Tweet
I have a samsung laptop that is running Windows 7 and I can not get it to boot up and open anything. I have tried booting into safemode with network so I could start a malwarebytes update and run a scan but I can not get anything to open. What can I do next?
-
-
I was able to start the pre-wrok. It is just taking very long, everything is taking a long time to open. -
Hi @Cory
It sounds like you have a very serious infection, and the prework is absolutely necessary to get underway. It may take a while, but it will finishComment
-
Hello
Paste the content of the reports you made with prework, and after that,
Download Quick Diag to your desktop.
Very Important!! — Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.
g3n-h@ckm@n Tools: Image
Post the log that is generated in your next post.Comment
-
The FRST will not finish. I get the FRST file but not the additional file. It is giving me a BSOD. Going to try it again.Comment
-
hello try Quickdiag As I wroteComment
-
It took several hours to finish. Here is the log from Quickdiag.
--------------- QuickDiag | g3n-h@ckm@n | V3_04.10.17.1 ---------------
----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 07/10/2017 12:47:05
Updated 04/10/2017 | 22.38 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Time Zone : (UTC-06:00) Central Time (US & Canada)
[Tonya (Administrator)] - [TONYA-PC] (S-1-5-21-2880522861-2664208021-4051181673-1000)
System: Microsoft Windows 7 Home Premium - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) → ()
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Home Premium |C:\windows|\Device\Harddisk0\Partition2
Boot : SafeMode with network
PC: QX311/QX411/QX412/QX511 - SAMSUNG ELECTRONICS CO., LTD. - IdNumber: HPHF91BC212095 - UUID: 27A224A0-1DD2-11B2-8000-F37DA3B63CE7
Processor : X64 - 2494 Mhz - Intel(R) Core™ i5-2450M CPU @ 2.50GHz
Phoenix SecureCore-Tiano™ NB Version 2.1 08HS - en-US - Phoenix Technologies Ltd. - S/N: HPHF91BC212095 - 08HS - SECCSD - 2
CoreTemp : 29.8 Celsius
----------| Quick
---------- | SoundDevice
Realtek High Definition Audio - Status: Unknown - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_144DC0A0& REV_1001\4&3A0AA0FC&0&0001
Intel(R) Display Audio - Status: Unknown - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101& REV_1000\4&3A0AA0FC&0&0301
---------- | Video
Intel(R) HD Graphics Family - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd64.dll,igd10umd64.dll,igd10umd64.dll,igdumdx 32,igd10umd32,igd10umd32 - PNPDeviceID: PCI\VEN_8086&DEV_0126&SUBSYS_C0A0144D&REV_09\3&115 83659&0&10 - AdapterCompatibility: Intel Corporation - RAM: -1320394752
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics Family - DriverVersion: 8.15.10.2266 - SpecificationVersion: 1025
---------- | Codecs
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
---------- | CPU
CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %
---------- | Network
Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
Intel[R] Centrino[R] Wireless-N 6150 : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{E2688C84-BBB3-4E36-80F6-5028CF4B2EC6} : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.Home : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec
Overall → SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_C0A0144D&REV_06\4&3A3 3A527&0&00E3
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT*ISATAP\0000
RAS Async Adapter - - - Status: - PnPID :
Intel(R) Centrino(R) WiMAX 6150 - - - Status: - PnPID :
Microsoft ISATAP Adapter #2 - Tunnel - Microsoft - Status: - PnPID : ROOT*ISATAP\0001
Intel(R) Centrino(R) Wireless-N 6150 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_0885&SUBSYS_13058086&REV_67\4&1D0 25BEB&0&00E0
Microsoft Virtual WiFi Miniport Adapter - - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1FD03075&0&01
Microsoft ISATAP Adapter #3 - Tunnel - Microsoft - Status: - PnPID : ROOT*ISATAP\0002
Microsoft Virtual WiFi Miniport Adapter - - - Status: - PnPID :
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT*TEREDO\0000
Microsoft 6to4 Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT*6TO4MP\0000
---------- | Memory
RAM = Total (MB) : 6203 | Free (MB) : 5296
Pagefile = Total (MB) : 12404 | Free (MB) : 11566
Virtual = Total (MB) : 4194 | Free (MB) : 4003
Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: Samsung - PartNumber: M471B5273CM0-CH9 - S/N: B4231876
Physical Memory 2 : Capacity: 2147483648 - ChannelB-DIMM0 - Posit.: 2 - Manufacturer: Samsung - PartNumber: M471B5773DH0-CH9 - S/N: 006BA1C6
---------- | SID Users
Administrator : [S-1-5-21-2880522861-2664208021-4051181673-500]
Guest : [S-1-5-21-2880522861-2664208021-4051181673-501]
HomeGroupUser$ : [S-1-5-21-2880522861-2664208021-4051181673-1004]
Tonya : [S-1-5-21-2880522861-2664208021-4051181673-1000]
Administrators : [S-1-5-32-544]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-2880522861-2664208021-4051181673-1003]
---------- | SystemAccounts
Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK
---------- | Drives
C:\ → [Fixed] | | Total : 365 Go | Free : 289.09 Go → NTFS [ATA]
D:\ → [Fixed] | | Total : 547.38 Go | Free : 547.23 Go → NTFS [ATA]
E:\ → [CDROM] | [50941] | Total : 4.16 Go | Free : 0 Go → CDFS [ATAPI]
Disk Usage Information [1 total Physical Disks]
Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec
DeviceID: \.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : IDE\DISKSAMSUNG_HN-M101MBB______________________2AR10001\4&555A9D6&0& 0.0.0
---------- | Windows updates
Last detection : 2017-09-30 15:31:08
Downloaded last ones : 2017-09-14 22:39:25
Installed last ones : 2017-09-16 13:14:59
Next search : 2017-10-03 02:06:03
---------- | Browsers
IE : 11.0.9600.18792 (© Microsoft Corporation.)
FF : 55.0.3.6445 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 61.0.3163.100 (Copyright 2016 Google Inc.)
Default : “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” -osint -url “”
---------- | FlashPlayer
FlashPlayer ActiveX : 27.0.0.130
FlashPlayer Plugin : 27.0.0.130
---------- | Security
AV : Malwarebytes Disabled
AS : Windows Defender Disabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Auto(2)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running
---------- | Running processes
300 | [Owner : SYSTEM | Parent : 4(System) | 1.25 Mo] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.23889) = C:\Windows\System32\smss.exe [14/09/2017 17:38:50] CPU Usage:0 % → Command Line :
392 | [Owner : SYSTEM | Parent : 384() | 4.35 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 18:19:49] CPU Usage:0 % → Command Line :
428 | [Owner : SYSTEM | Parent : 420() | 6.08 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 18:19:49] CPU Usage:0 % → Command Line :
436 | [Owner : SYSTEM | Parent : 384() | 4.88 Mo] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [13/07/2009 18:52:37] CPU Usage:0 % → Command Line :
476 | [Owner : SYSTEM | Parent : 420() | 5.79 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [15/10/2014 19:40:23] CPU Usage:0 % → Command Line :
528 | [Owner : SYSTEM | Parent : 436(wininit.exe) | 8.04 Mo] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [12/05/2015 13:37:47] CPU Usage:0 % → Command Line :
536 | [Owner : SYSTEM | Parent : 436(wininit.exe) | 11.8 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23889) = C:\Windows\System32\lsass.exe [14/09/2017 17:38:46] CPU Usage:0 % → Command Line :
544 | [Owner : SYSTEM | Parent : 436(wininit.exe) | 4.33 Mo] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [20/11/2010 22:23:53] CPU Usage:0 % → Command Line :
640 | [Owner : SYSTEM | Parent : 528(services.exe) | 9.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % → Command Line :
712 | [Owner : NETWORK SERVICE | Parent : 528(services.exe) | 7.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % → Command Line :
812 | [Owner : SYSTEM | Parent : 528(services.exe) | 40.02 Mo] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.209.0) = C:\Program Files\Microsoft Security Client\MsMpEng.exe [14/11/2016 22:14:42] CPU Usage:0 % → Command Line :
848 | [Owner : LOCAL SERVICE | Parent : 528(services.exe) | 11.98 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % → Command Line :
880 | [Owner : SYSTEM | Parent : 528(services.exe) | 21.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % → Command Line :
980 | [Owner : LOCAL SERVICE | Parent : 528(services.exe) | 7.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % → Command Line :
1016 | [Owner : NETWORK SERVICE | Parent : 528(services.exe) | 14.52 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % → Command Line :
356 | [Owner : SYSTEM | Parent : 528(services.exe) | 16.38 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % → Command Line :
612 | [Owner : LOCAL SERVICE | Parent : 528(services.exe) | 13.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % → Command Line :
1772 | [Owner : Tonya | Parent : 1900() | 50.66 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.23537) = C:\Windows\explorer.exe [12/10/2016 20:31:01] CPU Usage:0 % → Command Line :
1976 | [Owner : Tonya | Parent : 1772(explorer.exe) | 3.77 Mo] - (.Microsoft Corporation - CTF Loader.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe [13/07/2009 18:39:05] CPU Usage:0 % → Command Line :
1560 | [Owner : Tonya | Parent : 640(svchost.exe) | 15.33 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) = C:\Windows\System32\dllhost.exe [13/07/2009 18:59:17] CPU Usage:0 % → Command Line :
2384 | [Owner : Tonya | Parent : 1772(explorer.exe) | 31.63 Mo] - (.SosVirus - QuickDiag.) - (4.10.17.1) = C:\Users\Tonya\Desktop\QuickDiag.exe [07/10/2017 12:45:39] CPU Usage:0 % → Command Line :
2556 | [Owner : NETWORK SERVICE | Parent : 640(svchost.exe) | 9.85 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 22:24:15] CPU Usage:0 % → Command Line :
2608 | [Owner : SYSTEM | Parent : 640(svchost.exe) | 6.89 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 22:24:15] CPU Usage:0 % → Command Line :
2664 | [Owner : NETWORK SERVICE | Parent : 640(svchost.exe) | 7.29 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [20/11/2010 22:24:27] CPU Usage:0 % → Command Line :
---------- | MD5
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [12/10/2016 20:31:01] - (.© Microsoft Corporation. - Windows Explorer.) - [3154 Ko] - (6.1.7601.23537) : C:\windows\Explorer.exe
[MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [20/11/2010 22:23:55] - (.© Microsoft Corporation. - Windows Command Processor.) - [337 Ko] - (6.1.7601.17514) : C:\windows\System32\cmd.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [13/07/2009 18:19:49] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [7.5 Ko] - (6.1.7600.16385) : C:\windows\System32\csrss.exe
[MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [13/07/2009 18:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\windows\System32\dllhost.exe
[MD5.A0AB7ED46853E87E8BB66A404F366E16] - [14/09/2017 17:38:50] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [1136 Ko] - (6.1.7601.23889) : C:\windows\System32\Kernel32.dll
[MD5.00A54A6CEDF599AABB72C20E0815BC37] - [14/09/2017 17:38:46] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23889) : C:\windows\System32\lsass.exe
[MD5.3F1A199859B4F3F8357B2A0AF5666A54] - [14/09/2017 17:38:50] - (.© Microsoft Corporation. - Distributed COM Services.) - [500 Ko] - (6.1.7601.23889) : C:\windows\System32\rpcss.dll
[MD5.C36BB659F08F046B139C8D1B980BF1AC] - [13/06/2017 18:00:28] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [45 Ko] - (6.1.7601.23755) : C:\windows\System32\rundll32.exe
[MD5.71C85477DF9347FE8E7BC55768473FCA] - [12/05/2015 13:37:47] - (.© Microsoft Corporation. - Services and Controller app.) - [321 Ko] - (6.1.7601.18829) : C:\windows\System32\services.exe
[MD5.6F68F63794097E54F36474ED4384B759] - [01/02/2012 17:59:11] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [27 Ko] - (6.1.7601.17568) : C:\windows\System32\svchost.exe
[MD5.34BA256FBF83457F9D5E51A56DB54542] - [13/12/2016 18:45:45] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [985.5 Ko] - (6.1.7601.23594) : C:\windows\System32\user32.dll
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [20/11/2010 22:24:28] - (.© Microsoft Corporation. - Userinit Logon Application.) - [30 Ko] - (6.1.7601.17514) : C:\windows\System32\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [13/07/2009 18:52:37] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [126 Ko] - (6.1.7600.16385) : C:\windows\System32\Wininit.exe
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [15/10/2014 19:40:23] - (.© Microsoft Corporation. - Windows Logon Application.) - [444.5 Ko] - (6.1.7601.18540) : C:\windows\System32\Winlogon.exe
[MD5.0DC2A9882540DEA4A55B08785E09D8FC] - [09/05/2017 20:22:16] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [484.5 Ko] - (6.1.7601.23761) : C:\windows\System32\Drivers\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [13/07/2009 18:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\atapi.sys
[MD5.059F00DEF82BF41E433B7ED465847726] - [10/09/2013 18:11:48] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\windows\System32\Drivers\ataport.sys
[MD5.B8BD2BB284668C84865658C77574381A] - [13/07/2009 18:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\cdfs.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [20/11/2010 22:23:47] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\cdrom.sys
[MD5.9B38580063D281A99E68EF5813022A5F] - [12/10/2016 20:32:57] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [104 Ko] - (6.1.7601.23542) : C:\windows\System32\Drivers\dfsc.sys
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [20/11/2010 22:23:47] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\hdaudbus.sys
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [13/07/2009 18:19:58] - (.© Microsoft Corporation. - i8042 Port Driver.) - [103 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\i8042prt.sys
[MD5.F7CE9BE72EDAC499B713ECA6DAE5D26F] - [01/02/2012 17:32:28] - (.Copyright(C) Intel Corporation 1994-2010 - Intel Rapid Storage Technology driver - x64.) - [427.02 Ko] - (10.0.0.1046) : C:\windows\System32\Drivers\iastor.sys
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [13/07/2009 19:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\ipnat.sys
[MD5.F77E8ABD746B93B9B4F9C13250302C47] - [14/09/2017 17:38:50] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23889) : C:\windows\System32\Drivers\mrxsmb.sys
[MD5.F7309F42555F8AAB7144A51A1F2585B0] - [10/11/2015 19:12:20] - (.© Microsoft Corporation. - NDIS 6.20 driver.) - [928.44 Ko] - (6.1.7601.19030) : C:\windows\System32\Drivers\ndis.sys
[MD5.734837208CAFD6E0959A7A0333C95C9D] - [14/09/2017 17:38:58] - (.© Microsoft Corporation. - MBT Transport driver.) - [256.5 Ko] - (6.1.7601.23889) : C:\windows\System32\Drivers\netbt.sys
[MD5.7FD5A7FB8F55254E9AF5666C653AF3CA] - [11/07/2017 21:50:06] - (.© Microsoft Corporation. - NT File System Driver.) - [1641.23 Ko] - (6.1.7601.23839) : C:\windows\System32\Drivers\ntfs.sys
[MD5.0086431C29C35BE1DBC43F52CC273887] - [13/07/2009 19:00:41] - (.© Microsoft Corporation. - Parallel Port Driver.) - [95 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\parport.sys
[MD5.471815800AE33E6F1C32FB1B97C490CA] - [20/11/2010 22:24:33] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\rasl2tp.sys
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [13/07/2009 19:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\smb.sys
[MD5.7FB36A0A036ADDACE0A868E4A43C1C27] - [11/07/2017 21:50:02] - (.© Microsoft Corporation. - TCP/IP Driver.) - [1851.23 Ko] - (6.1.7601.23821) : C:\windows\System32\Drivers\tcpip.sys
[MD5.4DD986720F7CB7A8A5D1226793097B9A] - [13/08/2017 09:44:10] - (.© Microsoft Corporation. - TDI Translation Driver.) - [114.5 Ko] - (6.1.7601.23880) : C:\windows\System32\Drivers\tdx.sys
[MD5.DF8126BD41180351A093A3AD2FC8903B] - [01/02/2012 17:59:05] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [289.38 Ko] - (6.1.7601.17567) : C:\windows\System32\Drivers\volsnap.sys
---------- | Locked Applications
---------- | Explorer.exe component call (Microsoft Files Whitelisted)
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.16) – C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(..-..) - (0.0.0.0) – C:\PROGRA~2\PrivaZer\PRIVAM~1.DLL
---------- | Svchost.exe component call (Microsoft Files Whitelisted)
---------- | ZeroAccess Check
[HKLM\Software\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
---------- | Startings up
McAfee Security Scan Plus - (C:\PROGRA~1\MCAFEE~1\311~1.599\SSSCHE~1.EXE [Common Startup]) - User: Public
Everything - (“C:\Program Files\Everything\Everything.exe” -startup [HKLM\SOFTWARE...\Run]) - User: Public
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Command Processor]
“CompletionChar”=9
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=9
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“UserSelectedDefault”=1
“Device”=Canon MP495 series Printer WS,winspool,Ne08:
[HKLM\Software\Microsoft\Command Processor]
“CompletionChar”=64
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=64
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
“Everything”=“C:\Program Files\Everything\Everything.exe” -startup
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“IconServiceLib”=IconCodecService.dll
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“GDIProcessHandleQuota”=10000
“ShutdownWarningDialogTimeout”=4294967295
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000
“”=mnmsrvc
“DeviceNotSelectedTimeout”=15
“Spooler”=yes
“TransmissionRetryTimeout”=90
“AppInit_DLLs”=
“LoadAppInit_DLLs”=0
[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
“CompletionChar”=64
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=64
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run]
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
“IconServiceLib”=IconCodecService.dll
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“GDIProcessHandleQuota”=10000
“ShutdownWarningDialogTimeout”=4294967295
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000
“”=mnmsrvc
“DeviceNotSelectedTimeout”=15
“Spooler”=yes
“TransmissionRetryTimeout”=90
“AppInit_DLLs”=
“LoadAppInit_DLLs”=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
“WebCheck”={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
---------- | Win.ini :
---------- | System.ini :
---------- | Tasks List
---------- | Startings up registry � Folder
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner] : “C:\Program Files\CCleaner\CCleaner64.exe” /AUTO
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] : C:\windows\system32\hkcmd.exe [01/02/2012 20:17:28]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] : C:\windows\system32\igfxtray.exe [01/02/2012 20:17:30]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelWireless] : “C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe” /tf Intel Wireless Tray
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] : “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup] : C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [01/06/2010 01:33:10]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] : C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
---------- | Other keys
[HKLM\System\CurrentControlSet\Control]
“PreshutdownOrder”=wuauserv
gpsvc
trustedinstaller
“WaitToKillServiceTimeout”=200
“CurrentUser”=USERNAME
“BootDriverFlags”=0
“ServiceControlManagerExtension”=%systemroot%\syst em32\scext.dll
“SystemStartOptions”= NOEXECUTE=OPTIN NUMPROC=4 SAFEBOOT:NETWORK SOS BOOTLOG NOGUIBOOT BOOTLOGO
“SystemBootDevice”=multi(0)disk(0)rdisk(0)partitio n(2)
“FirmwareBootDevice”=multi(0)disk(0)rdisk(0)partit ion(1)
[HKLM\System\CurrentControlSet\Control\lsa]
“auditbaseobjects”=0
“auditbasedirectories”=0
“crashonauditfail”=0
“fullprivilegeauditing”=0x00
“Bounds”=0x0030000000200000
“LimitBlankPasswordUse”=1
“NoLmHash”=1
“Notification Packages”=scecli
“Security Packages”=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
livessp
“Authentication Packages”=msv1_0
“LsaPid”=536
“SecureBoot”=1
“ProductType”=3
“disabledomaincreds”=0
“everyoneincludesanonymous”=0
“forceguest”=0
“restrictanonymous”=2
“restrictanonymoussam”=1
[HKLM\System\CurrentControlSet\Control\SecurityProv iders]
“SecurityProviders”=credssp.dll
[HKLM\System\CurrentControlSet\Control\Session Manager]
“CriticalSectionTimeout”=2592000
“GlobalFlag”=0
“HeapDeCommitFreeBlockThreshold”=0
“HeapDeCommitTotalFreeThreshold”=0
“HeapSegmentCommit”=0
“HeapSegmentReserve”=0
“ProcessorControl”=2
“ResourceTimeoutCount”=648000
“BootExecute”=autocheck autochk *
“ExcludeFromKnownDlls”=
“ObjectDirectories”=\Windows
\RPC Control
“ProtectionMode”=1
“NumberOfInitialSessions”=2
“SetupExecute”=
[HKLM\System\CurrentControlSet\Control\Terminal Server]
“RCDependentServices”=CertPropSvc
SessionEnv
“NotificationTimeOut”=0
“SnapshotMonitors”=1
“ProductVersion”=5.1
“AllowRemoteRPC”=0
“DelayConMgrTimeout”=0
“fDenyTSConnections”=1
“StartRCM”=0
“TSAdvertise”=0
“DeleteTempDirsOnExit”=1
“fSingleSessionPerUser”=1
“PerSessionTempDir”=0
“TSUserEnabled”=0
“InstanceID”=7b49b9a8-6958-4b7a-9aaa-b2161e3
“fCredentialLessLogonSupported”=1
“fCredentialLessLogonSupportedTSS”=1
“fCredentialLessLogonSupportedKMRDP”=1
---------- | .LNK with Arguments
---------- | AppCertDlls
---------- | Dnsapi.dll
C:\windows\System32\dnsapi.dll → OK : \drivers\etc\hosts
C:\windows\SysWOW64\dnsapi.dll → OK : \drivers\etc\hosts
---------- | Policies | Registry
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Control Panel\Desktop]
“ScreenSaveActive”=1
“ActiveWndTrackTimeout”=0
“BlockSendInputResets”=0
“CaretWidth”=1
“ClickLockTime”=1200
“CoolSwitchColumns”=7
“CoolSwitchRows”=3
“CursorBlinkRate”=530
“DockMoving”=1
“DragFromMaximize”=1
“DragFullWindows”=1
“DragHeight”=4
“DragWidth”=4
“FocusBorderHeight”=1
“FocusBorderWidth”=1
“FontSmoothing”=2
“FontSmoothingGamma”=0
“FontSmoothingOrientation”=1
“FontSmoothingType”=2
“ForegroundFlashCount”=7
“ForegroundLockTimeout”=200000
“LeftOverlapChars”=3
“MenuShowDelay”=400
“PaintDesktopVersion”=0
“Pattern”=0
“RightOverlapChars”=3
“SnapSizing”=1
“TileWallpaper”=0
“WallpaperOriginX”=0
“WallpaperOriginY”=0
“WallpaperStyle”=0
“WheelScrollChars”=3
“WheelScrollLines”=3
“WindowArrangementActive”=1
“UserPreferencesMask”=0x9E3E078012000000
“Wallpaper”=C:\Users\Tonya\AppData\Roaming\Mozilla \Firefox\Desktop Background.bmp [07/12/2015 22:15:41]
“SCRNSAVE.EXE”=C:\windows\system32\scrnsave.scr [13/07/2009 18:56:35]
“ScreenSaveTimeOut”=1800
“ScreenSaverIsSecure”=1
“WaitToKillAppTimeout”=200
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“NoDriveTypeAutoRun”=145
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ExplorerStartupTraceRecorded”=1
“ShellState”=0x24000000302800000000000000000000000 0000001000000120000000000000022000000
“CleanShutdown”=0
“Browse For Folder Width”=318
“Browse For Folder Height”=288
“link”=0x16000000
“NoFileFolderConnection”=1
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_SearchFiles”=2
“ServerAdminUI”=0
“Start_PowerButtonAction”=16
“Hidden”=2
“ShowCompColor”=1
“HideFileExt”=1
“DontPrettyPath”=0
“ShowInfoTip”=1
“HideIcons”=0
“MapNetDrvBtn”=0
“WebView”=1
“Filter”=0
“SuperHidden”=0
“SeparateProcess”=0
“AutoCheckSelect”=0
“IconsOnly”=0
“ShowTypeOverlay”=1
“ListviewAlphaSelect”=1
“ListviewShadow”=1
“TaskbarAnimations”=1
“StartMenuInit”=4
“TaskbarSizeMove”=0
“DisablePreviewDesktop”=0
“TaskbarSmallIcons”=0
“TaskbarGlomLevel”=0
“”=0
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\WordWheelQuery]
“MRUListEx”=0x020000000100000000000000FFFFFFFF
“0”=0x43006800650063006B005F00420072006F0077007300 6500720073005F004C004E004B000000
“1”=0x70006F00770065007200200070006F0069006E007400 0000
“2”=0x66006C00610073006800200070006C00610079006500 72000000
[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System]
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=3
“EnableInstallerDetection”=1
“EnableLUA”=0
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableVirtualization”=1
“PromptOnSecureDesktop”=0
“ValidateAdminCodeSignatures”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“FilterAdministratorToken”=0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\ClassicStartMenu]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL]
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“CheckedValue”=1
“ValueName”=Hidden
“DefaultValue”=2
“HKeyRoot”=2147483649
“HelpID”=shell.hlp#51105
[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“BrowserCFCreator”={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“IconUnderline”=2
“GlobalAssocChangedCounter”=188
“MultipleInvokePromptMinimum”=10000
[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“TaskbarSizeMove”=0
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations]
“Application”= open %s file - Search
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=3
“EnableInstallerDetection”=1
“EnableLUA”=0
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableVirtualization”=1
“PromptOnSecureDesktop”=0
“ValidateAdminCodeSignatures”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“FilterAdministratorToken”=0
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\Explorer]
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\NewStartPanel]
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\ClassicStartMen u]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“CheckedValue”=1
“ValueName”=Hidden
“DefaultValue”=2
“HKeyRoot”=2147483649
“HelpID”=shell.hlp#51105
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer]
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“BrowserCFCreator”={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“IconUnderline”=2
“GlobalAssocChangedCounter”=529
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced]
“TaskbarSizeMove”=0
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Associations]
“Application”= open %s file - Search
---------- | Winlogon
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ExcludeProfileDirs”=AppData\Local;AppData\LocalLo w;$Recycle.Bin
“BuildNumber”=7601
“FirstLogon”=0
“ParseAutoexec”=1
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ReportBootOk”=1
“Shell”=explorer.exe
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“Userinit”=C:\Windows\system32\userinit.exe,
“VMApplet”=SystemPropertiesPerformance.exe /pagefile
“AutoRestartShell”=1
“Background”=0 0 0
“CachedLogonsCount”=10
“DebugServerCommand”=no
“ForceUnlockLogon”=0
“LegalNoticeCaption”=
“LegalNoticeText”=
“PasswordExpiryWarning”=5
“PowerdownAfterShutdown”=0
“ShutdownWithoutLogon”=0
“WinStationsDisabled”=0
“DisableCAD”=1
“scremoveoption”=0
“ShutdownFlags”=39
“AutoAdminLogon”=0
“DefaultUserName”=Tonya
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ReportBootOk”=1
“Shell”=explorer.exe
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“DefaultDomainName”=
“DefaultUserName”=
“Userinit”=userinit.exe,
“VMApplet”=SystemPropertiesPerformance.exe /pagefile
---------- | Associations
[HKLM\Software\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload
[HKLM\Software\Classes\exefile\Shell\Open\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*
[HKLM\Software\Classes.com]
“”=comfile
[HKLM\Software\Classes\comfile\Shell\Open\Command]
“”=“%1” %*
[HKLM\Software\Classes.reg]
“”=regfile
[HKLM\Software\Classes\regfile\Shell\Open\Command]
“”=regedit.exe “%1”
[HKLM\Software\Classes.scr]
“”=scrfile
[HKLM\Software\Classes\scrfile\Shell\Open\Command]
“”=“%1” /S
[HKLM\Software\Classes.bat]
“”=batfile
[HKLM\Software\Classes\batfile\Shell\Open\Command]
“”=“%1” %*
[HKLM\Software\Classes.cmd]
“”=cmdfile
[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
“”=“%1” %*
[HKLM\Software\Classes.pif]
“”=piffile
[HKLM\Software\Classes\piffile\Shell\Open\Command]
“”=“%1” %*
[HKLM\Software\Classes.inf]
“”=inffile
[HKLM\Software\Classes\inffile\Shell\Open\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\Software\Classes.url]
“”=InternetShortcut
[HKLM\Software\Classes.lnk]
“”=lnkfile
[HKLM\Software\Classes.hta]
“PerceivedType”=text
“”=htafile
“Content Type”=application/hta
[HKLM\Software\Classes\htafile\Shell\Open\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” %*
[HKLM\Software\Classes\InternetShortcut]
“NeverShowExt”=
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“EditFlags”=2
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“IsShortcut”=
“FriendlyTypeName”=@C:\Windows\System32\ieframe.dl l,-10046
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
[HKLM\Software\Classes\Application.Manifest]
“”=Application Manifest
“EditFlags”=65536
“BrowserFlags”=4096
“FriendlyTypeName”=@dfshim.dll,-200
[HKLM\Software\Classes\Application.Reference]
“NeverShowExt”=
“”=Application Reference
“IsShortcut”=
“EditFlags”=131072
“FriendlyTypeName”=@dfshim.dll,-201
[HKLM\Software\Classes\Folder]
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeLayoutPatternForSearch”=alpha
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“”=Folder
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.ItemTypeText
[HKLM\Software\WOW6432Node\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload
[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Op en\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*
[HKLM\Software\WOW6432Node\Classes.com]
“”=comfile
[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Op en\Command]
“”=“%1” %*
[HKLM\Software\WOW6432Node\Classes.reg]
“”=regfile
[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Op en\Command]
“”=regedit.exe “%1”
[HKLM\Software\WOW6432Node\Classes.scr]
“”=scrfile
[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Op en\Command]
“”=“%1” /S
[HKLM\Software\WOW6432Node\Classes.bat]
“”=batfile
[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Op en\Command]
“”=“%1” %*
[HKLM\Software\WOW6432Node\Classes.cmd]
“”=cmdfile
[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Op en\Command]
“”=“%1” %*
[HKLM\Software\WOW6432Node\Classes.pif]
“”=piffile
[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Op en\Command]
“”=“%1” %*
[HKLM\Software\WOW6432Node\Classes.inf]
“”=inffile
[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Op en\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\Software\WOW6432Node\Classes.url]
“”=InternetShortcut
[HKLM\Software\WOW6432Node\Classes.lnk]
“”=lnkfile
[HKLM\Software\WOW6432Node\Classes.hta]
“PerceivedType”=text
“”=htafile
“Content Type”=application/hta
[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Op en\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” %*
[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
“NeverShowExt”=
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“EditFlags”=2
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“IsShortcut”=
“FriendlyTypeName”=@C:\Windows\System32\ieframe.dl l,-10046
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
[HKLM\Software\WOW6432Node\Classes\Application.Mani fest]
“”=Application Manifest
“EditFlags”=65536
“BrowserFlags”=4096
“FriendlyTypeName”=@dfshim.dll,-200
[HKLM\Software\WOW6432Node\Classes\Application.Refe rence]
“NeverShowExt”=
“”=Application Reference
“IsShortcut”=
“EditFlags”=131072
“FriendlyTypeName”=@dfshim.dll,-201
[HKLM\Software\WOW6432Node\Classes\Folder]
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeLayoutPatternForSearch”=alpha
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“”=Folder
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.ItemTypeText
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EX E\Shell\open\Command]
“”=“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EX E\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [14/09/2017 17:38:58]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\FIREFOX.EXE\Shell\open\Command]
“”=“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\FIREFOX.EXE\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [14/09/2017 17:38:58]
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall
---------- | AppcompatFlags
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
“SIGN.MEDIA=277C674 EPSETUP.EXE”=1
“C:\Users\Tonya\Downloads\Samsung_MES100803-02_Normal.exe”=1
“C:\Users\Tonya\Downloads\mbam-setup-1.70.0.1100.exe”=1
“C:\Users\Tonya\Downloads\ChromeSetup.exe”=1
“C:\Users\Tonya\Downloads\vlc-2.2.0-win32.exe”=1
“C:\Users\Tonya\Downloads\QuickTimeInstaller.exe”= 1
“C:\Users\Tonya\Downloads\GoProStudioPC-2.5.5.443.exe”=1
“SIGN.MEDIA=1652C6 install.EXE”=1
“C:\Users\Tonya\Desktop\PatchMyPC.exe”=1
“C:\Users\Tonya\Desktop\ccsetup527.exe”=1
“C:\Users\Tonya\Desktop\Everything-1.3.4.686.x64.Multilingual-Setup.exe”=1
“C:\Users\Tonya\Desktop\privazer_free.exe”=1
“C:\Users\Tonya\Desktop\Setup_SmartDefrag.exe”=1
“C:\Users\Tonya\Downloads\jxpiinstall(2).exe”=1
“C:\Users\Tonya\AppData\Local\Temp\jre-8u141-windows-au.exe”=1
---------- | IFEO
---------- | Mountpoints2
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Mountpoints2{4c9d58d1-59f7-11e1-8884-806e6f6e6963}] : E:\Start.exe (AutoRun)
---------- | Windows
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“SwapMouseButtons”=#USR:Control Panel\Mouse
“Beep”=#USR:Control Panel\Sound
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“CoolSwitch”=USR:Control Panel\Desktop
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“”=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
“Spooler”=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“SwapMouseButtons”=#USR:Control Panel\Mouse
“Beep”=#USR:Control Panel\Sound
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“CoolSwitch”=USR:Control Panel\Desktop
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
“windows”=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
---------- | Security center
[HKLM\SOFTWARE\Microsoft\Security Center]
“cval”=1
[HKLM\SOFTWARE\Microsoft\Security Center\svc]
“VistaSp1”=128920218544262440
“AntiVirusOverride”=0
“AntiSpywareOverride”=0
“FirewallOverride”=0
[HKLM\SOFTWARE\Microsoft\Windows Defender]
“DisableAntiSpyware”=1
“DisableRoutinelyTakingAction”=0
“ProductStatus”=0
“InstallTime”=0x18D98D99BFE1CC01
[HKLM\Software\WOW6432Node\Microsoft\Windows Defender]
“DisableAntiSpyware”=0
“DisableRoutinelyTakingAction”=1
[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=1
[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=1
[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall”=1
---------- | Safeboot
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MsMpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MsMpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
---------- | Winsock (Whitelist)
---------- | Hosts
127.0.0.1 localhost
::1 localhost
0.0.0.1 mssplus.mcafee.com
---------- | Ping
Pinging google.com [2607:f8b0:4009:813::200e] with 32 bytes of data:
Reply from 2607:f8b0:4009:813::200e: time=22ms
Reply from 2607:f8b0:4009:813::200e: time=23ms
Reply from 2607:f8b0:4009:813::200e: time=23ms
Reply from 2607:f8b0:4009:813::200e: time=22ms
Ping statistics for 2607:f8b0:4009:813::200e:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 23ms, Average = 22ms
---------- | @
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main]
“Disable Script Debugger”=yes
“Anchor Underline”=yes
“Cache_Update_Frequency”=Once_Per_Session
“Display Inline Images”=yes
“Do404Search”=0x01000000
“Local Page”=C:\windows\system32\blank.htm
“Save_Session_History_On_Exit”=no
“Show_FullURL”=no
“Show_StatusBar”=yes
“Show_ToolBar”=yes
“Show_URLinStatusBar”=yes
“Show_URLToolBar”=yes
“Use_DlgBox_Colors”=yes
“Search Page”= Search - Microsoft Bing
“XMLHTTP”=1
“NoUpdateCheck”=1
“DisableScriptDebuggerIE”=yes
“UseClearType”=no
“Enable Browser Extensions”=yes
“Play_Background_Sounds”=yes
“Play_Animations”=yes
“Start Page”= MSN
“Default_Page_URL”=
“DisableFirstRunCustomize”=3
“CompatibilityFlags”=0
“FullScreen”=no
“Window_Placement”=0x2C0000000200000003000000FFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000002003000 02C020000
“IE9RunOnceLastShown”=1
“IE9RunOnceLastShown_TIMESTAMP”=0xFC0D11FDCF64CE01
“IconCache”=1h02yqh
“DownloadWindowPlacement”=0x2C00000000000000000000 00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3B01000055000000 BB03000035020000
“Use FormSuggest”=no
“Check_Associations”=no
“IE9RunOncePerInstallCompleted”=1
“IE9RunOnceCompletionTime”=0x80D928FB9968CE01
“OperationalData”=5
“IE10RunOnceLastShown”=1
“IE10RunOnceLastShown_TIMESTAMP”=0x2223BD88FDCCCE0 1
“IE10RunOncePerInstallCompleted”=1
“IE10RunOnceCompletionTime”=0x8683EB7862F5CE01
“ImageStoreRandomFolder”=w9wjkr6
“DoNotTrack”=1
“DefSpellLang”=en-US
“Start Page_TIMESTAMP”=0x076AD880FBACD201
“SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy”=
“SearchBandRestoreBarCount”=0
“SearchBandMigrationVersion”=1
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“IE5_UA_Backup_Flag”=5.0
“User Agent”=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
“EmailName”=User@
“PrivDiscUiShown”=1
“EnableHttp1_1”=1
“WarnOnIntranet”=1
“MimeExclusionListForCache”=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
“AutoConfigProxy”=wininet.dll
“UseSchannelDirectly”=0x01000000
“WarnOnPost”=0x01000000
“UrlEncoding”=0
“SecureProtocols”=2720
“PrivacyAdvanced”=0
“ZonesSecurityUpgrade”=0x8920552BEEF2CE01
“DisableCachingOfSSLPages”=0
“WarnonZoneCrossing”=0
“CertificateRevocation”=1
“EnableNegotiate”=1
“MigrateProxy”=1
“ProxyEnable”=0
“SyncMode5”=0
“EnableAutodial”=0
“NoNetAutodial”=0
[HKLM\Software\Microsoft\Internet Explorer\Main]
“AutoHide”=yes
“Security Risk Page”=about:SecurityRisk
“Extensions Off Page”=about:NoAdd-ons
“Default_Search_URL”= Search - Microsoft Bing
“Default_Page_URL”= MSN
“Anchor_Visitation_Horizon”=0x01000000
“Cache_Percent_of_Disk”=0x0A000000
“Placeholder_Width”=0x1A000000
“Placeholder_Height”=0x1A000000
“Default_Secondary_Page_URL”=
“Use_Async_DNS”=yes
“Start Page”= MSN
“Local Page”=C:\Windows\System32\blank.htm
“Search Page”= Search - Microsoft Bing
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“TabProcGrowth”=Medium
“Print_Background”=0
“AlwaysShowMenus”=0
“StatusBarWeb”=1
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“InPrivate”=res://ieframe.dll/inprivate_win7.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“Home”=270
“PostNotCached”=res://ieframe.dll/repost.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm
“Compat”=res://mshtml.dll/compat.htm
[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix]
“”=http://
[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes]
“mosaic”=http://
“www”=http://
“home”=http://
“ftp”=ftp://
“gopher”=gopher://
[HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“EnablePunycode”=1
“CodeBaseSearchPath”=CODEBASE
“WarnOnIntranet”=1
“MinorVersion”=0
“ActiveXCache”=C:\Windows\Downloaded Program Files
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
“AutoHide”=yes
“Security Risk Page”=about:SecurityRisk
“Extensions Off Page”=about:NoAdd-ons
“Default_Search_URL”= Search - Microsoft Bing
“Default_Page_URL”= MSN
“Anchor_Visitation_Horizon”=0x01000000
“Cache_Percent_of_Disk”=0x0A000000
“Placeholder_Width”=0x1A000000
“Placeholder_Height”=0x1A000000
“Default_Secondary_Page_URL”=
“Use_Async_DNS”=yes
“Start Page”= MSN
“Local Page”=C:\Windows\SysWOW64\blank.htm
“Search Page”= Search - Microsoft Bing
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“TabProcGrowth”=Medium
“Print_Background”=0
“AlwaysShowMenus”=0
“StatusBarWeb”=1
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
“Check_Associations”=yes
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“InPrivate”=res://ieframe.dll/inprivate_win7.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“Home”=270
“PostNotCached”=res://ieframe.dll/repost.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm
“Compat”=res://mshtml.dll/compat.htm
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\DefaultPrefix]
“”=http://
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\Prefixes]
“mosaic”=http://
“www”=http://
“home”=http://
“ftp”=ftp://
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Internet settings]
“EnablePunycode”=1
“CodeBaseSearchPath”=CODEBASE
“WarnOnIntranet”=1
“MinorVersion”=0
“ActiveXCache”=C:\Windows\Downloaded Program Files
---------- | Proxy
---------- | reparsepoint
---------- | Detection of offsets
---------- | Notify
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll
---------- | Execution FileExts
---------- | SIOI | SEH | URLSH
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\EnhancedStorageS hell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} – %SystemRoot%\system32\EhStorShell.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} – %SystemRoot%\system32\ntshrui.dll
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Enha ncedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} – %SystemRoot%\system32\EhStorShell.dll
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Shar ingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} – %SystemRoot%\system32\ntshrui.dll
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=
---------- | Toolbar
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“Locked”=0
“ShowDiscussionButton”=Yes
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“ITBar7Layout”=0x130000000000000000000000200000001 00000000000000001000000800600005E01000006000000C90 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000071CB8D86DF844388428FA844297B3 F0000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000
“ITBar7Height”=0
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
“Version”=4
“UpgradeTime”=0xB8C3C3E587F7CF01
“KnownProvidersUpgradeTime”=0x3992287C62F5CE01
“DefaultPackCorrection”=1
“DefaultPackNTCorrection”=1
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“Locked”=0
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
“Locked”=0
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
---------- | Extensions
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}] : (@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{328ECD19-C167-40eb-A0C7-16FE7634105E}] : () -
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -
---------- | SearchScopes
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66}] - (Google) - Google {searchTerms} :
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{86E38F40-F4D6-4C13-89D0-827B2577DB70}] - (Yahoo Search) - Yahoo on osa Yahoo-konsernia. {searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=o rcl_default&partnerexternal-oracle=external-oracle :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - :
---------- | Browser Helper Objects
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}] → (Windows Live ID Sign-in Helper) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [28/03/2011 06:35:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{B4F3A835-0E21-4959-BA22-42B3008E02FF}] → (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 08:37:48]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] → (Canon Easy-WebPrint EX BHO) : C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [25/10/2013 22:11:38]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] → (Java™ Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [24/07/2017 22:38:39]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}] → (Windows Live ID Sign-in Helper) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [28/03/2011 06:35:06]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{AA609D72-8482-4076-8991-8CDAE5B93BCB}] → (Samsung BHO Class) : C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [01/02/2012 17:57:20]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{B4F3A835-0E21-4959-BA22-42B3008E02FF}] → (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 08:37:48]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}] → (Java™ Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [24/07/2017 22:38:39]
---------- | Chrome
C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\extensions\hikeppggmbhdgodhakicedaejp leoigm = : MSG_newtab_chrome_extension_description - MSG_newtab_chrome_extension_name - https://clients2.google.com/service/update2/crx
C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccm gmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleuserco ntent.com - https://clients2.google.com/service/update2/crx
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions \hikeppggmbhdgodhakicedaejpleoigm]
---------- | Opera
---------- | Firefox
[HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer] - (Adobe® Flash® Player 27.0.0.130 Plugin) : C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_ 130.dll
[HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKLM\Software\MozillaPlugins@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@adobe.com/FlashPlayer] - (Adobe® Flash® Player 27.0.0.130 Plugin) : C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_ 130.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@canon.com/EPPEX] - (Canon Easy-PhotoPrint EX) : C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins@java.com/DTPlugin,version=11.141.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1 .dll
[HKLM\Software\WOW6432Node\MozillaPlugins@java.com/JavaPlugin,version=11.141.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@nitropdf.com/NitroPDF] - (NitroPDF Web Browser Plugin) : C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@videolan.org/vlc,version=2.2.0] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Pro files\pcw27saw.default\Prefs.js
user_pref(“browser.startup.homepage_override.build ID”, “20170824053622”);
user_pref(“browser.startup.homepage_override.mston e”, “55.0.3”);
user_pref(“extensions.blocklist.pingCountTotal”, 791);
user_pref(“extensions.blocklist.pingCountVersion”, 3);
user_pref(“extensions.databaseSchema”, 21);
user_pref(“extensions.e10s.rollout.blocklist”, “”);
user_pref(“extensions.e10s.rollout.hasAddon”, false);
user_pref(“extensions.e10s.rollout.policy”, “50allmpc”);
user_pref(“extensions.e10sBlockedByAddons”, false);
user_pref(“extensions.e10sMultiBlockedByAddons”, false);
user_pref(“extensions.followonsearch.cohortSample” , “0.280814”);
user_pref(“extensions.getAddons.cache.lastUpdate”, 1506902017);
user_pref(“extensions.getAddons.databaseSchema”, 5);
user_pref(“extensions.hotfix.lastVersion”, “20170302.01”);
user_pref(“extensions.lastAppVersion”, “55.0.3”);
user_pref(“extensions.lastPlatformVersion”, “55.0.3”);
user_pref(“extensions.pendingOperations”, false);
user_pref(“extensions.shield-recipe-client.api_url”, " https://normandy.cdn.mozilla.net/api/v1 ");
user_pref(“extensions.shield-recipe-client.dev_mode”, false);
user_pref(“extensions.shield-recipe-client.enabled”, true);
user_pref(“extensions.shield-recipe-client.first_run”, false);
user_pref(“extensions.shield-recipe-client.logging.level”, 50);
user_pref(“extensions.shield-recipe-client.run_interval_seconds”, 86400);
user_pref(“extensions.shield-recipe-client.startup_delay_seconds”, 300);
user_pref(“extensions.shield-recipe-client.user_id”, “36003d82-768c-43f2-b08b-814b58ee14a0”);
user_pref(“extensions.shownSelectionUI”, true);
user_pref(“extensions.systemAddonSet”, “{"schema":1,"directory":"{429fe9f6-4535-4f5d-98c5-66b5f799dddc}","addons":{"clicktoplay-rollout@mozilla.org":{"version":"1.4"},"e10srollout@mozilla.org":{"version":"2.05"},"followonsearch@mozilla.com":{"version":"0.9.4"},"onboarding@mozilla.org":{"version":"0.1"},"screenshots@mozilla.org":{"version":"10.12.0"}}}”);
user_pref(“extensions.ui.dictionary.hidden”, true);
user_pref(“extensions.ui.lastCategory”, “addons://discover/”);
user_pref(“extensions.ui.locale.hidden”, true);
C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Pro files\pcw27saw.default
[Profile0] - Name=default → Profiles/pcw27saw.default
---------- | DNS
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters]
“DhcpNameServer”=75.75.76.76 75.75.75.75
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}]
“DhcpNameServer”=75.75.76.76 75.75.75.75
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameter s\Interfaces{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}]
“DhcpNameServer”=75.75.76.76 75.75.75.75
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}]
“DhcpNameServer”=75.75.76.76 75.75.75.75
---------- | Applications
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : “C:\Windows\eHome\ehshell.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : “C:\Program Files\Internet Explorer\iexplore.exe” %1
[HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : “C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen “%1”
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\QuickTimePlayer .exe] : C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe “%1”
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file “%1”
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoGallery .exe] : “C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe” /LaunchPhotoViewer /v “%1”
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer. dll] : “C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe” /LaunchPhotoViewer /v “%1”
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehs hell.exe] : “C:\Windows\eHome\ehshell.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iex plore.exe] : “C:\Program Files\Internet Explorer\iexplore.exe” %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Mov ieMaker.exe] : “C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\not epad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois .exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\pho toviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Qui ckTimePlayer.exe] : C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc .exe] : “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLX PhotoGallery.exe] : “C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe” /LaunchPhotoViewer /v “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLX PhotoViewer.dll] : “C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe” /LaunchPhotoViewer /v “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmp layer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wor dpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”
---------- | SvcHost (Whitelist)
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
“regsvc”=RemoteRegistry
“DcomLaunch”=Power
PlugPlay
DcomLaunch
“secsvcs”=WinDefend
“bthsvcs”=bthserv
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=Power
PlugPlay
DcomLaunch
---------- | SvcHost - Netsvcs (Whitelist)
---------- | Software
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Adobe]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\AppDataLow]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Apple Inc.]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Avg]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\AVG Web TuneUp]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\BitTorrent]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\BugSplat]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Canon]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Chromium]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\CineForm]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Clients]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\CyberLink]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Digital River Mso]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Elantech]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\EPSON]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Geek Uninstaller]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Google]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\GoPro]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\IM Providers]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Intel]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\JavaSoft]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Lake]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Leadertech]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Local AppWizard-Generated Applications]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Macromedia]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Malwarebytes]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Malwarebytes’ Anti-Malware]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\MCAFEE]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\MichaelOborne]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Mozilla]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Netscape]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Nitro PDF]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\ODBC]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Piriform]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Policies]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\PrivaZer]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\puush]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Realtek]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Renesas Electronics]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Samsung]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Skype]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\SSPrint]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\sysinternals]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Valve]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Wow6432Node]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\ZHP]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\AppDataLow\Software\Canon]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVG]
[HKLM\Software\Best Buy]
[HKLM\Software\Canon]
[HKLM\Software\CBSTEST]
[HKLM\Software\Clients]
[HKLM\Software\Cyberlink]
[HKLM\Software\Dolby]
[HKLM\Software\EPSON]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\GEAR Software]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\Knowles]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee.com]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nitro PDF]
[HKLM\Software\ODBC]
[HKLM\Software\PANDhcpDns]
[HKLM\Software\Patch My PC]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\Samsung]
[HKLM\Software\Sonic]
[HKLM\Software\SRS Labs]
[HKLM\Software\SSPrint]
[HKLM\Software\SSScan]
[HKLM\Software\Symantec]
[HKLM\Software\sysinternals]
[HKLM\Software\TrendMicro]
[HKLM\Software\VideoLAN]
[HKLM\Software\Waves Audio]
[HKLM\Software\WiMax]
[HKLM\Software\Wow6432Node]
[HKLM\Software\ZmnGlobalSDK]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnosti cs]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnostic sProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Apple Computer, Inc.]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\AVG Web TuneUp]
[HKLM\Software\WOW6432Node\Canon]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\EPSON]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\Lake]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Malwarebytes’ Anti-Malware]
[HKLM\Software\WOW6432Node\Malwarebytes’ Anti-Malware (Trial)]
[HKLM\Software\WOW6432Node\McAfee.com]
[HKLM\Software\WOW6432Node\mcafeeupdater]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\MimarSinan]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nitro PDF]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Samsung]
[HKLM\Software\WOW6432Node\Samsung Electronics Co., Ltd.]
[HKLM\Software\WOW6432Node\Samsung Printers]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\SSScan]
[HKLM\Software\WOW6432Node\TrendMicro]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\Yahoo]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStor age]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Script edDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
---------- | Drives
D:
---------- | C:
[25/02/2017 17:57:11] - |SHD| - [65200939] - C:$RECYCLE.BIN
[16/09/2017 07:58:57] - |SHD| - [0] - C:\Config.Msi
[14/07/2009 00:08:56] - |SHD| - [0] - C:\Documents and Settings
[MD5.FF790DCB45FC8CD3EFE42FB73F72C8B5] - [11/08/2015 21:13:18] - |A| - (.-.) - [84] - (0.0.0.0) - C:\DVDPATH.TXT
[MD5.EDE06CD4D95178D6A2DEF6B60BD267F4] - [24/02/2017 10:28:43] - |A| - (.-.) - [42] - (0.0.0.0) - C:\folders.log
[22/02/2017 10:34:47] - |D| - [417327914] - C:\FRST
[MD5.E7832D67AD190A920970CB5ADFC6D5D1] - [02/11/2015 05:28:48] - |A| - (.-.) - [383] - (0.0.0.0) - C:\ftconfig.ini
[01/02/2012 17:32:04] - |D| - [634076] - C:\Intel
[31/07/2012 23:29:56] - |RHD| - [649878279] - C:\MSOCache
[MD5.EF5C9109EFF3C3E8F3794DB4A02BE79E] - [23/06/2015 00:41:38] - |A| - (.-.) - [9216] - (0.0.0.0) - C:\My3DGraph.grf
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/02/2012 21:50:10] - |ASH| - (.-.) - [6351798272] - (0.0.0.0) - C:\pagefile.sys
[13/07/2009 22:20:08] - |D| - [0] - C:\PerfLogs
[13/07/2009 22:20:08] - |RD| - [1767108897] - C:\Program Files
[13/07/2009 22:20:08] - |D| - [6931281643] - C:\Program Files (x86)
[13/07/2009 22:20:08] - |HD| - [2860198009] - C:\ProgramData
[07/10/2017 12:46:57] - |D| - [262052] - C:\QuickDiag
[MD5.C46D7C4162AFEEB097412EAE52123CEB] - [07/10/2017 12:47:05] - |A| - (.-.) - [103611] - (0.0.0.0) - C:\QuickDiag.txt
[01/06/2012 04:28:25] - |SHD| - [172384274] - C:\Recovery
[MD5.260EDE6FDA5C1FCA0E47D99483BA2714] - [01/02/2012 17:33:30] - |A| - (.-.) - [2184] - (0.0.0.0) - C:\RHDSetup.log
[MD5.ECB410F70405A7EDCE21207350940EC2] - [24/02/2017 10:18:28] - |A| - (.-.) - [3077] - (0.0.0.0) - C:\runcheck.txt
[MD5.2A51B7CDB1CF3D525AFED6A90BBECF62] - [01/02/2012 17:33:30] - |A| - (.-.) - [163] - (0.0.0.0) - C:\setup.log
[02/02/2012 10:27:44] - |SHD| - [0] - C:\System Volume Information
[MD5.986D6F28E3411BCCC1F857AB9629DAE6] - [23/02/2017 08:09:33] - |A| - (.-.) - [810] - (0.0.0.0) - C:\TONYA-PC.rtf
[13/07/2009 22:20:08] - |RD| - [18590676982] - C:\Users
[13/07/2009 22:20:08] - |D| - [42563124916] - C:\Windows
[MD5.F5C006622F21D4ED4F748448FEE14968] - [15/11/2016 22:37:24] - |A| - (.-.) - [14876] - (0.0.0.0) - C:\WirelessDiagLog.csv
[24/02/2017 15:53:35] - |D| - [129] - C:\zoek
[MD5.A4C1B82897B7D7352CD71072D1E03C14] - [24/02/2017 10:19:11] - |A| - (.-.) - [3207] - (0.0.0.0) - C:\zoek-results.log
[MD5.C4A143BFB9B30D672D2C069DAF13E371] - [24/02/2017 15:44:25] - |A| - (.-.) - [2743] - (0.0.0.0) - C:\zoek-results2017-02-24-152905.log
[24/02/2017 10:18:26] - |D| - [26109913] - C:\zoek_backup
---------- | C:\windows
[14/07/2009 00:32:38] - |D| - [802] - C:\windows\addins
[13/07/2009 22:20:08] - |D| - [43689776] - C:\windows\AppCompat
[13/07/2009 22:20:08] - |D| - [10989676] - C:\windows\AppPatch
[01/02/2012 18:24:03] - |D| - [106352] - C:\windows\ar
[13/07/2009 22:20:08] - |RSD| - [1665810188] - C:\windows\assembly
[MD5.317CD1CE327B6520BF4EE007BCD39E61] - [20/11/2010 22:24:22] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [71168] - (6.1.7601.17514) - C:\windows\bfsvc.exe
[01/02/2012 18:24:07] - |D| - [107376] - C:\windows\bg
[13/07/2009 22:20:09] - |D| - [29188318] - C:\windows\Boot
[MD5.2B2D096F4B9E9B89C36DA022ADDAB2F9] - [14/07/2009 00:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\windows\bootstat.dat
[13/07/2009 22:20:09] - |D| - [2418176] - C:\windows\Branding
[01/02/2012 18:24:11] - |D| - [106864] - C:\windows\cs
[MD5.235618680EE3BD8EA9B9785358151D21] - [01/02/2012 18:34:56] - |A| - (.-.) - [10] - (0.0.0.0) - C:\windows\Csup.txt
[13/07/2009 22:20:09] - |D| - [2113488] - C:\windows\Cursors
[01/02/2012 18:24:14] - |D| - [106864] - C:\windows\da
[01/02/2012 18:24:17] - |D| - [107888] - C:\windows\de
[13/07/2009 23:45:54] - |D| - [680487] - C:\windows\debug
[14/07/2009 00:32:38] - |D| - [3003724] - C:\windows\diagnostics
[14/07/2009 00:37:46] - |D| - [0] - C:\windows\DigitalLocker
[29/01/2013 20:36:49] - |D| - [1924593] - C:\windows\Downloaded Installations
[14/07/2009 00:32:38] - |D| - [65] - C:\windows\Downloaded Program Files
[01/02/2012 20:25:37] - |D| - [117965961] - C:\windows\ehome
[01/02/2012 18:24:21] - |D| - [107888] - C:\windows\el
[01/02/2012 18:26:30] - |D| - [106864] - C:\windows\en
[14/07/2009 00:37:46] - |D| - [110080] - C:\windows\en-US
[MD5.EDBA75522C06F1772CCD2441857F26C7] - [05/06/2012 18:31:04] - |A| - (.-.) - [44] - (0.0.0.0) - C:\windows\EPNX100.ini
[MD5.2A66E81AE941E54A237490FC35D387C8] - [31/05/2012 08:15:39] - |A| - (.-.) - [1945] - (0.0.0.0) - C:\windows\epplauncher.mif
[01/02/2012 18:24:24] - |D| - [107376] - C:\windows\es
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [12/10/2016 20:31:01] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [3229696] - (6.1.7601.23537) - C:\windows\explorer.exe
[01/02/2012 18:24:28] - |D| - [106864] - C:\windows\fi
[13/07/2009 22:20:09] - |RSD| - [397324495] - C:\windows\Fonts
[01/02/2012 18:24:31] - |D| - [107376] - C:\windows\fr
[MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [13/07/2009 18:22:13] - |A| - (.© Microsoft Corporation. - BitLocker Drive Encryption Servicing Utility.) - [15360] - (6.1.7600.16385) - C:\windows\fveupdate.exe
[13/07/2009 22:20:09] - |D| - [32090797] - C:\windows\Globalization
[01/02/2012 18:24:35] - |D| - [106352] - C:\windows\he
[13/07/2009 22:20:09] - |D| - [29929539] - C:\windows\Help
[MD5.A66E522F3CBFB8709EA37844922A002E] - [13/06/2017 18:00:33] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [733696] - (6.1.7601.23834) - C:\windows\HelpPane.exe
[MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [13/07/2009 19:29:03] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [16896] - (6.1.7600.16385) - C:\windows\hh.exe
[MD5.0D776C3A36F2B6E657939BB96096E070] - [21/11/2010 02:16:47] - |A| - (.-.) - [48223] - (0.0.0.0) - C:\windows\HomeBasic.xml
[MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [01/02/2012 20:26:04] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\windows\HomePremium.xml
[MD5.1FE78FF8E40A21AC4B9B3FA15AAA7A54] - [01/02/2012 18:07:54] - |A| - (.(c) Samsung Electronics. - HotfixChecker.) - [407040] - (1.0.0.2) - C:\windows\HotfixChecker.exe
[MD5.981A237904ADDC01FAC22F7D8AC0A977] - [01/02/2012 17:53:35] - |A| - (.-.) - [2686] - (0.0.0.0) - C:\windows\HotFixList.ini
[01/02/2012 18:24:39] - |D| - [107376] - C:\windows\hr
[01/02/2012 18:24:43] - |D| - [106864] - C:\windows\hu
[13/07/2009 22:20:09] - |D| - [143546732] - C:\windows\IME
[13/07/2009 22:20:10] - |D| - [133279302] - C:\windows\inf
[01/02/2012 17:35:00] - |SHD| - [12548795767] - C:\windows\Installer
[01/02/2012 18:24:46] - |D| - [106864] - C:\windows\it
[01/02/2012 18:24:50] - |D| - [105328] - C:\windows\ko
[13/07/2009 22:20:10] - |D| - [48371] - C:\windows\L2Schemas
[13/07/2009 22:20:10] - |D| - [0] - C:\windows\LiveKernelReports
[13/07/2009 22:20:10] - |D| - [87296235] - C:\windows\Logs
[01/02/2012 18:24:53] - |D| - [107376] - C:\windows\lt
[01/02/2012 18:24:57] - |D| - [106864] - C:\windows\lv
[13/07/2009 22:20:10] - |RSD| - [13358214] - C:\windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [13/07/2009 19:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\windows\mib.bin
[13/07/2009 22:20:10] - |D| - [754514409] - C:\windows\Microsoft.NET
[19/01/2014 11:28:41] - |D| - [4014] - C:\windows\Migration
[01/10/2017 21:09:22] - |D| - [276313] - C:\windows\Minidump
[13/07/2009 22:20:10] - |D| - [0] - C:\windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [13/07/2009 21:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\windows\msdfmap.ini
[01/02/2012 20:24:08] - |D| - [75566347] - C:\windows\MSetup
[01/02/2012 18:25:01] - |D| - [107376] - C:\windows\nl
[01/02/2012 18:25:05] - |D| - [107376] - C:\windows\no
[MD5.B32189BDFF6E577A92BAA61AD49264E6] - [08/09/2015 17:31:37] - |A| - (.© Microsoft Corporation. - Notepad.) - [193536] - (6.1.7601.18917) - C:\windows\notepad.exe
[MD5.7794CC01EE5C65F8BA057C548B862E66] - [01/10/2017 17:46:00] - |A| - (.-.) - [527046] - (0.0.0.0) - C:\windows\ntbtlog.txt
[14/07/2009 00:32:38] - |D| - [65] - C:\windows\Offline Web Pages
[11/02/2011 14:57:05] - |D| - [698523] - C:\windows\Panther
[01/02/2012 18:18:47] - |D| - [0] - C:\windows\PCHEALTH
[14/07/2009 00:32:38] - |D| - [62305402] - C:\windows\Performance
[MD5.846CB36F0CF050CD2436C6F06E738D80] - [24/02/2017 14:52:46] - |A| - (.-.) - [6368] - (0.0.0.0) - C:\windows\PFRO.log
[01/02/2012 18:31:55] - |D| - [107376] - C:\windows\pl
[13/07/2009 22:20:10] - |D| - [1109514] - C:\windows\PLA
[13/07/2009 22:20:10] - |D| - [2360204] - C:\windows\PolicyDefinitions
[11/02/2011 14:58:10] - |D| - [45940032] - C:\windows\Prefetch
[MD5.9ED422FB854BBD72616989C0ABE306D1] - [09/02/2011 23:03:48] - |A| - (.-.) - [326] - (0.0.0.0) - C:\windows\primopdf.ini
[23/02/2017 16:49:13] - |D| - [0] - C:\windows\pss
[01/02/2012 18:31:59] - |D| - [107376] - C:\windows\pt-br
[01/02/2012 18:32:04] - |D| - [107888] - C:\windows\pt-pt
[MD5.2E2C937846A0B8789E5E91739284D17A] - [13/07/2009 18:27:10] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [427008] - (6.1.7600.16385) - C:\windows\regedit.exe
[13/07/2009 22:20:10] - |D| - [22588] - C:\windows\registration
[MD5.9D40BFEF0B34CBC1E3A074A6E7D9644A] - [01/02/2012 18:43:03] - |A| - (.-.) - [44378] - (0.0.0.0) - C:\windows\Report.htm
[13/07/2009 22:20:10] - |D| - [4218339] - C:\windows\rescache
[MD5.B543F54C0E5C551066129C389CA3BF26] - [03/02/2012 13:37:34] - |A| - (.TODO: (c) . - TODO: .) - [423936] - (1.0.0.1) - C:\windows\Reseal64.exe
[13/07/2009 22:20:10] - |D| - [1676583] - C:\windows\Resources
[01/02/2012 18:32:08] - |D| - [107376] - C:\windows\ro
[MD5.568F4520EE62383F7B14C1B403E4D7FC] - [01/02/2012 17:33:30] - |N| - (.Copyright (C) 2011 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1698408] - (1.0.3.0) - C:\windows\RtlExUpd.dll
[01/02/2012 18:32:12] - |D| - [106864] - C:\windows\ru
[MD5.C45ED6183D5A8A47BA338CF1D334CC77] - [01/02/2012 17:40:41] - |A| - (.Copyright © 2004-2010 Jan Kolarik & Ondrej Vaverka - Screensaver created with InstantStorm.) - [14392507] - (2.0.0.0) - C:\windows\Samsung Astro Orbit I.scr
[MD5.F53B03707C7ED9A9D69393FD84E5B6CD] - [01/02/2012 17:40:43] - |A| - (.-.) - [16018] - (0.0.0.0) - C:\windows\Samsung.png
[13/07/2009 22:20:10] - |D| - [0] - C:\windows\SchCache
[13/07/2009 22:20:10] - |D| - [58021] - C:\windows\schemas
[11/02/2011 14:56:44] - |D| - [241744] - C:\windows\Sec
[13/07/2009 22:20:10] - |D| - [1056768] - C:\windows\security
[13/07/2009 23:45:47] - |D| - [288445506] - C:\windows\ServiceProfiles
[13/07/2009 22:20:10] - |D| - [235370137] - C:\windows\servicing
[MD5.2226109C5FCC0BD014F40D50432DE3EA] - [01/02/2012 18:34:53] - |A| - (.Copyright (C) 2005 - SetDisplayResolution MFC Program.) - [307200] - (1.2.0.8) - C:\windows\SetDisplayResolution.exe
[MD5.99781C9D6344FB1D65D93B962B508942] - [01/02/2012 18:34:53] - |A| - (.-.) - [3282] - (0.0.0.0) - C:\windows\SetDisplayResolutionDT.xml
[MD5.201FDD2F8231EF33C1D9210577624F4D] - [01/02/2012 18:34:53] - |A| - (.-.) - [3282] - (0.0.0.0) - C:\windows\SetDisplayResolutionNP.xml
[MD5.4673C94AEE1AD9C4BEAE58ECC3DBC2B8] - [01/02/2012 17:58:40] - |A| - (.Samsung Electronics Co., Ltd. - SetLCDStretchMode.) - [345600] - (1.0.2.1) - C:\windows\SetLCDStretchMode.exe
[13/07/2009 23:45:50] - |D| - [13802] - C:\windows\Setup
[MD5.3F76D0BC023FA554AC88B05C05BEAE62] - [24/02/2017 14:53:43] - |A| - (.-.) - [1714] - (0.0.0.0) - C:\windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/02/2017 14:53:43] - |A| - (.-.) - [0] - (0.0.0.0) - C:\windows\setuperr.log
[01/02/2012 20:25:37] - |D| - [35886] - C:\windows\ShellNew
[01/02/2012 18:32:16] - |D| - [107376] - C:\windows\sk
[01/02/2012 18:32:21] - |D| - [107376] - C:\windows\sl
[MD5.A34D5E02AA86ECAC7B3B19B1EFABD07D] - [01/02/2012 17:56:19] - |A| - (.-.) - [433] - (0.0.0.0) - C:\windows\SlientUninstall.iss
[01/02/2012 17:36:34] - |D| - [1348475432] - C:\windows\SoftwareDistribution
[13/07/2009 22:20:10] - |D| - [181014046] - C:\windows\Speech
[MD5.127AA81343A7C6F665C22CB1293B0A90] - [20/08/2012 07:29:53] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\windows\splwow64.exe
[01/02/2012 18:32:25] - |D| - [107376] - C:\windows\sr-latn-cs
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 00:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\windows\Starter.xml
[03/01/2013 20:27:38] - |D| - [0] - C:\windows\Sun
[MD5.6306FFC26C6F488E517175881D76FF77] - [01/02/2012 20:20:44] - |A| - (.Copyright (C) 2010 - Samsung Universal Print Utility.) - [258864] - (2.1.5.0) - C:\windows\SUPDRun.exe
[MD5.BC4133E8F2311394FF990DE5A8F2F7D9] - [01/06/2012 04:41:18] - |A| - (.-.) - [562718] - (0.0.0.0) - C:\windows\surbey.ico
[01/02/2012 18:32:30] - |D| - [106864] - C:\windows\sv
[13/07/2009 22:20:10] - |D| - [0] - C:\windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [13/07/2009 21:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\windows\system.ini
[13/07/2009 22:20:10] - |D| - [4391966145] - C:\windows\System32
[13/07/2009 22:20:14] - |D| - [1221517049] - C:\windows\SysWOW64
[13/07/2009 22:20:14] - |D| - [15] - C:\windows\TAPI
[13/07/2009 22:20:14] - |D| - [32554] - C:\windows\Tasks
[13/07/2009 22:20:14] - |D| - [85632846] - C:\windows\Temp
[01/02/2012 18:32:34] - |D| - [106352] - C:\windows\th
[01/02/2012 18:32:39] - |D| - [106864] - C:\windows\tr
[13/07/2009 22:20:14] - |D| - [0] - C:\windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 16:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\windows\twain.dll
[14/07/2009 00:32:38] - |D| - [41207796] - C:\windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [20/11/2010 22:25:10] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\windows\twain_32.dll
[01/02/2012 17:58:07] - |D| - [10270866] - C:\windows\twain_64
[MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 17:47:26] - |A| - (.- Twain_32.dll Client’s 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [13/07/2009 19:14:40] - |A| - (.- Twain.dll Client’s 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\windows\twunk_32.exe
[13/07/2009 22:20:14] - |D| - [12420] - C:\windows\Vss
[13/07/2009 22:20:14] - |D| - [41213768] - C:\windows\Web
[MD5.43E89724BB8934402DABB6990F2C64CA] - [01/02/2012 17:58:17] - |A| - (.- INF Scanner Installer.) - [142128] - (1.0.71.0) - C:\windows\wiainst64.exe
[MD5.B31FFE3250040EE72E63CDA5A8A18EE6] - [13/07/2009 21:34:57] - |A| - (.-.) - [387] - (0.0.0.0) - C:\windows\win.ini
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [13/07/2009 23:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\windows\WindowsShell.Manifest
[MD5.FF5C9806B4297C688AAA456E60042659] - [01/02/2012 17:36:33] - |A| - (.-.) - [1376339] - (0.0.0.0) - C:\windows\WindowsUpdate.log
[MD5.1D420D66250BCAAAED05724FB34008CF] - [13/07/2009 19:12:29] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.1.7600.16385) - C:\windows\winhlp32.exe
[13/07/2009 22:20:14] - |D| - [18470786136] - C:\windows\winsxs
[MD5.4D620865394151B96C54752B743D6D12] - [13/05/2011 01:42:24] - |A| - (.© 2010 Microsoft Corporation. - Windows Live Photos Screen Saver.) - [302448] - (15.4.3538.513) - C:\windows\WLXPGSS.SCR
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 15:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\windows\WMSysPr9.prx
[MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [13/07/2009 18:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\windows\write.exe
[MD5.3872EF941069CB15D1B97CA6AB2C2EF7] - [23/02/2017 15:41:03] - |A| - (.-.) - [55237] - (0.0.0.0) - C:\windows\ZAM.krnl.trace
[MD5.88FAD69082A478DBD7A01EDD23475F79] - [23/02/2017 15:41:03] - |A| - (.-.) - [3638575] - (0.0.0.0) - C:\windows\ZAM_Guard.krnl.trace
[01/02/2012 18:32:43] - |D| - [104816] - C:\windows\zh-cn
[01/02/2012 18:32:47] - |D| - [104816] - C:\windows\zh-tw
[MD5.F9F4905664C5B42B49E78EFA12D1A6B6] - [01/02/2012 18:23:47] - |A| - (.-.) - [20] - (0.0.0.0) - C:\windows\Àùr
---------- | C:\windows\System32\GroupPolicy
---------- | Systemroot\System
---------- | Systemroot\Installer (Microsoft Files Whitelisted)
[13/10/2010 18:55:48] - C:\windows\Installer\17d0c2d.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/02/2012 10:42:14] - C:\windows\Installer\17d0fb6.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/06/2015 13:54:19] - C:\windows\Installer\198dbc93.msi : (puush installer - Dean Herbert) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2012 18:27:55] - C:\windows\Installer\1b3fc.msi : (Windows Live Messenger Resources setup package - Корпорация Майкрософт) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2012 18:28:42] - C:\windows\Installer\1b5bd.msi : (Windows Live Mail setup package - Корпорация Майкрософт) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/07/2014 14:59:47] - C:\windows\Installer\1d0cb9e7.msi : (Mission Planner Installer - Michael Oborne) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 03:42:22] - C:\windows\Installer\282d71.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/10/2014 17:12:54] - C:\windows\Installer\2a185ca7.msi : (QuickTime Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/07/2017 15:22:48] - C:\windows\Installer\3059b78e.msi : (Java SE Runtime Environment 8 Update 141 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/07/2017 15:22:39] - C:\windows\Installer\3059b79b.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/02/2017 08:03:06] - C:\windows\Installer\3203861.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/02/2017 08:08:27] - C:\windows\Installer\3203973.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/05/2017 21:11:47] - C:\windows\Installer\38e4d837.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/06/2012 05:50:09] - C:\windows\Installer\394cfe.msi : (Intel(R) Turbo Boost Technology Monitor 2.0 - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2011 13:45:50] - C:\windows\Installer\39f3df.msi : ( - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/06/2011 20:45:52] - C:\windows\Installer\3b2ff.msi : (Intel® PROSet/Wireless WiMAX Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/01/2011 12:21:18] - C:\windows\Installer\3b306.msi : (Intel(R) WiFi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2012 17:36:56] - C:\windows\Installer\3b30f.msi : (Asmedia ASM104x USB 3.0 Host Controller Driver - Asmedia Technology) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/12/2010 23:55:32] - C:\windows\Installer\3b314.msi : (USB 3.0 Host Controller Driver - Renesas Electronics Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/07/2010 14:12:44] - C:\windows\Installer\3b31d.msi : (Easy Content Share - Samsung Electronics Co., LTD) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[30/11/2010 18:39:23] - C:\windows\Installer\3b349.msi : (Intel(R) Wireless Display - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/12/2010 11:47:30] - C:\windows\Installer\3b352.msi : ( - Samsung Electronics. Co. Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2012 17:42:55] - C:\windows\Installer\3b359.msi : (Best Buy pc app Setup Installation - Best Buy) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/10/2010 21:20:10] - C:\windows\Installer\3b37b.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/10/2010 14:54:48] - C:\windows\Installer\3b394.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/10/2010 22:54:06] - C:\windows\Installer\3b39a.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/10/2010 20:46:58] - C:\windows\Installer\3b3a0.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/10/2010 21:40:10] - C:\windows\Installer\3b3ac.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/06/2010 01:38:36] - C:\windows\Installer\3b3b4.msi : (Norton Online Backup Installer - Symantec Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 12:16:56] - C:\windows\Installer\3b3c4.msi : ( - Samsung) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/05/2013 21:47:03] - C:\windows\Installer\3b8ba.msi : (Spelling Dictionaries for Adobe Reader 9 - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/01/2013 20:36:49] - C:\windows\Installer\4dda4738.msi : (Amazon Unbox Video - Amazon.com) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[30/04/2012 16:43:42] - C:\windows\Installer\54d8114.msi : (Nitro Reader 2.3.1.7 - Nitro PDF Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/08/2017 17:33:47] - C:\windows\Installer\6c23b245.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/11/2010 23:14:02] - C:\windows\Installer\d4f4e.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/02/2017 11:28:19] - C:\windows\Installer\db7b6.msi : (Visual Studio 2012 x64 Redistributables - AVG Technologies) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/02/2017 11:28:27] - C:\windows\Installer\db7ba.msi : (Visual Studio 2012 x86 Redistributables - AVG Technologies CZ, s.r.o.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/11/2014 20:33:30] - C:\windows\Installer\f28d7f1.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
---------- | %System%*.in*
[13/07/2009 23:57:09] - [73] - C:\windows\System32\desktop.ini
[14/04/2015 22:40:09] - [16303] - C:\windows\System32\ieuinit.inf
[14/07/2009 00:13:15] - [786514] - C:\windows\System32\PerfStringBackup.INI
[10/06/2009 16:01:25] - [60124] - C:\windows\System32\tcpmon.ini
[14/04/2015 22:40:14] - [16303] - C:\windows\Syswow64\ieuinit.inf
[13/07/2009 23:55:01] - [535] - C:\windows\Syswow64\mapisvc.inf
[31/05/2012 08:15:27] - [779128] - C:\windows\Syswow64\PerfStringBackup.INI
[05/06/2012 18:32:05] - [97] - C:\windows\Syswow64\PICSDK.ini
---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:08] - [0 Ko] - C:\windows\AppPatch\Custom\Custom64
[MD5.9B59AB9A6E428972A44E7B2CB174775E] - |A| - [11/07/2017 21:50:19] - (.-.) - [122.74 Ko] - (0.0.0.0) - C:\windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 10:32:46] - [0 Ko] - C:\windows\Temp\93FA44C1-AB37-4530-8216-FD41E873EC12-Sigs
[MD5.7E6C145988519041AD7988F9135FD67C] - |A| - [06/05/2017 14:18:53] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\windows\Temp\AdobeARM.log
[MD5.00000000000000000000000000000000] - |D| - [23/02/2017 15:26:08] - [93.18 Ko] - C:\windows\Temp\Amazon Digital Video
[MD5.5BA0DA98FC377A1FF2D033957762B4BE] - |A| - [20/04/2017 17:45:29] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00000.log
[MD5.BAC51F1182D691D0766D1F37F099CC1E] - |A| - [20/04/2017 17:45:41] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00001.log
[MD5.D2E6A3DF23C63D30D0B87E57C43CC97D] - |A| - [11/05/2017 21:14:44] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00002.log
[MD5.0277F155C44407D32DF1D2636288D9EB] - |A| - [11/05/2017 21:14:57] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00003.log
[MD5.0AFF4C77E3263FC53788747E00A2E945] - |A| - [16/08/2017 19:16:27] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00004.log
[MD5.627E0DA63F26654DFB6AAAE140D18F75] - |A| - [16/08/2017 19:16:38] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00005.log
[MD5.256A3733765A078843DB9D16CCCDCDDB] - |A| - [16/09/2017 07:59:50] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00006.log
[MD5.BC35DEE764FA9C56BD5DE20210E3FED3] - |A| - [16/09/2017 08:00:05] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00007.log
[MD5.9DFA3F7B61C9D399F0E897DD22DB5C86] - |A| - [05/04/2017 21:20:29] - (.-.) - [93.17 Ko] - (0.0.0.0) - C:\windows\Temp\chrome_installer.log
[MD5.8D182D57D22C6636FB7285CD48D3E27A] - |A| - [20/08/2017 19:06:18] - (.© McAfee, Inc. - McAfee Scanner Content Installer.) - [1519.46 Ko] - (3.0.113.1) - C:\windows\Temp\contentDATs.exe
[MD5.00000000000000000000000000000000] - |D| - [05/04/2017 21:20:29] - [0.04 Ko] - C:\windows\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [26/09/2017 18:51:46] - [112.61 Ko] - C:\windows\Temp\CR_DA55A.tmp
[MD5.AC662664040332780AF0794FB515E529] - |A| - [11/05/2017 21:12:10] - (.-.) - [1.22 Ko] - (0.0.0.0) - C:\windows\Temp\dd_NDP46-KB4014511-x64_decompression_log.txt
[MD5.343613BF114EE8A9887963CEE66FF0DF] - |A| - [20/04/2017 17:43:31] - (.-.) - [1.19 Ko] - (0.0.0.0) - C:\windows\Temp\dd_NDP46-KB4014553-x64_decompression_log.txt
[MD5.4683CC1DF075F6B8EC6DE50592A5D717] - |A| - [16/09/2017 07:58:13] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\windows\Temp\dd_ndp46-kb4040973-x64_decompression_log.txt
[MD5.0808B888682676D4389AF26D7BE3E98F] - |A| - [16/08/2017 19:14:02] - (.-.) - [1.22 Ko] - (0.0.0.0) - C:\windows\Temp\dd_ndp47-kb3186495-x86-x64-enu_decompression_log.txt
[MD5.DDBED41C03998190104FB1CF2477EC78] - |A| - [16/08/2017 19:14:22] - (.-.) - [1.61 Ko] - (0.0.0.0) - C:\windows\Temp\dd_SetupUtility.txt
[MD5.28D23AE961411B3F25B2FDF35C32E483] - |A| - [20/04/2017 17:45:18] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170420_224518_107 .txt
[MD5.1B202C8CAC53799B27EB1352688DE0EF] - |A| - [20/04/2017 17:45:21] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170420_224521_370 .txt
[MD5.D53DC8E5B24F6B083FB5FC0DDECFBF0D] - |A| - [11/05/2017 21:14:33] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170512_021433_494 .txt
[MD5.7ADAE560EB924182D94458F0906D49D7] - |A| - [11/05/2017 21:14:35] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170512_021435_967 .txt
[MD5.7EAB8EF7D42A888C62FF7CB2615B01F6] - |A| - [16/08/2017 19:16:11] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170817_001611_868 .txt
[MD5.0BC5DBC7F449CAE71F153402AC082412] - |A| - [16/08/2017 19:16:23] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170817_001623_385 .txt
[MD5.ADB7CEC88690F956FB03F6803D759D2F] - |A| - [16/09/2017 07:59:39] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170916_125939_988 .txt
[MD5.1D5C84760FFF238EEC4ABEF76AE2CABA] - |A| - [16/09/2017 07:59:44] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170916_125944_466 .txt
[MD5.30326C10B88E7DB189BF93C57A7778DE] - |A| - [07/03/2017 00:19:10] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile00.sqm
[MD5.867F4BC34D3F79899827105F1C2FD434] - |A| - [18/03/2017 11:26:42] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile01.sqm
[MD5.828C2BA1F506F986DF3C71C6E89242D4] - |A| - [03/04/2017 23:28:07] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile02.sqm
[MD5.C53ED116C184F80B4E0F792E26C795C0] - |A| - [04/04/2017 22:47:47] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile03.sqm
[MD5.7E0C93F3B385FE2A35EB8E81B2E7EC25] - |A| - [08/04/2017 22:00:46] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile04.sqm
[MD5.EB9E76AE07DAAE1842C74A79112D9D65] - |A| - [23/04/2017 20:32:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile05.sqm
[MD5.ADB9206E192571D51EB7B7E95FF82302] - |A| - [13/05/2017 09:19:35] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile06.sqm
[MD5.52DBC3FFE257EC3B5F8BA5D1D1B00F2D] - |A| - [29/05/2017 21:39:24] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile07.sqm
[MD5.66EA077045775AD57E676B59EB533412] - |A| - [16/06/2017 11:52:30] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile08.sqm
[MD5.9CEC111855DFC75B92C2EF18537176F2] - |A| - [15/07/2017 05:50:32] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile09.sqm
[MD5.06550C33A19BE2C829B377D651D1B19A] - |A| - [15/07/2017 13:41:26] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile10.sqm
[MD5.74CB0FCF02116D286F9BFC6070038D03] - |A| - [25/07/2017 17:56:13] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile11.sqm
[MD5.8AF8E7A058970644ECBDCE30F83D9F50] - |A| - [25/08/2017 18:20:07] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile12.sqm
[MD5.AA5C10AB7272361A34C891479EE3E7E6] - |A| - [24/09/2017 20:31:04] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile13.sqm
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 16:55:11] - (.-.) - [0 Ko] - (0.0.0.0) - C:\windows\Temp\GUR9C68.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 17:20:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\windows\Temp\GURD01A.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 17:08:10] - (.-.) - [0 Ko] - (0.0.0.0) - C:\windows\Temp\GURD7E7.tmp
[MD5.58B2297376FFF8616A8409768FA2E461] - |A| - [11/05/2017 21:12:46] - (.-.) - [16737.5 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014511_20170511_211232611-Microsoft .NET Framework 4.6.1-MSP0.txt
[MD5.27178A34908ED492F3F7DDAB124FEC88] - |A| - [11/05/2017 21:12:31] - (.-.) - [78.46 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014511_20170511_211232611.html
[MD5.293D9076C25763ABDD53156CA6EAFF66] - |A| - [20/04/2017 17:43:56] - (.-.) - [16043.53 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014553_20170420_174345103-Microsoft .NET Framework 4.6.1-MSP0.txt
[MD5.4F42918F366882F94D5ED265E9224307] - |A| - [20/04/2017 17:43:40] - (.-.) - [77.07 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014553_20170420_174345103.html
[MD5.3BFF186D1C6D775D3F5245B48F199441] - |A| - [16/09/2017 07:58:22] - (.-.) - [8386.28 Ko] - (0.0.0.0) - C:\windows\Temp\KB4040973_20170916_075818822-Microsoft .NET Framework 4.7-MSP0.txt
[MD5.277486BAE87CD544916009CB16DB1119] - |A| - [16/09/2017 07:58:18] - (.-.) - [97.14 Ko] - (0.0.0.0) - C:\windows\Temp\KB4040973_20170916_075818822.html
[MD5.B147C6BAA0DD641BF45D9F45273E1B88] - |A| - [16/08/2017 19:14:26] - (.-.) - [20273.38 Ko] - (0.0.0.0) - C:\windows\Temp\Microsoft .NET Framework 4.7 Setup_20170816_191418963-MSI_netfx_Full_x64.msi.txt
[MD5.CA18E82FAA86AE12DD4EA1DA5B0D091B] - |A| - [16/08/2017 19:14:16] - (.-.) - [629.24 Ko] - (0.0.0.0) - C:\windows\Temp\Microsoft .NET Framework 4.7 Setup_20170816_191418963.html
[MD5.489FAFE1FE704CC2CA4C007E200F347A] - |A| - [24/02/2017 15:05:11] - (.-.) - [669.53 Ko] - (0.0.0.0) - C:\windows\Temp\MpCmdRun.log
[MD5.18ABBA0D6A7464BA61597855BDF77AEE] - |A| - [25/02/2017 15:05:54] - (.-.) - [750.32 Ko] - (0.0.0.0) - C:\windows\Temp\MpSigStub.log
[MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [16/08/2017 19:16:29] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI5BDB.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [16/08/2017 19:16:29] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI5BDB.tmp-tmp
[MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [16/09/2017 07:59:52] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI7258.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [16/09/2017 07:59:52] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI7258.tmp-tmp
[MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [11/05/2017 21:14:46] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI8A8C.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [11/05/2017 21:14:46] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI8A8C.tmp-tmp
[MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [20/04/2017 17:45:31] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI930D.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [20/04/2017 17:45:31] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI930D.tmp-tmp
[MD5.0EFB76D2BBBD8BDDE4CE34A95CC23128] - |A| - [20/08/2017 19:05:45] - (.� McAfee, Inc. - McAfee Security Scan Plus Installer.) - [10770.2 Ko] - (3.11.599.11) - C:\windows\Temp\SecurityScan_Release.exe
[MD5.BDC04751F38DCEF295D41D302BEC95BD] - |A| - [15/03/2017 20:48:49] - (.-.) - [2.44 Ko] - (0.0.0.0) - C:\windows\Temp\Silverlight0.log
[MD5.FBDCC249F1DCA09C7B842435A10DD889] - |A| - [15/03/2017 20:48:50] - (.-.) - [6530.87 Ko] - (0.0.0.0) - C:\windows\Temp\SilverlightMSI.log
[MD5.9D70F869D2ACAF37620074A2A3A72B85] - |A| - [11/05/2017 21:18:58] - (.-.) - [1.71 Ko] - (0.0.0.0) - C:\windows\Temp\TFR65C2.tmp
[MD5.59071590099D21DD439896592338BF95] - |AT| - [01/10/2017 17:20:14] - (.-.) - [512 Ko] - (0.0.0.0) - C:\windows\Temp\TMPAEB0815EAF4C0FAE
[MD5.3E2268E5841EA0B41B6867A8D767592F] - |A| - [25/09/2017 21:34:37] - (.-.) - [12 Ko] - (0.0.0.0) - C:\windows\Temp\WFV1FE8.tmp
[MD5.00000000000000000000000000000000] - |D| - [12/09/2017 22:00:21] - [98.44 Ko] - C:\windows\Temp{B63B41E2-D092-4D68-B86E-1388601C43B0}
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [0 Ko] - C:\windows\System32\0409
[MD5.6581B78CE6B5107CE071146097A874FD] - |AH| - [13/07/2009 23:45:49] - (.-.) - [28.17 Ko] - (0.0.0.0) - C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.6581B78CE6B5107CE071146097A874FD] - |AH| - [13/07/2009 23:45:49] - (.-.) - [28.17 Ko] - (0.0.0.0) - C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [4987.5 Ko] - C:\windows\System32\AdvancedInstallers
[MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [13/07/2009 20:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\windows\System32\brcoinst.dll
[MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [13/07/2009 19:07:04] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |HD| - [25/10/2013 22:07:01] - [3229.78 Ko] - C:\windows\System32\CanonIJ Uninstaller Information
[MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [13/07/2009 18:56:54] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\windows\System32\CardGames.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [134675.91 Ko] - C:\windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [27623.76 Ko] - C:\windows\System32\catroot2
[MD5.EA88F93CA71EDEB959BB483998E84730] - |A| - [20/06/2014 19:43:56] - (.-.) - [12.5 Ko] - (0.0.0.0) - C:\windows\System32\CNC1747D.TBL
[MD5.022E082550DB4ABA33AAF06DD1C9048D] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - WIA Scanner Driver 64-bit Edition.) - [1322.5 Ko] - (1.0.0.0) - C:\windows\System32\CNC495C.dll
[MD5.8E29A4B8746BB7146F420DDB3192F20C] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - WIA Scanner Driver Image Enhancement dll 64-bit Edition.) - [109.5 Ko] - (1.0.0.0) - C:\windows\System32\CNC495I.dll
[MD5.2DC005681DEA0EB6E710940035DE9DE7] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - LLD.) - [340.5 Ko] - (1.0.0.0) - C:\windows\System32\CNC495L.dll
[MD5.832AC9632BC028DE0FC6F405D991E406] - |A| - [03/06/2010 06:12:14] - (.Copyright CANON INC. 2010 All Rights Reserved - Canon WIA scanner co-installer 64bit Edition.) - [101 Ko] - (3.1.2.60) - C:\windows\System32\CNC495O.dll
[MD5.493574E218AA18161D14EECFD572A0E8] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [17.5 Ko] - (1.4.1.1) - C:\windows\System32\CNHMCA6.dll
[MD5.09F6C9BF8B22D230CA73CBF17C5F9700] - |A| - [25/10/2013 22:06:13] - (.Copyright CANON INC. 2006-2010 All Rights Reserved - Canon IJ Driver Installer.) - [242.5 Ko] - (1.8.0.70) - C:\windows\System32\CNMIUA9.DLL
[MD5.93B9E4D0B7BD601372C5B50FE0381533] - |A| - [20/06/2014 19:44:13] - (.Copyright CANON INC. 2000-2011 All Rights Reserved - IJ Language Monitor.) - [376 Ko] - (0.3.0.1) - C:\windows\System32\CNMLMA9.DLL
[MD5.A14F896D4E5314E4E8732F894661F03B] - |A| - [25/10/2013 22:05:46] - (.Copyright CANON INC. 2003-2010 All Rights Reserved - Canon IJ Network 64bit comm Module.) - [320 Ko] - (2.7.0.60) - C:\windows\System32\CNMN6PPM.DLL
[MD5.45D92AA41553C4F6E6D8518EB1C291F6] - |A| - [25/10/2013 22:05:47] - (.Copyright CANON INC. 2003-2010 All Rights Reserved - Canon IJ Network 64bit UI Module.) - [36.5 Ko] - (2.7.0.60) - C:\windows\System32\CNMN6UI.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [10610.8 Ko] - C:\windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [357 Ko] - C:\windows\System32\com
[MD5.00000000000000000000000000000000] - |SD| - [07/05/2014 21:11:10] - [4945.69 Ko] - C:\windows\System32\CompatTel
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [471497.87 Ko] - C:\windows\System32\config
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [432 Ko] - C:\windows\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [427.5 Ko] - C:\windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [457.5 Ko] - C:\windows\System32\de-DE
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [13/07/2009 23:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\windows\System32\desktop.ini
[MD5.3550D4BCB4796300EF119605FA68D9A0] - |A| - [01/02/2012 20:17:27] - (.-.) - [175.52 Ko] - (0.0.0.0) - C:\windows\System32\difx64.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [5314 Ko] - C:\windows\System32\Dism
[MD5.5F06A5E87DD2A416045E08A80AD5D03F] - |A| - [13/06/2011 20:38:10] - (.Copyright (C) 2007 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [621 Ko] - (6.5.1037.1) - C:\windows\System32\DMWrapper.dll
[MD5.B6EE79D3648E51767FADFA593F91D92C] - |A| - [13/06/2011 20:29:54] - (.Copyright (C) 2007 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [443.5 Ko] - (6.5.1037.1) - C:\windows\System32\DnDWrapper.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [72795.62 Ko] - C:\windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [1269733.38 Ko] - C:\windows\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [15/09/2014 20:49:56] - [0 Ko] - C:\windows\System32\DRVSTORE
[MD5.355AF0E5CD3E8F52C5BFFDE2BA6788AB] - |A| - [01/02/2012 20:20:43] - (.Copyright (C) 2010 - Samsung Universal Print Driver I/O Manager.) - [351 Ko] - (2.1.0.2) - C:\windows\System32\DscPnt.dll
[MD5.8B5A737AD11EF45D9B1AEB4ED6884968] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [711.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSBassEnhancementDLL64.dll
[MD5.21B38D4D86A87909491F690883AE6D1E] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Boost COM DLL.) - [1452.1 Ko] - (1.0.0.1) - C:\windows\System32\DTSBoostDLL64.dll
[MD5.FF31A2F57AAAB58DB78FCC961A58B206] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [418.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSGainCompensatorDLL64.dll
[MD5.BC0474E5476E5EA0D0E1AA5AC41E2061] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS GFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\windows\System32\DTSGFXAPO64.dll
[MD5.3B8FB5376F5431C0101747D5138BCB9B] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS GFX APO.) - [236.1 Ko] - (1.0.0.3) - C:\windows\System32\DTSGFXAPONS64.dll
[MD5.B3977C8BA77559F4F8752AE8EB724C87] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS LFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\windows\System32\DTSLFXAPO64.dll
[MD5.192A03A21636D3775CEE4C049C3BEB2A] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Limiter COM DLL.) - [422.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSLimiterDLL64.dll
[MD5.2EF5442E8E7ED20F7634EEFB09640C8F] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [479.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSNeoPCDLL64.dll
[MD5.F7C357462077156DC211AC2112FC8C53] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1531.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSS2HeadphoneDLL64.dll
[MD5.F132C08BD8C58579B400DFAA71F34CFB] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1715.1 Ko] - (1.0.0.1) - C:\windows\System32\DTSS2SpeakerDLL64.dll
[MD5.9948969B2C1987B1D64789EFEB284A84] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Symmetry COM DLL.) - [695.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSSymmetryDLL64.dll
[MD5.DE32448E6B40141C80DAABFF6FBE1744] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [677.1 Ko] - (1.0.0.1) - C:\windows\System32\DTSVoiceClarityDLL64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [457 Ko] - C:\windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [1804 Ko] - C:\windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [35007.27 Ko] - C:\windows\System32\en-US
[MD5.46B8E04B3C35CB93F89EF27746D7A908] - |A| - [13/07/2009 20:20:15] - (.Copyright (C) SEIKO EPSON CORPORATION 2008. - Epson Printer Driver.) - [76 Ko] - (1.0.0.0) - C:\windows\System32\EP0SLM01.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [448 Ko] - C:\windows\System32\es-ES
[MD5.5FFF863DB5BC54685FEF62886C51E899] - |A| - [05/06/2012 18:31:40] - (.Copyright (C) SEIKO EPSON CORP. 2006 - EPSON WIA Module.) - [82 Ko] - (1.7.3.1) - C:\windows\System32\esxcwiad.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [160.5 Ko] - C:\windows\System32\et-EE
[MD5.36883ACDE963E75C32BBCBD94838A10A] - |A| - [13/06/2011 20:24:56] - (.-.) - [2 Ko] - (0.0.0.0) - C:\windows\System32\EventLogMessages.dll
[MD5.9891511E620B74DAC5FC6376667F10BE] - |A| - [05/06/2012 18:58:51] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2007. - ECBTEGB AMD64.) - [79.5 Ko] - (2.1.0.0) - C:\windows\System32\E_IBCBEDA.DLL
[MD5.2A07D47A4E19ABA5857CF159E4B83C1E] - |A| - [11/11/2013 19:55:17] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\windows\System32\E_IBCBIBA.DLL
[MD5.5119CA537F22E38019C811C0BE314EC2] - |A| - [05/06/2012 18:58:52] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2007. - EPSON Bi-directional Monitor AMD64.) - [105.5 Ko] - (2.8.0.0) - C:\windows\System32\E_ILMEDA.DLL
[MD5.EC03B2D63A9A3AB25A7062CC9036F453] - |A| - [11/11/2013 19:55:22] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2011. - EPSON Bi-directional Monitor AMD64.) - [117.5 Ko] - (3.3.0.0) - C:\windows\System32\E_ILMIBA.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [430 Ko] - C:\windows\System32\fi-FI
[MD5.FEEF1EF699CC02B998F3B3DAEAE6FEA5] - |A| - [24/02/2017 14:53:08] - (.-.) - [408.52 Ko] - (0.0.0.0) - C:\windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [454 Ko] - C:\windows\System32\fr-FR
[MD5.653CDCA6BE222085FEFEE8B2B94D42F2] - |A| - [31/01/2014 16:22:14] - (.Copyright © 2006-2014 FTDI Ltd. - FTDI USB Serial Converter Property Page Provider.) - [108.86 Ko] - (1.3.0.1) - C:\windows\System32\ftbusui.dll
[MD5.1349D33B23E6A218D57BB507CE9D2B16] - |A| - [31/01/2014 16:22:16] - (.Copyright © 2001-2014 FTDI Ltd. - FTD2XX Dynamic Link Library.) - [252.36 Ko] - (3.2.8.0) - C:\windows\System32\ftd2xx.dll
[MD5.F4446E14847F77B78093E5565D9FEC96] - |A| - [31/01/2014 16:22:16] - (.Copyright © 2001-2013 FTDI Ltd. - FTDI Multi-Lingual Property Page Text Library.) - [210.86 Ko] - (1.5.2.1) - C:\windows\System32\FTLang.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\System32\FxsTmp
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 15:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\windows\System32\gatherNetworkInfo.vbs
[MD5.C3AB41E0AC1FD0A76F6B2ACFF2D026F6] - |A| - [01/02/2012 20:17:27] - (.-.) - [150.75 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ar-SA.resources
[MD5.95010458D8FE989A9701A73A6A3C9CCB] - |A| - [01/02/2012 20:17:27] - (.-.) - [128.81 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.cs-CZ.resources
[MD5.4807D80B51F138D68137C5CCF6666588] - |A| - [01/02/2012 20:17:27] - (.-.) - [124.13 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.da-DK.resources
[MD5.996D188997F062A4B7A6D36D0CADD0DB] - |A| - [01/02/2012 20:17:27] - (.-.) - [133.03 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.de-DE.resources
[MD5.00B110E8451CC833832B4BDE2A9C2DC5] - |A| - [01/02/2012 20:17:27] - (.-.) - [191.09 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.el-GR.resources
[MD5.60E1F44D2BB3243CF57F20555F4BF1D7] - |A| - [01/02/2012 20:17:27] - (.-.) - [119.77 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.en-US.resources
[MD5.E4E57FAFF34A606205B80C400D159A81] - |A| - [01/02/2012 20:17:27] - (.-.) - [132.98 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.es-ES.resources
[MD5.75E69F3FC2A7AE68B2C70CE781C15260] - |A| - [01/02/2012 20:17:27] - (.-.) - [128.38 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.fi-FI.resources
[MD5.B62B5B76EBE28F69F0F9DBA283552AE1] - |A| - [01/02/2012 20:17:27] - (.-.) - [130.94 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.fr-FR.resources
[MD5.B76B7FF4396BC54589ABE49D94992FC5] - |A| - [01/02/2012 20:17:27] - (.-.) - [143.94 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.he-IL.resources
[MD5.247F5387208FA65E58A40DF8D7871A67] - |A| - [01/02/2012 20:17:27] - (.-.) - [127.36 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.hr-HR.resources
[MD5.17621A4FC0896CEA65926548FB30895A] - |A| - [01/02/2012 20:17:27] - (.-.) - [129.75 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.hu-HU.resources
[MD5.323F5D8F5623EA1B95F192E6A24C3E6B] - |A| - [01/02/2012 20:17:27] - (.-.) - [135.39 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.it-IT.resources
[MD5.32967A254EFFE93213A9463C61520BB8] - |A| - [01/02/2012 20:17:27] - (.-.) - [147.8 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ja-JP.resources
[MD5.AB29B5A1E56A2177E009B766EA01239F] - |A| - [01/02/2012 20:17:27] - (.-.) - [133.79 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ko-KR.resources
[MD5.15C92E815FC7FE5933BC538EC864ED2D] - |A| - [01/02/2012 20:17:27] - (.-.) - [124.38 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.nb-NO.resources
[MD5.97DF38E931E5152EB5FD650DF4B85D4F] - |A| - [01/02/2012 20:17:27] - (.-.) - [129.76 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.nl-NL.resources
[MD5.E9DB6BD9A68E934383F6C17EFF0ECD34] - |A| - [01/02/2012 20:17:27] - (.-.) - [128.62 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.pl-PL.resources
[MD5.B0561C3DB5AD76416C0ED2CF1925D1A0] - |A| - [01/02/2012 20:17:27] - (.-.) - [130.2 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.pt-BR.resources
[MD5.635C4388BA353BAAF2D720ACE65D8CA0] - |A| - [01/02/2012 20:17:27] - (.-.) - [129.2 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.pt-PT.resources
[MD5.6BDD8BA6EB2BB04C8CACBADD8DFCD6A3] - |A| - [01/02/2012 20:17:28] - (.-.) - [131.95 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ro-RO.resources
[MD5.F4349F0D97EDF72A70D9BAB8B6B3B6D7] - |A| - [01/02/2012 20:17:28] - (.-.) - [176.02 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ru-RU.resources
[MD5.EFEBE343C2C47474D87F10734538A3AC] - |A| - [01/02/2012 20:17:28] - (.-.) - [128.21 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.sk-SK.resources
[MD5.DFD46E1831E1656BFDE0EF7DB8056AC9] - |A| - [01/02/2012 20:17:28] - (.-.) - [124.61 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.sl-SI.resources
[MD5.BD522E7DC9836177C0B730BF36CC7C85] - |A| - [01/02/2012 20:17:28] - (.-.) - [129.32 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.sv-SE.resources
[MD5.D62F6ED4661EB4B4977F8BBC4C6E43D1] - |A| - [01/02/2012 20:17:28] - (.-.) - [203.45 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.th-TH.resources
[MD5.391439BB43EB98A96AF10F7EC18584BF] - |A| - [01/02/2012 20:17:28] - (.-.) - [130.73 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.tr-TR.resources
[MD5.BF60311546618E46D9F8163B21197F77] - |A| - [01/02/2012 20:17:28] - (.-.) - [112.5 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.zh-CN.resources
[MD5.2B78ED3326A225296FD7E23B2CF15A4A] - |A| - [01/02/2012 20:17:28] - (.-.) - [113.68 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.zh-TW.resources
[MD5.FFB49EE58EF3E271AA25F847D3299047] - |A| - [01/02/2012 20:17:28] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\windows\System32\GfxUI.exe.config
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [0 Ko] - C:\windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [0 Ko] - C:\windows\System32\GroupPolicyUsers
[MD5.105CFE016CCB20175BEACEC146F175AB] - |A| - [01/02/2012 20:17:28] - (.-.) - [92 Ko] - (0.0.0.0) - C:\windows\System32\IccLibDll_x64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [36.27 Ko] - C:\windows\System32\icsxml
[MD5.093C86CD529A3932C9E58C3387DA4AAC] - |A| - [13/07/2009 16:59:35] - (.-.) - [407.56 Ko] - (0.0.0.0) - C:\windows\System32\igcompkrng500.bin
[MD5.481F6E1CD63E09F0516B5E78B35D333E] - |A| - [01/02/2012 20:17:29] - (.-.) - [142.39 Ko] - (0.0.0.0) - C:\windows\System32\igcompkrng600.bin
[MD5.87031985145FE4FC13E8DABF387E78A4] - |A| - [13/07/2009 16:59:36] - (.-.) - [136.55 Ko] - (0.0.0.0) - C:\windows\System32\igfcg500.bin
[MD5.44E5EA6A6AB4D6343B8FBC1DE19B5005] - |A| - [13/07/2009 16:59:36] - (.-.) - [95.16 Ko] - (0.0.0.0) - C:\windows\System32\igfcg500m.bin
[MD5.C079421BCDD8C152F7A1AA013C8B5A98] - |A| - [01/02/2012 20:17:29] - (.-.) - [202.52 Ko] - (0.0.0.0) - C:\windows\System32\igfcg600m.bin
[MD5.6AFDFEE5C401303211ACCCDFD300D721] - |A| - [01/02/2012 20:17:29] - (.Copyright (C) 2010 - CM Runtime Dynamic Link Library.) - [104 Ko] - (1.0.0.2) - C:\windows\System32\igfxcmrt64.dll
[MD5.D4E9ECDDC271B76E8C7C6DCA0AEC9556] - |A| - [01/02/2012 20:17:30] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [90.5 Ko] - (1.2.30.0) - C:\windows\System32\igfxCoIn_v2266.dll
[MD5.1404000553F9B10B275114B64099C5CD] - |A| - [01/02/2012 20:17:29] - (.-.) - [4 Ko] - (1.0.0.0) - C:\windows\System32\IGFXDEVLib.dll
[MD5.71E96C791D10CAACF4867C5AD65FA19B] - |A| - [13/07/2009 16:59:36] - (.-.) - [959.18 Ko] - (0.0.0.0) - C:\windows\System32\igkrng500.bin
[MD5.7764AEA3A2C15976CDF43E7F5BD6E53C] - |A| - [01/02/2012 20:17:30] - (.-.) - [938.42 Ko] - (0.0.0.0) - C:\windows\System32\igkrng600.bin
[MD5.9A014CE65642722D72588D5196F147CE] - |A| - [01/02/2012 20:17:30] - (.-.) - [1945.25 Ko] - (0.0.0.0) - C:\windows\System32\iglhxa64.cpa
[MD5.DB945DDE9D7825BB4A173CD108193C49] - |A| - [01/02/2012 20:17:30] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\windows\System32\iglhxa64.vp
[MD5.A980B0ED5543E3DFD1C21058B06C5A65] - |A| - [01/02/2012 20:17:30] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\windows\System32\iglhxc64.vp
[MD5.82001B2CC6728CE282EF036ABC2BC975] - |A| - [01/02/2012 20:17:30] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\windows\System32\iglhxg64.vp
[MD5.3B6C78580EC3B9A0346D2AD63EC7906A] - |A| - [01/02/2012 20:17:30] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\windows\System32\iglhxo64.vp
[MD5.E6CC8FD97AE9FD7B3A2DA169E7C0EDE2] - |A| - [01/02/2012 20:17:30] - (.-.) - [13.2 Ko] - (0.0.0.0) - C:\windows\System32\iglhxs64.vp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [36875.94 Ko] - C:\windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [0 Ko] - C:\windows\System32\inetsrv
[MD5.B2E8FACE9CD0BD906CBBEACE9C1160C1] - |A| - [01/06/2015 15:05:03] - (.-.) - [24.19 Ko] - (0.0.0.0) - C:\windows\System32\iPod Software License.rtf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [452 Ko] - C:\windows\System32\it-IT
[MD5.8672D1FBB5420FB0A4366FB9186CF592] - |A| - [13/06/2011 20:29:24] - (.Copyright (C) 2007 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [557 Ko] - (6.5.1037.1) - C:\windows\System32\iWmxSDK.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [365 Ko] - C:\windows\System32\ja-JP
[MD5.8E50E3BA76CCD8868EF0415F2C388129] - |A| - [01/02/2012 17:33:32] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [589.33 Ko] - (4.1104.6000.51) - C:\windows\System32\KAAPORT64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [360 Ko] - C:\windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [13/07/2009 21:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [2704.67 Ko] - C:\windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [165 Ko] - C:\windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [166 Ko] - C:\windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [02/06/2012 03:21:06] - [90235.54 Ko] - C:\windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 15:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [1981.88 Ko] - C:\windows\System32\manifeststore
[MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [01/02/2012 17:33:32] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\windows\System32\MaxxAudioAPO20.dll
[MD5.03E0955A7D8E5E74E7F6986A56A66196] - |A| - [01/02/2012 17:33:32] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [333.34 Ko] - (3.2.1.1) - C:\windows\System32\MaxxAudioAPO30.dll
[MD5.87B5AB256A5A068EDDA0F4B4FAC728CC] - |A| - [01/02/2012 17:33:32] - (.Copyright © 1996-2007 -.) - [2145.77 Ko] - (5.9.7.0) - C:\windows\System32\MaxxAudioEQ.dll
[MD5.F5960A7D7DD19FD17F0F5640D7BAFA2A] - |A| - [01/02/2012 17:33:32] - (.Copyright © 1996-2008 -.) - [2185.84 Ko] - (1.2.0.0) - C:\windows\System32\MaxxAudioRealtek.dll
[MD5.CF171618F3999FEB4F95C77A8C376C92] - |A| - [01/02/2012 17:33:32] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [326.84 Ko] - (3.1.0.0) - C:\windows\System32\MaxxVolumeSDAPO.dll
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2009 23:45:42] - [1134.89 Ko] - C:\windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [3464.93 Ko] - C:\windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [37830.93 Ko] - C:\windows\System32\migwiz
[MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [13/07/2009 23:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [22/07/2013 18:21:50] - [0 Ko] - C:\windows\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [4148.28 Ko] - C:\windows\System32\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [11.33 Ko] - C:\windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [422.5 Ko] - C:\windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [512 Ko] - C:\windows\System32\NDF
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 17:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.8194259C88214B45D094239098EE5AE4] - |A| - [03/06/2012 18:33:09] - (.Copyright (C) 2000-2011 Nitro PDF Software - Windows NT Nitro Print PDF Interface Driver.) - [29.02 Ko] - (7.0.0.1) - C:\windows\System32\nitrolocalmon2.dll
[MD5.39170876ED0CF5E35A79A68CE80531A9] - |A| - [03/06/2012 18:33:09] - (.Copyright (C) 2000-2011 Nitro PDF Software - Windows NT Nitro Print PDF Interface Driver.) - [17.52 Ko] - (7.0.0.1) - C:\windows\System32\nitrolocalui2.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [443.5 Ko] - C:\windows\System32\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [13/07/2009 21:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\windows\System32\noise.kor
[MD5.00000000000000000000000000000000] - |D| - [11/02/2011 14:56:44] - [2.67 Ko] - C:\windows\System32\OEM
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 15:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [14327.36 Ko] - C:\windows\System32\oobe
[MD5.02DD9F55F1EE107C41C456DD26529B59] - |A| - [13/07/2009 21:36:59] - (.-.) - [120.44 Ko] - (0.0.0.0) - C:\windows\System32\perfc009.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 15:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [13/07/2009 21:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\windows\System32\perfd009.dat
[MD5.46D04DA6BC0F62B24CFEF596F6B5422B] - |A| - [13/07/2009 21:36:59] - (.-.) - [649.96 Ko] - (0.0.0.0) - C:\windows\System32\perfh009.dat
[MD5.2957533384947F69137557EAF34B08F5] - |A| - [14/07/2009 00:13:15] - (.-.) - [768.08 Ko] - (0.0.0.0) - C:\windows\System32\PerfStringBackup.INI
[MD5.DE230CD4F6B0832084DFB39424F7AB74] - |A| - [13/06/2011 20:25:10] - (.Copyright (C) 2006 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [232 Ko] - (6.5.1037.1) - C:\windows\System32\PipeHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [439 Ko] - C:\windows\System32\pl-PL
[MD5.962874341190719614FC9B37D5DE71F8] - |A| - [03/06/2012 18:31:18] - (.-.) - [92.78 Ko] - (0.0.0.0) - C:\windows\System32\Primomonnt.dll
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:50] - [413.88 Ko] - C:\windows\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [436 Ko] - C:\windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [438.5 Ko] - C:\windows\System32\pt-PT
[MD5.8B211FFCCC2C08DDC0FD023E70A13DD8] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [115.34 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEA64A.dll
[MD5.B90443404596E62B2E60A9EEA5FAF5CA] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [416.34 Ko] - (7.2.7000.6) - C:\windows\System32\R4EED64A.dll
[MD5.E05E98B73A089BC6DDADE5577B64D1E6] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [72.34 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEG64A.dll
[MD5.E0B4052B55114ACD0BFE627AE050E751] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [132.84 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEL64A.dll
[MD5.8D2AF770C4781E11A2AEC2089D5154C5] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [3230.84 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [23.75 Ko] - C:\windows\System32\ras
[MD5.91F5D442F081FC900953F45ED1EE9C17] - |A| - [27/04/2015 10:10:54] - (.Copyright © 2014 Razer Inc. All rights reserved - RazerCoinstaller.) - [78.5 Ko] - (0.0.0.5) - C:\windows\System32\RazerCoinstaller.dll
[MD5.AFB17CFACCCA8C722B92C83DF7C04022] - |A| - [01/02/2012 18:13:37] - (.-.) - [15.61 Ko] - (0.0.0.0) - C:\windows\System32\results.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [169 Ko] - C:\windows\System32\ro-RO
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [01/02/2012 17:33:33] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\windows\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [01/02/2012 17:33:33] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\windows\System32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\windows\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\windows\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\windows\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\windows\System32\RTEEP64A.dll
[MD5.92C704590FCEDDA971B7A77945DCCDA4] - |A| - [01/02/2012 17:34:23] - (.- About Page.) - [72.53 Ko] - (1.2.0.3) - C:\windows\System32\RtNicProp64.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [20/11/2010 22:24:25] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\windows\System32\ScavengeSpace.xml
[MD5.9C4CF2E875035DBA252A736E424BF37D] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [76.34 Ko] - (3.0.0.14) - C:\windows\System32\SFAPO64.dll
[MD5.ED27D943336C2956DCE43A7B777FAEFE] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [79.34 Ko] - (3.0.0.14) - C:\windows\System32\SFCOM64.dll
[MD5.D95A37963E504EBE32693F3C2946C4C9] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [215.34 Ko] - (3.0.0.14) - C:\windows\System32\SFNHK64.dll
[MD5.9AC714C16412F3EA11E8CE13B0E5BF8A] - |A| - [01/02/2012 20:07:53] - (.-.) - [239.43 Ko] - (0.0.0.0) - C:\windows\System32\SingleBom.xml
[MD5.22DD1EAC3C61AE4D66E972E2AEB9AE45] - |A| - [01/02/2012 20:20:44] - (.SEC. - Samsung Smart Printer Driver Utility.) - [250 Ko] - (1.0.0.3) - C:\windows\System32\SIPDUtil.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [169.5 Ko] - C:\windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [166 Ko] - C:\windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [37.8 Ko] - C:\windows\System32\slmgr
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [43713.02 Ko] - C:\windows\System32\SMI
[MD5.9AC714C16412F3EA11E8CE13B0E5BF8A] - |A| - [01/02/2012 20:07:53] - (.-.) - [239.43 Ko] - (0.0.0.0) - C:\windows\System32\SNE8-03-9A-11-E1-16.xml
[MD5.BAEFF14E578F81F36DDF525B0865A8CB] - |A| - [01/02/2012 20:20:36] - (.-.) - [101 Ko] - (2.1.10.0) - C:\windows\System32\SnErHdlr.dll
[MD5.C40A1E11BB8C142F6C03D338067918FD] - |A| - [01/02/2012 20:20:36] - (.-.) - [160 Ko] - (2.1.10.0) - C:\windows\System32\SnImgFlt.dll
[MD5.D4BFA432474B85D60D87E78DDD62E044] - |A| - [01/02/2012 20:20:36] - (.-.) - [693 Ko] - (2.1.10.0) - C:\windows\System32\SnMinDrv.dll
[MD5.E817892623C6F1E1E246945DE82C306A] - |A| - [01/02/2012 17:58:00] - (.Samsung - Samsung MUI DLL.) - [273.5 Ko] - (1.1.0.0) - C:\windows\System32\snWIAMUI.dll
[MD5.53FD32411162922DDF4EE8A3D5479687] - |A| - [01/02/2012 20:20:36] - (.-.) - [203 Ko] - (2.1.10.0) - C:\windows\System32\SNWIAUI.dll
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 16:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\windows\System32\spcinstrumentation.man
[MD5.FC21BF5A1667FC745FE53D05DA4CB8A2] - |A| - [01/02/2012 20:20:43] - (.Copyright (C) 2004 Co., Ltd. - SSCoInst.) - [87.5 Ko] - (1.0.0.4) - C:\windows\System32\spd__ci.dll
[MD5.7E8730A98ACA451163A87CACF4A8E549] - |A| - [01/02/2012 20:20:44] - (.- UPD Co-Installer.) - [148 Ko] - (2.0.0.4) - C:\windows\System32\spd__ci.exe
[MD5.6490E8960C28412EDE6A3A8D7A030946] - |A| - [01/02/2012 20:20:43] - (.- Language Monitor for Status Monitor.) - [27 Ko] - (1.4.6.71) - C:\windows\System32\spd__l.dll
[MD5.4941CF4F5D206512E32FC60699C5691F] - |A| - [01/02/2012 20:20:43] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\windows\System32\spd__l.smt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [26875.5 Ko] - C:\windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [319827.5 Ko] - C:\windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [1959.75 Ko] - C:\windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [30.19 Ko] - C:\windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [170 Ko] - C:\windows\System32\sr-Latn-CS
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [01/02/2012 17:33:34] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\windows\System32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\windows\System32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [01/02/2012 17:33:34] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\windows\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [01/02/2012 17:33:34] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\windows\System32\SRSWOW64.dll
[MD5.FFAC652120F6914916ED1B767BE7CE67] - |A| - [01/02/2012 20:20:36] - (.Copyright Samsung Electronics 2001 - Device Monitor.) - [65.5 Ko] - (1.5.8.0) - C:\windows\System32\Ssdevm64.dll
[MD5.4B16688EDD7FF1E5B7EAC811E95438DC] - |A| - [01/02/2012 20:20:37] - (.Copyright Samsung Electronics 2001 - USB Device.) - [42.5 Ko] - (1.0.0.0) - C:\windows\System32\Ssusbp64.dll
[MD5.00000000000000000000000000000000] - |D| - [25/10/2013 22:05:47] - [14 Ko] - C:\windows\System32\STRING
[MD5.D641337B75B9A9D5AE10687AA1097755] - |A| - [01/02/2012 20:20:44] - (.(c) Samsung Electronics CO., LTD. - Samsung UPD Service.) - [162.8 Ko] - (2.1.0.2) - C:\windows\System32\SUPDSvc.exe
[MD5.4967FD3B3134DBE0B49F047F3DE25E7A] - |A| - [01/02/2012 20:20:44] - (.(c) Samsung Electronics CO., LTD. - Samsung UPD Service Agent.) - [158.3 Ko] - (2.1.0.2) - C:\windows\System32\SUPDSvcA.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [426.5 Ko] - C:\windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [204.76 Ko] - C:\windows\System32\sysprep
[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [20/11/2010 22:24:36] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [281.46 Ko] - C:\windows\System32\Tasks
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 16:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\windows\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [157 Ko] - C:\windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [424 Ko] - C:\windows\System32\tr-TR
[MD5.00318FE42A997AB68FE4BDAE6FCE1989] - |A| - [01/02/2012 20:20:37] - (.(C) 1993-2009 TWAIN Working Group. - TWAIN 64 Source Manager (Image Acquisition Interface).) - [156.52 Ko] - (2.1.1.0) - C:\windows\System32\TWAINDSM.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [166.5 Ko] - C:\windows\System32\uk-UA
[MD5.05F9840831C29F5BE93AD8BE810D5614] - |A| - [13/07/2009 23:45:37] - (.-.) - [18 Ko] - (0.0.0.0) - C:\windows\System32\umstartup.etl
[MD5.F736AA948D0C3CBCE212B7B2CB0EF115] - |A| - [13/07/2009 23:45:37] - (.-.) - [45 Ko] - (0.0.0.0) - C:\windows\System32\umstartup000.etl
[MD5.71A48CA6300620F06753F4CA44D01AF6] - |A| - [01/02/2012 17:33:35] - (.Copyright © 1996-2007 - General Library for Plug-Ins.) - [2540.84 Ko] - (1.2.0.0) - C:\windows\System32\WavesGUILib.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [45636.67 Ko] - C:\windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:50] - [60.46 Ko] - C:\windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [75032.38 Ko] - C:\windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 16:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\System32\wfp
[MD5.989890289984AA7CCA8FEB2A4B7510C8] - |A| - [01/02/2012 20:20:37] - (.-.) - [82.61 Ko] - (0.0.0.0) - C:\windows\System32\WIAEXSTR.loc
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [73.5 Ko] - C:\windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [8584.71 Ko] - C:\windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [105684 Ko] - C:\windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [99.06 Ko] - C:\windows\System32\winrm
[MD5.EA88F93CA71EDEB959BB483998E84730] - |A| - [20/06/2014 19:43:56] - (.-.) - [12.5 Ko] - (0.0.0.0) - C:\windows\SysWOW64\CNC1747D.TBL
[MD5.0A294F1A46F4BCB5C4323FFEB276393D] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - LLD.) - [300 Ko] - (1.0.0.0) - C:\windows\SysWOW64\CNC495L.dll
[MD5.7B0B9146146B111E2F3EA58C0F3B5756] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - Scanner Driver.) - [104 Ko] - (1.0.0.0) - C:\windows\SysWOW64\CNC495U.dll
[MD5.D16CF34B17899F90A8FCF2A3F77B4A27] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [15.5 Ko] - (1.4.1.1) - C:\windows\SysWOW64\CNHMCA.dll
[MD5.B3B13025E236417E8B6BC8E96D7773EF] - |A| - [05/02/2010 04:37:33] - (.Copyright CANON INC. 2003-2010 All Rights Reserved - Canon IJ Network 32bit comm Module.) - [333 Ko] - (2.7.0.60) - C:\windows\SysWOW64\CNMNPPM.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [302.5 Ko] - C:\windows\SysWOW64\com
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1523.77 Ko] - C:\windows\SysWOW64\config
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [427.5 Ko] - C:\windows\SysWOW64\cs-CZ
[MD5.846B03F22587A13AAF419096F9684F6E] - |A| - [01/02/2012 17:32:06] - (.Copyright 2008 - CSVer.) - [52 Ko] - (9.2.0.1019) - C:\windows\SysWOW64\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [422.5 Ko] - C:\windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [452 Ko] - C:\windows\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [4135 Ko] - C:\windows\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [3495.5 Ko] - C:\windows\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1.05 Ko] - C:\windows\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [451.5 Ko] - C:\windows\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [1648 Ko] - C:\windows\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [31830.02 Ko] - C:\windows\SysWOW64\en-US
[MD5.861CCF1A77792AD4E7A39D9106B58E73] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.33 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_BP.cfg
[MD5.CC553A14E5E33464E53717953E9C7E79] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.22 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_CF.cfg
[MD5.28D6D18D2D51AFF6BFD3D6545AEDE2B6] - |A| - [05/06/2012 18:32:05] - (.-.) - [12.37 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_EN.cfg
[MD5.788091375D05FE6FEDDC3031B5EC9638] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_ES.cfg
[MD5.CC553A14E5E33464E53717953E9C7E79] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.22 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_FR.cfg
[MD5.861CCF1A77792AD4E7A39D9106B58E73] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.33 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_PT.cfg
[MD5.29E93E8EEAF957BDC03182A5B383FF4F] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 1.10.) - [50.16 Ko] - (1.1.0.1) - C:\windows\SysWOW64\EpPicMgr.dll
[MD5.6F8256E5C21DCA0B71E2960BD1574A4F] - |A| - [05/06/2012 18:32:05] - (.-.) - [28.43 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern1.dat
[MD5.99B39A991604A09125A63D1F83A1668F] - |A| - [05/06/2012 18:32:05] - (.-.) - [26.77 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern121.dat
[MD5.C35D83EF6773F875E85A37CD389FC98A] - |A| - [05/06/2012 18:32:05] - (.-.) - [30.33 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern131.dat
[MD5.1330F7E87620F5A3B2B2F769C73749AE] - |A| - [05/06/2012 18:32:05] - (.-.) - [12.97 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern2.dat
[MD5.74096ECE9DCA5340883D2871E92B0E13] - |A| - [05/06/2012 18:32:05] - (.-.) - [20.53 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern3.dat
[MD5.0D2E4219C97CDCC3CFAA5E3077CB6280] - |A| - [05/06/2012 18:32:05] - (.-.) - [10.42 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern4.dat
[MD5.D67E0E406C42FB5192865073D96B3B4A] - |A| - [05/06/2012 18:32:05] - (.-.) - [15.3 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern5.dat
[MD5.E000BC718432CBB8F8AF9A2DD4EBCC59] - |A| - [05/06/2012 18:32:05] - (.-.) - [4.83 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern6.dat
[MD5.5A84A0F8D547CCEAFA5F94BB96D05A7E] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_BP.dat
[MD5.DF1FC390514F29307D1AB8DC62E2CBF7] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_CF.dat
[MD5.DD3199930A3D8F9BED7B29280B4CF30B] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.08 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_EN.dat
[MD5.11F898E51C743BECDFD9E8386C908F7D] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_ES.dat
[MD5.DF1FC390514F29307D1AB8DC62E2CBF7] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_FR.dat
[MD5.5A84A0F8D547CCEAFA5F94BB96D05A7E] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_PT.dat
[MD5.C22208277045909CEAC3D1A8050DEB1A] - |A| - [05/06/2012 18:32:05] - (.-.) - [71.5 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPrinterDB.dat
[MD5.2259687A780CDD3895649A9F632983D5] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 1.10.) - [50.16 Ko] - (1.1.0.1) - C:\windows\SysWOW64\EpPicPrt.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [443 Ko] - C:\windows\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [160.5 Ko] - C:\windows\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [425 Ko] - C:\windows\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [449 Ko] - C:\windows\SysWOW64\fr-FR
[MD5.E326988DEAE82D6106CAC4DF79EDAF21] - |A| - [31/01/2014 16:22:16] - (.Copyright © 2001-2014 FTDI Ltd. - FTD2XX Dynamic Link Library.) - [214.86 Ko] - (3.2.8.0) - C:\windows\SysWOW64\ftd2xx.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [191.5 Ko] - C:\windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [168 Ko] - C:\windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [429 Ko] - C:\windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [36.27 Ko] - C:\windows\SysWOW64\icsxml
[MD5.093C86CD529A3932C9E58C3387DA4AAC] - |A| - [13/07/2009 16:59:35] - (.-.) - [407.56 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igcompkrng500.bin
[MD5.481F6E1CD63E09F0516B5E78B35D333E] - |A| - [01/02/2012 20:17:29] - (.-.) - [142.39 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igcompkrng600.bin
[MD5.87031985145FE4FC13E8DABF387E78A4] - |A| - [13/07/2009 16:59:36] - (.-.) - [136.55 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igfcg500.bin
[MD5.44E5EA6A6AB4D6343B8FBC1DE19B5005] - |A| - [13/07/2009 16:59:36] - (.-.) - [95.16 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igfcg500m.bin
[MD5.C079421BCDD8C152F7A1AA013C8B5A98] - |A| - [01/02/2012 20:17:29] - (.-.) - [202.52 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igfcg600m.bin
[MD5.71E96C791D10CAACF4867C5AD65FA19B] - |A| - [13/07/2009 16:59:36] - (.-.) - [959.18 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igkrng500.bin
[MD5.7764AEA3A2C15976CDF43E7F5BD6E53C] - |A| - [01/02/2012 20:17:30] - (.-.) - [938.42 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igkrng600.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [34096.94 Ko] - C:\windows\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1160 Ko] - C:\windows\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [447 Ko] - C:\windows\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [361 Ko] - C:\windows\SysWOW64\ja-JP
[MD5.F8211DB97BF852C3292C3E9C710C19D9] - |A| - [18/11/2013 23:18:23] - (.Copyright © 2016 - Java™ Web Start Launcher.) - [263.56 Ko] - (11.101.2.13) - C:\windows\SysWOW64\javaws.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [356.5 Ko] - C:\windows\SysWOW64\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [13/07/2009 21:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\windows\SysWOW64\korwbrkr.lex
[MD5.0D3D161D2364A7830CE231103365233F] - |A| - [01/02/2012 17:32:39] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\windows\SysWOW64\log.txt
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [165 Ko] - C:\windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [166 Ko] - C:\windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [01/02/2012 17:40:47] - [66333.24 Ko] - C:\windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1968.26 Ko] - C:\windows\SysWOW64\manifeststore
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [13/07/2009 23:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\windows\SysWOW64\mapisvc.inf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [3178.93 Ko] - C:\windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [32737.45 Ko] - C:\windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [52.28 Ko] - C:\windows\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [11.33 Ko] - C:\windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [418 Ko] - C:\windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [51 Ko] - C:\windows\SysWOW64\NetworkList
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [438.5 Ko] - C:\windows\SysWOW64\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [13/07/2009 21:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\windows\SysWOW64\noise.kor
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [2566.05 Ko] - C:\windows\SysWOW64\oobe
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 16:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\windows\SysWOW64\PerfCenterCpl.ico
[MD5.B30946193228EE8BB8ECACF8EFF5ED2D] - |A| - [31/05/2012 08:15:27] - (.-.) - [760.87 Ko] - (0.0.0.0) - C:\windows\SysWOW64\PerfStringBackup.INI
[MD5.68D2DE06776BEC0409AF80D26C2FD42E] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 3.0.) - [106.16 Ko] - (3.0.0.2) - C:\windows\SysWOW64\PICEntry.dll
[MD5.93C3E9EE30280A8ED2D56DCEDA0FAF3F] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 3.0.) - [78.15 Ko] - (3.0.0.1) - C:\windows\SysWOW64\PICSDK.dll
[MD5.7F0934D17E976BC53BB0D226D6E9E781] - |A| - [05/06/2012 18:32:05] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\windows\SysWOW64\PICSDK.ini
[MD5.17152A7F21C9802E7826DE63D2DF184C] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 3.0.) - [490.15 Ko] - (3.0.1.3) - C:\windows\SysWOW64\PICSDK2.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [434 Ko] - C:\windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [413.88 Ko] - C:\windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [431 Ko] - C:\windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [433 Ko] - C:\windows\SysWOW64\pt-PT
[MD5.977CD878C93F15CBEA0DC92EDF17FB57] - |A| - [13/10/2014 22:14:54] - (.Copyright © 2014 Razer Inc. All rights reserved - Razer RzDeviceDLL Manager.) - [87 Ko] - (1.0.29.5) - C:\windows\SysWOW64\rzdevinfo.dll
[MD5.9AC714C16412F3EA11E8CE13B0E5BF8A] - |A| - [01/02/2012 20:07:53] - (.-.) - [239.43 Ko] - (0.0.0.0) - C:\windows\SysWOW64\SingleBom.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [169.5 Ko] - C:\windows\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [166 Ko] - C:\windows\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [37.8 Ko] - C:\windows\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [2800 Ko] - C:\windows\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1142.37 Ko] - C:\windows\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [30.19 Ko] - C:\windows\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [170 Ko] - C:\windows\SysWOW64\sr-Latn-CS
[MD5.BF3F5010F4F005A96A07FD7D10318767] - |A| - [01/02/2012 20:20:36] - (.Copyright Samsung Electronics 2001 - Device Monitor.) - [66 Ko] - (1.5.8.0) - C:\windows\SysWOW64\Ssdevm.dll
[MD5.D7F4BAF51DBEE3DC9EAF51BEE5B8F94B] - |A| - [01/02/2012 20:20:37] - (.Copyright Samsung Electronics 2001 - USB Device.) - [48 Ko] - (0.6.0.0) - C:\windows\SysWOW64\Ssusbpn.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [421.5 Ko] - C:\windows\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [27/11/2014 03:28:35] - [0 Ko] - C:\windows\SysWOW64\SysInfo
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [0 Ko] - C:\windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [157 Ko] - C:\windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [419 Ko] - C:\windows\SysWOW64\tr-TR
[MD5.FF1FB7E7B0372138C14F43EDF54D424D] - |A| - [01/02/2012 20:20:37] - (.(C) 1993-2009 TWAIN Working Group. - TWAIN 32 Source Manager (Image Acquisition Interface).) - [140.52 Ko] - (2.1.1.0) - C:\windows\SysWOW64\TWAINDSM.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [166.5 Ko] - C:\windows\SysWOW64\uk-UA
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [13/07/2009 21:35:41] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\windows\SysWOW64\vfpodbc.dll
[MD5.00000000000000000000000000000000] - |D| - [02/06/2012 03:26:15] - [237.33 Ko] - C:\windows\SysWOW64\Wat
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [8883.12 Ko] - C:\windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [60.46 Ko] - C:\windows\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [101.23 Ko] - C:\windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [8539.71 Ko] - C:\windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [99.06 Ko] - C:\windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [333.5 Ko] - C:\windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [255.5 Ko] - C:\windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [334 Ko] - C:\windows\SysWOW64\zh-TW
---------- | Shell Folders
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“!Do not use this registry key”=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
“AppData”=C:\Users\Tonya\AppData\Roaming [01/06/2012 04:28:39]
“Local AppData”=C:\Users\Tonya\AppData\Local [01/06/2012 04:28:39]
“My Video”=C:\Users\Tonya\Videos [01/06/2012 04:28:39]
“{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}”=C:\Users\Tonya\AppData\Roaming\Micr osoft\Windows\Libraries [01/06/2012 04:41:49]
“My Pictures”=C:\Users\Tonya\Pictures [01/06/2012 04:28:39]
“Desktop”=C:\Users\Tonya\Desktop [01/06/2012 04:28:39]
“History”=C:\Users\Tonya\AppData\Local\Microsoft\W indows\History [01/06/2012 04:28:39]
“NetHood”=C:\Users\Tonya\AppData\Roaming\Microsoft \Windows\Network Shortcuts [01/06/2012 04:28:39]
“{56784854-C6CB-462B-8169-88E350ACB882}”=C:\Users\Tonya\Contacts [01/06/2012 04:41:40]
“Cookies”=C:\Users\Tonya\AppData\Roaming\Microsoft \Windows\Cookies [01/06/2012 04:28:39]
“Favorites”=C:\Users\Tonya\Favorites [01/06/2012 04:28:39]
“SendTo”=C:\Users\Tonya\AppData\Roaming\Microsoft\ Windows\SendTo [01/06/2012 04:28:39]
“Start Menu”=C:\Users\Tonya\AppData\Roaming\Microsoft\Win dows\Start Menu [01/06/2012 04:28:39]
“My Music”=C:\Users\Tonya\Music [01/06/2012 04:28:39]
“Programs”=C:\Users\Tonya\AppData\Roaming\Microsof t\Windows\Start Menu\Programs [01/06/2012 04:28:39]
“Recent”=C:\Users\Tonya\AppData\Roaming\Microsoft\ Windows\Recent [01/06/2012 04:28:39]
“CD Burning”=C:\Users\Tonya\AppData\Local\Microsoft\Wi ndows\Burn\Burn [24/02/2017 15:06:26]
“PrintHood”=C:\Users\Tonya\AppData\Roaming\Microso ft\Windows\Printer Shortcuts [01/06/2012 04:28:39]
“{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}”=C:\Users\Tonya\Searches [01/06/2012 04:41:49]
“{374DE290-123F-4565-9164-39C4925E467B}”=C:\Users\Tonya\Downloads [01/06/2012 04:28:39]
“{A520A1A4-1780-4FF6-BD18-167343C5AF16}”=C:\Users\Tonya\AppData\LocalLow [01/06/2012 04:28:40]
“Startup”=C:\Users\Tonya\AppData\Roaming\Microsoft \Windows\Start Menu\Programs\Startup [01/06/2012 04:28:39]
“Administrative Tools”=C:\Users\Tonya\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Administrative Tools [01/06/2012 04:41:49]
“Personal”=C:\Users\Tonya\Documents [01/06/2012 04:28:39]
“{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}”=C:\Users\Tonya\Links [01/06/2012 04:28:39]
“Cache”=C:\Users\Tonya\AppData\Local\Microsoft\Win dows\Temporary Internet Files [01/06/2012 04:28:39]
“Templates”=C:\Users\Tonya\AppData\Roaming\Microso ft\Windows\Templates [01/06/2012 04:28:39]
“{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}”=C:\Users\Tonya\Saved Games [01/06/2012 04:28:39]
“Fonts”=C:\windows\Fonts [13/07/2009 22:20:09]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“AppData”=%USERPROFILE%\AppData\Roaming
“Cache”=%USERPROFILE%\AppData\Local\Microsoft\Wind ows\Temporary Internet Files
“Cookies”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Cookies
“Desktop”=%USERPROFILE%\Desktop
“Favorites”=%USERPROFILE%\Favorites
“History”=%USERPROFILE%\AppData\Local\Microsoft\Wi ndows\History
“Local AppData”=%USERPROFILE%\AppData\Local
“My Music”=%USERPROFILE%\Music
“My Pictures”=%USERPROFILE%\Pictures
“My Video”=%USERPROFILE%\Videos
“NetHood”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Network Shortcuts
“Personal”=%USERPROFILE%\Documents
“Programs”=%USERPROFILE%\AppData\Roaming\Microsoft \Windows\Start Menu\Programs
“Recent”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\Recent
“SendTo”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\SendTo
“Startup”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup
“Start Menu”=%USERPROFILE%\AppData\Roaming\Microsoft\Wind ows\Start Menu
“Templates”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Templates
“{374DE290-123F-4565-9164-39C4925E467B}”=%USERPROFILE%\Downloads
“PrintHood”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Printer Shortcuts
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“Common Desktop”=C:\Users\Public\Desktop [13/07/2009 22:20:08]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [13/07/2009 22:20:08]
“CommonVideo”=C:\Users\Public\Videos [13/07/2009 22:20:08]
“CommonPictures”=C:\Users\Public\Pictures [13/07/2009 22:20:08]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [13/07/2009 22:20:08]
“CommonMusic”=C:\Users\Public\Music [13/07/2009 22:20:08]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 00:32:38]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [13/07/2009 22:20:08]
“Common Documents”=C:\Users\Public\Documents [13/07/2009 22:20:08]
“OEM Links”=C:\ProgramData\OEM Links
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [13/07/2009 22:20:08]
“Common AppData”=C:\ProgramData [13/07/2009 22:20:08]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“Common Desktop”=%PUBLIC%\Desktop
“Common Documents”=%PUBLIC%\Documents
“CommonPictures”=%PUBLIC%\Pictures
“CommonMusic”=%PUBLIC%\Music
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common AppData”=%ProgramData%
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Shell Folders]
“Common Desktop”=C:\Users\Public\Desktop [13/07/2009 22:20:08]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [13/07/2009 22:20:08]
“CommonVideo”=C:\Users\Public\Videos [13/07/2009 22:20:08]
“CommonPictures”=C:\Users\Public\Pictures [13/07/2009 22:20:08]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [13/07/2009 22:20:08]
“CommonMusic”=C:\Users\Public\Music [13/07/2009 22:20:08]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 00:32:38]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [13/07/2009 22:20:08]
“Common Documents”=C:\Users\Public\Documents [13/07/2009 22:20:08]
“OEM Links”=C:\ProgramData\OEM Links
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [13/07/2009 22:20:08]
“Common AppData”=C:\ProgramData [13/07/2009 22:20:08]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\User Shell Folders]
“Common Desktop”=%PUBLIC%\Desktop
“Common Documents”=%PUBLIC%\Documents
“CommonPictures”=%PUBLIC%\Pictures
“CommonMusic”=%PUBLIC%\Music
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common AppData”=%ProgramData%
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es
---------- | [Public]
---------- | [Tonya]
[01/06/2012 04:28:39] - |D| - [1635643120] - C:\Users\Tonya\AppData\Local
[01/06/2012 04:28:40] - |D| - [2648558] - C:\Users\Tonya\AppData\LocalLow
[01/06/2012 04:28:39] - |D| - [152996103] - C:\Users\Tonya\AppData\Roaming
[01/06/2012 08:45:34] - |D| - [2745913] - C:\Users\Tonya\AppData\Local\Adobe
[15/09/2014 20:47:45] - |D| - [0] - C:\Users\Tonya\AppData\Local\Apple
[15/09/2014 20:50:18] - |D| - [76422393] - C:\Users\Tonya\AppData\Local\Apple Computer
[01/06/2012 04:28:40] - |SHD| - [16962042232] - C:\Users\Tonya\AppData\Local\Application Data
[01/06/2012 04:42:23] - |D| - [0] - C:\Users\Tonya\AppData\Local\Apps
[21/02/2017 11:18:01] - |D| - [0] - C:\Users\Tonya\AppData\Local\CEF
[01/06/2012 08:55:05] - |D| - [6427] - C:\Users\Tonya\AppData\Local\CyberLink
[01/06/2012 04:42:22] - |D| - [0] - C:\Users\Tonya\AppData\Local\Deployment
[05/06/2012 18:23:34] - |D| - [439051] - C:\Users\Tonya\AppData\Local\ElevatedDiagnostics
[01/06/2012 04:39:11] - |D| - [295606] - C:\Users\Tonya\AppData\Local\eMusic
[03/06/2017 11:18:42] - |A| - [113992] - C:\Users\Tonya\AppData\Local\GDIPFONTCACHEV1.DAT
[20/02/2013 18:28:34] - |D| - [533149838] - C:\Users\Tonya\AppData\Local\Google
[01/06/2015 14:52:10] - |D| - [71] - C:\Users\Tonya\AppData\Local\GWX
[01/06/2012 04:28:40] - |SHD| - [130] - C:\Users\Tonya\AppData\Local\History
[03/01/2013 20:28:23] - |D| - [55690729] - C:\Users\Tonya\AppData\Local\HorizonWimba
[23/02/2017 15:23:13] - |AH| - [2844732] - C:\Users\Tonya\AppData\Local\IconCache.db
[24/06/2012 12:38:17] - |D| - [0] - C:\Users\Tonya\AppData\Local\Macromedia
[01/06/2012 04:28:39] - |D| - [464597354] - C:\Users\Tonya\AppData\Local\Microsoft
[01/06/2012 06:45:46] - |D| - [0] - C:\Users\Tonya\AppData\Local\Microsoft Help
[01/06/2012 05:56:37] - |D| - [1373504] - C:\Users\Tonya\AppData\Local\MicrosoftStore
[01/06/2012 23:30:47] - |D| - [384085062] - C:\Users\Tonya\AppData\Local\Mozilla
[01/06/2012 04:42:23] - |D| - [40960] - C:\Users\Tonya\AppData\Local\Power2Go
[24/02/2017 07:49:48] - |D| - [1132211] - C:\Users\Tonya\AppData\Local\PrivaZer
[06/02/2013 22:41:57] - |D| - [0] - C:\Users\Tonya\AppData\Local\Programs
[02/07/2015 22:31:59] - |D| - [864] - C:\Users\Tonya\AppData\Local\Razer_Inc
[12/05/2015 13:07:35] - |D| - [0] - C:\Users\Tonya\AppData\Local\Steam
[01/06/2012 04:28:39] - |D| - [112633245] - C:\Users\Tonya\AppData\Local\Temp
[01/06/2012 04:28:40] - |SHD| - [148644216] - C:\Users\Tonya\AppData\Local\Temporary Internet Files
[07/04/2014 01:18:18] - |D| - [69632] - C:\Users\Tonya\AppData\Local\Windows Live
[01/03/2017 20:51:35] - |D| - [0] - C:\Users\Tonya\AppData\Local\YSearchUtil
[23/02/2017 15:40:37] - |D| - [1536] - C:\Users\Tonya\AppData\Local\Zemana
[01/10/2017 17:09:40] - |A| - [0] - C:\Users\Tonya\AppData\Local{347A7B5A-EBBF-40ED-8CF5-576ACC06E515}
[17/11/2013 23:21:14] - |D| - [125558] - C:\Users\Tonya\AppData\LocalLow\Adobe
[23/06/2015 00:29:48] - |D| - [8770] - C:\Users\Tonya\AppData\LocalLow\Apple Computer
[25/10/2013 22:11:43] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Canon Easy-WebPrint EX
[25/10/2013 22:11:43] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Canon Easy-WebPrint EX2
[30/11/2014 12:45:44] - |SHD| - [0] - C:\Users\Tonya\AppData\LocalLow\EmieBrowserModeLis t
[21/06/2014 11:18:29] - |SHD| - [0] - C:\Users\Tonya\AppData\LocalLow\EmieSiteList
[21/06/2014 11:18:29] - |SHD| - [0] - C:\Users\Tonya\AppData\LocalLow\EmieUserList
[01/06/2012 04:45:48] - |SD| - [1441717] - C:\Users\Tonya\AppData\LocalLow\Microsoft
[19/12/2016 07:47:12] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Mozilla
[23/12/2012 10:31:14] - |D| - [1072513] - C:\Users\Tonya\AppData\LocalLow\Sun
[20/06/2014 19:42:30] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Temp
[01/06/2012 04:45:34] - |D| - [360982] - C:\Users\Tonya\AppData\Roaming\Adobe
[15/09/2014 20:50:18] - |D| - [208301] - C:\Users\Tonya\AppData\Roaming\Apple Computer
[01/06/2012 08:55:05] - |D| - [2418] - C:\Users\Tonya\AppData\Roaming\CyberLink
[05/06/2012 18:55:18] - |D| - [262] - C:\Users\Tonya\AppData\Roaming\EPSON
[23/02/2017 16:41:53] - |D| - [7266061] - C:\Users\Tonya\AppData\Roaming\Everything
[22/02/2017 17:50:39] - |D| - [10085] - C:\Users\Tonya\AppData\Roaming\Geek Uninstaller
[23/06/2015 00:27:18] - |D| - [72049661] - C:\Users\Tonya\AppData\Roaming\GoPro
[01/06/2012 04:41:41] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\Identities
[01/06/2012 05:48:51] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\InstallShield
[01/06/2012 04:28:41] - |D| - [1272] - C:\Users\Tonya\AppData\Roaming\Intel
[05/06/2012 18:35:59] - |D| - [543] - C:\Users\Tonya\AppData\Roaming\Leadertech
[01/06/2012 04:45:34] - |D| - [41555] - C:\Users\Tonya\AppData\Roaming\Macromedia
[13/10/2013 23:42:46] - |A| - [36] - C:\Users\Tonya\AppData\Roaming\mbam.context.scan
[01/06/2012 04:28:39] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\Media Center Programs
[01/06/2012 04:28:39] - |SD| - [18002876] - C:\Users\Tonya\AppData\Roaming\Microsoft
[01/06/2012 23:30:47] - |D| - [47280289] - C:\Users\Tonya\AppData\Roaming\Mozilla
[03/06/2012 18:33:31] - |D| - [241] - C:\Users\Tonya\AppData\Roaming\Nitro PDF
[06/06/2015 13:55:57] - |D| - [400] - C:\Users\Tonya\AppData\Roaming\puush
[13/09/2012 06:52:55] - |D| - [4836424] - C:\Users\Tonya\AppData\Roaming\Skype
[12/10/2016 20:06:20] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\Sun
[12/03/2015 20:49:08] - |D| - [85758] - C:\Users\Tonya\AppData\Roaming\vlc
[20/11/2012 22:44:35] - |D| - [27] - C:\Users\Tonya\AppData\Roaming\WebApp
[01/03/2017 20:52:18] - |D| - [370] - C:\Users\Tonya\AppData\Roaming\Yahoo
[23/02/2017 16:55:46] - |D| - [2848542] - C:\Users\Tonya\AppData\Roaming\ZHP
[01/06/2012 04:41:49] - |ASH| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\desktop.ini
[01/06/2012 04:28:39] - |RD| - [25489] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs
[01/06/2012 04:28:39] - |RD| - [14619] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories
[01/06/2012 04:41:49] - |RD| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Administrative Tools
[01/06/2012 04:41:49] - |ASH| - [476] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\desktop.ini
[26/02/2017 09:40:41] - |D| - [2053] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Everything
[01/06/2012 04:42:07] - |A| - [1417] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Internet Explorer.lnk
[01/06/2012 04:28:39] - |RD| - [580] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Maintenance
[18/07/2014 15:01:23] - |D| - [2170] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Mission Planner
[24/02/2017 07:49:48] - |D| - [3826] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\PrivaZer
[01/06/2012 04:28:39] - |RD| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup
[01/06/2012 04:41:49] - |ASH| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\desktop.ini
---------- | C:\ProgramData
[15/09/2014 20:48:38] - |D| - [4772] - C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[01/02/2012 17:44:09] - |D| - [503041403] - C:\ProgramData\Adobe
[29/01/2013 22:07:53] - |D| - [8336] - C:\ProgramData\Amazon
[15/09/2014 20:46:24] - |D| - [44791248] - C:\ProgramData\Apple
[15/09/2014 20:48:38] - |D| - [28567064] - C:\ProgramData\Apple Computer
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Application Data
[25/10/2013 22:07:11] - |HD| - [24945081] - C:\ProgramData\CanonBJ
[05/01/2014 17:18:38] - |HD| - [114] - C:\ProgramData\CanonIJEGV
[25/10/2013 22:11:49] - |D| - [2675] - C:\ProgramData\CanonIJMSetup
[27/10/2013 19:05:43] - |HD| - [116] - C:\ProgramData\CanonIJMyPrinter
[14/11/2013 18:32:48] - |D| - [65690] - C:\ProgramData\CanonIJPLM
[27/10/2013 19:06:10] - |HD| - [1652] - C:\ProgramData\CanonIJSolutionMenuEX
[25/10/2013 22:10:52] - |D| - [67887] - C:\ProgramData\CanonIJWSpt
[21/02/2017 11:16:22] - |HD| - [96] - C:\ProgramData\Common Files
[01/02/2012 17:44:34] - |D| - [106689] - C:\ProgramData\CyberLink
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Desktop
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Documents
[05/06/2012 18:31:50] - |D| - [2034968] - C:\ProgramData\EPSON
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Favorites
[05/06/2012 08:06:24] - |D| - [692223] - C:\ProgramData\Hewlett-Packard
[01/02/2012 17:35:38] - |D| - [13060] - C:\ProgramData\Intel
[06/02/2013 22:42:13] - |D| - [159185594] - C:\ProgramData\Malwarebytes
[20/08/2017 13:35:35] - |D| - [186064] - C:\ProgramData\McAfee
[02/10/2017 20:16:00] - |D| - [1432] - C:\ProgramData\McAfee Security Scan
[13/07/2009 22:20:08] - |SD| - [1857255688] - C:\ProgramData\Microsoft
[01/06/2012 06:45:44] - |D| - [366320] - C:\ProgramData\Microsoft Help
[03/06/2012 18:33:05] - |D| - [241] - C:\ProgramData\Nitro PDF
[18/11/2013 23:18:30] - |D| - [72304784] - C:\ProgramData\Oracle
[24/02/2017 07:49:48] - |D| - [71] - C:\ProgramData\privazer
[02/07/2015 17:32:57] - |D| - [2283] - C:\ProgramData\Razer
[01/02/2012 17:36:28] - |D| - [0] - C:\ProgramData\Roaming
[01/03/2017 20:45:38] - |D| - [1607] - C:\ProgramData\salesforce.com
[01/02/2012 17:38:30] - |D| - [537310] - C:\ProgramData\SAMSUNG
[01/02/2012 17:53:38] - |D| - [148035224] - C:\ProgramData\Skype
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Start Menu
[01/02/2012 17:53:13] - |D| - [44732] - C:\ProgramData\Symantec
[01/02/2012 17:44:34] - |D| - [677670] - C:\ProgramData\Temp
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Templates
[05/06/2012 18:35:00] - |D| - [2251] - C:\ProgramData\UDL
[01/02/2012 17:54:14] - |D| - [17253664] - C:\ProgramData\WinClon
---------- | C:\ProgramData\Microsoft\Windows\Start Menu
[14/07/2009 00:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[13/07/2009 23:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[13/07/2009 22:20:08] - |RD| - [311312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[13/07/2009 23:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[13/07/2009 22:20:08] - |RD| - [41931] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[21/02/2017 08:55:49] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[14/07/2009 00:32:38] - |RD| - [18363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[29/01/2013 22:07:34] - |D| - [2000] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[01/02/2012 17:37:00] - |D| - [1890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[25/10/2013 22:07:01] - |D| - [2828] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series
[25/10/2013 22:07:30] - |D| - [3590] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series Manual
[25/10/2013 22:11:48] - |D| - [4152] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series User Registration
[25/10/2013 22:08:15] - |D| - [24712] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[23/02/2017 16:46:54] - |D| - [922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[01/02/2012 17:45:07] - |RD| - [9525] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[01/06/2012 04:40:59] - |RD| - [3643] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[01/03/2017 20:45:38] - |A| - [1134] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Loader.lnk
[13/07/2009 23:54:23] - |SH| - [1748] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[05/06/2012 18:31:40] - |D| - [12789] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[05/06/2012 18:35:00] - |D| - [4384] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[14/07/2009 00:32:38] - |RD| - [5742] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[20/02/2013 18:33:06] - |A| - [2155] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[01/02/2012 17:33:14] - |RD| - [2593] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[01/02/2012 17:42:09] - |D| - [2124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
[01/02/2012 17:35:40] - |D| - [2108] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[01/02/2012 17:42:09] - |A| - [2112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Wireless Display.lnk
[01/03/2017 20:48:45] - |D| - [6407] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[13/07/2009 22:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[21/02/2017 10:37:18] - |D| - [3794] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[02/10/2017 20:16:38] - |D| - [3035] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[02/02/2012 10:30:20] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[31/07/2012 23:33:32] - |D| - [28673] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[01/02/2012 18:15:01] - |A| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[31/05/2012 08:15:29] - |A| - [2117] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[13/03/2013 19:39:33] - |D| - [2225] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[01/06/2012 23:30:44] - |A| - [1123] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[03/06/2012 18:33:08] - |A| - [2507] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[01/02/2012 17:53:13] - |D| - [2451] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
[03/06/2012 18:31:19] - |D| - [3607] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
[24/02/2017 07:49:48] - |A| - [1861] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[06/06/2015 13:55:29] - |D| - [943] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
[23/06/2015 00:31:52] - |D| - [6698] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[01/02/2012 17:37:30] - |D| - [2557] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[01/02/2012 17:37:52] - |D| - [33606] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[01/02/2012 17:57:19] - |D| - [17608] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
[13/07/2009 23:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[23/02/2017 08:09:38] - |D| - [2097] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[13/07/2009 22:20:08] - |RD| - [2138] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[24/02/2017 10:05:45] - |D| - [2035] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE
[12/03/2015 20:47:46] - |D| - [5580] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[13/07/2009 23:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[02/02/2012 10:30:15] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[13/07/2009 23:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[01/02/2012 18:25:07] - |RD| - [4580] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[01/02/2012 18:22:22] - |A| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[01/02/2012 18:20:33] - |A| - [2486] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[01/02/2012 18:23:59] - |A| - [1305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[01/02/2012 18:23:53] - |A| - [1374] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[13/07/2009 23:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[13/07/2009 23:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[13/07/2009 23:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[20/08/2017 13:35:37] - |A| - [1964] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
---------- | C:\Program Files (x86)
[17/05/2013 21:47:32] - |D| - [325577527] - C:\Program Files (x86)\Adobe
[29/01/2013 22:07:39] - |D| - [2589753] - C:\Program Files (x86)\Amazon
[01/02/2012 17:36:58] - |D| - [2299140] - C:\Program Files (x86)\ASM104xUSB3
[25/10/2013 22:05:02] - |D| - [354992024] - C:\Program Files (x86)\Canon
[01/02/2012 17:35:38] - |D| - [6695110] - C:\Program Files (x86)\Cisco
[13/07/2009 22:20:08] - |D| - [1670785561] - C:\Program Files (x86)\Common Files
[01/02/2012 17:44:37] - |D| - [1201139406] - C:\Program Files (x86)\CyberLink
[13/07/2009 23:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[05/06/2012 18:31:39] - |D| - [22534276] - C:\Program Files (x86)\epson
[05/06/2012 18:34:21] - |D| - [83559974] - C:\Program Files (x86)\Epson Software
[20/02/2013 18:28:34] - |D| - [426251069] - C:\Program Files (x86)\Google
[01/02/2012 17:32:27] - |HD| - [200825512] - C:\Program Files (x86)\InstallShield Installation Information
[01/02/2012 17:32:06] - |D| - [19696565] - C:\Program Files (x86)\Intel
[01/02/2012 17:42:07] - |D| - [54613438] - C:\Program Files (x86)\Intel Corporation
[13/07/2009 22:20:08] - |D| - [10537025] - C:\Program Files (x86)\Internet Explorer
[01/03/2017 20:48:23] - |D| - [167658430] - C:\Program Files (x86)\Java
[31/07/2012 23:30:19] - |D| - [39769547] - C:\Program Files (x86)\Microsoft Analysis Services
[01/02/2012 18:15:00] - |D| - [560680348] - C:\Program Files (x86)\Microsoft Office
[31/05/2012 08:15:26] - |D| - [1527760] - C:\Program Files (x86)\Microsoft Security Client
[13/03/2013 19:38:41] - |D| - [42892246] - C:\Program Files (x86)\Microsoft Silverlight
[01/02/2012 18:23:47] - |D| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[01/06/2012 06:48:16] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[18/07/2014 15:00:44] - |D| - [105250150] - C:\Program Files (x86)\Mission Planner
[15/07/2017 13:23:02] - |D| - [125167785] - C:\Program Files (x86)\Mozilla Firefox
[23/02/2017 08:03:45] - |D| - [90079] - C:\Program Files (x86)\Mozilla Maintenance Service
[14/07/2009 00:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[03/06/2012 18:31:16] - |D| - [85563774] - C:\Program Files (x86)\Nitro PDF
[24/02/2017 07:49:48] - |D| - [20526943] - C:\Program Files (x86)\PrivaZer
[06/06/2015 13:55:28] - |D| - [568904] - C:\Program Files (x86)\puush
[23/06/2015 00:30:49] - |D| - [73605940] - C:\Program Files (x86)\QuickTime
[01/02/2012 17:33:30] - |D| - [5836757] - C:\Program Files (x86)\Realtek
[14/07/2009 00:32:38] - |D| - [36945665] - C:\Program Files (x86)\Reference Assemblies
[01/02/2012 17:37:29] - |D| - [719987] - C:\Program Files (x86)\Renesas Electronics
[01/03/2017 20:45:38] - |D| - [14206812] - C:\Program Files (x86)\salesforce.com
[01/02/2012 17:37:49] - |D| - [440232243] - C:\Program Files (x86)\Samsung
[01/02/2012 17:58:28] - |D| - [1953792] - C:\Program Files (x86)\SamsungPrinterLiveUpdate
[23/02/2017 08:09:37] - |RD| - [85321101] - C:\Program Files (x86)\Skype
[01/02/2012 17:53:13] - |D| - [6446523] - C:\Program Files (x86)\Symantec
[24/02/2017 10:05:45] - |D| - [2003623] - C:\Program Files (x86)\Toolwiz Smart Defrag FREE
[12/03/2015 20:46:47] - |D| - [117120538] - C:\Program Files (x86)\VideoLAN
[14/07/2009 00:32:38] - |D| - [512000] - C:\Program Files (x86)\Windows Defender
[01/02/2012 18:20:05] - |D| - [569962652] - C:\Program Files (x86)\Windows Live
[13/07/2009 22:20:08] - |D| - [6115840] - C:\Program Files (x86)\Windows Mail
[14/07/2009 00:32:38] - |D| - [5008657] - C:\Program Files (x86)\Windows Media Player
[13/07/2009 22:20:08] - |D| - [12061876] - C:\Program Files (x86)\Windows NT
[14/07/2009 00:32:38] - |D| - [4394248] - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 00:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 00:32:38] - |D| - [5990148] - C:\Program Files (x86)\Windows Sidebar
[01/03/2017 20:51:35] - |D| - [829136] - C:\Program Files (x86)\Yahoo!
---------- | C:\Program Files
[25/10/2013 22:08:09] - |D| - [6157320] - C:\Program Files\Canon
[25/10/2013 22:06:01] - |HD| - [10728478] - C:\Program Files\CanonBJ
[23/02/2017 16:46:49] - |D| - [20447168] - C:\Program Files\CCleaner
[13/07/2009 22:20:08] - |D| - [140634357] - C:\Program Files\Common Files
[13/07/2009 23:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini
[18/07/2014 15:01:57] - |D| - [1047632] - C:\Program Files\DIFX
[14/07/2009 00:32:38] - |D| - [90245652] - C:\Program Files\DVD Maker
[01/06/2012 04:38:48] - |D| - [47860976] - C:\Program Files\Elantech
[23/02/2017 16:41:52] - |D| - [1969104] - C:\Program Files\Everything
[01/02/2012 17:35:12] - |D| - [129583140] - C:\Program Files\Intel
[13/07/2009 22:20:08] - |D| - [31061348] - C:\Program Files\Internet Explorer
[21/02/2017 10:36:51] - |D| - [134080922] - C:\Program Files\Malwarebytes
[20/08/2017 19:05:59] - |D| - [20662876] - C:\Program Files\McAfee Security Scan
[14/07/2009 00:32:38] - |D| - [149182514] - C:\Program Files\Microsoft Games
[31/07/2012 23:30:25] - |D| - [6718465] - C:\Program Files\Microsoft Office
[31/05/2012 08:15:24] - |D| - [33437421] - C:\Program Files\Microsoft Security Client
[13/03/2013 19:38:42] - |D| - [55725526] - C:\Program Files\Microsoft Silverlight
[14/07/2009 00:32:38] - |D| - [25757] - C:\Program Files\MSBuild
[01/02/2012 17:33:43] - |D| - [18754584] - C:\Program Files\Realtek
[14/07/2009 00:32:38] - |D| - [34604713] - C:\Program Files\Reference Assemblies
[01/02/2012 17:40:34] - |D| - [624286233] - C:\Program Files\SAMSUNG
[01/02/2012 17:57:19] - |D| - [14723171] - C:\Program Files\Samsung AnyWeb Print
[23/02/2017 08:04:25] - |D| - [134539102] - C:\Program Files\VideoLAN
[14/07/2009 00:32:38] - |D| - [4016640] - C:\Program Files\Windows Defender
[01/02/2012 18:18:33] - |D| - [12748927] - C:\Program Files\Windows Live
[13/07/2009 22:20:08] - |D| - [6602240] - C:\Program Files\Windows Mail
[14/07/2009 00:32:38] - |D| - [7665069] - C:\Program Files\Windows Media Player
[13/07/2009 22:20:08] - |D| - [12491956] - C:\Program Files\Windows NT
[14/07/2009 00:32:38] - |D| - [5492504] - C:\Program Files\Windows Photo Viewer
[14/07/2009 00:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices
[14/07/2009 00:32:38] - |D| - [11370192] - C:\Program Files\Windows Sidebar
---------- | C:\Program Files (x86)\Common Files
[01/02/2012 17:44:06] - |D| - [10544601] - C:\Program Files (x86)\Common Files\Adobe
[01/06/2012 04:39:52] - |D| - [28502386] - C:\Program Files (x86)\Common Files\Adobe AIR
[15/09/2014 20:46:24] - |D| - [0] - C:\Program Files (x86)\Common Files\Apple
[01/02/2012 17:45:05] - |D| - [0] - C:\Program Files (x86)\Common Files\CyberLink
[17/05/2014 09:58:24] - |D| - [99992] - C:\Program Files (x86)\Common Files\DESIGNER
[01/02/2012 17:33:28] - |D| - [3692915] - C:\Program Files (x86)\Common Files\InstallShield
[01/02/2012 17:33:11] - |D| - [13811953] - C:\Program Files (x86)\Common Files\Intel
[01/02/2012 17:42:07] - |D| - [70684086] - C:\Program Files (x86)\Common Files\Intel Corporation
[24/07/2017 22:39:58] - |D| - [1941064] - C:\Program Files (x86)\Common Files\Java
[13/07/2009 22:20:08] - |D| - [205749452] - C:\Program Files (x86)\Common Files\microsoft shared
[03/06/2012 18:33:03] - |D| - [16035234] - C:\Program Files (x86)\Common Files\Nitro PDF
[01/02/2012 17:32:36] - |D| - [161212] - C:\Program Files (x86)\Common Files\postureAgent
[01/02/2012 17:40:03] - |D| - [4617163] - C:\Program Files (x86)\Common Files\Samsung
[13/07/2009 22:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[23/02/2017 08:09:37] - |D| - [2574296] - C:\Program Files (x86)\Common Files\Skype
[13/07/2009 22:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines
[12/05/2015 13:03:42] - |D| - [569024] - C:\Program Files (x86)\Common Files\Steam
[13/07/2009 22:20:08] - |D| - [10488867] - C:\Program Files (x86)\Common Files\System
[01/02/2012 18:17:02] - |D| - [1260206831] - C:\Program Files (x86)\Common Files\Windows Live
---------- | C:\Program Files\Common files
[25/10/2013 22:11:00] - |D| - [560] - C:\Program Files\Common files\CANON
[11/11/2013 19:55:52] - |D| - [330944] - C:\Program Files\Common files\EPSON
[01/02/2012 17:33:12] - |D| - [30853630] - C:\Program Files\Common files\Intel
[13/07/2009 22:20:08] - |D| - [83295708] - C:\Program Files\Common files\Microsoft Shared
[03/06/2012 18:33:04] - |D| - [13396394] - C:\Program Files\Common files\Nitro PDF
[13/07/2009 22:20:08] - |D| - [2702] - C:\Program Files\Common files\Services
[13/07/2009 22:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines
[13/07/2009 22:20:08] - |D| - [12145651] - C:\Program Files\Common files\System
---------- | Tasks
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 00:08:49] - |AH| - [6] - C:\windows\Tasks\SA.DAT
[MD5.BDA50892CA0F022DC0BC688BEA595699] - [14/07/2009 00:08:49] - |A| - [32548] - C:\windows\Tasks\SCHEDLGU.TXT
[MD5.95D2F4DD5F0970D49CCABFE8B0D3156C] - [26/04/2017 19:58:41] - |A| - [4476] - C:\windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.855FD8364D820E4F612D145F38ADC52C] - [20/08/2017 13:35:32] - |A| - [4474] - C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_ 0_0_130_pepper.exe
[MD5.B1E95243608B6B622202A2EA4B0F9216] - [20/08/2017 13:35:32] - |A| - [4324] - C:\windows\System32\Tasks\Adobe Flash Player Updater : C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
[MD5.086987E8DF4B930CB9690FBECF155D99] - [23/02/2017 16:46:58] - |A| - [2792] - C:\windows\System32\Tasks\CCleanerSkipUAC : “C:\Program Files\CCleaner\CCleaner.exe”
[MD5.EF3A66D2E608C3C017B2168A7C8C192F] - [05/04/2017 21:14:24] - |A| - [3202] - C:\windows\System32\Tasks\GoogleUpdateTaskMachineC ore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.4158805613FF9EC6EBD6AB1A112995D3] - [05/04/2017 21:14:25] - |A| - [3330] - C:\windows\System32\Tasks\GoogleUpdateTaskMachineU A : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [13/07/2009 22:20:13] - |D| - [247776] - C:\windows\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [01/06/2012 06:49:03] - |D| - [4392] - C:\windows\System32\Tasks\OfficeSoftwareProtection Platform
[MD5.E19FBA42DAB689DEBABDEF29B8EB5E74] - [01/02/2012 17:38:29] - |A| - [2994] - C:\windows\System32\Tasks\WifiManager : “%programfiles(x86)%\Samsung\Easy Display Manager\WifiManager.exe”
[MD5.00000000000000000000000000000000] - [14/07/2009 00:09:57] - |D| - [4478] - C:\windows\System32\Tasks\WPD
[MD5.501871642E0A31B6193596B2E053EBE6] - [18/07/2013 20:59:39] - |A| - [2988] - C:\windows\System32\Tasks{64A7C46F-B7BD-458F-BCF2-57372439E14B} : C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
[MD5.501871642E0A31B6193596B2E053EBE6] - [18/07/2013 20:59:40] - |A| - [2988] - C:\windows\System32\Tasks{C30423AA-F180-40E1-8A14-3F221956945A} : C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
[MD5.00000000000000000000000000000000] - [13/07/2009 22:20:14] - |D| - [0] - C:\windows\Syswow64\Tasks\Microsoft
---------- | Firewall
[HKLM\SYSTEM\CurrentControlSet\Services\sharedacces s\Parameters\FirewallPolicy\FirewallRules]
“Netlogon-NamedPipe-In”=v2.10|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
“TCP Query User{AAF3E441-D6E6-4BA2-8F3E-F4F2EA6D5309}C:\program files (x86)\google\chrome\application\chrome.exe”=v2.10| Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile =Private|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Go ogle Chrome|Desc=Google Chrome|Defer=User|
“UDP Query User{988FD355-F579-4EBB-BD1B-A08E7B81AC89}C:\program files (x86)\google\chrome\application\chrome.exe”=v2.10| Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profil e=Private|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Go ogle Chrome|Desc=Google Chrome|Defer=User|
“TCP Query User{E6604BE6-A7FF-4817-A9B3-E1232A13A16F}C:\program files (x86)\google\chrome\application\chrome.exe”=v2.10| Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile =Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Go ogle Chrome|Desc=Google Chrome|
“UDP Query User{C2EFEC6D-1483-471C-AFD7-9772728B61FB}C:\program files (x86)\google\chrome\application\chrome.exe”=v2.10| Action=Block|Active=TRUE|Dir=In|Protocol=17|Profil e=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Go ogle Chrome|Desc=Google Chrome|
“{FCCA4305-A5D9-45CA-BC8A-D0C161C362D9}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Go ogle Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|
---------- | Control\Class
[HKLM\SYSTEM\CurrentControlSet\Control\Class{027A83 8E-7356-4A2F-A5BF-25A2A2C33FCC}] : (WiMAX) → @oem12.inf,%ClassName%;Intel(R) Centrino(R) WiMAX adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{034F6F B2-1BCC-41C9-9FD2-DBB357DE0838}] : (WIDI) → @oem21.inf,%ClassName%;Intel(R) Wireless Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class{0475BB 51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{126476 0F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{24A0C8 40-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{25DBCE 51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) → @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class{36FC9E 60-C465-11CF-8056-444553540000}] : (USB) → @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4116F6 0B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{43675D 81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) → @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4658EE 7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) → @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48721B 56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) → @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class{49CE6A C8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) → @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 65-E325-11CE-BFC1-08002BE10318}] : (CDROM) → @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 66-E325-11CE-BFC1-08002BE10318}] : (Computer) → @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 67-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) → @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 68-E325-11CE-BFC1-08002BE10318}] : (Display) → @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 69-E325-11CE-BFC1-08002BE10318}] : (fdc) → @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6A-E325-11CE-BFC1-08002BE10318}] : (hdc) → @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) → @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) → @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6D-E325-11CE-BFC1-08002BE10318}] : (Modem) → @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6E-E325-11CE-BFC1-08002BE10318}] : (Monitor) → @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6F-E325-11CE-BFC1-08002BE10318}] : (Mouse) → @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 70-E325-11CE-BFC1-08002BE10318}] : (MTD) → @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 71-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) → @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 72-E325-11CE-BFC1-08002BE10318}] : (Net) → @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 73-E325-11CE-BFC1-08002BE10318}] : (NetClient) → @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 74-E325-11CE-BFC1-08002BE10318}] : (NetService) → @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 75-E325-11CE-BFC1-08002BE10318}] : (NetTrans) → @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 77-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) → @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 78-E325-11CE-BFC1-08002BE10318}] : (Ports) → @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 79-E325-11CE-BFC1-08002BE10318}] : (Printer) → @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 7B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) → @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 7D-E325-11CE-BFC1-08002BE10318}] : (System) → @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 7E-E325-11CE-BFC1-08002BE10318}] : (Unknown) → @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 80-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) → @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50127D C3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) → @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50906C B8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) → @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class{509994 4A-F6B9-4057-A056-8C550228544C}] : (Memory) → @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50DD52 30-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) → @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5175D3 34-C371-4806-B3BA-71FD53C9258D}] : (Sensor) → @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{533C5B 84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) → @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53D29E F7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) → @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class{59F44B 03-CCD2-460B-ACD8-53CBF375D174}] : (GEARAspiWDM) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6BDD1F C1-810F-11D0-BEC7-08002BE2092F}] : (1394) → @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6BDD1F C5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) → @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6BDD1F C6-810F-11D0-BEC7-08002BE2092F}] : (Image) → @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6D8078 84-7D21-11CF-801C-08002BE10318}] : (TapeDrive) → @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6FAE73 B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71A27C DD-812A-11D0-BEC7-08002BE2092F}] : (Volume) → @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class{72631E 54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) → @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{745A17 A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) → @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{7EBEFB C0-3200-11D2-B4C2-00A0C9697D07}] : (61883) → @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8ECC05 5D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) → @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{990A2B D7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) → @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{997B5D 8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) → @%systemroot%\system32\AuxiliaryDisplayClassInstal ler.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A0A588 A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) → @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class{BC1037 02-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) → @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class{C06FF2 65-AE09-48F0-812C-16753D7CBA83}] : (AVC) → @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class{C30ECE A0-11EF-4EF9-B02E-6AF81E6E65C0}] : (WSDPrintDevice) → @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class{CE5939 AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) → @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{D48179 BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) → @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class{D61CA3 65-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) → @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{D94EE5 D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) → @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class{DB4F6D DD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) → @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class{E0CBF0 6C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) → @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{EEC5AD 98-8080-425F-922A-DABF3DE3F69A}] : (WPD) → @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] → ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] → elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] → ElsLad.dll (Copyright (c) Microsoft Corporation.)
---------- | Loaded modules (whitelist)
[02/12/2010 23:55:32] - (2.0.30.0) - (Renesas Electronics Corporation - USB 3.0 Host Controller Driver) - C:\windows\system32\DRIVERS\nusb3xhc.sys
[01/02/2012 20:24:23] - (10.0.0.9) - (ELAN Microelectronics Corp. - ETD Kernel Center) - C:\windows\system32\DRIVERS\ETD.sys
[02/12/2010 23:55:32] - (2.0.30.0) - (Renesas Electronics Corporation - USB 3.0 Hub Driver) - C:\windows\system32\DRIVERS\nusb3hub.sys
---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service
R0 - [Kernel Driver] - ACPI (Microsoft ACPI Driver) → system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () → system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (IDE Channel) → system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) → System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () → System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Compbatt (Microsoft Composite Battery Driver) → system32\DRIVERS\compbatt.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Disk Driver) → system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) → system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) → system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) → System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) → System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iaStor (Intel AHCI Controller) → system32\DRIVERS\iaStor.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () → System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () → System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) → System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
S0 - [File System Driver] - MpFilter (Microsoft Malware Protection Driver) → system32\DRIVERS\MpFilter.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - msahci () → system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () → system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) → System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) → system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) → System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (PCI Bus Driver) → system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) → System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) → System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - spldr (Security Processor Loader Driver) → (?) - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) → System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Microsoft Virtual Drive Enumerator Driver) → system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Volume Manager Driver) → system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) → System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Storage volumes) → system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) → system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) → \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () → system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (CD-ROM Driver) → system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) → System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) → System32\drivers\discache.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Msfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) → system32\DRIVERS\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) → system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) → System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) → system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) → system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) → system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) → System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) → system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) → system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - SABI (SAMSUNG Kernel Driver For Windows 7) → ??\C:\windows\system32\Drivers\SABI.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) → system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Terminal Device Driver) → system32\DRIVERS\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () → \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VWiFiFlt (Virtual WiFi Filter Driver) → system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) → system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) → system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
S2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) → system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) → \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - PEAUTH (PEAUTH) → system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) → system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) → System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - TurboB (Turbo Boost UI Monitor driver) → system32\DRIVERS\TurboB.sys - AcceptPause: False - AcceptStop: False
---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)
---------- | Uninstall (Whitelist)
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE40] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IEData] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WIC] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}] : (Intel(R) PROSet/Wireless WiFi Software.-.Intel Corporation) → MsiExec /I{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{28EF7372-9087-4AC3-9B9F-D9751FCDF830}] : (Intel(R) Wireless Display.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{5C1DA3D9-F590-4317-A4FB-274F658E504B}] : (Intel® PROSet/Wireless WiMAX Software.-.Intel Corporation) → MsiExec.exe /X{5C1DA3D9-F590-4317-A4FB-274F658E504B}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{7B72A3FB-2563-4A83-B054-98C57415DFFA}] : (Nitro Reader 2.-.Nitro PDF Software) → MsiExec.exe /X{7B72A3FB-2563-4A83-B054-98C57415DFFA}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{8C775E70-A791-4DA8-BCC3-6AB7136F4484}] : (Visual Studio 2012 x64 Redistributables.-.AVG Technologies) → MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}] : (Intel(R) Turbo Boost Technology Monitor 2.0.-.Intel) → MsiExec.exe /X{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{FBBC4667-2521-4E78-B1BD-8706F774549B}] : (Best Buy pc app.-.Best Buy) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe Flash Player ActiveX] : (Adobe Flash Player 27 ActiveX.-.Adobe Systems Incorporated) → C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_ 0_0_130_ActiveX.exe -maintain activex
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 27 NPAPI.-.Adobe Systems Incorporated) → C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_ 0_0_130_Plugin.exe -maintain plugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe Flash Player PPAPI] : (Adobe Flash Player 27 PPAPI.-.Adobe Systems Incorporated) → C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_ 0_0_130_pepper.exe -maintain pepperplugin
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Data Loader] : (Data Loader.-.salesforce.com) → C:\Program Files (x86)\salesforce.com\Data Loader\Uninstaller.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE40] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IEData] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield Uninstall Information] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\McAfee Security Scan] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Toolwiz Smart Defrag FREE_is1] : (Toolwiz Smart Defrag 2011.-.Toolwiz.com.) → “C:\Program Files (x86)\Toolwiz Smart Defrag FREE\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WIC] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1BB8304A-BAFD-4339-B8D7-2BB31F85DADA}] : (Mission Planner.-.Michael Oborne) → MsiExec.exe /X{1BB8304A-BAFD-4339-B8D7-2BB31F85DADA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F32180141F0}] : (Java 8 Update 141.-.Oracle Corporation) → MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180141F0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83217045FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{2DDC70C1-C77A-4D08-89D2-9AB648504533}] : (Easy Content Share.-.Samsung Electronics Co., LTD) → MsiExec.exe /I{2DDC70C1-C77A-4D08-89D2-9AB648504533}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}] : (QuickTime 7.-.Apple Inc.) → MsiExec.exe /I{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}] : (Norton Online Backup.-.Symantec Corporation) → MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{5442DAB8-7177-49E1-8B22-09A049EA5996}] : (Renesas Electronics USB 3.0 Host Controller Driver.-.Renesas Electronics Corporation) → MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{54A4839E-87F8-4BD1-9682-A349E9943F0A}] : (Amazon Unbox Video.-.Amazon.com) →
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) → MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{63B5DA5A-477B-438D-A6A0-118787A4C71B}] : (Adobe AIR.-.Adobe Systems Incorporated) → MsiExec.exe /I{63B5DA5A-477B-438D-A6A0-118787A4C71B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8732818E-CA78-4ACB-B077-22311BF4C0E4}] : (Easy Network Manager.-.Samsung) → MsiExec.exe /I{8732818E-CA78-4ACB-B077-22311BF4C0E4}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}] : (Visual Studio 2012 x86 Redistributables.-.AVG Technologies CZ, s.r.o.) → MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) → MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-0804-1033-1959-001824237067}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-0804-1033-1959-001824237067}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-7AD7-5464-3428-900000000004}] : (Spelling Dictionaries Support For Adobe Reader 9.-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}] : (Почта Windows Live.-.Корпорация Майкрософт) → MsiExec.exe /I{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{BB8B979E-E336-47E7-96BC-1031C1B94561}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C3592426-531E-4110-911D-BFECE2CE284B}] : (puush.-.Dean Herbert) → MsiExec.exe /X{C3592426-531E-4110-911D-BFECE2CE284B}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{CBFD061C-4B27-4A89-ADD8-210316EEFA11}] : (Windows Live Messenger.-.Корпорация Майкрософт) → MsiExec.exe /X{CBFD061C-4B27-4A89-ADD8-210316EEFA11}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}] : (Asmedia ASM104x USB 3.0 Host Controller Driver.-.Asmedia Technology) → MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F687E657-F636-44DF-8125-9FEEA2C362F5}] : (Samsung Support Center 1.0.-.Samsung) → MsiExec.exe /I{F687E657-F636-44DF-8125-9FEEA2C362F5}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F84906ED-BB54-4889-B131-FED9C9056FC8}] : (Intel(R) Wireless Display.-.Intel Corporation) → MsiExec.exe /X{F84906ED-BB54-4889-B131-FED9C9056FC8}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.32.-.Skype Technologies S.A.) → MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{FFD0E594-823B-4E2B-B680-720B3C852588}] : (BatteryLifeExtender.-.Samsung) → MsiExec.exe /I{FFD0E594-823B-4E2B-B680-720B3C852588}
---------- | Ports
---------- | Installer
[HKCR\Installer\Products\046E72916C2A7AB4F834FF2DEA D3CF3F] : Intel(R) PROSet/Wireless WiFi Software → C:\windows\Installer{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\07E577C8197A8AD4CB3CA67B31 F64448] : Visual Studio 2012 x64 Redistributables
[HKCR\Installer\Products\098990BCF5D15D11E99A0005AB 3E711E] : PowerDirector → C:\windows\Installer{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1C07CDD2A77C80D4982DA96B84 055433] : Easy Content Share → C:\windows\Installer{2DDC70C1-C77A-4D08-89D2-9AB648504533}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\38E1FB04BE028D11795C00905C 206085] : Power2Go → C:\windows\Installer{40BF1E83-20EB-11D8-97C5-0009C5020658}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42C6FBF1DF1C10144AB2C065F4 E9E897] : PowerStarter → C:\windows\Installer{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\495E0DFFB328B2E46B0827B0C3 585288] : BatteryLifeExtender → C:\windows\Installer{FFD0E594-823B-4E2B-B680-720B3C852588}_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF22381 10140F] : Java 8 Update 141 → C:\Program Files (x86)\Java\jre1.8.0_141\bin\javaws.exe
[HKCR\Installer\Products\52744B0D6663D294EB6F85A741 DBB99D] : MSVCRT_amd64
[HKCR\Installer\Products\6116D6C8427B0184F8D20D746E 7B6DE8] : Mesh Runtime
[HKCR\Installer\Products\6242953CE135011419D1FBCE2E EC82B4] : puush → C:\windows\Installer{C3592426-531E-4110-911D-BFECE2CE284B}\osunew_0001.ico
[HKCR\Installer\Products\68AB67CA408033019195008142 320776] : Adobe Refresh Manager → C:\windows\Installer{AC76BA86-0804-1033-1959-001824237067}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA73301B744CAF070 E41400] : Adobe Acrobat Reader DC → C:\windows\Installer{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\68AB67CA7DA746454382090000 000040] : Spelling Dictionaries Support For Adobe Reader 9 → C:\windows\Installer{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6FD66A043D225B447A3D381B81 2A0CCD] : Norton Online Backup → C:\windows\Installer{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}\MainIcon.ico
[HKCR\Installer\Products\74A569CF9384AC046B81814F68 0F246C] : Skype™ 7.32 → C:\windows\Installer{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
[HKCR\Installer\Products\756E786F636FFD441852F9EE2A 3C265F] : Samsung Support Center 1.0 → C:\windows\Installer{F687E657-F636-44DF-8125-9FEEA2C362F5}_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\7664CBBF125287E41BDB78607F 4745B9] : Best Buy pc app
[HKCR\Installer\Products\7BD4C90EC03660F46A13E87A32 9932FA] : D3DX10
[HKCR\Installer\Products\7E0BA6F1DDC839B4A832AAE92B EFCF4E] : Junk Mail filter update
[HKCR\Installer\Products\8994BF104C33134458DE70E9E3 FE7ED5] : YouCam → C:\windows\Installer{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8BAD244577171E94B822900A94 AE9569] : Renesas Electronics USB 3.0 Host Controller Driver → C:\windows\Installer{5442DAB8-7177-49E1-8B22-09A049EA5996}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93B0BF4E199C7EE459DDA1A187 753DD3] : Asmedia ASM104x USB 3.0 Host Controller Driver → C:\windows\Installer{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446E B8552E] : Google Update Helper
[HKCR\Installer\Products\9D3AD1C5095F71344ABF72F456 E805B4] : Intel® PROSet/Wireless WiMAX Software → C:\windows\Installer{5C1DA3D9-F590-4317-A4FB-274F658E504B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745 894BAC] : Google Update Helper
[HKCR\Installer\Products\A5AD5B36B774D8346A0A117878 4A7CB1] : Adobe AIR
[HKCR\Installer\Products\A6C64DD86500CEF47BA082BB61 1A1FF1] : MSVCRT
[HKCR\Installer\Products\A91FFE89BA03B4E49B340FB6C1 36BE8F] : Visual Studio 2012 x86 Redistributables
[HKCR\Installer\Products\AE851E081817EF047A1003C16E EB46BA] : MediaShow → C:\windows\Installer{80E158EA-7181-40FE-A701-301CE6BE64AB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\B0AFE77B3DB92214F9A9519A36 5BAE42] : Intel(R) Turbo Boost Technology Monitor 2.0 → C:\windows\Installer{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\BF3A27B7365238A40B45895C47 51FDAF] : Nitro Reader 2 → C:\windows\Installer{7B72A3FB-2563-4A83-B054-98C57415DFFA}\Reader.ico
[HKCR\Installer\Products\C2CBC2D34D56364478BABBC258 C9F1E3] : QuickTime 7 → C:\windows\Installer{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\Installer.ico
[HKCR\Installer\Products\DE532CED4A8571542A874CE1D8 EABAB3] : PowerDVD → C:\windows\Installer{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DE60948F45BB98841B13EF9D9C 50F68C] : Intel(R) Wireless Display → C:\windows\Installer{F84906ED-BB54-4889-B131-FED9C9056FC8}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E818237887ACBCA40B772213B1 4F0C4E] : Easy Network Manager → C:\windows\Installer{8732818E-CA78-4ACB-B077-22311BF4C0E4}_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\E9384A458F781DB469283A949E 49F3A0] : Amazon Unbox Video → C:\windows\Installer{54A4839E-87F8-4BD1-9682-A349E9943F0A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F60730A4A66673047777F57284 67D401] : Java Auto Updater
---------- | ADS
---------- | Drives
Disk: 0 Size=954G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
0 0 07-NTFS 100M Yes No 2,048 204,800
1 1 07-NTFS 374G No No 206,848 765,460,480
2 2 0F-EXTEND 561G No No 765,667,328 147,936,768
3 3 27-UNKNWN 19G No No 913,604,096 39,919,616
---------- | MBR
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: QX311/QX411/QX412/QX511
Logical Drives Mask: 0x0000001c
Analysis of file “C:\QuickDiag\MBR.bin”:
Unknown MBR code
64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin
---------- | 20 LastEventLog
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
[HEADING=1]The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.[/HEADING]
----------( EOF)---------- - 3383 | 21:30:42Comment
-
Hello
[HEADING=1]Uninstall McAfee Security Scan Plus, it’s useless
If you don’t use this, uninstall it too => Norton Online Backup[/HEADING]
I don’t see any infection in your log, just few pieces of uselesses programs
how old is the machine ?Comment
-
It is several years old. It is mostly used for internet and netflix.Comment
-
hello , what was the problem to open Malwarebytes log as you said before ?Comment
-
I wanted to scan the computer for malware. the issue is that something is using all the resources because everything is taking a log time to load. This morning it took me 30 min to open the power options and change the setting to not go to sleep while charging. all of the browsers take a very long time to open, I have tried chrome and firefox. When I left for work this morning I started the computer in normal mode and started FRST to see if it will run. I will post my results.
Thank you for your help.Comment
-
hello okay , we’re gonna try something
do tests with windows updates deactivated in normal mode
==
you can do that too, It’ll be goodest than bad :
Start button => programs => Accessories => Right click “Run as Admin…” on Command prompt , and paste in the black window which will open :
CHKDSK /R %Homedrive%
type enter, accept to do it at the reboot as it’s asked (typing “Y” ) and reboot the computer, and let it work 'till the session’s comeback.
==
See if there’s any changes about the speed of the machineComment
-
Hello no news for us ?Comment
-
Any updates for us @Cory ? After 48 hours this thread will be considered SolvedComment
Comment