inspiron MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog
[HEADING=1]Faulting application name: MotoHelperService.exe, version: 14.3.23.0, time stamp: 0x552e6b41
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x000a7666
Faulting process id: 0xd00
Faulting application start time: 0x01d30c9332e0283b
Faulting application path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
Faulting module path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MSVCR120.dll
Report Id: 7a27a5bc-d4fa-4631-acd2-90d6e6b6234a
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
[HEADING=1]Activation context generation failed for “c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe”. Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“ia64” ,publicKeyToken=“6595b64144ccf1df”,type=“win32”,ve rsion=“6.0.0.0” could not be found. Please use sxstrace.exe for detailed diagnosis.[/HEADING]
[HEADING=1]Activation context generation failed for “c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest.[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.[/HEADING]
[HEADING=1]Faulting application name: MotoHelperService.exe, version: 14.3.23.0, time stamp: 0x552e6b41
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x000a7666
Faulting process id: 0xf44
Faulting application start time: 0x01d30be0bcd2e300
Faulting application path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
Faulting module path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MSVCR120.dll
Report Id: 4ec66ef7-70eb-4d31-9832-935485a1211b
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation
[HEADING=1]Context:
Current State: DoSnapshotSet[/HEADING]
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service dmwappushsvc since QueryServiceConfig API failed
[HEADING=1]System Error:
The system cannot find the file specified.
.[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Users\Steve\Downloads\esetsmartinstaller_enu.e xe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Users\Steve\Downloads\esetsmartinstaller_enu(1 ).exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.[/HEADING]
[HEADING=1]Activation context generation failed for “c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe”. Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“ia64” ,publicKeyToken=“6595b64144ccf1df”,type=“win32”,ve rsion=“6.0.0.0” could not be found. Please use sxstrace.exe for detailed diagnosis.[/HEADING]
[HEADING=1]Activation context generation failed for “c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest.[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.[/HEADING]
[HEADING=1]An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected[/HEADING]
[HEADING=1]An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected[/HEADING]
[HEADING=1]An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest.[/HEADING]
[HEADING=1]Activation context generation failed for “c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe”. Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“ia64” ,publicKeyToken=“6595b64144ccf1df”,type=“win32”,ve rsion=“6.0.0.0” could not be found. Please use sxstrace.exe for detailed diagnosis.[/HEADING]
[HEADING=1]Activation context generation failed for “c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad6 3fefc436da8.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002 d27e7c744a2.manifest.[/HEADING]
----------( EOF)---------- - 5016 | 16:39:38

**mnisia** · 08-05-2017, 11:30 AM

What now?