BSOD

Scan Result

RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
mail : Support Form | Contact • Adlice Software
Feedback : https://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Gary [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete – Date : 06/24/2017 08:58:15 (Duration : 01:30:01)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Myfree Codec → Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc → Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. → Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Myfree Codec → Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\OCS → Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\SlimWare Utilities Inc → Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Myfree Codec → Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\OCS → Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\SlimWare Utilities Inc → Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Uni nstall\MyFreeCodec → Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Uni nstall\MyFreeCodec → Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 6 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Roaming\DesktopIconForAmazon → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Roaming\DesktopIconForAmazon \desktopicon-chip-amazon.exe → Deleted
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Roaming\Easeware → Deleted
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\ignores.dat → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Images\acer.png → Deleted
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Images → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 12-00-13 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 12-29-15 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 12-54-44 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 14-57-03 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 16-18-37 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 18-26-51 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 19-01-29 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 19-55-39 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-15 15-25-40 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-15 16-55-56 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-15 17-05-17 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-16 07-43-14 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-16 09-05-23 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-16 15-58-31 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-17 22-12-53 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-18 08-56-58 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-18 11-21-47 0.log → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-18 13-20-00 0.log → Deleted
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\rupdates.db → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\settings.db → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\supdates.db → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\SWDUMon.cat → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\SWDUMon.inf → Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\SWDUMon.sys → Deleted
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers → Deleted
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec → Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec\1.0b beta\Uninstall.lnk → Deleted
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec\1.0b beta → Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\MyFree Codec → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\AC-3\ac3dx.ax → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\AC-3\liba52.dll → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\MyFree Codec\1.0b beta\AC-3 → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\avcodec-52.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\avcore-0.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\avformat-52.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\avutil-50.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\FF_MPEG.DLL → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\FF_MPEG.INI → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\MyFree.ax → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\pthreadGC2.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\swscale-0.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\TG_EVRC.DLL → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\TG_MMX.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\TG_QCELP.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\TG_VRESIZE.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\TG_WMVP.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\uninstall.exe → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\XVID-CORE\xvidcore.dll → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\MyFree Codec\1.0b beta\XVID-CORE → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\MyFree Codec\1.0b beta → Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
— User —
[MBR] af1b9da02c24cb6fefd2ab5a04d3c547
[BSP] 6e038441c2ac2aadff7dbe7b585d4766 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User = LL1 … OK
User = LL2 … OK

+++++ PhysicalDrive1: ST31500341AS ATA Device +++++
— User —
[MBR] 5b57f41e710b37be9aeeb294ed7e635c
[BSP] 18588aec1a500dff30f877d6f5f7ae3e : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 7 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 1430789 MB
User = LL1 … OK
User = LL2 … OK

+++++ PhysicalDrive2: Verbatim STORE N GO USB Device +++++
— User —
[MBR] 45841a763801b1eaad364745e39770a8
[BSP] a3a9795d7dbcf2ffdeed0f168e61d95b : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 14782 MB
User = LL1 … OK
Error reading LL2 MBR! ([32] The request is not supported. )

[HEADING=1]Checking for update[/HEADING]
[HEADING=1][ ]
[ Junkware Removal Tool (JRT) by Malwarebytes ]
[ Version 8.1.3 (04.10.2017) ]
[ Information about this tool can be found at ]
[ www.malwarebytes.com ]
[ ]
[ This software is free to download and use ]
[ ]
[ Please save any unsaved work before proceeding as ]
[ the program will terminate most applications during cleanup ]
[ ]
[ ]
[ ** DISCLAIMER ** ]
[ ]
[ This software is provided “as is” without ]
[ warranty of any kind. You may use this software ]
[ at your own risk. ]
[ ]
[ Click the in the top-right corner of this window ]
[ if you wish to exit. Otherwise, ][/HEADING]
Press any key to continue . . .

Requesting restore point… SUCCESS
Validating restore point… FAILED 0x80070002

Restore point creation encountered an error.
If you would like to continue anyway,
Press any key to continue . . .

I’ll continue anyway then.
File System: 3

Successfully deleted: C:\user.js (File)
Successfully deleted: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Prof iles\vc6qe3r0.default\user.js (File)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)

Registry: 0

The post-ADW restart takes it’s time, doesn’t it.
[HEADING=1]AdwCleaner v6.047 - Logfile created 24/06/2017 at 11:19:27[/HEADING]
[HEADING=1]Updated on 19/05/2017 by Malwarebytes[/HEADING]
[HEADING=1]Database : 2017-06-23.1 [Server][/HEADING]
[HEADING=1]Operating System : Windows 10 Pro (X64)[/HEADING]
[HEADING=1]Username : Gary - HOME_PC[/HEADING]
[HEADING=1]Running from : C:\Users\Gary\Desktop\adwcleaner_6.047.exe[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]Support : Malwarebytes Help Center[/HEADING]
***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Auslogics
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Auslogics
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[-] Folder deleted: C:\Program Files (x86)\SlimDrivers
[-] Folder deleted: C:\Program Files (x86)\Auslogics

***** [ Files ] *****

[-] File deleted: C:\Users\Public\Desktop\SlimDrivers.lnk

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{746AB259-6474-4111-8966-1C62F9A6E063}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\952BA6474 74611149866C1269F6A0E36
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\952BA6474 74611149866C1269F6A0E36
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\952BA6474 74611149866C1269F6A0E36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\952BA6474 74611149866C1269F6A0E36
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\uk.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\uk.ask.com

***** [ Web browsers ] *****

[-] [C:\Users\Gary\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: yahoo! powered
[-] [C:\Users\Gary\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=mnn_easus_16_31&param1=1&para m2=f%3D7%26b%3Dchmm%26cc%3Dgb%26pa%3DMinio%26cd%3D 2XzuyEtN2Y1L1QzutBtD0C0FtAtDyD0CyE0FtB0F0CyCtB0BtN 0D0Tzu0StCyCyByBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1S tN1L1G1B1V1N2Y1L1Qzu2StD0EyC0AtDtD0AtDtGtC0EzztAtG yEyEtD0AtGtB0BtD0AtGyCtC0D0FtA0C0AyBtByByD0D2QtN1M 1F1B2Z1V1N2Y1L1Qzu2SyE0B0A0DtCyByE0AtG0DtD0A0BtGyE zztCyEtG0ByDzzyDtG0AtBtAzzyCzztDtAtC0C0CtD2QtN0A0L zuyE%26cr%3D793568377%26a%3Dmnn_easus_16_31%26os_v er%3D10.0%26os%3DWindows%2B10%2BPro&uref=chmm
[-] [C:\Users\Gary\AppData\Local\Chromium\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\Gary\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=mnn_easus_16_31&param1=1&para m2=f%3D1%26b%3Dchmm%26cc%3Dgb%26pa%3DMinio%26cd%3D 2XzuyEtN2Y1L1QzutBtD0C0FtAtDyD0CyE0FtB0F0CyCtB0BtN 0D0Tzu0StCyCyByBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1S tN1L1G1B1V1N2Y1L1Qzu2StD0EyC0AtDtD0AtDtGtC0EzztAtG yEyEtD0AtGtB0BtD0AtGyCtC0D0FtA0C0AyBtByByD0D2QtN1M 1F1B2Z1V1N2Y1L1Qzu2SyE0B0A0DtCyByE0AtG0DtD0A0BtGyE zztCyEtG0ByDzzyDtG0AtBtAzzyCzztDtAtC0C0CtD2QtN0A0L zuyE%26cr%3D793568377%26a%3Dmnn_easus_16_31%26os_v er%3D10.0%26os%3DWindows%2B10%2BPro&uref=chmm
[-] [C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: autostitch.en.softonic.com
[-] [C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: knctr.en.softonic.com
[-] [C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej

---

:: “Tracing” keys deleted
:: Winsock settings cleared

---

C:\AdwCleaner\AdwCleaner[C0].txt - [5188 Bytes] - [24/06/2017 11:19:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [4635 Bytes] - [24/06/2017 11:18:06]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5334 Bytes] ##########

I see that the free one on the left is the 14 day pro trial. Normally I’d download the non-trial free version of Malwarebytes. I trust it simply reverts to that at the end.
(Ah I see you tell me I shall be able to untick the trial on installation. Ok.) Oh, didn’t see the opt out so I’m on the pro trial; I’ll worry about that in 14 days then.

Hmm not enthralled by the hits. One is the installation file for the slimdrivers that, as mentioned earlier, were used when investigating the graphics driver issue which is where I started trying to find a cause of the crashes in the previous thread. An installation file isn’t going to do anything so I think I’ll leave that. Then there is the game cheat thing which is very rarely used, and only to extend interest in a game I’ve otherwise grown bored of. I’ll let it remove that but seems a pity.

ZHP Diag Fix seems to end with two windows full of info.
This in the main window :

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d’export Registre : C:\Users\Gary\AppData\Roaming\ZHP\ZHPExportRegistr y-24-06-2017-12-50-28.txt
Run by Gary at 24/06/2017 12:45:58
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (14393)

Recycle Bin emptied (04mn 27s)
Prefetcher emptied
Repair of browser shortcuts

========== Software ==========
ABSENT Uninstall Process: c:\users\gary\appdata\local{6ab85ce4-4e10-305c-2388-15b407e0e92c}\uninstall.exe

========== Process memory ==========
REMOVES: Memory Process: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\YahooPowered]
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
REMOVES: HKCU\SOFTWARE\roamingdevice

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage
REMOVES: C:\Users\Gary\AppData\Local\Setup458648171
REMOVES: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\BadCopy Pro
REMOVES: C:\Users\Gary\AppData\Roaming\uTorrent
Deletes temporary Windows (0)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES Reboot: c:\windows\system32\tasks\onedrive standalone update task
REMOVES Reboot: c:\windows\system32\tasks\onedrive standalone update task v2
REMOVES Reboot: c:\windows\system32\tasks{a28d6e9f-11d1-4b79-a0d8-7ccb20f69972}
REMOVES: C:\WINDOWS\Installer\1b26aa.msi
REMOVES: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.loca lstorage
REMOVES: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Prof iles\vc6qe3r0.default\extensions{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
REMOVES: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.broadbandspeedchecker.co.uk_0.localstorage
Deletes temporary Windows (0) (0 octets)

========== System restore ==========
The system successfully created restore point

========== Summary ==========
1 : Process memory
3 : Registry keys
6 : Registry values
6 : Folders
9 : Files
1 : Software
1 : System restore

End of clean in 07mn 38s

========== Path to file report ==========
C:\Users\Gary\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/06/2017 12:50:27 [2642]

This in the text file :

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d’export Registre :
Run by Gary at 24/06/2017 12:45:58
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (14393)

Recycle Bin emptied (04mn 27s)
Prefetcher emptied
Repair of browser shortcuts

========== Software ==========
ABSENT Uninstall Process: c:\users\gary\appdata\local{6ab85ce4-4e10-305c-2388-15b407e0e92c}\uninstall.exe

========== Process memory ==========
REMOVES: Memory Process: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\YahooPowered]
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
REMOVES: HKCU\SOFTWARE\roamingdevice

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage
REMOVES: C:\Users\Gary\AppData\Local\Setup458648171
REMOVES: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\BadCopy Pro
REMOVES: C:\Users\Gary\AppData\Roaming\uTorrent
Deletes temporary Windows (0)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES Reboot: c:\windows\system32\tasks\onedrive standalone update task
REMOVES Reboot: c:\windows\system32\tasks\onedrive standalone update task v2
REMOVES Reboot: c:\windows\system32\tasks{a28d6e9f-11d1-4b79-a0d8-7ccb20f69972}
REMOVES: C:\WINDOWS\Installer\1b26aa.msi
REMOVES: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.loca lstorage
REMOVES: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Prof iles\vc6qe3r0.default\extensions{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
REMOVES: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.broadbandspeedchecker.co.uk_0.localstorage
Deletes temporary Windows (0) (0 octets)

========== System restore ==========
The system successfully created restore point

========== Summary ==========
1 : Process memory
3 : Registry keys
6 : Registry values
6 : Folders
9 : Files
1 : Software
1 : System restore

End of clean in 07mn 38s

========== Path to file report ==========
C:\Users\Gary\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/06/2017 12:50:27 [2642]

SuperAntiSpyware was mainly for ferreting out nosey cookie tracking. Does Zemana do the same ?

Turn off Windows Defender, now enabled.

Running Zemana at present, so loathe to start the Hijack This yet, if everything needs to be closed. Will start it when I can. It isn’t keen on slimdrivers nor winiso.

Wow that was some task selecting all those. Rebooting now, but I need to be off after. Will need to re-engage Tuesday/Wednesday time. Thanks for the advice.

No, but if you run CCleaner then it will clean those cookies that you speak of.

Last time I let CCleaner loose on the cookies it removed loads of useful cookies also. I’ll try to check out the settings.

Ccleaner has the option to keep any cookies that you wish.

Go to options.
Cookies.
[MEDIA=imgur]cAX8Kha[/MEDIA]

Chkdsk started. Presently seems permanently on 12% complete.
Ah well, thank goodness for the tablet

Wow, still at 12%. Will need to let it run overnight then.

By the way, I’m aware ccleaner allows one to protect specific cookies, but the problem us one needs to know which and add them to the safe list individually. SAS was meant to know the sharing spying cookies without further knowledge/action by the user.

Ok, just reinstall SAS when done here.

It may need to run overnight as you suggested, this is not uncommon... So do not worry.

I thought it’d be 20 to 30 minutes but it was hours. Well it must’ve done something (unsure what it found if anything) because I came down to MS telling me I have to check my privacy settings before they upgrade soon. I’ll try the other thing now and update this post when I have something.

It was running behind another window but when I minimised the window it seems to have disappeared !
Can’t see any report on the desktop. May have to run it again. Makes me nervous to have the AV off all this time.

Darn, just noticed that Zemana was still running. Exited it. But this QuickDiag seems to be stuck at 40%. I noted the icon flashing a red cross and the menu from it held little save for a pause instruction which was ticked (it always looks ticked !!!) so I clicked on that and the flashing red cross went; but I’m still waiting for it to progress past 40%. Ah, as I type, it seems to have decided to start again. … Well I state that but it seems to be just flashing in yellow the same filename or reference (6AB85CE4-4E10-305C-2388-15B407E0E92C) in parentheses continually, mimicking progress, but staying at 40%.

This seems ridiculous. I’ll give it another 10 minutes to do something, then I’ll have to stop it. As usual I’m off later tomorrow, can’t be running this forever for no progress. Typical. I type this, look back, and it’s finally changed to C: drive path/filenames. At last !

Ok I notice it’s closed. Pity it doesn’t remain open to indicate finished. This time there is a file; attached.

Thanks for the help.
--------------- QuickDiag | g3n-h@ckm@n | V3_24.06.17.2 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 30/06/2017 09:21:02

Updated 24/06/2017 | 17.20 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+00:00) Dublin, Edinburgh, Lisbon, London
[Gary (Administrator)] - [HOME_PC] (S-1-5-21-3536061241-6043831-2542719734-1001)

System: Microsoft Windows 10 Pro - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0809) → (1607)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Pro|C:\WINDOWS|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: System Product Name - System manufacturer - IdNumber: System Serial Number - UUID: 1F00C620-00C6-0300-498D-20CF305C4F2F
Processor : X64 - 2806 Mhz - Intel(R) Core™ i7 CPU 930 @ 2.80GHz
BIOS Date: 08/06/12 09:44:07 Ver: 08.00.15 - en|US|iso8859-1 - American Megatrends Inc. - S/N: System Serial Number - 0803 - 080612 - 20120806
CoreTemp : ? Celsius

----------| Quick

---------- | SoundDevice

High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0889&SUBSYS_104383C0& REV_1000\4&24EAAE2F&0&0001
High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0010&SUBSYS_10DE0101& REV_1001\5&3279DAE2&0&0001
High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0010&SUBSYS_10DE0101& REV_1001\5&3279DAE2&0&0101
High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0010&SUBSYS_10DE0101& REV_1001\5&3279DAE2&0&0201
High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0010&SUBSYS_10DE0101& REV_1001\5&3279DAE2&0&0301

---------- | Video

NVIDIA GeForce GTX 470 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_0c385245f4e4f578\nvd3dumx,C:\WINDO WS\System32\DriverStore\FileRepository\nv_dispi.in f_amd64_0c385245f4e4f578\nvwgf2umx,C:\WINDOWS\Syst em32\DriverStore\FileRepository\nv_dispi.inf_amd64 _0c385245f4e4f578\nvwgf2umx,C:\WINDOWS\System32\Dr iverStore\FileRepository\nv_dispi.inf_amd64_0c3852 45f4e4f578\nvwgf2umx,C:\WINDOWS\System32\DriverSto re\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f 578\nvd3dum,C:\WINDOWS\System32\DriverStore\FileRe pository\nv_dispi.inf_amd64_0c385245f4e4f578\nvwgf 2um,C:\WINDOWS\System32\DriverStore\FileRepository \nv_dispi.inf_amd64_0c385245f4e4f578\nvwgf2um,C:\W INDOWS\System32\DriverStore\FileRepository\nv_disp i.inf_amd64_0c385245f4e4f578\nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_06CD&SUBSYS_115319DA&REV_A3\4&2F1 C4782&0&0018 - AdapterCompatibility: NVIDIA - RAM: 1342177280
Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 470 - DriverVersion: 21.21.13.7872 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\rtvcvfw64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 246272 - Manufacturer: - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:26 %
CPU #2 value:7 %
CPU #3 value:7 %
CPU #4 value:26 %
CPU #5 value:63 %
CPU #6 value:1 %
CPU #7 value:44 %
CPU #8 value:1 %
Total Overall CPU Usage value:22 %

---------- | Network

Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.lan : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall → SEND Maxium:22 bytes/sec, / RECEIVE Maximum:0 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Kaspersky Security Data Escort Adapter - Ethernet 802.3 - Kaspersky Security Data Escort Provider - Status: - PnPID : ROOT\NET\0000
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller - Ethernet 802.3 - Marvell - Status: - PnPID : PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&18A BAD59&0&00E2
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE
Microsoft ISATAP Adapter - - - Status: - PnPID :
WAN Miniport (SSTP) - - - Status: - PnPID :
WAN Miniport (IKEv2) - - - Status: - PnPID :
WAN Miniport (L2TP) - - - Status: - PnPID :
WAN Miniport (PPTP) - - - Status: - PnPID :
WAN Miniport (PPPOE) - - - Status: - PnPID :
WAN Miniport (IP) - - - Status: - PnPID :
WAN Miniport (IPv6) - - - Status: - PnPID :
WAN Miniport (Network Monitor) - - - Status: - PnPID :
Remote NDIS Compatible Device - - - Status: - PnPID :

---------- | Memory

RAM = Total (MB) : 25157 | Free (MB) : 19964
Pagefile = Total (MB) : 57925 | Free (MB) : 51279
Virtual = Total (MB) : 4194 | Free (MB) : 3925

Physical Memory 0 : Capacity: 4294967296 - DIMM0 - Posit.: - Manufacturer: Manufacturer00 - PartNumber: ModulePartNumber00 - S/N: SerNum00
Physical Memory 1 : Capacity: 4294967296 - DIMM1 - Posit.: - Manufacturer: Manufacturer01 - PartNumber: ModulePartNumber01 - S/N: SerNum01
Physical Memory 2 : Capacity: 4294967296 - DIMM2 - Posit.: - Manufacturer: Manufacturer02 - PartNumber: ModulePartNumber02 - S/N: SerNum02
Physical Memory 3 : Capacity: 4294967296 - DIMM3 - Posit.: - Manufacturer: Manufacturer03 - PartNumber: ModulePartNumber03 - S/N: SerNum03
Physical Memory 4 : Capacity: 4294967296 - DIMM4 - Posit.: - Manufacturer: Manufacturer04 - PartNumber: ModulePartNumber04 - S/N: SerNum04
Physical Memory 5 : Capacity: 4294967296 - DIMM5 - Posit.: - Manufacturer: Manufacturer05 - PartNumber: ModulePartNumber05 - S/N: SerNum05

---------- | SID Users

Administrator : [S-1-5-21-3536061241-6043831-2542719734-500]
DefaultAccount : [S-1-5-21-3536061241-6043831-2542719734-503]
Gary : [S-1-5-21-3536061241-6043831-2542719734-1001]
Guest : [S-1-5-21-3536061241-6043831-2542719734-501]
HomeGroupUser$ : [S-1-5-21-3536061241-6043831-2542719734-1002]
Access Control Assistance Operators : [S-1-5-32-579]
Administrators : [S-1-5-32-544]
Backup Operators : [S-1-5-32-551]
Cryptographic Operators : [S-1-5-32-569]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
Hyper-V Administrators : [S-1-5-32-578]
IIS_IUSRS : [S-1-5-32-568]
Network Configuration Operators : [S-1-5-32-556]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Power Users : [S-1-5-32-547]
Remote Desktop Users : [S-1-5-32-555]
Remote Management Users : [S-1-5-32-580]
Replicator : [S-1-5-32-552]
System Managed Accounts Group : [S-1-5-32-581]
Users : [S-1-5-32-545]
Debugger Users : [S-1-5-21-3536061241-6043831-2542719734-1003]
HomeUsers : [S-1-5-21-3536061241-6043831-2542719734-1000]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ → [Fixed] | | Total : 930.97 Go | Free : 415.61 Go → NTFS [ATA]
D:\ → [CDROM] | [CDROM] | Total : 0.01 Go | Free : 0 Go → CDFS [ATAPI]
E:\ → [Fixed] | [drive partition 2] | Total : 244.14 Go | Free : 77.69 Go → NTFS [ATA]
F:\ → [Fixed] | [drive partition 3] | Total : 244.14 Go | Free : 26.58 Go → NTFS [ATA]
H:\ → [Fixed] | [drive partition 4] | Total : 244.14 Go | Free : 240 Go → NTFS [ATA]
I:\ → [Fixed] | [drive partition 5] | Total : 244.14 Go | Free : 1.99 Go → NTFS [ATA]
J:\ → [Fixed] | [drive partition 6] | Total : 176.57 Go | Free : 45.29 Go → NTFS [ATA]
K:\ → [Removable] | [STORE N GO] | Total : 14.42 Go | Free : 13.49 Go → FAT32 [USB]
L:\ → [Fixed] | [System Reserved] | Total : 0.1 Go | Free : 0.02 Go → NTFS [ATA]
N:\ → [Fixed] | [drive partition 1] | Total : 244.14 Go | Free : 244.01 Go → NTFS [ATA]
O:\ → [Fixed] | [drive partition 0] | Total : 0.01 Go | Free : 0 Go → NTFS [ATA]

Disk Usage Information [3 total Physical Disks]

Physical Drive #1 [O:, N:, E:, F:, H:, I:, J:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Physical Drive #0 [L:, C:] : Read:0 bytes/sec, Written:5,179,371 bytes/sec Max Read:0 bytes/sec, Max Write:5,179,371 bytes/sec
Physical Drive #2 [K:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:5,179,371 bytes/sec

DeviceID: \.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 7 Part. - PnPID : IDE\DISKST31500341AS____________________________CC 1H____\6&18B26658&0&0.0.0
DeviceID: \.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : IDE\DISKHITACHI_HDS721010CLA332_________________JP 4OA3EA\5&2AFB53D3&0&0.0.0
DeviceID: \.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_PMAP \070B3B1A06A9ED30&0

---------- | Windows updates

Test 1 : Windows Is Activated

---------- | Browsers

IE : 11.0.14393.953 (© Microsoft Corporation.)
FF : 54.0.0.6368 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 59.0.3071.115 (Copyright 2016 Google Inc.)

Default : “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” -osint -url “”

---------- | FlashPlayer

FlashPlayer ActiveX : 26.0.0.120
FlashPlayer Plugin : 26.0.0.131

---------- | Security

AV : Malwarebytes Enabled
AS : Windows Defender Disabled
FW : Kaspersky Total Security Disabled
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

712 | [Owner : SYSTEM | Parent : 4(System) | ???] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 12:42:27] CPU Usage:0 %
944 | [Owner : SYSTEM | Parent : 928() | ???] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 12:42:27] CPU Usage:0 %
148 | [Owner : SYSTEM | Parent : 928() | ???] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 12:42:27] CPU Usage:0 %
796 | [Owner : SYSTEM | Parent : 1016() | ???] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 12:42:27] CPU Usage:0 %
900 | [Owner : SYSTEM | Parent : 1016() | 9.92 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.14393.1198) = C:\Windows\System32\winlogon.exe [11/05/2017 09:14:07] CPU Usage:0 %
948 | [Owner : SYSTEM | Parent : 148(wininit.exe) | ???] - (.Microsoft Corporation - Services and Controller app.) - (10.0.14393.1198) = C:\Windows\System32\services.exe [11/05/2017 09:14:54] CPU Usage:0 %
1028 | [Owner : SYSTEM | Parent : 148(wininit.exe) | 15.65 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [08/02/2017 18:58:34] CPU Usage:0 %
1124 | [Owner : SYSTEM | Parent : 948(services.exe) | 27.57 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1188 | [Owner : NETWORK SERVICE | Parent : 948(services.exe) | 13.41 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1312 | [Owner : NETWORK SERVICE | Parent : 948(services.exe) | 24.79 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1332 | [Owner : DWM-1 | Parent : 900(winlogon.exe) | 55.02 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.14393.0) = C:\Windows\System32\dwm.exe [16/07/2016 12:42:23] CPU Usage:0 %
1388 | [Owner : SYSTEM | Parent : 948(services.exe) | 170.96 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:6 %
1404 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 26.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1432 | [Owner : SYSTEM | Parent : 948(services.exe) | 60.1 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1656 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 33.4 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1716 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 35.69 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1772 | [Owner : SYSTEM | Parent : 948(services.exe) | 11 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [27/04/2017 16:27:54] CPU Usage:0 %
1780 | [Owner : LOCAL SERVICE | Parent : 1388(svchost.exe) | 8.65 Mo] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe [16/07/2016 12:42:35] CPU Usage:0 %
2204 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 10.31 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2276 | [Owner : SYSTEM | Parent : 948(services.exe) | 6.45 Mo] - (.Logitech, Inc. - Logitech Solar Service (UNICODE).) - (1.10.3.0) = C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [30/01/2013 18:52:10] CPU Usage:0 %
2356 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 12.09 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2460 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 12.21 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2528 | [Owner : SYSTEM | Parent : 948(services.exe) | 13.41 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2700 | [Owner : NETWORK SERVICE | Parent : 948(services.exe) | 7.18 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2708 | [Owner : SYSTEM | Parent : 948(services.exe) | 16.9 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.14393.953) = C:\Windows\System32\spoolsv.exe [15/03/2017 21:54:14] CPU Usage:0 %
2844 | [Owner : LOCAL SERVICE | Parent : 1388(svchost.exe) | 14.06 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe [08/02/2017 18:57:30] CPU Usage:0 %
2928 | [Owner : SYSTEM | Parent : 948(services.exe) | 9.33 Mo] - (.Cambridge Silicon Radio Limited - Csr Bluetooth Service.) - (1.0.15.0) = C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [26/05/2011 22:04:16] CPU Usage:0 %
2936 | [Owner : SYSTEM | Parent : 948(services.exe) | 11.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2948 | [Owner : SYSTEM | Parent : 948(services.exe) | 8.31 Mo] - (.Cambridge Silicon Radio Limited - Bluetooth OBEX Service.) - (1.0.15.0) = C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [26/05/2011 22:04:14] CPU Usage:0 %
2956 | [Owner : SYSTEM | Parent : 948(services.exe) | 28.11 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2964 | [Owner : SYSTEM | Parent : 948(services.exe) | 6.33 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterWebService.exe [03/08/2014 11:44:56] CPU Usage:0 %
2972 | [Owner : SYSTEM | Parent : 948(services.exe) | 15.71 Mo] - (.Foxit Software Inc. - Foxit Reader ConnectedPDF Windows Service..) - (8.2.0.1206) = C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [24/09/2016 12:15:23] CPU Usage:0 %
2980 | [Owner : SYSTEM | Parent : 948(services.exe) | 66.11 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (17.0.0.611) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [28/06/2016 01:54:28] CPU Usage:0 %
2988 | [Owner : SYSTEM | Parent : 948(services.exe) | 19.88 Mo] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) - (5.0.0.1) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [19/12/2016 23:29:02] CPU Usage:0 %
2996 | [Owner : SYSTEM | Parent : 948(services.exe) | 8.11 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterCaptureService.ex e [03/08/2014 11:44:56] CPU Usage:0 %
2240 | [Owner : SYSTEM | Parent : 948(services.exe) | 289.09 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.479) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [24/06/2017 11:47:24] CPU Usage:0 %
2656 | [Owner : SYSTEM | Parent : 948(services.exe) | 11.63 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2624 | [Owner : NETWORK SERVICE | Parent : 948(services.exe) | 13.52 Mo] - (.Microsoft Corporation - Message Queuing Service.) - (5.0.1.1) = C:\Windows\System32\mqsvc.exe [16/07/2016 12:43:08] CPU Usage:0 %
3336 | [Owner : SYSTEM | Parent : 948(services.exe) | 8.76 Mo] - (.Microsoft Corporation - Machine Debug Manager.) - (7.0.9466.0) = C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [20/06/2003 00:25:00] CPU Usage:0 %
3344 | [Owner : SYSTEM | Parent : 948(services.exe) | 6.51 Mo] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - (2.5.5.0) = C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [01/01/2015 14:16:58] CPU Usage:0 %
3368 | [Owner : SYSTEM | Parent : 948(services.exe) | 11.43 Mo] - (.- Wifi Service.) - (2.1.0.24) = C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [31/12/2014 10:21:31] CPU Usage:0 %
3376 | [Owner : SYSTEM | Parent : 948(services.exe) | 19.16 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
3384 | [Owner : SYSTEM | Parent : 948(services.exe) | 8.32 Mo] - (.RaMMicHaeL - Unchecky Service.) - (1.0.2.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [26/02/2014 09:48:18] CPU Usage:0 %
3400 | [Owner : SYSTEM | Parent : 948(services.exe) | 22.12 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.12777.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10/08/2015 08:17:24] CPU Usage:0 %
3836 | [Owner : SYSTEM | Parent : 948(services.exe) | 16.28 Mo] - (.Copyright 2017. - ZAM.) - (2.74.0.76) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [24/06/2017 12:59:20] CPU Usage:0 %
4164 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 21.93 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.7.2053.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe [17/06/2017 08:39:47] CPU Usage:0 %
4244 | [Owner : NETWORK SERVICE | Parent : 948(services.exe) | 14.66 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.7.2053.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe [17/06/2017 08:39:47] CPU Usage:0 %
5392 | [Owner : SYSTEM | Parent : 948(services.exe) | 11.09 Mo] - (.Microsoft Corporation - Virtual Disk Service.) - (10.0.14393.1198) = C:\Windows\System32\vds.exe [11/05/2017 09:14:07] CPU Usage:0 %
5548 | [Owner : SYSTEM | Parent : 2988(Agent.exe) | 13.87 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe [19/12/2016 23:29:10] CPU Usage:0 %
6212 | [Owner : Gary | Parent : 1432(svchost.exe) | 23.55 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 12:42:09] CPU Usage:0 %
6224 | [Owner : Gary | Parent : 3400(TeamViewer_Service.exe) | 44.54 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.12777.0) = C:\Program Files (x86)\TeamViewer\TeamViewer.exe [10/08/2015 08:17:24] CPU Usage:0 %
6248 | [Owner : Gary | Parent : 948(services.exe) | 21.54 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
6352 | [Owner : Gary | Parent : 3384(unchecky_svc.exe) | 11.7 Mo] - (.RaMMicHaeL - Unchecky Background Process.) - (1.0.2.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [26/02/2014 09:48:18] CPU Usage:0 %
6368 | [Owner : Gary | Parent : 1432(svchost.exe) | 21.95 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 12:42:36] CPU Usage:0 %
6656 | [Owner : Gary | Parent : 1124(svchost.exe) | 38.49 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 12:42:05] CPU Usage:0 %
6780 | [Owner : Gary | Parent : 6756() | 115.18 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.14393.1198) = C:\Windows\explorer.exe [11/05/2017 09:14:11] CPU Usage:0 %
6964 | [Owner : SYSTEM | Parent : 3400(TeamViewer_Service.exe) | 7.23 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.12777.0) = C:\Program Files (x86)\TeamViewer\tv_w32.exe [10/08/2015 08:17:24] CPU Usage:0 %
6992 | [Owner : SYSTEM | Parent : 3400(TeamViewer_Service.exe) | 7.3 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.12777.0) = C:\Program Files (x86)\TeamViewer\tv_x64.exe [10/08/2015 08:17:24] CPU Usage:0 %
1204 | [Owner : Gary | Parent : 1124(svchost.exe) | 68.77 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe [08/02/2017 18:57:59] CPU Usage:0 %
3504 | [Owner : Gary | Parent : 1124(svchost.exe) | 91.76 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.953) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe [15/03/2017 21:53:34] CPU Usage:0 %
3516 | [Owner : SYSTEM | Parent : 6344() | 0.89 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.ex e [28/04/2017 02:14:57] CPU Usage:0 %
7344 | [Owner : SYSTEM | Parent : 6344() | 0.82 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64. exe [28/04/2017 02:14:57] CPU Usage:0 %
8188 | [Owner : SYSTEM | Parent : 948(services.exe) | 144.19 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.14393.1358) = C:\Windows\System32\SearchIndexer.exe [17/06/2017 08:18:29] CPU Usage:0 %
1560 | [Owner : Gary | Parent : 2980(avp.exe) | 4.52 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (17.0.0.643) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe [29/03/2017 03:21:00] CPU Usage:0 %
6620 | [Owner : Gary | Parent : 6780(explorer.exe) | 9.1 Mo] - (.Cambridge Silicon Radio Limited - Csr Bluetooth OSD Settings.) - (1.0.15.0) = C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [26/05/2011 22:04:46] CPU Usage:0 %
7152 | [Owner : Gary | Parent : 6780(explorer.exe) | 11 Mo] - (.Cambridge Silicon Radio Limited - Csr Harmony User Startup Application.) - (1.0.15.0) = C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [26/05/2011 22:04:32] CPU Usage:0 %
7372 | [Owner : Gary | Parent : 6780(explorer.exe) | 11.09 Mo] - (.Cambridge Silicon Radio Limited - HFP Skype Application.) - (1.0.15.0) = C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\HarmonyHFPSkypePlugin.exe [26/05/2011 22:02:18] CPU Usage:0 %
6760 | [Owner : Gary | Parent : 6780(explorer.exe) | 21.64 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1068) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [24/06/2017 11:47:21] CPU Usage:0 %
5556 | [Owner : Gary | Parent : 6780(explorer.exe) | 211.54 Mo] - (.Copyright 2017. - ZAM.) - (2.74.0.76) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [24/06/2017 12:59:20] CPU Usage:0 %
6300 | [Owner : Gary | Parent : 6780(explorer.exe) | 34.81 Mo] - (.- Netgear.) - (1.1.4.27) = C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe [31/12/2014 10:21:27] CPU Usage:0 %
8440 | [Owner : Gary | Parent : 6300(WNA3100M.exe) | 12.06 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.14393.0) = C:\Windows\System32\conhost.exe [16/07/2016 12:42:23] CPU Usage:0 %
7416 | [Owner : SYSTEM | Parent : 948(services.exe) | 6.47 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.611) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [28/06/2016 01:54:28] CPU Usage:0 %
1104 | [Owner : Gary | Parent : 7416(ksde.exe) | 4.46 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.643) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe [28/06/2016 01:51:00] CPU Usage:0 %
6160 | [Owner : Gary | Parent : 1124(svchost.exe) | 7.75 Mo] - (.-.) - (11.18.614.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x 64__kzf8qxf38zg5c\SkypeHost.exe [21/06/2017 20:56:40] CPU Usage:0 %
11472 | [Owner : SYSTEM | Parent : 8188(SearchIndexer.exe) | 9.41 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.953) = C:\Windows\System32\SearchProtocolHost.exe [15/03/2017 21:54:43] CPU Usage:0 %
1044 | [Owner : NETWORK SERVICE | Parent : 1124(svchost.exe) | 8.61 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [16/07/2016 12:42:56] CPU Usage:0 %
9844 | [Owner : Gary | Parent : 6780(explorer.exe) | 1037.39 Mo] - (.Mozilla Corporation - Firefox.) - (54.0.0.6368) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [14/06/2017 21:20:53] CPU Usage:13 %
10764 | [Owner : LOCAL SERVICE | Parent : 2204(svchost.exe) | 12.41 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe [16/07/2016 12:42:22] CPU Usage:0 %
11140 | [Owner : Gary | Parent : 1124(svchost.exe) | 69.08 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.14393.1198) = C:\Windows\explorer.exe [11/05/2017 09:14:11] CPU Usage:0 %
1264 | [Owner : SYSTEM | Parent : 1772(NVDisplay.Container.exe) | 23.57 Mo] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.7872) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [27/04/2017 16:28:16] CPU Usage:0 %
6732 | [Owner : Gary | Parent : 1124(svchost.exe) | 22.58 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe [16/07/2016 12:42:40] CPU Usage:0 %
8908 | [Owner : Gary | Parent : 1124(svchost.exe) | 33.08 Mo] - (.-.) - (10.1705.1705.10001) = C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1 705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe [23/05/2017 00:31:50] CPU Usage:0 %
740 | [Owner : Gary | Parent : 6780(explorer.exe) | 35.66 Mo] - (.Helios Software Solutions - TextPad.) - (7.6.1.0) = C:\Program Files\TextPad 7\TextPad.exe [16/01/2016 20:07:56] CPU Usage:0 %
7120 | [Owner : SYSTEM | Parent : 900(winlogon.exe) | 3.33 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.1358) = C:\Windows\System32\fontdrvhost.exe [17/06/2017 08:18:07] CPU Usage:0 %
10604 | [Owner : Gary | Parent : 6780(explorer.exe) | 53.58 Mo] - (.Microsoft Corporation - Microsoft Office Excel.) - (11.0.8404.0) = C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [29/05/2013 10:08:26] CPU Usage:0 %
4072 | [Owner : Gary | Parent : 6780(explorer.exe) | 142.38 Mo] - (.Microsoft Corporation - Microsoft Office Outlook.) - (11.0.8326.0) = C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE [23/06/2010 18:17:12] CPU Usage:0 %
10056 | [Owner : Gary | Parent : 1124(svchost.exe) | 68.71 Mo] - (.Microsoft Corporation - Microsoft Office Word.) - (11.0.8411.0) = C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE [19/03/2014 21:45:08] CPU Usage:0 %
9492 | [Owner : Gary | Parent : 10056(WINWORD.EXE) | 10.39 Mo] - (.Microsoft Corporation - Print driver host for applications.) - (10.0.14393.351) = C:\Windows\splwow64.exe [08/02/2017 19:00:14] CPU Usage:0 %
5656 | [Owner : | Parent : 948(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
11072 | [Owner : Gary | Parent : 1124(svchost.exe) | 15.18 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.1198) = C:\Windows\System32\smartscreen.exe [11/05/2017 09:14:58] CPU Usage:0 %
12048 | [Owner : Gary | Parent : 6780(explorer.exe) | 39.88 Mo] - (.SosVirus - QuickDiag.) - (24.6.17.2) = C:\Users\Gary\Desktop\QuickDiag.exe [30/06/2017 07:52:47] CPU Usage:0 %
11172 | [Owner : SYSTEM | Parent : 8188(SearchIndexer.exe) | 6.5 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.953) = C:\Windows\System32\SearchFilterHost.exe [15/03/2017 21:54:34] CPU Usage:0 %
3052 | [Owner : SYSTEM | Parent : 1124(svchost.exe) | 8.77 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [16/07/2016 12:42:31] CPU Usage:0 %
9372 | [Owner : LogonSessionId_0_130032520 | Parent : 1124(svchost.exe) | 9.51 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [16/07/2016 12:42:56] CPU Usage:0 %

---------- | MD5

[MD5.679D17F8CDB938C7100D7A647953677E] - [11/05/2017 09:14:11] - (.© Microsoft Corporation. - Windows Explorer.) - [4564.8 Ko] - (10.0.14393.1198) : C:\WINDOWS\Explorer.exe
[MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 12:42:36] - (.© Microsoft Corporation. - Windows Command Processor.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe
[MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe
[MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.951FF70440427DA334B6579D71A19480] - [11/05/2017 09:14:08] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [684.51 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Kernel32.dll
[MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [08/02/2017 18:58:34] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe
[MD5.4A7015195E49A3BA7DB967B277B21E9D] - [11/05/2017 09:14:08] - (.© Microsoft Corporation. - Distributed COM Services.) - [869.5 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\rpcss.dll
[MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 12:42:42] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.9A3B47CD17283B299311013AD3D21D26] - [11/05/2017 09:14:54] - (.© Microsoft Corporation. - Services and Controller app.) - [442.91 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\services.exe
[MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe
[MD5.C46EA86BF0E7C96235E9064CBAD6ED26] - [08/02/2017 18:57:46] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1426.95 Ko] - (10.0.14393.576) : C:\WINDOWS\System32\user32.dll
[MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - Userinit Logon Application.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe
[MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe
[MD5.B2151FE002A8D3F41E2DF935F260E3A8] - [11/05/2017 09:14:07] - (.© Microsoft Corporation. - Windows Logon Application.) - [658 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Winlogon.exe
[MD5.323AA1953ED9C01E23F740FA891FE064] - [08/02/2017 18:58:47] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.4BC21E937E9F9F408672D2C2CBE4A153] - [15/03/2017 21:53:40] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [142 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 12:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 12:41:54] - (.© Microsoft Corporation. - i8042 Port Driver.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 12:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.D559FF28B1AD9B1E15A4186E785E61F6] - [15/03/2017 21:53:40] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [439.84 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.A530D0C58A657BCD1629816B887661CB] - [17/06/2017 08:18:26] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1153.34 Ko] - (10.0.14393.1358) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.8DB6A6B731CEC9046CD8CA0267EC5679] - [11/05/2017 09:14:10] - (.© Microsoft Corporation. - NT File System Driver.) - [2202.84 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - Parallel Port Driver.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 12:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 12:44:03] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.4ED37041ADB4BD4BEEB1279AFA5808A9] - [17/06/2017 08:18:26] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2472.84 Ko] - (10.0.14393.1358) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.A7C267671EDDF066E8CFBF897BC4B626] - [17/06/2017 08:18:24] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.14393.1358) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications

---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) – C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) – C:\WINDOWS\System32\winsqlite3.dll
(.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 378.72.) - (21.21.13.7872) – C:\WINDOWS\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_0c385245f4e4f578\nvwgf2umx.dll
(.AO Kaspersky Lab.-.Shell Extension.) - (17.0.0.727) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll
(.AO Kaspersky Lab.-.Helper Library.) - (1.7.106.0) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\remote_eka_prague_loader.dll
(.AO Kaspersky Lab.-.PR_REMOTE.) - (1.7.106.1) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\prremote.dll
(.AO Kaspersky Lab.-.Prague Core.) - (1.7.106.0) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\prcore.dll
(.AO Kaspersky Lab.-.Component service provider.) - (1.10.0.0) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\kl_service.dll
(.AO Kaspersky Lab.-.Proxy Stubs.) - (17.0.0.727) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\pxstub.ppl
(.AO Kaspersky Lab.-.Structure Serializer.) - (17.0.0.727) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\params.ppl
(.AO Kaspersky Lab.-.Kaspersky Product Info library.) - (17.0.0.727) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll
(.AO Kaspersky Lab.-.Product Metainformation.) - (17.0.0.727) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_metainfo.dll
(.TeamViewer GmbH.-.TeamViewer 12.) - (12.1.12777.0) – C:\Program Files (x86)\TeamViewer\tv_x64.dll
(.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) – C:\WINDOWS\system32\nvshext.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 378.72.) - (21.21.13.7872) – C:\WINDOWS\system32\nvapi64.dll
(.Cambridge Silicon Radio Limited.-.Bluetooth Client Extension.) - (1.0.15.0) – C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CSRBtShellExt.dll
(.Cambridge Silicon Radio Limited.-.Csr Bluetooth Proxy.) - (1.0.15.0) – C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtProxy.DLL
(.Cambridge Silicon Radio Limited.-.Bluetooth File Transfer Wizard.) - (1.0.15.0) – C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXProxy.DLL
(.Cambridge Silicon Radio Limited.-.Csr Icon Resource Library.) - (1.0.15.0) – C:\Program Files\CSR\CSR Harmony Wireless Software Stack\IconResource.dll
(.Cambridge Silicon Radio Limited.-.Csr Bluetooth OBEX Proxy Stub.) - (1.0.15.0) – C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXProxyPS.dll
(.Cambridge Silicon Radio Limited.-.Csr Bluetooth Proxy PS.) - (1.0.15.0) – C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtProxyPS.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) – C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.1.0.0) – C:\Program Files\WinRAR\rarext.dll
(..-.Windows Explorer context menu extension for TextPad.) - (2.2.0.0) – C:\Program Files\TextPad 7\System\ShellExt64.dll
(.CHENGDU YIWO Tech Development Co.,Ltd.-.EaseUS Todo Backup Application.) - (3.0.0.1) – C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
(.Foxit Software Inc..-.ConvertToPDFShellExtension.) - (8.3.0.331) – C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll
(.Piriform Ltd.-.DefragglerShell.) - (2.19.0.982) – C:\Program Files\Defraggler\DefragglerShell64.dll
(..-.CGUnlockerExtension Module.) - (1.0.0.3) – C:\Program Files (x86)\CleanGenius 3\CGUnlockerExtension64.dll
(..-.ShellHandler for Notepad++ (64 bit).) - (0.1.0.0) – C:\Program Files (x86)\Notepad++\NppShell_06.dll
(..-..) - (1.0.0.0) – C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
(.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (8.17.13.7872) – C:\WINDOWS\system32\nv3dappshext.dll
(..-..) - (0.0.0.0) – : 11140
(.TeamViewer GmbH.-.TeamViewer 12.) - (12.1.12777.0) – C:\Program Files (x86)\TeamViewer\tv_x64.dll
(.AO Kaspersky Lab.-.Shell Extension.) - (17.0.0.727) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll
(.AO Kaspersky Lab.-.Helper Library.) - (1.7.106.0) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\remote_eka_prague_loader.dll
(.AO Kaspersky Lab.-.PR_REMOTE.) - (1.7.106.1) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\prremote.dll
(.AO Kaspersky Lab.-.Prague Core.) - (1.7.106.0) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\prcore.dll
(.AO Kaspersky Lab.-.Component service provider.) - (1.10.0.0) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\kl_service.dll
(.AO Kaspersky Lab.-.Proxy Stubs.) - (17.0.0.727) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\pxstub.ppl
(.AO Kaspersky Lab.-.Structure Serializer.) - (17.0.0.727) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\params.ppl
(.AO Kaspersky Lab.-.Kaspersky Product Info library.) - (17.0.0.727) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll
(.AO Kaspersky Lab.-.Product Metainformation.) - (17.0.0.727) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_metainfo.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 378.72.) - (21.21.13.7872) – C:\WINDOWS\system32\nvapi64.dll
(.AO Kaspersky Lab.-.NFIO.) - (1.7.106.0) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\nfio.ppl
(.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) – C:\WINDOWS\system32\nvshext.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) – C:\WINDOWS\System32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

NETGEAR WNA3100M Genie - (C:\PROGRA~2\NETGEAR\WNA3100M\WNA3100M.exe [Common Startup]) - User: Public
vksts - (C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [HKLM\SOFTWARE...\Run]) - User: Public
HarmonyUserStartup - (C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [HKLM\SOFTWARE...\Run]) - User: Public
HarmonyHFPSkypePlugin - (C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\HarmonyHFPSkypePlugin.exe [HKLM\SOFTWARE...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE...\Run]) - User: Public
ZAM - (“C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /minimized [HKLM\SOFTWARE...\Run]) - User: Public

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Command Processor]
“CompletionChar”=9
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=9

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“DAEMON Tools Lite”=0x020000000000000000000000
“Visual Subst”=0x020000000000000000000000

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\RunMRU]
“a”=regedit\1
“MRUList”=fgaedcb
“b”=explorer\1
“c”=control system.cpl\1
“d”=control sysdm.cpl\1
“e”=shell:Common Startup\1
“f”=gpedit.msc\1
“g”=devmgmt.msc\1

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“Device”=Foxit Reader PDF Printer,winspool,Ne03:
“IsMRUEstablished”=0
“LegacyDefaultPrinterMode”=0

[HKLM\Software\Microsoft\Command Processor]
“CompletionChar”=64
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
“vksts”=C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [26/05/2011 22:04:46]
“HarmonyUserStartup”=C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [26/05/2011 22:04:32]
“HarmonyHFPSkypePlugin”=C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\HarmonyHFPSkypePlugin.exe [26/05/2011 22:02:18]
“Malwarebytes TrayApp”=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [24/06/2017 11:47:21]
“ZAM”=“C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /minimized

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“NvBackend”=0x020000000000000000000000
“ShadowPlay”=0x020000000000000000000000
“vksts”=0x020000000000000000000000
“TrayApplication”=0x020000000000000000000000
“HarmonyUserStartup”=0x020000000000000000000000
“HarmonyHFPSkypePlugin”=0x020000000000000000000000
“Speedfan”=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32]
“LWS”=0x020000000000000000000000
“Malwarebytes Anti-Exploit”=0x020000000000000000000000
“NUSB3MON”=0x020000000000000000000000
“EaseUS Cleanup”=0x020000000000000000000000
“EaseUS EPM tray”=0x020000000000000000000000
“EaseUS EPM Tray Agent”=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“AppInit_DLLs”=
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“DeviceNotSelectedTimeout”=15
“DwmInputUsesIoCompletionPort”=1
“EnableDwmInputProcessing”=7
“GDIProcessHandleQuota”=10000
“IconServiceLib”=IconCodecService.dll
“LoadAppInit_DLLs”=0
“NaturalInputHandler”=Ninput.dll
“ShutdownWarningDialogTimeout”=4294967295
“Spooler”=yes
“ThreadUnresponsiveLogTimeout”=500
“TransmissionRetryTimeout”=90
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000
“Win32kLastWriteTime”=1D255C50DCC143C

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
“CompletionChar”=64
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=64

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“AppInit_DLLs”=
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“DeviceNotSelectedTimeout”=15
“DwmInputUsesIoCompletionPort”=1
“EnableDwmInputProcessing”=7
“GDIProcessHandleQuota”=10000
“IconServiceLib”=IconCodecService.dll
“LoadAppInit_DLLs”=0
“NaturalInputHandler”=Ninput.dll
“ShutdownWarningDialogTimeout”=4294967295
“Spooler”=yes
“ThreadUnresponsiveLogTimeout”=500
“TransmissionRetryTimeout”=90
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
“WebCheck”={E6FB5E20-DE35-11CF-9C87-00AA005127ED}

---------- | Win.ini :

---------- | System.ini :

---------- | Tasks List

CCleanerSkipUAC
CreateExplorerShellUnelevatedTask
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
Microsoft_Hardware_Launch_ipoint_exe
Microsoft_Hardware_Launch_itype_exe
Microsoft_Hardware_Launch_mousekeyboardcenter_exe
Microsoft_MKC_Logon_Task_ipoint.exe
Microsoft_MKC_Logon_Task_itype.exe
OneDrive Standalone Update Task v2
User_Feed_Synchronization-{9CCE1708-B600-4932-8034-8692F7D4C5A2}
{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}

---------- | Startings up registry ¦ Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CleanGeniusTray] : “C:\Program Files (x86)\CleanGenius 3\CleanGeniusTray.exe” -startup
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Unified Remote v2] : C:\Program Files (x86)\Unified Remote\RemoteServer.exe

---------- | Other keys

[HKLM\System\CurrentControlSet\Control\SecurityProv iders]
“SecurityProviders”=credssp.dll

[HKLM\System\CurrentControlSet\Control\Terminal Server]
“AllowRemoteRPC”=0
“DelayConMgrTimeout”=0
“DeleteTempDirsOnExit”=1
“fDenyTSConnections”=0
“fSingleSessionPerUser”=1
“NotificationTimeOut”=0
“PerSessionTempDir”=0
“ProductVersion”=5.1
“RCDependentServices”=CertPropSvc
SessionEnv
“SnapshotMonitors”=1
“StartRCM”=0
“TSUserEnabled”=0
“RailShowallNotifyIcons”=1
“RDPVGCInstalled”=1
“InstanceID”=12b465f2-c50b-4bc2-9657-2254ad1
“GlassSessionId”=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
“AutoChkTimeout”=8
“BootExecute”=autocheck autochk *
“BootShell”=%SystemRoot%\system32\bootim.exe
“CriticalSectionTimeout”=2592000
“ExcludeFromKnownDlls”=
“GlobalFlag”=0
“HeapDeCommitFreeBlockThreshold”=0
“HeapDeCommitTotalFreeThreshold”=0
“HeapSegmentCommit”=0
“HeapSegmentReserve”=0
“InitConsoleFlags”=0
“NumberOfInitialSessions”=2
“ObjectDirectories”=\Windows
\RPC Control
“ProcessorControl”=2
“ProtectionMode”=1
“ResourceTimeoutCount”=648000
“RunLevelExecute”=WinInit
ServiceControlManager
“RunLevelValidate”=ServiceControlManager
“SETUPEXECUTE”=

[HKLM\System\CurrentControlSet\Control]
“BootDriverFlags”=28
“CurrentUser”=USERNAME
“EarlyStartServices”=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc
“PreshutdownOrder”=UsoSvc
gpsvc
trustedinstaller
“WaitToKillServiceTimeout”=200
“SystemStartOptions”= NOEXECUTE=OPTIN
“SystemBootDevice”=multi(0)disk(0)rdisk(0)partitio n(2)
“FirmwareBootDevice”=multi(0)disk(0)rdisk(0)partit ion(1)
“LastBootSucceeded”=0
“LastBootShutdown”=0
“DirtyShutdownCount”=60

[HKLM\System\CurrentControlSet\Control\lsa]
“auditbasedirectories”=0
“auditbaseobjects”=0
“Bounds”=0x0030000000200000
“crashonauditfail”=0
“fullprivilegeauditing”=0x00
“LimitBlankPasswordUse”=1
“NoLmHash”=1
“Notification Packages”=scecli
“Authentication Packages”=msv1_0
“disabledomaincreds”=0
“everyoneincludesanonymous”=0
“forceguest”=0
“LsaPid”=1028
“ProductType”=6
“restrictanonymous”=0
“restrictanonymoussam”=1
“SecureBoot”=1
“Security Packages”=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u

---------- | .LNK with Arguments

e:\backup of 64g flash\backup c\old pc image\winnt\profiles\gary\start menu\programs\utils\aladdin expander 5.0\aladdin on the internet.lnk - Encrypted: False - Target: C:\Program Files\Plus!\Microsoft Internet\Iexplore.exe - Args: (hxxp://www.aladdinsys.com/register) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http—forms.real.com-(10ffdcf3e97fd7ba0918)-rndl-demonukpopup.html-f.lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: ( hxxp://forms.real.com/(10ffdcf3e97fd7ba0918)/rndl/demonUKpopup.html?filename=windows/RealPlayer10Beta.exe&code=10ffdcf3e97fd7ba0918) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http—www.cutiespankee .com-rms-cm_dr…lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.cutiespankee.com/rms/cm_drs_a.rm) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http—www.reikoreiko.c om-video-carol…lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/carolinepromo.RAM) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http—www.reikoreiko.c om-video-defai…lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/defaintdautprev_hi.ram) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http—www.reikoreiko.c om-video-famil…lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/video/familyhike%20pv%20lo.ram) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http—www.reikoreiko.c om-video-misse…lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/missedchoresprev%20hi.ram) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\realnetworks customer support downloads.lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: ( hxxp://service.real.com/realplayer/downloads/) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\realone player download.lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: ( hxxp://forms.real.com/real/realone/realone.html?dc=31131039&type=upgrade#demonUK) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\found.000\dir0000.chk\start menu\programs\freshdevices\freshui\get free registration code!!.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (“hxxp://www.freshdevices.com/register.html”) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\found.000\dir0000.chk\start menu\programs\the master genealogist v5\frequently asked questions web site.lnk - Encrypted: False - Target: C:\Program Files\The Master Genealogist\goweb.exe - Args: (hxxp://www.whollygenes.com/faq.htm) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\found.000\dir0000.chk\start menu\programs\the master genealogist v5\register online.lnk - Encrypted: False - Target: C:\Program Files\The Master Genealogist\goweb.exe - Args: (hxxp://www.whollygenes.com/register.htm) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\found.000\dir0000.chk\start menu\programs\the master genealogist v5\technical support web site.lnk - Encrypted: False - Target: C:\Program Files\The Master Genealogist\goweb.exe - Args: (hxxp://www.whollygenes.com/support.htm) - Hidden: False - Status: OK
e:\move files from 64g\backup c\old pc image\winnt\profiles\gary\start menu\programs\utils\aladdin expander 5.0\aladdin on the internet.lnk - Encrypted: False - Target: C:\Program Files\Plus!\Microsoft Internet\Iexplore.exe - Args: (hxxp://www.aladdinsys.com/register) - Hidden: False - Status: OK
f:\salvage disk\documents and settings\owner\application data\real\realplayer\history\http—forms.real.com-(10ffdcf3e97fd7ba0918)-rndl-demonukpopup.html-f.lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: ( hxxp://forms.real.com/(10ffdcf3e97fd7ba0918)/rndl/demonUKpopup.html?filename=windows/RealPlayer10Beta.exe&code=10ffdcf3e97fd7ba0918) - Hidden: False - Status: OK
f:\salvage disk\documents and settings\owner\application data\real\realplayer\history\http—www.cutiespankee .com-rms-cm_dr…lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.cutiespankee.com/rms/cm_drs_a.rm) - Hidden: False - Status: OK
f:\salvage disk\documents and settings\owner\application data\real\realplayer\history\http—www.reikoreiko.c om-video-carol…lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/carolinepromo.RAM) - Hidden: False - Status: OK
f:\salvage disk\documents and settings\owner\application data\real\realplayer\history\http—www.reikoreiko.c om-video-defai…lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/defaintdautprev_hi.ram) - Hidden: False - Status: OK
f:\salvage disk\documents and settings\owner\application data\real\realplayer\history\http—www.reikoreiko.c om-video-misse…lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/missedchoresprev%20hi.ram) - Hidden: False - Status: OK
i:\from 32g pendrive\allan’s pc backup\documents and settings\asmeyat\start menu\programs\sun microsystems\j2ee 1.4 sdk\admin console.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://localhost:4848/asadmin/index.html) - Hidden: False - Status: OK
i:\from 32g pendrive\allan’s pc backup\documents and settings\asmeyat\start menu\programs\sun microsystems\j2ee 1.4 sdk\online documentation.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://java.sun.com/j2ee/1.4/docs/) - Hidden: False - Status: OK
i:\from 32g pendrive\allan’s pc backup\documents and settings\asmeyat\start menu\programs\sun microsystems\j2ee 1.4 sdk\samples server admin console.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://localhost:4858/asadmin/index.html) - Hidden: False - Status: OK

---------- | AppCertDlls

---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll → OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll → OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Control Panel\Desktop]
“ActiveWndTrackTimeout”=0
“BlockSendInputResets”=0
“CaretWidth”=2
“ClickLockTime”=1200
“CoolSwitchColumns”=7
“CoolSwitchRows”=3
“CursorBlinkRate”=530
“DockMoving”=1
“DragFromMaximize”=1
“DragFullWindows”=0
“DragHeight”=4
“DragWidth”=4
“FocusBorderHeight”=1
“FocusBorderWidth”=1
“FontSmoothing”=2
“FontSmoothingGamma”=1400
“FontSmoothingOrientation”=1
“FontSmoothingType”=2
“ForegroundFlashCount”=7
“ForegroundLockTimeout”=200000
“LeftOverlapChars”=3
“MenuShowDelay”=400
“MouseWheelRouting”=2
“PaintDesktopVersion”=0
“Pattern”=0
“RightOverlapChars”=3
“SnapSizing”=1
“TileWallpaper”=0
“WallPaper”=C:\Users\Gary\Pictures\tunnel-of-love-HD-Mania-Wallpaper.jpeg [21/01/2016 09:50:43]
“WallpaperOriginX”=0
“WallpaperOriginY”=0
“WallpaperStyle”=2
“WheelScrollChars”=3
“WheelScrollLines”=3
“WindowArrangementActive”=0
“ScreenSaveActive”=1
“UserPreferencesMask”=0x9E3E078012000000
“Win32PrioritySeparation”=38
“WaitToKillAppTimeout”=200
“Max Cached Ico”=0
“Win8DpiScaling”=0
“DpiScalingVer”=4096
“MaxVirtualDesktopDimension”=3520
“MaxMonitorDimension”=1920
“TranscodedImageCount”=2
“LastUpdated”=4294967295
“PreferredUILanguages”=en-US
“TranscodedImageCache”=0x7AC3010053630D00E40C0000C 4080000BE392ED02854D10143003A005C00550073006500720 073005C0047006100720079005C00500069006300740075007 200650073005C00740075006E006E0065006C002D006F00660 02D006C006F00760065002D00480044002D004D0061006E006 90061002D00570061006C006C00700061007000650072002E0 06A00700065006700000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000000000000000000
“Pattern Upgrade”=TRUE
“AutoColorization”=0
“ImageColor”=2943791926
“ScreenSaverIsSecure”=0
“ScreenSaveTimeOut”=60

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“NoLowDiscSpaceChecks”=1
“NoLowDiskSpaceChecks”=1

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=0
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=0
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=0
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=0

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“EnableAutoTray”=0
“ShellState”=0x2400000033A800000000000000000000000 0000001000000130000000000000062000000
“ExplorerStartupTraceRecorded”=1
“UserSignedIn”=1
“SlowContextMenuEntries”=0x89FAC93912707345A92DBFD 1F8CA542DB6020200A05747A926026F42B4F14DF381C630D37 51E000060B81DB4E464D2119906E49FADC173CA13240000011 4020000000000C000000000000046B60202004E3AAA90BA1C3 342B8BB535773D484491E2A0000
“SIDUpdatedOnLibraries”=1
“LocalKnownFoldersMigrated”=1
“TelemetrySalt”=3
“GlobalAssocChangedCounter”=458
“AppReadinessLogonComplete”=1
“FirstRunTelemetryComplete”=1
“link”=0x16000000
“Browse For Folder Width”=318
“Browse For Folder Height”=333
“ScreenshotIndex”=2

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_SearchFiles”=2
“ServerAdminUI”=0
“Hidden”=1
“ShowCompColor”=1
“HideFileExt”=0
“DontPrettyPath”=0
“ShowInfoTip”=1
“HideIcons”=0
“MapNetDrvBtn”=0
“WebView”=1
“Filter”=0
“SuperHidden”=1
“SeparateProcess”=1
“AutoCheckSelect”=0
“IconsOnly”=0
“ShowTypeOverlay”=1
“ListviewAlphaSelect”=1
“ListviewShadow”=1
“TaskbarAnimations”=1
“StartMenuInit”=13
“TaskbarSizeMove”=0
“DisablePreviewDesktop”=1
“TaskbarSmallIcons”=0
“TaskbarGlomLevel”=0
“Start_PowerButtonAction”=2
“NavPaneShowAllFolders”=1
“NavPaneExpandToCurrentFolder”=1
“AlwaysShowMenus”=1
“HideDrivesWithNoMedia”=0
“ShowSuperHidden”=1
“FolderContentsInfoTip”=1
“ShowStatusBar”=1
“StoreAppsOnTaskbar”=1
“EnableStartMenu”=1
“ReindexedProfile”=1
“VirtualDesktopAltTabFilter”=0
“VirtualDesktopTaskbarFilter”=0
“TaskbarAppsVisibleInTabletMode”=1
“MMTaskbarEnabled”=1
“MMTaskbarMode”=0
“MMTaskbarGlomLevel”=0
“DontUsePowerShellOnWinX”=1
“TaskbarStateLastRun”=0x5795515900000000

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\WordWheelQuery]
“MRUListEx”=0x0A0000000600000009000000080000000700 00000500000004000000030000000200000001000000000000 00FFFFFFFF
“0”=0x5000720065006D00690075006D00200050006C006100 7900650072000000
“1”=0x22005000720065006D00690075006D00200050006C00 610079006500720022000000
“2”=0x6600720069006F000000
“3”=0x730069006C00760065007200730074006F006E006500 0000
“4”=0x5A004F005400410043000000
“5”=0x76006D0074002E006C006F0067000000
“7”=0x6B0069006E0064003A003D0069006E00730074006100 6E00740020006D006500730073006100670065000000
“8”=0x4A003A005C004200410043004B00550050005C004F00 4C004400200049002000440052004900560045005C00570069 006E0064006F00770073005C0044004100540041005C005000 69006300740075007200650073002000460072006F006D0020 005000690065007400650072007300200045006D0061006900 6C000000
“9”=0x6B0069006E0064003A003D0063006F006D006D007500 6E00690063006100740069006F006E000000
“6”=0x6B0069006E0064003A003D0070006900630074007500 720065000000
“10”=0x6900760072006400650076000000

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“DSCAutomationHostEnabled”=2
“EnableCursorSuppression”=1
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“ValidateAdminCodeSignatures”=0
“undockwithoutlogon”=1
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“NoRecentDocsHistory”=0
“NoDriveTypeAutoRun”=60

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\ClassicStartMenu]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“DefaultValue”=2
“HKeyRoot”=2147483649
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“ValueName”=Hidden

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ActiveSetupDisabled”=0
“ActiveSetupTaskOverride”=1
“AsyncRunOnce”=1
“AsyncUpdatePCSettings”=1
“DisableAppInstallsOnFirstLogon”=1
“DisableResolveStoreCategories”=1
“DisableUpgradeCleanup”=1
“EarlyAppResolverStart”=1
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“FSIASleepTimeInMs”=60000
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“MachineOobeUpdates”=1
“NoWaitOnRoamingPayloads”=1
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“AccessDeniedDialog”={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}
“SmartScreenEnabled”=RequireAdmin
“GlobalAssocChangedCounter”=24
“MultipleInvokePromptMinimum”=10000

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_TrackDocs”=1
“TaskbarSizeMove”=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations]
“Application”= open %s file - Search

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“DSCAutomationHostEnabled”=2
“EnableCursorSuppression”=1
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“ValidateAdminCodeSignatures”=0
“undockwithoutlogon”=1
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“NoRecentDocsHistory”=0
“NoDriveTypeAutoRun”=60

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\ClassicStartMen u]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“DefaultValue”=2
“HKeyRoot”=2147483649
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“ValueName”=Hidden

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer]
“ActiveSetupDisabled”=0
“ActiveSetupTaskOverride”=1
“AsyncRunOnce”=1
“AsyncUpdatePCSettings”=1
“DisableAppInstallsOnFirstLogon”=1
“DisableResolveStoreCategories”=1
“DisableUpgradeCleanup”=1
“EarlyAppResolverStart”=1
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“FSIASleepTimeInMs”=60000
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“MachineOobeUpdates”=1
“NoWaitOnRoamingPayloads”=1
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“AccessDeniedDialog”={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}
“GlobalAssocChangedCounter”=45

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced]
“Start_TrackDocs”=1
“TaskbarSizeMove”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Associations]
“Application”= open %s file - Search

---------- | Winlogon

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ExcludeProfileDirs”=AppData\Local;AppData\LocalLo w;$Recycle.Bin;OneDrive;Work Folders;AppData\Local\Microsoft\Outlook
“PUUActive”=0xFBD0EE790800000006003D0066350400F536 0400D8A21000D10000005D006300D1B260348BA510008BA510 00E912020032DF0100C242000000000000B6A310004F0A0000 660100003A66045276F1D20130EE6800000000000100000000 000000
“BuildNumber”=14393
“FirstLogon”=0
“ParseAutoexec”=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“AutoRestartShell”=1
“Background”=0 0 0
“CachedLogonsCount”=10
“DebugServerCommand”=no
“DefaultDomainName”=
“DefaultUserName”=
“DisableBackButton”=1
“EnableSIHostIntegration”=1
“ForceUnlockLogon”=0
“LegalNoticeCaption”=
“LegalNoticeText”=
“PasswordExpiryWarning”=5
“PowerdownAfterShutdown”=0
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“ReportBootOk”=1
“Shell”=explorer.exe
“ShellCritical”=0
“ShellInfrastructure”=sihost.exe
“SiHostCritical”=0
“SiHostReadyTimeOut”=0
“SiHostRestartCountLimit”=0
“SiHostRestartTimeGap”=0
“VMApplet”=SystemPropertiesPerformance.exe /pagefile
“WinStationsDisabled”=0
“LastLogOffEndTimePerfCounter”=1238280997095
“ShutdownFlags”=7
“Userinit”=C:\Windows\system32\userinit.exe,
“scremoveoption”=0
“ShutdownWithoutLogon”=0
“DisableCad”=1
“EnableFirstLogonAnimation”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
“DefaultDomainName”=
“DefaultUserName”=
“EnableSIHostIntegration”=1
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“Shell”=explorer.exe
“ShellCritical”=0
“SiHostCritical”=0
“SiHostReadyTimeOut”=0
“SiHostRestartCountLimit”=0
“SiHostRestartTimeGap”=0
“Userinit”=C:\WINDOWS\system32\userinit.exe,

---------- | Associations

[HKLM\Software\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\Classes.com]
“”=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.reg]
“”=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
“”=regedit.exe “%1”

[HKLM\Software\Classes.scr]
“”=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
“”=“%1” /S

[HKLM\Software\Classes.bat]
“”=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.cmd]
“”=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.pif]
“”=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.inf]
“”=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes.url]
“”=InternetShortcut

[HKLM\Software\Classes.lnk]
“”=lnkfile

[HKLM\Software\Classes.hta]
“”=htafile
“Content Type”=application/hta
“PerceivedType”=text

[HKLM\Software\Classes\htafile\Shell\Open\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\Classes\InternetShortcut]
“EditFlags”=2
“FriendlyTypeName”=@C:\WINDOWS\system32\ieframe.dl l,-10046
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“IsShortcut”=
“NeverShowExt”=
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
“”=Internet Shortcut

[HKLM\Software\Classes\Application.Manifest]
“”=Application Manifest
“BrowserFlags”=4096
“EditFlags”=4259840
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\Classes\Application.Reference]
“”=Application Reference
“EditFlags”=131072
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201
“IsShortcut”=
“NeverShowExt”=

[HKLM\Software\Classes\Folder]
“”=Folder
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKLM\Software\WOW6432Node\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Op en\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.com]
“”=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.reg]
“”=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Op en\Command]
“”=regedit.exe “%1”

[HKLM\Software\WOW6432Node\Classes.scr]
“”=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Op en\Command]
“”=“%1” /S

[HKLM\Software\WOW6432Node\Classes.bat]
“”=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.cmd]
“”=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.pif]
“”=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.inf]
“”=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Op en\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes.url]
“”=InternetShortcut

[HKLM\Software\WOW6432Node\Classes.lnk]
“”=lnkfile

[HKLM\Software\WOW6432Node\Classes.hta]
“”=htafile
“Content Type”=application/hta
“PerceivedType”=text

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Op en\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
“EditFlags”=2
“FriendlyTypeName”=@C:\WINDOWS\system32\ieframe.dl l,-10046
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“IsShortcut”=
“NeverShowExt”=
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
“”=Internet Shortcut

[HKLM\Software\WOW6432Node\Classes\Application.Mani fest]
“”=Application Manifest
“BrowserFlags”=4096
“EditFlags”=4259840
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\WOW6432Node\Classes\Application.Refe rence]
“”=Application Reference
“EditFlags”=131072
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201
“IsShortcut”=
“NeverShowExt”=

[HKLM\Software\WOW6432Node\Classes\Folder]
“”=Folder
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Clients\StartMenuInternet\Chromium.Q 3TY6YDOBBTQYMN77BHUBGWTKA\Shell\open\Command]
“”=“C:\Users\Gary\AppData\Local\Chromium\Applicati on\chrome.exe”
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Clients\StartMenuInternet\Chromium.Q 3TY6YDOBBTQYMN77BHUBGWTKA\InstallInfo]
“ReinstallCommand”=“C:\Users\Gary\AppData\Local\Ch romium\Application\chrome.exe” --make-default-browser

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Clients\StartMenuInternet\FIREFOX.EX E\Shell\open\Command]
“”=“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Clients\StartMenuInternet\FIREFOX.EX E\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EX E\Shell\open\Command]
“”=“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EX E\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [15/03/2017 21:53:39]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\FIREFOX.EXE\Shell\open\Command]
“”=“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\FIREFOX.EXE\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [15/03/2017 21:53:39]
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

---------- | AppcompatFlags

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
“SIGN.MEDIA=174FBED5 SETUP.EXE”=1
“C:\Windows.old\Users\Gary\Downloads\pure13.0.2.55 8en-gb(1).exe”=1
“C:\Users\Gary\AppData\Local\Temp{B32079EF-89B4-4C8F-8D31-1B672C844760}\InstallFlashPlayer.exe”=1
“C:\Users\Gary\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\MZ0BUVG7\SUPERAntiSpyware[1].exe”=1
“C:\Users\Gary\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\IDQSPRP5\mbam-setup-1.75.0.1300[1].exe”=1
“C:\Users\Gary\AppData\Local\Temp\Temp1_txpeng710. zip\setup.exe”=1
“C:\Users\Gary\Downloads\instsf449.exe”=1
“C:\Users\Gary\Downloads\InstallConverter_brie.exe ”=1
“C:\Users\Gary\Downloads\KeePass-2.24-Setup.exe”=1
“C:\Users\Gary\Downloads\vlc-2.1.2-win32.exe”=1
“C:\Users\Gary\Downloads\ccsetup408.exe”=1
“C:\Users\Gary\Downloads\dfsetup216.exe”=1
“C:\Users\Gary\Downloads\rcsetup149.exe”=1
“C:\Users\Gary\Downloads\spsetup124.exe”=1
“C:\Users\Gary\AppData\Local\Temp\is-PGNF4.tmp\CountInstallation.exe”=1
“C:\Users\Gary\Downloads\FoxitReader611.1031_enu_S etup.exe”=1
“C:\Users\Gary\Downloads\DTLite4481-0347.exe”=1
“C:\Users\Gary\Downloads\Firefox Setup Stub 26.0.exe”=1
“SIGN.MEDIA=29FF23D autorun.exe”=1
“E:\copy of duff disk after it became recognisable\Download\xdate.exe”=1
“E:\copy of duff disk after it became recognisable\Download\xdate work around for excel date bug.exe”=1
“C:\Users\Gary\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\MZ0BUVG7\JavaSetup7u45[1].exe”=1
“C:\Users\Gary\Downloads\331.82-desktop-win8-win7-winvista-64bit-english-whql.exe”=1
“C:\Users\Gary\AppData\Local\Temp\Logitech\SolarAp p_1\MSetup.exe”=1
“C:\Users\Gary\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\IDQSPRP5\GoogleToolbarInstaller_ en32_signed.exe”=1
“C:\Users\Gary\Downloads\DA Downloads\DragonAge1.05.exe”=1
“C:\Users\Gary\Downloads\npp.6.5.2.Installer.exe”= 1
“C:\Games\Dragon Age\bin_ship\daupdater.exe”=1
“C:\Users\Gary\AppData\Local\Temp\Foxit Reader Updater.exe”=1
“C:\Users\Gary\Downloads\VSubst_1.0.6.exe”=1
“C:\Users\Gary\AppData\Local\Temp\Foxit Updater.exe”=1
“C:\Users\Gary\AppData\Local\Temp\is-S3QPT.tmp\CountInstallation.exe”=1
“C:\Users\Gary\Downloads\FreeFileSync_6.1_Windows_ Setup.exe”=1
“C:\Users\Gary\Downloads\AQ14c.exe”=1
“C:\Users\Gary\Downloads\setup_ME_STANDARD_7_5_3_4 200.exe”=1
“C:\Users\Gary\Downloads\drw_free.exe”=1
“C:\Users\Gary\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\3NLA6M9T\install_flashplayer12x3 2au_gtba_chra_dy_aaa_aih.exe”=1
“C:\Users\Gary\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\64ADCY8T\adblockplusie-1.1.exe”=1
“SIGN.MEDIA=F8A3C06D Downloads\TeamViewer_Setup_en.exe”=1
“C:\Users\Gary\Downloads\badcopy-setup.exe”=1
“C:\Users\Gary\Downloads\cleangenius_trial.exe”=1
“C:\Users\Gary\Downloads\MyDefrag-v4.3.1.exe”=1
“C:\Users\Gary\Downloads\disk-defrag-setup.exe”=1
“C:\Users\Gary\Downloads\unchecky_setup.exe”=1
“C:\Users\Gary\Downloads\SysInfoTools-PST-Merge.exe”=1
“C:\Users\Gary\Downloads\UnstopCpy_5_2_Win2K_UP_Se tup.exe”=1
“C:\Users\Gary\AppData\Local\Temp\is-R7I3L.tmp\CountInstallation.exe”=1
“C:\Users\Gary\Downloads\install_flashplayer13x32a xau_mssa_aaa_aih.exe”=1
“SIGN.MEDIA=45A526 Setup.exe”=1
“C:\Users\Gary\Downloads\FileFormatConverters.exe” =1
“C:\Users\Gary\Downloads\KiesSetup.exe”=1
“C:\Users\Gary\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\64ADCY8T\FileFormatConverters (1).exe”=1
“SIGN.MEDIA=3997F727 Setup.exe”=1
“C:\Users\Gary\Downloads\office_free_2013.exe”=1
“C:\Program Files\NVIDIA Corporation\Display\nvtray.exe”=512
“C:\Users\Gary\Downloads\npp.6.6.8.Installer.exe”= 1
“C:\Users\Gary\AppData\Roaming\Kingsoft\office6\up date\down\setup_ALL_mui_9.1.0.4746_AbroadFree.exe” =1
“C:\Users\Gary\AppData\Local\Temp\is-QO0AE.tmp\CountInstallation.exe”=1
“C:\Users\Gary\Downloads\streamwriter_setup.exe”=1
“C:\Users\Gary\Downloads\audacity-win-2.0.5.exe”=1
“C:\Users\Gary\Downloads\Rarmaradio_setup.exe”=1
“C:\Users\Gary\Downloads\advisorinstaller.exe”=1
“C:\Users\Gary\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\3NLA6M9T\jre-8u25-windows-i586.com”=1
“C:\Users\Gary\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\ENXE7XLX\jre-8u25-windows-i586.com”=1
“C:\Users\Gary\AppData\Local\Temp\is-48MQA.tmp\CountInstallation.exe”=1
“SIGN.MEDIA=7DD4621 AutoRun.exe”=1
“C:\Users\Gary\Downloads\GoogleEarthSetup.exe”=1
“C:\Users\Gary\Downloads\install_flashplayer16x32a u_mssd_aaa_aih.exe”=1
“C:\Users\Gary\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe”=1
“C:\Users\Gary\Downloads\SkypeSetup.exe”=1
“C:\Users\Gary\Downloads\Apache_OpenOffice_4.1.1_W in_x86_install_en-GB.exe”=1
“C:\Program Files\TextPad 7\TextPad.exe”=512
“C:\Users\Gary\Downloads\347.52-desktop-win8-win7-winvista-64bit-international-whql.exe”=1
“C:\Users\Gary\Downloads\SetPoint6.65.62_smart.exe ”=1
“C:\Users\Gary\Desktop\tempinstall\AsusSetup.exe”= 1
“E:\backup of 64G flash\Backup C\download\PAF5EnglishSetup.exe”=1
“C:\Users\Gary\Downloads\gimp-2.8.14-setup-1.exe”=1
“C:\Users\Gary\Downloads\mbae-setup-1.06.1.1019.exe”=1
“C:\Users\Gary\Downloads\FileFormatConverters(1).e xe”=1
“C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe”=1
“C:\Users\Gary\Downloads\JavaSetup8u45.exe”=1
“C:\Users\Gary\Downloads\drivereasy.exe”=1
“C:\Users\Gary\Downloads\kts15.0.2.361en-gb.exe”=1
“C:\Users\Gary\Downloads\GeForce_Experience_v2.4.5 .57.exe”=1
“C:\Users\Gary\AppData\Local\Temp\jre-8u51-windows-au.exe”=1
“C:\Users\Gary\Downloads\DriverEasy_Setup-4-9-3.exe”=1
“C:\Users\Gary\Downloads\kis16.0.0.614en_8210.exe” =1
“C:\Users\Gary\Downloads\dips64-setup.exe”=1
“C:\Users\Gary\Downloads\cpu-z_1.73-en.exe”=1
“C:\Users\Gary\AppData\Local\Temp\jre-8u60-windows-au.exe”=1
“C:\ProgramData\Origin\SelfUpdate\StagedUpdate\Upd ateTool.exe”=1
“C:\Users\Gary\Downloads\CheatEngine64.exe”=1
“C:\Users\Gary\Downloads\aomwin110ea23us.exe”=1
“C:\Users\Gary\Downloads\Logitech C920 Webcam\lws251.exe”=1
“C:\Users\Gary\AppData\Local\Temp\jre-8u66-windows-au.exe”=1
“C:\Users\Gary\Downloads\Unigine_Heaven-4.0.exe”=1
“C:\Users\Gary\Downloads\FurMark_1.17.0.0_Setup.ex e”=1
“C:\Users\Gary\AppData\Roaming\Kingsoft\office6\up date\down\setup_XA_mui_10.1.0.5656_Free.exe”=1
“C:\Users\Gary\AppData\Local\Kingsoft\Kingsoft Office\10.1.0.5656\utility\uninst.exe”=1
“C:\Users\Gary\AppData\Local\Temp\wps~1510a833\Au_ .exe”=1
“C:\Users\Gary\AppData\Local\Temp\is-BI1D9.tmp\CountInstallation.exe”=1
“C:\Users\Gary\AppData\Local\Temp\is-HSQEK.tmp\CountInstallation.exe”=1
“C:\Users\Gary\AppData\Local\Temp\FoxitUpdater.exe ”=1
“C:\Users\Gary\AppData\Local\Temp\is-1PUPQ.tmp\CountInstallation.exe”=1
“C:\Users\Gary\AppData\Local\Temp\is-LMLJJ.tmp\CountInstallation.exe”=1

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.5892.0626\FileSyncConfig.exe”=0x534143500100000 0000000000700000028000000C03802000BA50200010000000 00000000000000A0021000019B4C529E312D10100000001000 00000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6281.1202\FileSyncConfig.exe”=0x534143500100000 0000000000700000028000000C88002006A180300010000000 00000000000000A0021000019B4C529E312D10100000001000 00000
“C:\Users\Gary\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe”=0x5341 43500100000000000000070000002800000010A61400A6A914 000100000000000000000001067122000033504C2B57DFD101 00000080000000000200000028000000000000000000000000 000000000000000000000000000000FFE2030000000000AA02 0000AA020000
“C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE”=0x5341435001000000000 00000070000002800000058FF0200426303000100000000000 000000001067120000033504C2B57DFD101000000010000000 0
“C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE”=0x534143500100000000000 000070000002800000098129E00E09F9E00010000000000000 0000002067120000033504C2B57DFD1010000000100000000
“C:\Program Files (x86)\Inquisition\Dragon Age Inquisition\DragonAgeInquisition.exe”=0x5341435001 000000000000000700000028000000D0370E04D2240F040100 0000000000000000000A73220000D5B3B31A57DFD101000000 00000000000200000028000000000000000000000000000000 000000000000000000000000BABE8054000000000D0100000D 010000
“C:\Users\Gary\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\et.exe”=0x53414350010000 00000000000700000028000000680701017D7A010101000000 00000000000003067102000019B4C529E312D1010000000000 00000002000000280000000000000000000010000000000000 00000000000000000000BAAE01000000000001000000010000 00
“C:\Program Files (x86)\Visual Subst\VSubst.exe”=0x534143500100000000000000070000 00280000009821020009B50200010000000000000000000006 7120000019B4C529E312D10100000000000000000200000028 00000000000000000000000002000000000000000000000000 00006DD30000000000000100000001000000
“C:\Users\Gary\Downloads\ccsetup513.exe”=0x5341435 00100000000000000070000002800000050D76700277F68000 100000000000000000001060001000019B4C529E312D101000 00000000000000200000028000000000000000000004000000 00000000000000000000000000063620000000000000100000 001000000
“C:\Users\Gary\Downloads\dfsetup219 (1).exe”=0x534143500100000000000000070000002800000 0282A4500A9204600010000000000000000000106000100001 9B4C529E312D10100000000000000000200000028000000000 00000000000400000000000000000000000000000000082480 000000000000100000001000000
“C:\Users\Gary\Downloads\rcsetup152 (1).exe”=0x534143500100000000000000070000002800000 088894300F21A4400010000000000000000000106000100001 9B4C529E312D10100000000000000000200000028000000000 00000000000400000000000000000000000000000000055400 000000000000100000001000000
“C:\Users\Gary\Downloads\spsetup129.exe”=0x5341435 001000000000000000700000028000000C8FD4D0038FF4D000 100000000000000000001060001000019B4C529E312D101000 00000000000000200000028000000000000000000004000000 00000000000000000000000000088420000000000000100000 001000000
“C:\Program Files\WinRAR\WinRAR.exe”=0x53414350010000000000000 0070000002800000058141400AA68140001000000000000000 000020600010000D5B3B31A57DFD1010000000000000000020 00000280000000000000000000000000000400000000000000 000000000000612484B000000003E0000003E000000
“C:\Program Files (x86)\Microsoft Office\OFFICE11\OIS.EXE”=0x53414350010000000000000 00700000028000000586304006801050001000000000000000 00000067120000019B4C529E312D1010000000000000000020 00000280000000000000000000010000000000000000000000 00000000000EC1A2F02000000000300000003000000
“C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE”=0x5341435001000000000 00000070000002800000098F4BB00FF0CBC000100000000000 000000003067120000033504C2B57DFD101000000010000000 0
“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”=0x53414350010000000000 00000700000028000000C01702006E31020001000000000000 000000000A6122000019B4C529E312D1010000000000000000 02000000280000000000000000000010000000000000000000 00000000000000D2961700000000000800000008000000
“C:\Users\Gary\Downloads\scarlett-solo-3.1.10-221.exe”=0x534143500100000000000000070000002800000 058711B000E851B00010000000000000000000206000100001 9B4C529E312D10100000000000000000200000028000000000 0000000000000000000000000000000000000000000005BAF0 000000000000100000001000000
“C:\ProgramData\Ableton\Live 9 Lite\Resources\Extensions\WebConnector\Ableton Web Connector.exe”=0x534143500100000000000000070000002 8000000C8E1820005D1830001000000000000000000000A732 2000059193B14E312D10100000000000000000200000028000 00000000000000000000000000000000000000000000000000 0E3160000000000000100000001000000
“C:\ProgramData\Ableton\Live 9 Lite\Resources\Extensions\Index\Ableton Index.exe”=0x5341435001000000000000000700000028000 000C835A40045A2A40001000000000000000000000A7322000 059193B14E312D101000000000000000002000000280000000 0000000000000000000000000000000000000000000000080E E8404000000000100000001000000
“C:\Users\Gary\Downloads\InstallGoldWave619.exe”=0 x53414350010000000000000007000000280000007040C3005 CFEC30001000000000000000000000A0021000059193B14E31 2D101000000000000000002000000280000000000000000000 040000000000000000000000000000000006E7500000000000 00100000001000000
“C:\Program Files\GoldWave\GoldWave.exe”=0x5341435001000000000 0000007000000280000007882300191BF30010100000000000 0000000000A7322000059193B14E312D101000000000000000 00200000028000000000000000000000000000000000000000 000000000000000F9B1A201000000000100000001000000
“C:\Program Files (x86)\SteelSoft\SteelSoft Radio(Free Internet Radio)\WebRadio.exe”=0x534143500100000000000000070 00000280000000030000000000000010000000000000000000 106F122000019B4C529E312D10100000000000000000200000 02800000000000000000000000000000000000000000000000 0000000D0070000000000000100000001000000
“C:\Program Files (x86)\RarmaRadio\RarmaRadio.exe”=0x534143500100000 0000000000700000028000000003A980075799800010000000 0000000000003067122000019B4C529E312D10100000000000 00000020000002800000000000000000000000000000000000 000000000000000000048065D0100000000010000000100000 0
“C:\Users\Gary\Downloads\audacity-win-2.1.2.exe”=0x5341435001000000000000000700000028000 000F94E94010000000001000000000000000000000A0021000 019B4C529E312D101000000000000000002000000280000000 00000000000000000000000000000000000000000000000C65 1DA00000000000100000001000000
“C:\Users\Gary\AppData\Local\Temp\jre-8u71-windows-au.exe”=0x5341435001000000000000000700000028000000 60D609002C970A0001000000000000000000000A7122000019 B4C529E312D101000000000000000002000000280000000000 00000000004000000000000000000000000000000000BFAF02 00000000000100000001000000
“C:\Users\Gary\Downloads\Music\singt.exe”=0x534143 50010000000000000007000000280000008201150000000000 0100000000000000000001057100000019B4C529E312D10100 00000000000000020000002800000000000000000800400000 000000000000000000000000000027C2000000000000010000 0001000000
“C:\Program Files (x86)\Inquisition\Origin.exe”=0x534143500100000000 0000000700000028000000F08737003FA93700010000000000 0000000002060001000019B4C529E312D10100000000000000 00020000002800000000000000000000000000000000000000 000000000000000077010000000000000100000001000000
“C:\Users\Gary\Downloads\361.75-desktop-win10-64bit-international-whql.exe”=0x53414350010000000000000007000000280000 0098BB3D1747E03D1701000000000000000000020600010000 19B4C529E312D1010000000000000000020000002800000000 000000000000400000000000000000000000000000000031D6 0900000000000200000002000000
“C:\Users\Gary\Downloads\GeForce_Experience_v2.9.1 .35.exe”=0x534143500100000000000000070000002800000 0B8737B02E1C47B02010000000000000000000206000100001 9B4C529E312D1010000000000000000
“C:\Users\Gary\Downloads\GeForce_Experience_v2.9.1 .35(1).exe”=0x534143500100000000000000070000002800 0000B8737B02E1C47B02010000000000000000000206000100 0019B4C529E312D10100000000000000000200000028000000 0000000000000040000000000000000000000000000000007A B32900000000000100000001000000
“C:\Program Files\TextPad 7\TextPad.exe”=0x534143500100000000000000070000002 800000080D86C00748B6D0001000000000000000000000A732 20000D5B3B31A57DFD10100000000000000000200000028000 00000000000400000200000000000000000000000000000000 03A08C496000000008500000085000000
“C:\NVIDIA\DisplayDriver\353.30\Win8_WinVista_Win7 _64\International\setup.exe”=0x5341435001000000000 00000070000002800000048510600878606000100000000000 0000000000A0021000019B4C529E312D101000000000000000 00200000028000000000000000000004000000000000000000 000000000000000915F0400000000000100000001000000
“C:\NVIDIA\DisplayDriver\347.88\Win8_WinVista_Win7 _64\International\setup.exe”=0x5341435001000000000 0000007000000280000009050060039E606000100000000000 000000003060001000033504C2B57DFD101000000000000000 00200000028000000000000000000004000000000000000000 00000000000000055AE3700000000000C0000000C000000
“SIGN.MEDIA=F8A3C06D Downloads\Unlocker1.9.2.exe”=0x5341435001000000000 0000007000000280000003F751000000000000100000000000 000000001060001000019B4C529E312D101000000000000000 00200000028000000000000000000004000000000000000000 000000000000000503A0200000000000100000001000000
“C:\Program Files\Unlocker\Unlocker.exe”=0x5341435001000000000 00000070000002800000000E80100000000000100000000000 000000002067322000059193B14E312D101000000000000000 00500000010000000000000000000000000000000000000000 20000002800000000000000000000400000000000000000000 000000000000026210300000000000100000001000000
“C:\Program Files (x86)\CleanGenius 3\UnLocker.exe”=0x53414350010000000000000007000000 2800000060D90A00E8AF0B0001000000000000000000020671 22000019B4C529E312D1010000000000000000020000002800 00000000000000000040000000000000000000000000000000 00B1E90400000000000100000001000000
“C:\Program Files\Unlocker\uninst.exe”=0x534143500100000000000 0000700000028000000FE7F010000000000030000000000000 0000001060001000019B4C529E312D10100000000000000000 20000002800000000000000000000000000000000000000000 0000000000000C01C0000000000000100000001000000
“C:\Program Files\Common Files\Logishrd\SolarApp\LU\LULnchr.exe”=0x53414350 0100000000000000070000002800000050350500DAB7050001 00000000000000000001067122000019B4C529E312D1010000 00800000000002000000280000000000000000000000000000 00000000000000000000000000C31100000000000001000000 01000000
“C:\Program Files\Easeware\DriverEasy\DriverEasy.exe”=0x534143 500100000000000000070000002800000010AB3000691E3100 01000000000000000000000AF522000059193B14E312D10100 00000000000000
“C:\Users\Gary\Downloads\DriverEasy_Setup.exe”=0x5 341435001000000000000000700000028000000888D3900D2F 039000100000000000000000003060001000019B4C529E312D 1010000000000000000
“C:\Users\Gary\AppData\Local\Temp\NVIDIA\DisplayDr iver\GeForceGameReadyDriver361.75\setup.exe”=0x534 143500100000000000000070000002800000038720600CD8A0 60001000000000000000000000A0021000019B4C529E312D10 10000000000000000020000002800000000000000C00000400 000000000000000000000000000000024E8020000000000010 0000001000000
“C:\Program Files (x86)\Cheat Engine 6.4\cheatengine-x86_64.exe”=0x534143500100000000000000070000002800 000018179900943D9900010000000000000000000306632200 0059193B14E312D10100000000000000000200000028000000 00000000000000400210000000000000000000000000000096 B2C527000000000700000007000000
“C:\Program Files (x86)\Audacity\audacity.exe”=0x5341435001000000000 00000070000002800000000B88D00000000000100000000000 0000000000A7122000019B4C529E312D101000000000000000 0
“C:\Users\Gary\Downloads\Apache_OpenOffice_4.1.2_W in_x86_install_en-GB.exe”=0x5341435001000000000000000700000028000000 E834F607000000000100000000000000000001067100000019 B4C529E312D101000000000000000002000000280000000000 000000080040000000000000000000000000000000007D0905 00000000000100000001000000
“C:\Program Files (x86)\OpenOffice 4\program\soffice.exe”=0x5341435001000000000000000 700000028000000001A9600AE4096000100000000000000000 0000A7122000019B4C529E312D101000000000000000002000 00028000000000000000000001000000000000000000000000 00000000042310000000000000100000001000000
“C:\Program Files (x86)\Belarc\BelarcAdvisor\BelarcAdvisor.exe”=0x53 4143500100000000000000070000002800000088EC0100F290 02000100000000000000000003060021000019B4C529E312D1 01000000000000000002000000280000000000000000000000 020000000000000000000000000000008AC301000000000001 00000001000000
“C:\Users\Gary\Downloads\347.88-desktop-win8-win7-winvista-64bit-international-whql.exe”=0x53414350010000000000000007000000280000 0070276D120C756D1201000000000000000000020600010000 19B4C529E312D1010000000000000000020000002800000000 0000000000004000000000000000000000000000000000D99C 0400000000000100000001000000
“C:\Program Files\Microsoft Mouse and Keyboard Center\Setup.exe”=0x534143500100000000000000010000 0004000000010000000700000028000000D0B22600E9A62700 0300000000000000000003060021000033504C2B57DFD10100 00000000000000050000001000000000000000000000000000 00000000000002000000780000000000000000000020000082 000000000000008000000000002F6300000000000002000000 01000000000000000000006000008200000000000000800000 0000006E270000000000000100000000000000000000000000 000000028200000000000000800000000000B7900000000000 000100000000000000
“C:\Users\Gary\Downloads\MouseKeyboardCenter_64bit _ENG_2.3.188.exe”=0x534143500100000000000000070000 0028000000D0F6FB024863FC02010000000000000000000105 7100000019B4C529E312D10100000000000000000200000028 00000000000000800100400000000000000000000000000000 00001E020100000000000100000001000000
“C:\Program Files\CCleaner\CCleaner64.exe”=0x53414350010000000 00000000700000028000000A815830095B5830001000000000 000000000000A0021000059193B14E312D1010000000000000 00002000000280000000000000000000000000000000000000 000000000000000004C030000000000000100000001000000
“C:\Users\Gary\Downloads\HijackThis.exe”=0x5341435 00100000000000000070000002800000000EE0500000000000 100000000000000000002067100000019B4C529E312D101000 00000000000000200000028000000000000000000000000000 0000000000000000000000000008FCA0100000000000100000 001000000
“C:\Program Files\Easeware\DriverEasy\unins000.exe”=0x53414350 01000000000000000700000028000000700312007F58120003 00000000000000000003060001000019B4C529E312D1010000 00000000000002000000280000000000000000000000000000 00000000000000000000000000D21100000000000001000000 01000000
“C:\Program Files (x86)\FamilySearch\Paf5\pstart.exe”=0x534143500100 00000000000007000000280000000050050000000000010000 0000000000000001057120000019B4C529E312D10100000000 00000000020000002800000000000000000000000044000000 00000000000000000000001567694300000000070000000700 0000
“C:\Program Files (x86)\Incline Software\Ancestral Quest 14\ancquest.exe”=0x5341435001000000000000000700000 028000000000E1E0136D61E010100000000000000000002067 100000033504C2B57DFD101000000000000000002000000280 00000000000000000000000000200000000000000000000000 000A9908C15000000000700000007000000
“SIGN.MEDIA=1B1A162 Launcher.exe”=0x5341435001000000000000000700000028 000000407558009C8458000100000000000000000002067122 000019B4C529E312D101000000000000000005000000100000 00000000000000000000000000800000000200000028000000 00000000800000400000000000000000000000000000000066 1C1600000000000100000001000000
“C:\Program Files (x86)\Notepad++\notepad++.exe”=0x53414350010000000 0000000070000002800000000B024003F6C220001000000000 00000000003067122000033504C2B57DFD1010000000000000 00002000000280000000000000000000000000000000000000 00000000000000000814F1500000000000300000003000000
“C:\Users\Gary\Downloads\instspeedfan451.exe”=0x53 4143500100000000000000070000002800000008DA2100FDE7 210001000000000000000000000A0021000019B4C529E312D1 01000000000000000002000000280000000000000000000040 00000000000000000000000000000000797B00000000000001 00000001000000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6302.0225\FileSyncConfig.exe”=0x534143500100000 0000000000700000028000000C880020068210300010000000 00000000000000A0021000019B4C529E312D10100000001000 00000
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe”=0x534143500100000000000000070000 0028000000E0759700E487970001000000000000000000000A 7122000033504C2B57DFD10100000000000000000200000028 00000000000000000000400000000000000000000000000000 0000A1CBF169000000001800000018000000
“C:\Program Files (x86)\Skype\Phone\Skype.exe”=0x5341435001000000000 0000007000000280000006026D70160EBD7010100000000000 000000003060001000019B4C529E312D101000000000000000 00200000028000000000000000000000000000000000000000 000000000000000ABBDA600000000000100000001000000
“C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\Kaspersky Restore Utility\kasperskylab.pure.restoretool.exe”=0x53414 3500100000000000000070000002800000000ED01004E0D020 001000000000000000000000A8021000019B4C529E312D1010 00000000000000002000000280000000000000000000040000 000000000000000000000000000005C3F0D000000000001000 00001000000
“C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe”=0x534143500100000000000000070000 0028000000003B03002D75030001000000000000000000000A 0021000019B4C529E312D1010000000000000000
“C:\Users\Gary\Downloads\Firefox Setup Stub 46.0.exe”=0x53414350010000000000000007000000280000 00F0B103003E9E040001000000000000000000030600010000 19B4C529E312D1010000000000000000020000002800000000 00000000000000000000000000000000000000000000006A1C 9601000000000200000002000000
“C:\Users\Gary\Downloads\MSI_Kombustor_Setup_3.5.1 .0_x64.exe”=0x534143500100000000000000070000002800 0000729B2B0100000000010000000000000000000306000100 0019B4C529E312D10100000000000000000200000028000000 00000000000000000000000000000000000000000000000055 5F1829000000000100000001000000
“C:\Users\Gary\Downloads\MicrosoftFixit50229.msi”= 0x534143500100000000000000070000002800000000E40000 6BAB01000100000000000000000001050010000019B4C529E3 12D10100000000000000000500000010000000000000000000 00000000000000000000020000002800000000000000000000 0000000000040000000000000000000000298C020000000000 0100000001000000
“C:\Windows\SysWOW64\regedit.exe”=0x53414350010000 000000000007000000280000000094040059E4040001000000 010000000000000A7122000019B4C529E312D1010000000000 000000
“C:\Users\Gary\Downloads\adguardInstaller.exe”=0x5 341435001000000000000000700000028000000F89D0200CDD D020001000000000000000000000A7120000019B4C529E312D 10100000000000000000200000028000000000000000008004 0000000000000000000000000000000003D580100000000000 100000001000000
“C:\Program Files (x86)\TeamViewer\TeamViewer.exe”=0x534143500100000 000000000070000002800000010936301304D6401010000000 00000000000000A0021000019B4C529E312D10100000000000 00000020000002800000000000000000000000000000000000 0000000000000000000C501000000000000010000000100000 0
“C:\Users\Gary\Downloads\iconworkshop.exe”=0x53414 3500100000000000000070000002800000028F55A0233795B0 201000000000000000000000A7122000019B4C529E312D1010 00000000000000002000000280000000000000000000040000 00000000000000000000000000000BE0D06000000000001000 00001000000
“C:\Program Files (x86)\Axialis\IconWorkshop\IconWorkshop.exe”=0x534 143500100000000000000070000002800000008EBC2008CE6C 30001000000000000000000000A7122000033504C2B57DFD10 10000000000000000020000002800000000000000000000000 0000000000000000000000000000000E4740F1500000000030 0000003000000
“C:\Users\Gary\Downloads\rcsetup153.exe”=0x5341435 00100000000000000070000002800000040855300457654000 100000000000000000001060001000019B4C529E312D101000 00000000000000200000028000000000000000000004000000 00000000000000000000000000042720000000000000100000 001000000
“C:\Program Files\Recuva\recuva64.exe”=0x534143500100000000000 0000700000028000000D8A24B00213C4C00010000000000000 00000000A7322000059193B14E312D10100000000000000000 20000002800000000000000000000400000000000000000000 0000000000000F1040A00000000000100000001000000
“C:\Program Files (x86)\HexEdit\HexEdit.exe”=0x534143500100000000000 00007000000280000000084200041E71F00010000000000000 0000001067122000033504C2B57DFD10100000000000000000 20000002800000000000000000000000000000000000000000 000000000000025B2E502000000000200000002000000
“C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe”=0x5341435001000000000000000700000 028000000D8143800DA8238000100000000000000000002067 102000033504C2B57DFD101000000000000000002000000280 00000000000000000000000000000000000000000000000000 000FF0A3F24000000000400000004000000
“C:\Users\Gary\Downloads\planmaker.exe”=0x53414350 01000000000000000700000028000000B7AA12000000000001 00000000000000000001057100000019B4C529E312D1010000 00000000000001000000040000000100000002000000500000 00000000002008006000000000000000000000000000000000 914C1C00000000000100000001000000000000000000000040 0400000000000040000000000000002B340100000000000100 000000000000
“C:\Users\Gary\Downloads\FreeCAD-0.16.6704.oc449d7-WIN-x64_Installer-1.exe”=0x53414350010000000000000007000000280000007 8E5D30D000000000100000000000000000001060001000019B 4C529E312D1010000000000000000020000002800000000000 0000000004000000000000000000000000000000000A415080 0000000000100000001000000
“C:\Program Files\FreeCAD 0.16\bin\FreeCAD.exe”=0x53414350010000000000000007 00000028000000002202000000000001000000000000000000 000A7322000059193B14E312D1010000000000000000020000 00280000000000000000000000000000000000000000000000 00000000D5310F00000000000100000001000000
“C:\Users\Gary\Downloads\paint_latest.exe”=0x53414 35001000000000000000700000028000000B7C007000000000 00100000000000000000001060001000019B4C529E312D1010 00000000000000002000000280000000000000000000000000 00000000000000000000000000000C28100000000000001000 00001000000
“C:\Program Files (x86)\Paint XP\mspaint98.exe”=0x534143500100000000000000070000 002800000000400500F9F80500010000000000000000000105 7120000019B4C529E312D10100000000000000000200000028 00000000000000000000000044020000000000000000000000 000052F21D00000000000100000001000000
“C:\Users\Gary\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe”=0x5341435 00100000000000000070000002800000000A508002A7309000 1000000000000000000000A7122000019B4C529E312D101000 00080000000000200000028000000000000000000004000000 00000000000000000000000000016990600000000000100000 001000000
“C:\Users\Gary\AppData\Roaming\Kingsoft\office6\up date\down\setup_XA_mui_10.1.0.5656_Free.exe”=0x534 143500100000000000000070000002800000080271C05B5C31 C0501000000000000000000000A0021000019B4C529E312D10 10000000000000000020000002800000000000000000000000 00000000000000000000000000000000FCB0A0000000000010 0000001000000
“C:\Users\Gary\AppData\Local\Kingsoft\Kingsoft Office\10.1.0.5656\utility\uninst.exe”=0x534143500 1000000000000000700000028000000C8DD0D00AA650E00030 00000000000000000000A0021000019B4C529E312D10100000 00000000000
“C:\Users\Gary\AppData\Local\Kingsoft\Kingsoft Office\10.1.0.5656\office6\wpscenter.exe”=0x534143 50010000000000000007000000280000000079020073280300 01000000000000000000000A7122000019B4C529E312D10100 00000000000000020000002800000000000000000000000000 00000000000000000000000000001000000000000000010000 0001000000
“C:\Users\Gary\Downloads\epm.exe”=0x53414350010000 00000000000700000028000000E08BF902852FFA0201000000 000000000000000A0021000019B4C529E312D1010000000000 00000002000000280000000000000000000040000000000000 0000000000000000000070A90D000000000001000000010000 00
“C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe”=0x534143500100000000000000070000 0028000000A85B03004EC0030001000000000000000000000A 0021000019B4C529E312D1010000000000000000
“C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\CleanUpUI.exe”=0x534143500100000000000000 0700000028000000C00413003B871300010000000000000000 00000A7122000033504C2B57DFD10100000000000000000500 00001000000000000000000000000000000000000000020000 00500000000000000000000040000000000000000000000000 00000000F28E45110000000007000000010000000000000000 00000000000000000000000000000000000000242E00000000 00000200000000000000
“C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\EPMStartLoader.exe”=0x5341435001000000000 000000700000028000000C0B4040092F504000100000000000 0000000000A7122000033504C2B57DFD101000000000000000 00200000028000000000000000000004000000000000000000 000000000000000087B0100000000000200000002000000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6390.0509\FileSyncConfig.exe”=0x534143500100000 0000000000700000028000000C8BA020001D30200010000000 00000000000000A0021000019B4C529E312D10100000001000 00000
“C:\Users\Gary\Downloads\InstallMyDriveConnect.exe ”=0x534143500100000000000000070000002800000048353D 02A51C3E020100000000000000000001060001000019B4C529 E312D101000000000000000002000000280000000000000000 000040000000000000000000000000000000008CAC00000000 00000100000001000000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6517.0809\FileSyncConfig.exe”=0x534143500100000 0000000000700000028000000C0AC020070500300010000000 00000000000000A0021000019B4C529E312D10100000001000 00000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6517.0809_1\FileSyncConfig.exe”=0x5341435001000 000000000000700000028000000C0AC0200705003000100000 0000000000000000A0021000033504C2B57DFD101000000010 0000000
“C:\Users\Gary\Downloads\kts17.0.0.611en-gb_full.exe”=0x53414350010000000000000007000000280 0000028D8980AB7DD980A01000000000000000000000A00210 00033504C2B57DFD1010000000000000000020000002800000 00000000000000000000000000000000000000000000000009 5810300000000000100000001000000
“C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe”=0x534143500100000000000000070000 0028000000D8690300411F040001000000000000000000000A 0021000033504C2B57DFD1010000000000000000
“E:\copy of duff disk after it became recognisable\Program Files\Firaxis Games\Sid Meier’s Alpha Centauri\terran.exe”=0x534143500100000000000000070 000002800000000C02C0000000000010000000000000000000 1057120000033504C2B57DFD10100000000000000000200000 05000000000000000008000200000004000000000000000000 0000000E33E040300000000400000004000000000000000000 0000000000040000000000000000000000000317CD40100000 00002000000000000000600000008000000000000400000000 0
“C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe”=0x53414350010000 00000000000700000028000000408B08004EE0080001000000 00000000000002067102000033504C2B57DFD1010000000000 00000002000000280000000000000000000000000000000000 00000000000000000000636F71020000000004000000040000 00
“C:\Program Files (x86)\LibreOffice 5\program\scalc.exe”=0x534143500100000000000000070 0000028000000680001005CDE0100010000000000000000000 00A7122000033504C2B57DFD10100000000000000000200000 02800000000000000000000000000000000000000000000000 00000009C7E0200000000000100000001000000
“C:\Program Files (x86)\LibreOffice 5\program\swriter.exe”=0x5341435001000000000000000 70000002800000068FC0000145E01000100000000000000000 0000A7122000033504C2B57DFD1010000000000000000
“C:\Users\Gary\Downloads\DOSBox0.74-win32-installer.exe”=0x534143500100000000000000070000002 8000000691B160000000000010000000000000000000106000 1000033504C2B57DFD10100000000000000000200000028000 00000000000000000400000000000000000000000000000000 017450000000000000100000001000000
“C:\Program Files (x86)\DOSBox-0.74\DOSBox.exe”=0x5341435001000000000000000700000 02800000000E03800B5C939000100000000000000000001067 120000033504C2B57DFD101000000000000000002000000280 00000000000000000001000000000000000000000000000000 00070807024000000001F0000001F000000
“C:\Program Files (x86)\Microsoft Office\OFFICE11\MSACCESS.EXE”=0x534143500100000000 0000000700000028000000583F6600A6F76600010000000000 0000000001067120000033504C2B57DFD10100000011000000 00
“C:\Users\Gary\Downloads\free-sqlite-viewer.exe”=0x534143500100000000000000070000002800 000090ECD400CCBBD500010000000000000000000106000100 0033504C2B57DFD10100000000000000000200000028000000 00000000000000000000000000000000000000000000000026 560500000000000100000001000000
“E:\copy of duff disk after it became recognisable\Program Files\Synkronizer XL 8.0\syxl80_install.exe”=0x534143500100000000000000 0700000028000000006000004B010100010000000000000000 0001057120000033504C2B57DFD10100000000000000000100 00000400000001000000050000001000000000000000000000 00000301050008000002000000500000000003010500080060 00102000000000000000200000000000BD0500000000000001 00000001000000000000000008004000102000000000000000 200000000000870E0000000000000100000000000000
“SIGN.MEDIA=2D6 INSTALL.BAT”=0x53414350010000000000000007000000280 00000008E0300E25F040001000000000000000000010500300 000D5B3B31A57DFD1010000000000000000
“C:\Users\Gary\AppData\Roaming\Notepad++\plugins\c onfig\plugin_install_temp\plugin1\updater\gpup.exe ”=0x5341435001000000000000000700000028000000002A04 0058E5040001000000000000000000000A7122000033504C2B 57DFD101000000000000000002000000280000000000000000 000040000000000000000000000000000000002F0000000000 00000100000001000000
“C:\Users\Gary\Downloads\epm(1).exe”=0x53414350010 0000000000000070000002800000060CCF40267C7F50201000 000000000000000000A0021000033504C2B57DFD1010000000 00000000002000000280000000000000000000040000000000 000000000000000000000009C6990060000000006000000060 00000
“C:\Users\Gary\Downloads\revosetup.exe”=0x53414350 01000000000000000700000028000000B8566C00150E6D0001 000000000000000000000A0021000033504C2B57DFD1010000 00000000000002000000280000000000000000000000000000 000000000000000000000000005AE91D000000000001000000 01000000
“C:\Users\Gary\Downloads\EaseUS_DiskCopy_Home.exe” =0x534143500100000000000000070000002800000010D5B50 2A5C7B6020100000000000000000001067102000033504C2B5 7DFD1010000000000000000050000001000000000000000000 00000000000000000000002000000280000000000000000000 04000000000000000000000000000000000271C6C060000000 00100000001000000
“C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe”=0x534143500100000000000000 0700000028000000C0F8120046DD1300010000000000000000 00000A7122000033504C2B57DFD10100000000000000000200 00005000000000000000000000400000000000000000000000 0000000000FE60A80100000000080000000600000000000000 0000000000000000000000000000000000000000E535000000 0000000100000000000000
“C:\Users\Gary\Downloads\tbbMeterSetup.exe”=0x5341 43500100000000000000070000002800000040945E001D795F 000100000000000000000000067102000033504C2B57DFD101 00000000000000000200000028000000000000000000004000 0000000000000000000000000000004F710500000000000100 000001000000
“C:\Users\Gary\AppData\Local\Temp\VSDEDD9.tmp\DotN etFX\dotnetchk.exe”=0x5341435001000000000000000700 00002800000000580100911902000100000000000000000000 067102000033504C2B57DFD101000000000000000002000000 28000000000000000000001000000000000000000000000000 00000010000000000000000100000001000000
“SIGN.MEDIA=F8A3C06D Downloads\tb_free.exe”=0x5341435001000000000000000 70000002800000050512E0758622E070100000000000000000 0000A0021000033504C2B57DFD101000000000000000002000 00028000000000000000000004000000000000000000000000 000000000F786707F000000000100000001000000
“C:\Program Files (x86)\Paint XP\mspaint.exe”=0x53414350010000000000000007000000 28000000003C05008E24060001000000000000000000010571 20000033504C2B57DFD1010000000000000000020000002800 00000000000000000000000000000000000000000000000000 00D5B0360F000000000200000002000000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6720.1207\FileSyncConfig.exe”=0x534143500100000 0000000000700000028000000E07E03004B440400010000000 00000000000000A0021000033504C2B57DFD10100000001000 00000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6743.1212\FileSyncConfig.exe”=0x534143500100000 0000000000700000028000000D87E030025C10300010000000 00000000000000A0021000033504C2B57DFD10100000001000 00000
“C:\Users\Gary\Downloads\FoxitReader82_enu_Setup_P rom.exe”=0x534143500100000000000000070000002800000 0407D3A0325813A0301000000000000000000000A002100003 3504C2B57DFD10100000000000000000200000028000000000 00000000000000000000000000000000000000000000021970 300000000000200000002000000
“C:\Users\Gary\Downloads\Windows10Upgrade9252.exe” =0x5341435001000000000000000700000028000000889B570 0794C580001000000000000000000000A0021000033504C2B5 7DFD1010000000000000000020000002800000000000000000 00040000000000000000000000000000000006392020000000 0000300000003000000
“C:\Games\Dragon Age\bin_ship\daorigins.exe”=0x53414350010000000000 000007000000280000006087980060E8980001000000000000 00000001067120000033504C2B57DFD1010000000000000000 02000000280000000000000000000000000000000000000000 000000000000004B560700000000000100000001000000
“C:\Games\Dragon Age\DAOriginsLauncher.exe”=0x534143500100000000000 0000700000028000000E8041300E1B41300010000000000000 0000000067100000033504C2B57DFD10100000000000000000 20000002800000000000000800000000000000000000000000 000000000000061DE4508000000002300000023000000
“C:\Users\Gary\Downloads\MediaCreationTool.exe”=0x 5341435001000000000000000700000028000000D06017017B 88170101000000000000000000000A0021000033504C2B57DF D1010000000000000000020000002800000000000000000000 40000000000000000000000000000000000844650200000000 0200000002000000
“C:\Users\Gary\Downloads\AutoHotkey_1.1.24.05_setu p.exe”=0x5341435001000000000000000700000028000000A A7A2F00F367010001000000000000000000000A00210000335 04C2B57DFD1010000000000000000020000002800000000000 0000000004000000000000000000000000000000000557B831 4000000000100000001000000
“C:\Program Files\AutoHotkey\AutoHotkey.exe”=0x534143500100000 00000000007000000280000000074120000000000010000000 00000000000000A00210000D5B3B31A57DFD10100000000000 00000020000002800000000000000000000000000000000000 0000000000000000000C304000000000000010000000100000 0
“SIGN.MEDIA=695B70 setup.exe”=0x5341435001000000000000000700000028000 000C03A01005188010001000000000000000000000A0021000 0D5B3B31A57DFD101000000000000000002000000280000000 00000000000004000000000000000000000000000000000DAA 21D00000000000100000001000000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6743.1212_1\FileSyncConfig.exe”=0x5341435001000 000000000000700000028000000D87E030025C103000100000 0000000000000000A0021000033504C2B57DFD101000000010 0000000
“C:\Users\Gary\Desktop\script_Tab_Toggles_F12.exe” =0x534143500100000000000000070000002800000029350C0 0000000000100000000000000000001067102000033504C2B5 7DFD1010000000000000000020000002800000000000000000 00000000000000000000000000000000000002DD9332C00000 0000300000003000000
“C:\Program Files (x86)\Auto Clicker\AutoClicker.exe”=0x53414350010000000000000 0070000002800000000A000000000000001000000000000000 00001067120000033504C2B57DFD1010000000000000000020 00000280000000000000000000000000000000000000000000 000000000008D8A7124000000000400000004000000
“C:\Users\Gary\Downloads\DAII Downloads\try new folder for editor\daosavegame.exe”=0x534143500100000000000000 070000002800000000E200003D2F0100010000000000000000 0000067102000033504C2B57DFD10100000000000000000200 00002800000000000000000000000000000000000000000000 0000000000598E6C17000000000300000003000000
“C:\Users\Gary\Downloads\DAII Downloads\try new folder for editor\editor larger pyGFF one.exe”=0x534143500100000000000000070000002800000 0003001003D2F0100010000000000000000000006710200003 3504C2B57DFD10100000000000000000200000028000000000 00000000000000000000000000000000000000000000012CB6 21C000000000800000008000000
“C:\Games\Dragon Age 2\bin_ship\DragonAge2.exe”=0x534143500100000000000 000070000002800000070BDB9005097BA00010000000000000 0000001067102000033504C2B57DFD10100000000000000000 20000002800000000000106000000200010000000000000000 0000000000000D78BB71B000000000F0000000F000000
“C:\Program Files (x86)\LibreOffice 5\program\sdraw.exe”=0x534143500100000000000000070 000002800000068060100D67C0100010000000000000000000 00A7122000033504C2B57DFD10100000000000000000200000 02800000000000000000000000000000000000000000000000 0000000D44F4024000000000100000001000000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\Up date\OneDriveSetup.exe”=0x534143500100000000000000 0700000028000000E0783801622F3901010000000000000000 00000A0021000033504C2B57DFD1010000000100000000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6798.0207\FileSyncConfig.exe”=0x534143500100000 0000000000700000028000000D88003007F300400010000000 00000000000000A0021000033504C2B57DFD10100000001000 00000
“C:\Users\Gary\Downloads\GeForce_Experience_v3.4.0 .70.exe”=0x534143500100000000000000070000002800000 03878BD04F659BE04010000000000000000000206000100003 3504C2B57DFD10100000000000000000200000028000000000 000000000004000000000000000000000000000000000CDBD0 100000000000200000002000000
“C:\Users\Gary\Downloads\JavaSetup8u121.exe”=0x534 143500100000000000000070000002800000040480B00ABBC0 B0001000000000000000000000A7122000033504C2B57DFD10 10000000000000000020000002800000000000000000000400 00000000000000000000000000000004B9D030000000000010 0000001000000
“C:\Program Files\Internet Explorer\iexplore.exe”=0x5341435001000000000000000 700000028000000C0960C005DE50C000100000001000000000 0000A00210000D5B3B31A57DFD1010000000000000000
“C:\Users\Gary\Downloads\spsetup130.exe”=0x5341435 001000000000000000700000028000000C0066000843560000 100000000000000000001060001000033504C2B57DFD101000 0000000000000
“C:\NVIDIA\DisplayDriver\314.22\Win8_WinVista_Win7 _64\English\setup.exe”=0x5341435001000000000000000 700000028000000202D0600B76106000100000000000000000 001060001000033504C2B57DFD101000000000000000002000 00028000000000000000000004000000000000000000000000 00000000099501200000000000200000002000000
“C:\NVIDIA\DisplayDriver\331.82\Win8_WinVista_Win7 _64\English\setup.exe”=0x5341435001000000000000000 700000028000000204D06009AD006000100000000000000000 003060021000033504C2B57DFD101000000000000000002000 00028000000000000000000004000000000000000000000000 000000000652D0400000000000100000001000000
“C:\NVIDIA\DisplayDriver\340.52\Win8_WinVista_Win7 _64\English\setup.exe”=0x5341435001000000000000000 70000002800000020510600B00E07000100000000000000000 003060001000033504C2B57DFD101000000000000000002000 00028000000000000000000004000000000000000000000000 000000000413C0600000000000200000002000000
“C:\Program Files\Speccy\Speccy64.exe”=0x534143500100000000000 0000700000028000000D8C46C0089006D00010000000000000 00000000A73220000D5B3B31A57DFD10100000000000000000 50000001000000000000000000000000000000000000000020 00000280000000000000000000000000000000000000000000 0000000000081634529000000000B0000000B000000
“C:\Program Files (x86)\Inquisition\legacyPM\OriginLegacyCLI.exe”=0x 534143500100000000000000070000002800000070AD0C00F9 F30C000100000000000000000001060001000033504C2B57DF D1010000000000000000020000002800000000000000000000 0000000000000000000000000000000000BC00000000000000 0500000005000000
“C:\Users\Gary\Downloads\DAII Downloads\try new folder for editor\g2da.exe”=0x5341435001000000000000000700000 02800000000620000164D00000100000000000000000000067 102000033504C2B57DFD101000000000000000002000000280 00000000000000000000000000000000000000000000000000 00096010000000000000200000002000000
“C:\Users\Gary\Downloads\DAI Downloads\DAIToolsSuite_Loader\DAIToolsSuite_Loade r.exe”=0x53414350010000000000000007000000280000000 09400000000000001000000000000000000000AF5220000335 04C2B57DFD1010000000000000000020000002800000000000 0000000000000000000000000000000000000000000C45EB60 0000000000100000001000000
“C:\Users\Gary\Downloads\DAI Downloads\Folder For DAI ModManager\DAIModManager.exe”=0x534143500100000000 000000070000002800000000A2010000000000010000000000 00000000000AF522000033504C2B57DFD10100000000000000 00020000002800000000000000000000000000000000000000 0000000000000000455A0000000000000100000001000000
“C:\Users\Gary\Downloads\FoxitReader821_enu_Setup_ Prom.exe”=0x53414350010000000000000007000000280000 00C8093E03F88B3E0301000000000000000000000A00210000 33504C2B57DFD1010000000000000000020000002800000000 0000000000004000000000000000000000000000000000428C 0A00000000000100000001000000
“C:\Users\Gary\Downloads\DDU v17.0.6.1\DDU v17.0.6.1.exe”=0x534143500100000000000000070000002 80000003DA411000000000001000000000000000000000A712 0000033504C2B57DFD10100000000000000000200000028000 00000000000000000000000000000000000000000000000000 0A1140000000000000100000001000000
“C:\Users\Gary\Downloads\DDU v17.0.6.1\Display Driver Uninstaller.exe”=0x5341435001000000000000000700000 02800000000A616000000000001000000000000000000000AF 5220000D5B3B31A57DFD101000000000000000005000000100 00000000000000000000000000000000000000200000028000 00000000000000000000000000000000000000000000000000 0D9A70000000000000100000001000000
“C:\Users\Gary\Downloads\instspeedfan452.exe”=0x53 4143500100000000000000070000002800000068192F008906 300001000000000000000000000A0021000033504C2B57DFD1 01000000000000000002000000280000000000000000000040 000000000000000000000000000000007E6800000000000001 00000001000000
“C:\Program Files (x86)\SpeedFan\speedfan.exe”=0x5341435001000000000 000000700000028000000889C7C0033627D000100000000000 0000000000A0021000033504C2B57DFD101000000000000000 00200000028000000000000000000004000000000000000000 000000000000000438E2330000000000700000007000000
“C:\Users\Gary\Downloads\378.92-desktop-win10-64bit-international-whql.exe”=0x53414350010000000000000007000000280000 00A8E82C1846902D1801000000000000000000020600010000 33504C2B57DFD1010000000000000000020000002800000000 0000000000004000000000000000000000000000000000A210 3300000000000300000003000000
“C:\Users\Gary\Downloads\dxwebsetup.exe”=0x5341435 001000000000000000700000028000000587504004CBE04000 100000000000000000001057100000033504C2B57DFD101000 00080000000000200000028000000000000000008004000000 0000000000000000000000000002D580100000000000100000 001000000
“C:\Users\Gary\Downloads\SlimDrivers-setup.exe”=0x5341435001000000000000000700000028000 000386E10000000000001000000000000000000000A0021000 033504C2B57DFD1010000000000000000
“C:\Users\Gary\Downloads\setuprst.exe”=0x534143500 1000000000000000700000028000000781AD000455ED000010 00000000000000000000A0021000033504C2B57DFD10100000 00000000000050000001000000000000000000000000000000 00000000002000000280000000000000000000000000000000 00000000000000000000000033100000000000001000000010 00000
“C:\NVIDIA\DisplayDriver\Zotac\378.92\Win10_64\Int ernational\setup.exe”=0x53414350010000000000000007 00000028000000387606009195060001000000000000000000 000A0021000033504C2B57DFD1010000000000000000020000 00280000000000000000000040000000000000000000000000 00000000ECBF0500000000000300000003000000
“C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe”=0x5341435001000000 000000000700000028000000C8DA08000FFA08000100000000 0000000000000A7122000033504C2B57DFD101000000000000 00000200000028000000000000000000004000000000000000 0000000000000000004D220000000000000100000001000000
“C:\Users\Gary\Downloads\whocrashedSetup.exe”=0x53 4143500100000000000000070000002800000048A84B0046E4 4B0001000000000000000000000A0021000033504C2B57DFD1 010000000000000000
“C:\Users\Gary\Downloads\bluescreenview_setup.exe” =0x5341435001000000000000000700000028000000282A020 0307A02000100000000000000000000067102000033504C2B5 7DFD1010000000000000000050000001000000000000000000 00000000000000000000002000000280000000000000000000 04000000000000000000000000000000000DE1700000000000 00100000001000000
“C:\Program Files\WhoCrashed\WhoCrashedEx.exe”=0x5341435001000 000000000000700000028000000F0174D00691F4D000100000 0000000000000000A0021000033504C2B57DFD101000000000 00000000200000028000000000000000000004000000000000 0000000000000000000004DE2DD05000000000100000001000 000
“C:\Program Files (x86)\NirSoft\BlueScreenView\BlueScreenView.exe”=0 x534143500100000000000000070000002800000060EE00007 32E010001000000000000000000000A7122000033504C2B57D FD101000000000000000002000000280000000000000000000 04000000000000000000000000000000000F309DC050000000 00100000001000000
“C:\Users\Gary\Downloads\Unigine_Valley-1.0.exe”=0x534143500100000000000000070000002800000 0F9185A1500000000010000000000000000000106000100003 3504C2B57DFD10100000000000000000200000028000000000 0000000000000000000000000000000000000000000003A750 100000000000100000001000000
“C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\valley.bat”=0x53414350010000000000000007000000 28000000008E0300E25F040001000000000000000000010500 100000D5B3B31A57DFD1010000000000000000
“C:\Users\Gary\Downloads\Firefox Setup Stub 53.0.exe”=0x53414350010000000000000007000000280000 0028C10300209D040001000000000000000000000A00210000 33504C2B57DFD1010000000000000000020000002800000000 000000000000400000000000000000000000000000000031FE 4402000000000200000002000000
“C:\Users\Gary\Downloads\gimp-2.8.20-setup.exe”=0x5341435001000000000000000700000028000 000B89B9F046D6DA00401000000000000000000000A0021000 033504C2B57DFD101000000000000000002000000280000000 0000000000000400000000000000000000000000000000038D 60400000000000100000001000000
“C:\Program Files\GIMP 2\bin\gimp-2.8.exe”=0x534143500100000000000000070000002800000 040EF53008DC4540001000000000000000000000A00210000D 5B3B31A57DFD10100000000000000000200000028000000000 00000000000000000000000000000000000000000000003A8A F05000000000100000001000000
“C:\Users\Gary\Downloads\kavremvr.exe”=0x534143500 10000000000000007000000280000004865DB00208CDB00010 00000000000000000000A0021000033504C2B57DFD10100000 00000000000020000002800000000000000000000400000000 000000000000000000000000017DF4D0300000000010000000 1000000
“C:\Program Files\Windows Defender\MSASCui.exe”=0x53414350010000000000000007 0000002800000000D61300BB0B140001000000010000000000 000A00210000D5B3B31A57DFD1010000000000000000
“C:\Users\Gary\Downloads\kts17.0.0.611en-gb_full(1).exe”=0x53414350010000000000000007000000 2800000070C8AD0B9CCFAD0B01000000000000000000000A00 21000033504C2B57DFD1010000000000000000020000002800 00000000000000000040000000000000000000000000000000 0035FA0200000000000200000002000000
“C:\Users\Gary\AppData\Local\Temp\Rar$EXa0.893\DDU v17.0.6.3.exe”=0x534143500100000000000000070000002 800000002AA11000000000001000000000000000000000A712 0000033504C2B57DFD10100000000000000000200000028000 00000000000000000000000000000000000000000000000000 0581B0000000000000100000001000000
“C:\Users\Gary\AppData\Local\Temp\Rar$EXa0.893\Dis play Driver Uninstaller.exe”=0x5341435001000000000000000700000 02800000000B416000000000001000000000000000000000AF 5220000D5B3B31A57DFD101000000000000000002000000280 00000000000000000000000000000000000000000000000000 0004FE00300000000000100000001000000
“C:\Users\Gary\Downloads\378.72-desktop-notebook-win10-64bit-international.hf.exe”=0x53414350010000000000000007 00000028000000A8EAC617DFC1C71701000000000000000000 02060001000033504C2B57DFD1010000000000000000
“C:\NVIDIA\DisplayDriver\378.72\Win10_64\Internati onal\setup.exe”=0x53414350010000000000000007000000 28000000C07106005142070001000000000000000000000A00 21000033504C2B57DFD1010000000000000000020000002800 00000000000000000040000000000000000000000000000000 0059370400000000000300000003000000
“C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe”=0x53414350010000000000000007000000 28000000D8530700882C080001000000000000000000000A00 21000033504C2B57DFD1010000000000000000020000002800 00000000000000000000000000000000000000000000000000 0009010000000000000100000001000000
“C:\Users\Gary\Downloads\OCCTPT4.5.0.exe”=0x534143 5001000000000000000700000028000000B32C7C0000000000 01000000000000000000000A0021000033504C2B57DFD10100 00000000000000020000002800000000000000000000400000 000000000000000000000000000066B37B2600000000010000 0001000000
“C:\Users\Gary\Downloads\FurMark_1.19.0.0_Setup.ex e”=0x53414350010000000000000007000000280000003A706 B000000000001000000000000000000000A0021000033504C2 B57DFD10100000000000000000200000028000000000000000 00000000000000000000000000000000000000087990200000 000000100000001000000
“C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe”=0x53 4143500100000000000000070000002800000000F831000000 000001000000000000000000000A7120000033504C2B57DFD1 01000000000000000002000000280000000000000000000000 00000000000000000000000000000000228D2D110000000001 00000001000000
“C:\Users\Gary\AppData\Local\TomTom\HOME3\Updates\ InstallMyDriveConnect_4_1_4_3089.exe”=0x5341435001 00000000000000070000002800000078B6BD03CBDCBD030100 000000000000000001060001000033504C2B57DFD101000000 00000000000200000028000000000000000000004000000000 000000000000000000000000EBCB0000000000000100000001 000000
“C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE”=0x534 1435001000000000000000700000028000000A04179001C3D7 A0001000000000000000000000A73220000D5B3B31A57DFD10 10000000000000000020000002800000000000000000000000 0000000000000000000000000000000BFF9D71200000000010 0000001000000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6799.0327\FileSyncConfig.exe”=0x534143500100000 0000000000700000028000000D88203009CF30300010000000 00000000000000A0021000033504C2B57DFD10100000001000 00000
“C:\Users\Gary\Downloads\winiso.exe”=0x53414350010 00000000000000700000028000000F08378003064790001000 00000000000000001060001000033504C2B57DFD1010000000 00000000002000000280000000000000000000040000000000 0000000000000000000000000CB00000000000001000000010 00000
“C:\Program Files (x86)\WinISO\bin\winiso.exe”=0x5341435001000000000 00000070000002800000000541200000000000100000000000 0000000000A6122000033504C2B57DFD101000000000000000 00200000028000000000000000000000000000000000000000 00000000000000014820600000000000100000001000000
“C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe”=0x534143500100000000000000 0700000028000000C8524B031DDA4B03010000000000000000 00000A0021000033504C2B57DFD10100000000000000000200 00002800000000000000000000100000000000000000000000 0000000000FE7C9B22000000000300000003000000
“C:\Users\Gary\AppData\Local\TomTom\HOME3\Updates\ InstallMyDriveConnect_4_1_5_3181.exe”=0x5341435001 0000000000000007000000280000002870DB03E0FFDB030100 000000000000000001060001000033504C2B57DFD101000000 00000000000200000028000000000000000000004000000000 000000000000000000000000F3B50000000000000100000001 000000
“C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe”=0x53414350010000000000000007000000280 00000E8461D0008821D0001000000000000000000000A71220 00033504C2B57DFD1010000000000000000020000002800000 0000000000000000000000000000000000000000000000000C AD73F37000000000100000001000000
“C:\Program Files (x86)\Inquisition\OriginClientService.exe”=0x53414 3500100000000000000070000002800000090EB2000A4CD210 00100000000000000000001060001000033504C2B57DFD1010 00000000000000005000000100000000000000000000000000 00000000000000200000028000000000000000000000000000 000000000000000000000000000A3040000000000000100000 001000000
“C:\Program Files (x86)\Inquisition\OriginWebHelperService.exe”=0x53 4143500100000000000000070000002800000098B72F00F799 30000100000000000000000001060001000033504C2B57DFD1 01000000000000000002000000280000000000000000000000 00000000000000000000000000000000110500000000000001 00000001000000
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”=0x534143500100000000000000070 0000028000000C8F3070058940800010000000000000000000 00A0021000033504C2B57DFD1010000000100000000
“C:\Users\Gary\Desktop\ZHPDiag3.exe”=0x53414350010 0000000000000070000002800000080FD2900D0812A0001000 00000000000000003060001000033504C2B57DFD1010000000 00000000002000000280000000000000000000040000000000 00000000000000000000000410701010000000001000000010 00000
“C:\Users\Gary\Desktop\HiJackThis.exe”=0x534143500 100000000000000070000002800000050C611006B631200010 00000000000000000000A0021000033504C2B57DFD10100000 00000000000020000002800000000000000000000400000000 0000000000000000000000000D8B5FA1300000000020000000 2000000
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”=0x5341 43500100000000000000070000002800000058471200C99312 0001000000000000000000000A00210000D5B3B31A57DFD101 0000000100000000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\St andaloneUpdater\OneDriveSetup.exe”=0x5341435001000 000000000000700000028000000D05E9301F3E993010100000 0000000000000000A0021000033504C2B57DFD101000000010 0000000
“C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17 .3.6917.0607\FileSyncConfig.exe”=0x534143500100000 0000000000700000028000000D09A0300AA580400010000000 00000000000000A7120000033504C2B57DFD10100000001000 00000
“C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.e xe”=0x534143500100000000000000070000002800000018EC 1E0085A81F0003000000000000000000000A0021000033504C 2B57DFD1010000000000000000050000001000000000000000 00000000000000000000000002000000280000000000000000 00000000000000000000000000000000000000F1BD00000000 00000100000001000000
“C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8B0481A9A34 D47CD.exe”=0x5341435001000000000000000700000028000 00070DA10000D0211000300000000000000000001060001000 033504C2B57DFD101000000000000000002000000280000000 000000000000000000000000000000000000000000000007AD 10300000000000100000001000000
“C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe”=0x53414350010000000000000007 00000028000000D5FC0A000000000003000000000000000000 000A0021000033504C2B57DFD1010000000000000000050000 00100000000000000000000000000000000000000002000000 28000000000000000000000000000000000000000000000000 000000AD410000000000000100000001000000
“C:\Program Files\SUPERAntiSpyware\Uninstall.exe”=0x5341435001 000000000000000700000028000000188D0800B58E08000300 000000000000000003067102000033504C2B57DFD101000000 00000000000200000028000000000000000000000000000000 00000000000000000000000048570000000000000100000001 000000
“C:\Users\Gary\Desktop\setup.exe”=0x53414350010000 0000000000070000002800000050BF1C0291271D0201000000 000000000000000A0021000033504C2B57DFD1010000000000 00000002000000280000000000000000000040000000000000 00000000000000000000E8866F000000000001000000010000 00
“C:\Users\Gary\Desktop\JRT.exe”=0x5341435001000000 000000000700000028000000B862190060FC19000100000000 000000000001067102000033504C2B57DFD101000000000000 00000500000010000000000000000000000000000000000000 00020000002800000000000000000000400000000000000000 00000000000000001C5A0C00000000000100000001000000
“C:\Users\Gary\Desktop\adwcleaner_6.047.exe”=0x534 1435001000000000000000700000028000000C8B73E0077C63 E0001000000000000000000000A0021000033504C2B57DFD10 10000000000000000020000002800000000000000000000400 00000000000000000000000000000001D2E050000000000010 0000001000000
“C:\Users\Gary\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe”=0x5341435001000000000000000700000028 000000101ED4031B39D40301000000000000000000000A0021 000033504C2B57DFD101000000000000000005000000100000 00000000000000000000000000000000000200000028000000 000000000000000000000000000000000000000000000000D8 730000000000000100000001000000
“C:\Users\Gary\Desktop\ZHPFix(2).exe”=0x5341435001 00000000000000070000002800000051BC3500000000000100 0000000000000000000A4122000033504C2B57DFD101000000 00000000000200000028000000000000000000000000000000 000000000000000000000000ED7A0000000000000100000001 000000
“C:\Program Files (x86)\ZHPFix\ZHPhep.exe”=0x53414350010000000000000 0070000002800000000421D000000000001000000000000000 00002067122000033504C2B57DFD1010000000000000000020 00000280000000000000000000040000000000000000000000 0000000000041CB1000000000000100000001000000
“C:\Users\Gary\Downloads\Zemana.AntiMalware.Setup. exe”=0x5341435001000000000000000700000028000000908 D640002A15A3B01000000000000000000000A0021000033504 C2B57DFD101000000000000000002000000280000000000000 00000000000000000000000000000000000000000E2DF52000 00000000100000001000000
“C:\Users\Gary\Desktop\QuickDiag.exe”=0x5341435001 000000000000000700000028000000002047003C7447000100 0000000000000000000A0021000033504C2B57DFD101000000 00000000000200000028000000000000000000004000000000 0000000000000000000000005D163000000000000100000001 000000

---------- | IFEO

---------- | Mountpoints2

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Mountpoints2{618f9aa4-c891-11e3-b7fe-20cf305c4f2f}] : “Y:\autorun.exe” (AutoRun)
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Mountpoints2{618f9ca2-c891-11e3-b7fe-20cf305c4f2f}] : “Z:\autorun.exe” (AutoRun)
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Mountpoints2{ff77c7dc-67e0-11e3-8b70-00081bc00c7e}] : “X:\setup.exe” (AutoRun)

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“”=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“Beep”=#USR:Control Panel\Sound
“CoolSwitch”=USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“Spooler”=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SwapMouseButtons”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“Beep”=#USR:Control Panel\Sound
“CoolSwitch”=USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SwapMouseButtons”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
“windows”=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows Defender]
“UIFirstRun”=0
“LastKnownGoodProxy”=1

[HKLM\SOFTWARE\Microsoft\Security Center]
“cval”=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
“VistaSp1”=131310314750822373

[HKLM\SOFTWARE\Microsoft\Windows Defender]
“ProductAppDataPath”=C:\ProgramData\Microsoft\Wind ows Defender
“ProductIcon”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
“ProductLocalizedName”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
“RemediationExe”=%ProgramFiles%\Windows Defender\MSASCui.exe
“DisableAntiSpyware”=1
“ProductType”=2
“InstallTime”=0x3043C9235E38D101
“ManagedDefenderProductType”=0
“OOBEInstallTime”=0xD58B33705E38D101
“ProductStatus”=0
“DisableAntiVirus”=1
“PassiveMode”=0
“InstallLocation”=C:\Program Files\Windows Defender
“OneTimeSqmDataSent”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall”=1

---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)

---------- | Hosts
[HEADING=1]unchecky_begin[/HEADING]
[HEADING=1]These rules were added by the Unchecky program in order to block advertising software modules[/HEADING]
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
[61] More lines

---------- | Ping

Pinging google.com [216.58.201.46] with 32 bytes of data:
Reply from 216.58.201.46: bytes=32 time=35ms TTL=51
Reply from 216.58.201.46: bytes=32 time=35ms TTL=51
Reply from 216.58.201.46: bytes=32 time=36ms TTL=51
Reply from 216.58.201.46: bytes=32 time=35ms TTL=51

Ping statistics for 216.58.201.46:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 36ms, Average = 35ms

---------- | @

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Internet Explorer\Main]
“Anchor Underline”=yes
“DisableScriptDebuggerIE”=yes
“Display Inline Images”=yes
“Do404Search”=0x01000000
“Save_Session_History_On_Exit”=no
“Search Page”= Search - Microsoft Bing
“Show_FullURL”=no
“Show_StatusBar”=yes
“Show_ToolBar”=yes
“Show_URLinStatusBar”=yes
“Show_URLToolBar”=yes
“Use_DlgBox_Colors”=yes
“UseClearType”=no
“XMLHTTP”=1
“Disable Script Debugger”=no
“Cache_Update_Frequency”=Once_Per_Session
“Local Page”=C:\Windows\system32\blank.htm
“NoUpdateCheck”=1
“Enable Browser Extensions”=yes
“Play_Background_Sounds”=yes
“Play_Animations”=yes
“Start Page”= https://www.google.co.uk/
“CompatibilityFlags”=0
“FullScreen”=no
“Window_Placement”=0x2C00000002000000030000000083F FFF0083FFFFFFFFFFFFFFFFFFFF00000000910100001E03000 0A9030000
“IE8RunOnceLastShown”=1
“IE8RunOnceLastShown_TIMESTAMP”=0x5740826BEDFBCE01
“IE8TourShown”=1
“IE8TourShownTime”=0x43E1306FEDFBCE01
“NotifyDownloadComplete”=yes
“Start Page Redirect Cache_TIMESTAMP”=0x250AB2B5E8FCCE01
“Start Page Redirect Cache AcceptLangs”=en-GB
“Use FormSuggest”=yes
“IE9RunOncePerInstallCompleted”=1
“IE9RunOnceCompletionTime”=0x58A9EDF8E8FCCE01
“IE9TourShown”=1
“IE9TourShownTime”=0xB80AF0F8E8FCCE01
“IconCache”=7e1mlre
“OperationalData”=13
“IE10RunOncePerInstallCompleted”=1
“IE10RunOnceCompletionTime”=0x7261E64D32A2D201
“IE10TourShown”=1
“IE10TourShownTime”=0x7261E64D32A2D201
“ImageStoreRandomFolder”=aho0556
“DoNotTrack”=1
“DefSpellLang”=en-GB
“DownloadWindowPlacement”=0x2C00000000000000000000 00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD00000007A000000 500300005A020000
“AutoHide”=yes
“UseThemes”=0
“SmoothScroll”=0
“FormSuggest Passwords”=yes
“EdgeSwitchingOSBuildNumber”=10586.th2_release.160 802-1857
“ApplicationTileImmersiveActivation”=0
“AssociationActivationMode”=2
“Start Page_TIMESTAMP”=0x79A36A585798D201
“SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy”=

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“DisableCachingOfSSLPages”=0
“IE5_UA_Backup_Flag”=5.0
“SecureProtocols”=2688
“CertificateRevocation”=1
“PrivacyAdvanced”=0
“EnableNegotiate”=1
“MaxConnectionsPer1_0Server”=10
“MaxConnectionsPerServer”=8
“MigrateProxy”=1
“ProxyEnable”=0
“SyncMode5”=4
“User Agent”=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
“EmailName”=User@
“PrivDiscUiShown”=1
“EnableHttp1_1”=1
“WarnOnIntranet”=1
“MimeExclusionListForCache”=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
“AutoConfigProxy”=wininet.dll
“UseSchannelDirectly”=0x01000000
“WarnOnPost”=0x01000000
“UrlEncoding”=0
“ZonesSecurityUpgrade”=0x7261E64D32A2D201
“WarnonZoneCrossing”=0
“EnableAutodial”=0
“NoNetAutodial”=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
“Anchor_Visitation_Horizon”=0x01000000
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“AutoHide”=yes
“Cache_Percent_of_Disk”=0x0A000000
“Default_Page_URL”= MSN
“Default_Search_URL”= Search - Microsoft Bing
“Default_Secondary_Page_URL”=
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Extensions Off Page”=about:NoAdd-ons
“Local Page”=C:\Windows\System32\blank.htm
“Placeholder_Height”=0x1A000000
“Placeholder_Width”=0x1A000000
“Search Page”= Search - Microsoft Bing
“Security Risk Page”=about:SecurityRisk
“Start Page”= MSN
“Use_Async_DNS”=yes
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
“Check_Associations”=yes

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“Home”=270
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“PostNotCached”=res://ieframe.dll/repost.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix]
“”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes]
“ftp”=ftp://
“home”=http://
“mosaic”=http://
“www”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“ActiveXCache”=C:\Windows\Downloaded Program Files
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“MinorVersion”=0
“WarnOnIntranet”=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
“Anchor_Visitation_Horizon”=0x01000000
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“AutoHide”=yes
“Cache_Percent_of_Disk”=0x0A000000
“Default_Page_URL”= MSN
“Default_Search_URL”= Search - Microsoft Bing
“Default_Secondary_Page_URL”=
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Extensions Off Page”=about:NoAdd-ons
“Local Page”=C:\Windows\SysWOW64\blank.htm
“Placeholder_Height”=0x1A000000
“Placeholder_Width”=0x1A000000
“Search Page”= Search - Microsoft Bing
“Security Risk Page”=about:SecurityRisk
“Start Page”= MSN
“Use_Async_DNS”=yes
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“Home”=270
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“PostNotCached”=res://ieframe.dll/repost.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\DefaultPrefix]
“”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\Prefixes]
“ftp”=ftp://
“home”=http://
“mosaic”=http://
“www”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Internet settings]
“ActiveXCache”=C:\Windows\Downloaded Program Files
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“MinorVersion”=0
“WarnOnIntranet”=1

---------- | Proxy

[HKLM\System\CurrentControlSet\Services\NLASVC\Para meters\Internet\Manualproxies]

---------- | reparsepoint

---------- | Detection of offsets

---------- | Notify

---------- | Execution FileExts

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts.kml]
“Application”=googleearth.exe
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts.kmz]
“Application”=googleearth.exe

---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\EnhancedStorageS hell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} – C:\Windows\System32\EhStorShell.dll [16/07/2016 12:42:17]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} – %SystemRoot%\System32\cscui.dll
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} –

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=

---------- | Toolbar

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“Locked”=1

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“ITBar7Layout”=0x130000000000000000000000300000001 0000300360000000100000001070000C102000006000000010 10000000000000700000040010000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000000000000B1C218236549D4119B18009027A5CD4 F9D473F092E71CD469E0662E734A05F6800000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”=0xB1C218236549D4119B18009027A5CD4F
“ITBar7Layout64”=0x1300000000000000000000000400000 0100003000000000001000000000000005E010000060000000 10100000000000007000000400100000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000B1C218236549D4119B18009027A5C D4F9D473F092E71CD469E0662E734A05F68000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000
“ITBar7Height”=28
“{093F479D-712E-46CD-9E06-62E734A05F68}”=0x9D473F092E71CD469E0662E734A05F68

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={97D8EAAE-7BF2-44BF-ABDF-69ABCBA14CE0}
“DownloadRetries”=0
“KnownProvidersUpgradeTime”=0x7261E64D32A2D201
“Version”=5
“UpgradeTime”=0x7261E64D32A2D201
“DefaultPackCorrection”=1
“DefaultPackNTCorrection”=1

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{093F479D-712E-46CD-9E06-62E734A05F68}”=

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={6A1806CD-94D4-4689-BA73-E35EA1EA9990}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
“{093F479D-712E-46CD-9E06-62E734A05F68}”=

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={6A1806CD-94D4-4689-BA73-E35EA1EA9990}

---------- | Extensions

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () -

---------- | SearchScopes

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - Google {searchTerms}&rls=com.microsoft:{language}:{referr er:source?}&ie={inputEncoding}&oe={outputEncoding} &sourceid=ie7 :
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{97D8EAAE-7BF2-44BF-ABDF-69ABCBA14CE0}] - (Google) - Google {searchTerms} :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - Google {searchTerms}&rls=com.microsoft:{language}:{referr er:source?}&ie={inputEncoding}&oe={outputEncoding} &sourceid=ie7 :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - Google {searchTerms}&rls=com.microsoft:{language}:{referr er:source?}&ie={inputEncoding}&oe={outputEncoding} &sourceid=ie7 :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{2E38825B-8815-42CF-9126-C58BC28D4591}] → (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [29/03/2017 03:21:02]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{FFCB3198-32F3-4E8B-9539-4324694ED664}] → (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [22/09/2015 18:14:22]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{2E38825B-8815-42CF-9126-C58BC28D4591}] → (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [29/03/2017 03:21:02]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] → (Java™ Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [08/03/2017 22:58:18]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}] → (Java™ Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [08/03/2017 22:58:17]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{FFCB3198-32F3-4E8B-9539-4324694ED664}] → (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [22/09/2015 18:14:22]

---------- | Chrome

C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfi lokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigk jlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [ http://docs.google.com/http://drive....ve.google.com/ ] - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddi lifddb = : MSG_description - short_name: MSG_name - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljnie djpjpf = : Google & co - Google - Google & co - [://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\dkpejdfnpdkhifgbancbammdij ojoffk = : Buttery-smooth scrolling for Logitech mice and touchpads. - Logitech Smooth Scrolling - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\fhoibnponjcgjgcnfacekaijdb bplhib = : MSG_ExtensionDescription - MSG_ExtensionName - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi = : MSG_extDesc - MSG_extName - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl = : Quickly access Skype for Web and Share on Skype through your browser - Skype - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccm gmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\nopoafngjcbddhhbepebefngii oncigi = : Autofill web-pages with stored passwords in Password Manager - Kaspersky Password Manager plugin - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoe jaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleuserco ntent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\fhoibnponjc gjgcnfacekaijdbbplhib]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions \fhoibnponjcgjgcnfacekaijdbbplhib]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions \lifbcibllhkdhoafpjfnlhfpfgnpldfl]

---------- | Opera

---------- | Firefox

C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Prof iles\vc6qe3r0.default\Extensions\en-gb@flyingtophat.co.uk : : British English Dictionary (Updated) -
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Prof iles\vc6qe3r0.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Prof iles\vc6qe3r0.default\Extensions{53152e75-fd90-472f-9d30-5cba3679eab9}.xpi
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Prof iles\vc6qe3r0.default\Extensions{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Prof iles\vc6qe3r0.default\Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[HKLM\Software\mozilla\Firefox\Extensions]
“light_plugin_F6F079488B53499DB99380A...asp ersky.com”=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensio ns]
“{F003DA68-8256-4b37-A6C4-350FA04494DF}”=C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
“light_plugin_F6F079488B53499DB99380A...asp ersky.com”=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.131 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_ 131.dll
[HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.131 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 131.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@java.com/DTPlugin,version=11.121.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1 .dll
[HKLM\Software\WOW6432Node\MozillaPlugins@java.com/JavaPlugin,version=11.121.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@videolan.org/vlc,version=2.1.2] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@videolan.org/vlc,version=2.1.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@videolan.org/vlc,version=2.1.5] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@videolan.org/vlc,version=2.2.1] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Prof iles\vc6qe3r0.default\Prefs.js

user_pref(“browser.startup.homepage”, " http://www.google.co.uk/ ");
user_pref(“browser.startup.homepage_override.build ID”, “20170608105825”);
user_pref(“browser.startup.homepage_override.mston e”, “54.0”);
user_pref(“browser.uiCustomization.state”, “{"placements":{"PanelUI-contents":["edit-controls","zoom-controls","new-window-button","privatebrowsing-button","save-page-button","print-button","history-panelmenu","fullscreen-button","find-button","preferences-button","add-ons-button","developer-button","sync-button"],"addon-bar":["addonbar-closebutton","status-bar"],"PersonalToolbar":["personal-bookmarks"],"nav-bar":["urlbar-container","search-container","webrtc-status-button","bookmarks-menu-button","pocket-button","youtubehighdefinition-toolbarbutton","youtubeflashvideoplayer-toolbarbutton","downloads-button","home-button","social-share-button","abp-toolbarbutton","widget:skype_ff_extension@jetpack-c2c-options-button","loop-button-throttled","loop-button","kpmCaptionButton","toolbar_virtual_keyboa rd_icon","toggle-button–light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1 dekasperskycom-kl-light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1dekaspe rskycom-plugin-button","action-button–skype_ff_extensionjetpack-c2c-options-button","action-button–82af8dca-6de9-405d-bd5e-43525bdad38a-skypeutton","toggle-button–light_plugin_acf0e80077c511e59ded005056c000 08kasperskycom-kl-light_plugin_acf0e80077c511e59ded005056c00008kaspe rskycom-plugin-button","toggle-button–jid1-snl73vci4ub0fwjetpack-flashctrlbtn","toggle-button–light_plugin_f6f079488b53499db99380a7e11a93 f6kasperskycom-kl-light_plugin_f6f079488b53499db99380a7e11a93f6kaspe rskycom-plugin-button"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button","tabs-closebutton"],"toolbar-menubar":["menubar-items"]},"seen":["abp-toolbarbutton","toggle-button–light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1 dekasperskycom-kl-light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1dekaspe rskycom-plugin-button","action-button–skype_ff_extensionjetpack-c2c-options-button","youtubeflashvideoplayer-toolbarbutton","loop-button","pocket-button","action-button–82af8dca-6de9-405d-bd5e-43525bdad38a-skypeutton","toggle-button–light_plugin_acf0e80077c511e59ded005056c000 08kasperskycom-kl-light_plugin_acf0e80077c511e59ded005056c00008kaspe rskycom-plugin-button","developer-button","toggle-button–jid1-snl73vci4ub0fwjetpack-flashctrlbtn","toggle-button–light_plugin_f6f079488b53499db99380a7e11a93 f6kasperskycom-kl-light_plugin_f6f079488b53499db99380a7e11a93f6kaspe rskycom-plugin-button","youtubehighdefinition-toolbarbutton"],"dirtyAreaCache":["PersonalToolbar","nav-bar","TabsToolbar","toolbar-menubar","PanelUI-contents","addon-bar"],"currentVersion":6,"newElementCount":0}”);
user_pref(“extensions.adblockplus.currentVersion”, “2.9.1”);
user_pref(“extensions.adblockplus.notificationdata ”, “{"lastCheck":1498812156190,"softExpiration":14988 47348717,"hardExpiration":1498931169275,"data":{"n otifications":,"version":"201706291744-2/0"},"lastError":0,"downloadStatus":"synchronize_ok ","shown":["antiadblock"],"downloadCount":819}”);
user_pref(“extensions.blocklist.pingCountTotal”, 1213);
user_pref(“extensions.blocklist.pingCountVersion”, 15);
user_pref(“extensions.bootstrappedAddons”, “{"en-gb@flyingtophat.co.uk":{"version":"1.19.6","type":"dictionary","descrip tor":"C:\\Users\\Gary\\AppData\\Roaming\\Mozilla\\ Firefox\\Profiles\\vc6qe3r0.default\\extensions\\en-gb@flyingtophat.co.uk","multiprocessCompatible":false,"runInSafeMode":f alse,"dependencies":,"hasEmbeddedWebExtension":fal se},"jid1-sNL73VCI4UB0Fw@jetpack":{"version":"2.1.4","type": "extension","descriptor":"C:\\Users\\Gary\\AppData \\Roaming\\Mozilla\\Firefox\\Profiles\\vc6qe3r0.de fault\\extensions\\jid1-sNL73VCI4UB0Fw@jetpack.xpi","multiprocessCompatible":false,"runInSafeMode":f alse,"dependencies":,"hasEmbeddedWebExtension":fal se},"{53152e75-fd90-472f-9d30-5cba3679eab9}":{"version":"48.3","type":"extension ","descriptor":"C:\\Users\\Gary\\AppData\\Roaming\ \Mozilla\\Firefox\\Profiles\\vc6qe3r0.default\\ext ensions\\{53152e75-fd90-472f-9d30-5cba3679eab9}.xpi","multiprocessCompatible":false, "runInSafeMode":false,"dependencies":,"hasEmbedded WebExtension":false},"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}":{"version":"2.9.1","type":"extensio n","descriptor":"C:\\Users\\Gary\\AppData\\Roaming \\Mozilla\\Firefox\\Profiles\\vc6qe3r0.default\\ex tensions\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi","multiprocessCompatible":true," runInSafeMode":false,"dependencies":,"hasEmbeddedW ebExtension":true},"{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}":{"version":"52.0.3","type":"extensi on","descriptor":"C:\\Users\\Gary\\AppData\\Roamin g\\Mozilla\\Firefox\\Profiles\\vc6qe3r0.default\\e xtensions\\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi","multiprocessCompatible":true," runInSafeMode":false,"dependencies":,"hasEmbeddedW ebExtension":false},"e10srollout@mozilla.org":{"version":"1.50","type":"extension","descriptor ":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\e10srollout@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"firefox@getpocket.com":{"version":"1.0.5","type":"extension","descripto r":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"webcompat@mozilla.org":{"version":"1.1","type":"extension","descriptor" :"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"aushelper@mozilla.org":{"version":"2.0","type":"extension","descriptor" :"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"screenshots@mozilla.org":{"version":"6.6.0","type":"extension","descripto r":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"light_plugin_F6F079488B53499DB99380A...asp ersky.com":{"version":"5.0.141-4-20161031140250","type":"extension","descriptor":"C :\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Total Security 17.0.0\\FFExt\\light_plugin_firefox\\addon.xpi","m ultiprocessCompatible":false,"runInSafeMode":false ,"dependencies":,"hasEmbeddedWebExtension":false}} ”);
user_pref(“extensions.databaseSchema”, 19);
user_pref(“extensions.e10s.rollout.blocklist”, “”);
user_pref(“extensions.e10s.rollout.hasAddon”, false);
user_pref(“extensions.e10s.rollout.policy”, “50allmpc”);
user_pref(“extensions.e10sBlockedByAddons”, true);
user_pref(“extensions.e10sMultiBlockedByAddons”, true);
user_pref(“extensions.enabledAddons”, “%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0”);
user_pref(“extensions.getAddons.cache.lastUpdate”, 1498805649);
user_pref(“extensions.getAddons.databaseSchema”, 5);
user_pref(“extensions.jid1-sNL73VCI4UB0Fw@jetpack.sdk.baseURI”, “resource://jid1-snl73vci4ub0fw-at-jetpack/”);
user_pref(“extensions.jid1-sNL73VCI4UB0Fw@jetpack.sdk.domain”, “jid1-snl73vci4ub0fw-at-jetpack”);
user_pref(“extensions.jid1-sNL73VCI4UB0Fw@jetpack.sdk.load.reason”, “startup”);
user_pref(“extensions.jid1-sNL73VCI4UB0Fw@jetpack.sdk.rootURI”, “jar:file:///C:/Users/Gary/AppData/Roaming/Mozilla/Firefox/Profiles/vc6qe3r0.default/extensions/jid1-sNL73VCI4UB0Fw@jetpack.xpi!/”);
user_pref(“extensions.jid1-sNL73VCI4UB0Fw@jetpack.sdk.version”, “2.1.4”);
user_pref(“extensions.lastAppVersion”, “54.0”);
user_pref(“extensions.lastPlatformVersion”, “54.0”);
user_pref(“extensions.light_plugin_ACF0E80077C5...om.sdk.baseURI”, “resource://light_plugin_acf0e80077c511e59ded005056c00008-at-kaspersky-dot-com/”);
user_pref(“extensions.light_plugin_ACF0E80077C5...com.sdk.domain”, “light_plugin_acf0e80077c511e59ded005056c00008-at-kaspersky-dot-com”);
user_pref(“extensions.light_plugin_ACF0E80077C5...dk.load.reason”, “startup”);
user_pref(“extensions.light_plugin_ACF0E80077C5...om.sdk.rootURI”, “jar:file:///C:/Program%20Files%20(x86)/Kaspersky%20Lab/Kaspersky%20Total%20Security%2016.0.1/FFExt/light_plugin_firefox/addon.xpi!/”);
user_pref(“extensions.light_plugin_ACF0E80077C5...om.sdk.version”, “4.6.3-9”);
user_pref(“extensions.light_plugin_D772DC8D6FAF...om.sdk.baseURI”, “resource://light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1de-at-kaspersky-dot-com/”);
user_pref(“extensions.light_plugin_D772DC8D6FAF...com.sdk.domain”, “light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1de-at-kaspersky-dot-com”);
user_pref(“extensions.light_plugin_D772DC8D6FAF...dk.load.reason”, “startup”);
user_pref(“extensions.light_plugin_D772DC8D6FAF...om.sdk.rootURI”, “file:///C:/Program%20Files%20(x86)/Kaspersky%20Lab/Kaspersky%20Internet%20Security%2016.0.0/FFExt/light_plugin_firefox/”);
user_pref(“extensions.light_plugin_D772DC8D6FAF...om.sdk.version”, “4.6.2-40”);
user_pref(“extensions.light_plugin_F6F079488B53...om.sdk.baseURI”, “resource://light_plugin_f6f079488b53499db99380a7e11a93f6-at-kaspersky-dot-com/”);
user_pref(“extensions.light_plugin_F6F079488B53...com.sdk.domain”, “light_plugin_f6f079488b53499db99380a7e11a93f6-at-kaspersky-dot-com”);
user_pref(“extensions.light_plugin_F6F079488B53...dk.load.reason”, “startup”);
user_pref(“extensions.light_plugin_F6F079488B53...om.sdk.rootURI”, “jar:file:///C:/Program%20Files%20(x86)/Kaspersky%20Lab/Kaspersky%20Total%20Security%2017.0.0/FFExt/light_plugin_firefox/addon.xpi!/”);
user_pref(“extensions.light_plugin_F6F079488B53...om.sdk.version”, “5.0.141-4-20161031140250”);
user_pref(“extensions.pendingOperations”, false);
user_pref(“extensions.sdk-widget-inserted.widget:skype_ff_extension@jetpack-c2c-options-button”, true);
user_pref(“extensions.shownSelectionUI”, true);
user_pref(“extensions.systemAddonSet”, “{"schema":1,"addons":{}}”);
user_pref(“extensions.ui.dictionary.hidden”, false);
user_pref(“extensions.ui.experiment.hidden”, true);
user_pref(“extensions.ui.lastCategory”, “addons://list/plugin”);
user_pref(“extensions.ui.locale.hidden”, true);
user_pref(“extensions.virtual_keyboard.firstrun”, false);
user_pref(“extensions.webextensions.uuids”, “{"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}":"6eb24d83-e277-45b4-9abe-2fe54cb97357"}”);
user_pref(“extensions.xpiState”, “{"app-profile":{"en-gb@flyingtophat.co.uk":{"d":"C:\\Users\\Gary\\AppData\\Roaming\\Mozilla \\Firefox\\Profiles\\vc6qe3r0.default\\extensions\ \en-gb@flyingtophat.co.uk","e":true,"v":"1.19.6","st":1420538494541,"mt":14 20538494493},"jid1-sNL73VCI4UB0Fw@jetpack":{"d":"C:\\Users\\Gary\\App Data\\Roaming\\Mozilla\\Firefox\\Profiles\\vc6qe3r 0.default\\extensions\\jid1-sNL73VCI4UB0Fw@jetpack.xpi","e":true,"v":"2.1.4","st":1473872941326},"{53152 e75-fd90-472f-9d30-5cba3679eab9}":{"d":"C:\\Users\\Gary\\AppData\\Roa ming\\Mozilla\\Firefox\\Profiles\\vc6qe3r0.default \\extensions\\{53152e75-fd90-472f-9d30-5cba3679eab9}.xpi","e":true,"v":"48.3","st":147472 1302635},"{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}":{"d":"C:\\Users\\Gary\\AppData\\Roa ming\\Mozilla\\Firefox\\Profiles\\vc6qe3r0.default \\extensions\\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi","e":true,"v":"52.0.3","st":1498 031027133},"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}":{"d":"C:\\Users\\Gary\\AppData\\Roa ming\\Mozilla\\Firefox\\Profiles\\vc6qe3r0.default \\extensions\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi","e":true,"v":"2.9.1","st":14969 09867553}},"app-system-defaults":{"aushelper@mozilla.org":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi","e":true,"v":"2.0","st":1497471665109},"e10srollout@mozilla.org":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\e10srollout@mozilla.org.xpi","e":true,"v":"1.50","st":1497471665082},"firefox@getpocket.com":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi","e":true,"v":"1.0.5","st":1497471665054},"screenshots@mozilla.org":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi","e":true,"v":"6.6.0","st":1497471665338},"webcompat@mozilla.org":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi","e":true,"v":"1.1","st":1497471665010}},"app-global":{"{972ce4c6-7e08-4474-a285-3208198ce6fd}":{"d":"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi","e":true,"v":"54.0","st":149747 1665118}},"winreg-app-global":{"{F003DA68-8256-4b37-A6C4-350FA04494DF}":{"d":"C:\\Program Files\\Logitech\\SetPointP\\LogiSmoothFirefoxExt", "e":false,"v":"6.5","st":1454609129558,"mt":144054 7208000},"light_plugin_F6F079488B53499DB99380A...asp ersky.com":{"d":"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Total Security 17.0.0\\FFExt\\light_plugin_firefox\\addon.xpi","e ":true,"v":"5.0.141-4-20161031140250","st":1490754060000}}}”);
user_pref(“extensions.youtubeflashvideoplayer.curr entversion”, “54.0”);
user_pref(“extensions.youtubeflashvideoplayer.curr entvideoplayer”, “html5”);
user_pref(“extensions.youtubeflashvideoplayer.inst alldate”, “1453407209576”);
user_pref(“extensions.youtubeflashvideoplayer.tbpl aced”, true);
user_pref(“extensions.youtubehighdefinition.curren tversion”, “52.0.3”);
user_pref(“extensions.youtubehighdefinition.tbplac ed”, true);
user_pref(“extensions.ytvideoplayerpreview.current version”, “48.3”);
user_pref(“extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.baseURI”, “resource://82af8dca-6de9-405d-bd5e-43525bdad38a/”);
user_pref(“extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.domain”, “82af8dca-6de9-405d-bd5e-43525bdad38a”);
user_pref(“extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.load.reason”, “startup”);
user_pref(“extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.rootURI”, “jar:file:///C:/Program%20Files%20(x86)/Mozilla%20Firefox/browser/extensions/%7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D.xpi!/”);
user_pref(“extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.version”, “8.3.0.9150”);

[Profile0] - Name=default → Profiles/vc6qe3r0.default

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters]
“DhcpNameServer”=192.168.1.254
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{30c0c4af-68ad-4472-8b83-95a959c3032c}]
“DhcpNameServer”=192.168.1.254
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{bf1d8b8b-74d2-44aa-864c-69921be5c862}]
“DhcpNameServer”=192.168.0.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{30c0c4af-68ad-4472-8b83-95a959c3032c}]
“DhcpNameServer”=192.168.1.254
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{bf1d8b8b-74d2-44aa-864c-69921be5c862}]
“DhcpNameServer”=192.168.0.1

---------- | Applications

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Classes\Applications\editor.exe.log] : “C:\Users\Gary\Downloads\DAII Downloads\try new folder for editor\editor.exe.log” %1
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Classes\Applications\EXCEL.EXE] : “C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE” “%1”
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Classes\Applications\notepad++.exe] : “C:\Program Files (x86)\Notepad++\notepad++.exe” “%1”
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Classes\Applications\WinRAR.exe] : “C:\Program Files\WinRAR\WinRAR.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : “C:\Windows\eHome\ehshell.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\OFFICE11\OIS.EXE /shellOpen “%1”
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : “%SystemRoot%\System32\provtool.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\TextPad.exe] : “C:\Program Files\TextPad 7\TextPad.exe” -s “%1”
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” --started-from-file “%1”
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehs hell.exe] : “C:\Windows\eHome\ehshell.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iex plore.exe] : “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\not epad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois .exe] : C:\PROGRA~2\MICROS~1\OFFICE11\OIS.EXE /shellOpen “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\pho toviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\pro vtool.exe] : “%SystemRoot%\System32\provtool.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Tex tPad.exe] : “C:\Program Files\TextPad 7\TextPad.exe” -s “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc .exe] : “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” --started-from-file “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmp layer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wor dpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=Power
LSM
BrokerInfrastructure
PlugPlay
DeviceInstall
SystemEventsBroker
DcomLaunch
“Camera”=FrameS
“smbsvcs”=lanmanserver
browser
“PeerDist”=PeerDistSvc
“iissvcs”=w3svc
was

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=PlugPlay
DeviceInstall
DcomLaunch
“smbsvcs”=lanmanserver
“iissvcs”=w3svc
was

---------- | SvcHost - Netsvcs (Whitelist)

---------- | Software

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Ableton]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\AdblockPlus]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Amigabit]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\AppDataLow]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Audacity]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Axialis]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Belarc]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Cambridge Silicon Radio]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Cheat Engine]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Chromium]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Clients]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\CodeGear]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Compelson]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Disc Soft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\EaseUS]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\ECSoftware]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Electronic Arts]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\EpmNewsInfo]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Foxit Software]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\FreeCAD]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Google]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Hewlett-Packard]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\IM Providers]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Incline Software]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\JavaSoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\JufSoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\KasperskyLab]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Kingsoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\KLive]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\LDS Church]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Leadertech]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\LogiShrd]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Logitech]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Macromedia]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Malwarebytes]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Malwarebytes’ Anti-Malware]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\McAfee]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\mistake.ws]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Mozilla]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\MozillaPlugins]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\MSI]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\MurGee.com]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\MyDefrag]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\NEC Electronics]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\NETGEAR]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Netscape]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\ODBC]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\OpenOffice]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Piriform]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Policies]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\QtProject]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\RadioSure]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Raimasoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Redemption]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Resplendence Sp]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Richter]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Roadkil]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Samsung]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Skype]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\SpeedFan]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\SUPERAntiSpyware.com]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Sysinternals]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\TeamViewer]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\techPowerUp]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\The Document Foundation]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\TomTom]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Tracker Software]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Trolltech]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Unchecky]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Unwinder]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\VB and VBA Program Settings]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\VideoLAN]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\VS Revo Group]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\WinRAR]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Wow6432Node]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\ZebHelpProcess Helper]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Zemana]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\ZHP]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Adblock Plus for IE]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Alienware]
[HKLM\Software\ASIO]
[HKLM\Software\ASUS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AutoHotkey]
[HKLM\Software\Cambridge Silicon Radio]
[HKLM\Software\Canon]
[HKLM\Software\CanonBJ]
[HKLM\Software\Clients]
[HKLM\Software\Foxit Software]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Helios]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IM Providers]
[HKLM\Software\InfoWatch]
[HKLM\Software\Intel]
[HKLM\Software\JreMetrics]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Khronos]
[HKLM\Software\Logishrd]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\NETGEAR]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Propellerhead Software]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAMSUNG]
[HKLM\Software\Sonic]
[HKLM\Software\SUPERAntiSpyware.com]
[HKLM\Software\sysinternals]
[HKLM\Software\Tracker Software]
[HKLM\Software\TrendMicro]
[HKLM\Software\Volatile]
[HKLM\Software\WinImage]
[HKLM\Software\WinRAR]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Zemana]
[HKLM\Software\ZmnGlobalSDK]
[HKLM\Software{95902D8D-CEA6-4c8d-B504-5944E674D299}]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\DWM]
[HKLM\Software\Microsoft\Windows\EnterpriseResource Manager]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnosti cs]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnostic sProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adguard]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Alexander Avdonin]
[HKLM\Software\WOW6432Node\Amigabit]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\ASIO]
[HKLM\Software\WOW6432Node\ASUS]
[HKLM\Software\WOW6432Node\Axialis]
[HKLM\Software\WOW6432Node\Belarc]
[HKLM\Software\WOW6432Node\BioWare]
[HKLM\Software\WOW6432Node\BitMeterOS]
[HKLM\Software\WOW6432Node\Compelson]
[HKLM\Software\WOW6432Node\Disc Soft]
[HKLM\Software\WOW6432Node\EASEUS]
[HKLM\Software\WOW6432Node\EaseUS Todo Backup]
[HKLM\Software\WOW6432Node\ECSoftware]
[HKLM\Software\WOW6432Node\Electronic Arts]
[HKLM\Software\WOW6432Node\Foxit Software]
[HKLM\Software\WOW6432Node\FreeFileSync]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Helios]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\InstallShield]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\KasperskyLab]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Kingsoft]
[HKLM\Software\WOW6432Node\L&H]
[HKLM\Software\WOW6432Node\LibreOffice]
[HKLM\Software\WOW6432Node\logishrd]
[HKLM\Software\WOW6432Node\Logitech]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Malwarebytes Anti-Exploit]
[HKLM\Software\WOW6432Node\Malwarebytes’ Anti-Malware]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\MSI]
[HKLM\Software\WOW6432Node\Mutator]
[HKLM\Software\WOW6432Node\NETGEAR]
[HKLM\Software\WOW6432Node\Notepad++]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OpenOffice]
[HKLM\Software\WOW6432Node\Origin]
[HKLM\Software\WOW6432Node\Origin Games]
[HKLM\Software\WOW6432Node\RecordDISCXXX]
[HKLM\Software\WOW6432Node\RtWLan]
[HKLM\Software\WOW6432Node\SERCOMM]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\Softgogo]
[HKLM\Software\WOW6432Node\SpeedFan]
[HKLM\Software\WOW6432Node\TeamViewer]
[HKLM\Software\WOW6432Node\The Church of Jesus Christ of Latter-day Saints]
[HKLM\Software\WOW6432Node\The Document Foundation]
[HKLM\Software\WOW6432Node\TomTom]
[HKLM\Software\WOW6432Node\TrendMicro]
[HKLM\Software\WOW6432Node\TVInstallTemp]
[HKLM\Software\WOW6432Node\Unchecky]
[HKLM\Software\WOW6432Node\Unwinder]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\Volatile]
[HKLM\Software\WOW6432Node\WinISO]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\WSWNA3100M]
[HKLM\Software\WOW6432Node\Yahoo]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickN ote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Enterp riseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStor age]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Script edDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives

D:

E:

F:

H:

I:

J:

K:

[28/07/2023 00:08:29] - |A| - (.Copyright © 1997-2011 Simon Tatham. - SSH, Telnet and Rlogin client.) - [483328] - (0.62.0.0) - K:\putty.exe

L:

N:

O:

---------- | C:

[14/07/2009 04:18:56] - |SHD| - [1475] - C:$Recycle.Bin
[25/01/2017 14:38:47] - |HD| - [1274845] - C:$SysReset
[MD5.DD1C7CEB4C92653A696B7907A4DD4DF1] - [20/04/2011 18:38:34] - || - (.-.) - [2] - (0.0.0.0) - C:$UpgDrv$
[03/02/2017 21:59:22] - |HD| - [637300] - C:$Windows.~WS
[15/03/2012 21:51:12] - |D| - [200752] - C:\34fb5e777cfae65aef3a204032
[24/06/2017 11:14:22] - |D| - [58450829] - C:\AdwCleaner
[11/11/2016 21:51:47] - |D| - [96777084] - C:\ASCEND
[21/11/2010 19:21:23] - |HD| - [425722060] - C:\ASUS.000
[21/11/2010 19:20:56] - |HD| - [902347692] - C:\ASUS.SYS
[03/08/2012 08:05:13] - |D| - [1862368744] - C:\BACK UP
[24/09/2012 12:33:34] - |RD| - [433450147] - C:\Backup
[04/03/2016 20:25:42] - |D| - [0] - C:\BluetoothExchangeFolder
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 09:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[31/01/2011 21:49:42] - |D| - [916] - C:\CPQSYSTEM
[MD5.94E389DC4AA94D946E536480D84A822A] - [01/06/2013 15:09:29] - |A| - (.-.) - [89] - (0.0.0.0) - C:\data
[14/07/2009 06:08:56] - |SHD| - [2833275082149] - C:\Documents and Settings
[02/02/2016 19:21:52] - |D| - [54612609] - C:\Drivers
[21/11/2010 19:21:45] - |HD| - [77] - C:\dvmexp
[MD5.4940BA735116D51D1D49188C52AD35AD] - [21/11/2010 19:31:49] - |H| - (.-.) - [177] - (0.0.0.0) - C:\dvmexp.idx
[03/02/2017 22:02:28] - |D| - [0] - C:\ESD
[31/07/2012 20:04:42] - |D| - [36615701899] - C:\Games
[MD5.685602B41A4F10FC55884E4632280221] - [16/10/2013 20:48:16] - |A| - (.-.) - [109296] - (0.0.0.0) - C:\GDIPFONTCACHEV1.DAT
[08/02/2017 20:57:26] - |D| - [3011251] - C:\inetpub
[14/02/2017 22:21:47] - |D| - [8742] - C:\MATS
[23/11/2010 20:01:02] - |RHD| - [294513104] - C:\MSOCache
[19/12/2016 23:35:27] - |D| - [0] - C:\My Backups
[21/11/2010 18:35:25] - |D| - [8258655153] - C:\NVIDIA
[15/04/2013 08:29:47] - |D| - [8754] - C:\NVIDIA Corporation
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [20/04/2017 20:57:13] - |ASH| - (.-.) - [33554432000] - (0.0.0.0) - C:\pagefile.sys
[16/07/2016 12:47:47] - |D| - [0] - C:\PerfLogs
[16/07/2016 07:04:24] - |RD| - [4369757022] - C:\Program Files
[16/07/2016 07:04:24] - |RD| - [43558202258] - C:\Program Files (x86)
[16/07/2016 12:47:48] - |HD| - [2750250624294] - C:\ProgramData
[30/06/2017 07:53:33] - |D| - [262052] - C:\QuickDiag
[MD5.EB76CB6C98D76E48C1E29EE2300AE72E] - [30/06/2017 07:53:51] - |A| - (.-.) - [234664] - (0.0.0.0) - C:\QuickDiag.txt
[30/07/2016 09:00:02] - |D| - [683252736] - C:\RECOVERED MAIL FILES
[08/02/2017 13:44:50] - |SHD| - [0] - C:\Recovery
[07/06/2014 11:56:33] - |D| - [20308316] - C:\reports
[MD5.D302F79EEE08C062630BE2F5F1477FDB] - [04/11/2011 21:46:26] - |A| - (.-.) - [68772] - (0.0.0.0) - C:\shared.log
[MD5.5A928679097C448A4BD3469AD9B9F000] - [26/11/2009 18:41:18] - |H| - (.-.) - [68] - (0.0.0.0) - C:\splash.idx
[12/04/2016 11:47:58] - |D| - [0] - C:\SUPERDelete
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/04/2017 14:38:52] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[22/11/2010 10:02:44] - |SHD| - [0] - C:\System Volume Information
[21/11/2010 19:21:45] - |HD| - [58840992] - C:\temp
[20/09/2011 09:30:08] - |D| - [565788574] - C:\TEMP BUP
[16/07/2016 07:04:24] - |RD| - [3072740073450] - C:\Users
[MD5.1E4D4A454BCE1445EC4998308333D236] - [01/03/2010 18:40:44] - |AH| - (.-.) - [17232] - (0.0.0.0) - C:\version
[16/07/2016 07:04:24] - |D| - [23728564279] - C:\Windows
[26/01/2017 11:55:44] - |D| - [15918573] - C:\Windows10Upgrade

---------- | C:\WINDOWS

[16/07/2016 12:47:48] - |D| - [802] - C:\WINDOWS\addins
[16/07/2016 12:47:48] - |D| - [24921703] - C:\WINDOWS\appcompat
[16/07/2016 12:47:48] - |D| - [12422862] - C:\WINDOWS\AppPatch
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\AppReadiness
[16/07/2016 12:47:47] - |RD| - [1496431403] - C:\WINDOWS\assembly
[16/07/2016 12:47:48] - |D| - [325008] - C:\WINDOWS\bcastdvr
[MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 12:42:16] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe
[16/07/2016 15:29:36] - |SHD| - [591899] - C:\WINDOWS\BitLockerDiscoveryVolumeContents
[16/07/2016 12:47:48] - |D| - [38115435] - C:\WINDOWS\Boot
[MD5.4A926D5A094C131AD209806ED5D9642C] - [08/02/2017 13:11:54] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[16/07/2016 12:47:48] - |D| - [3715096] - C:\WINDOWS\Branding
[16/07/2016 12:36:22] - |D| - [0] - C:\WINDOWS\CbsTemp
[14/07/2009 08:46:13] - |D| - [0] - C:\WINDOWS\CSC
[16/07/2016 12:47:48] - |D| - [8970858] - C:\WINDOWS\Cursors
[16/07/2016 12:47:48] - |D| - [1228574] - C:\WINDOWS\debug
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [08/02/2017 13:42:31] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[16/07/2016 12:47:48] - |D| - [4494460] - C:\WINDOWS\diagnostics
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [08/02/2017 13:42:31] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[16/07/2016 15:14:00] - |D| - [0] - C:\WINDOWS\DigitalLocker
[16/07/2016 12:47:48] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[14/07/2009 08:46:19] - |D| - [0] - C:\WINDOWS\ehome
[16/07/2016 12:47:48] - |HD| - [72848] - C:\WINDOWS\ELAMBKUP
[16/07/2016 15:14:00] - |D| - [105984] - C:\WINDOWS\en-US
[MD5.679D17F8CDB938C7100D7A647953677E] - [11/05/2017 09:14:11] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [4674360] - (10.0.14393.1198) - C:\WINDOWS\explorer.exe
[16/07/2016 12:47:48] - |RSD| - [452980392] - C:\WINDOWS\Fonts
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[16/07/2016 12:47:48] - |D| - [27494735] - C:\WINDOWS\Globalization
[16/07/2016 12:47:48] - |D| - [71758229] - C:\WINDOWS\Help
[MD5.E8B796A523D2B63A9C7BB0576DFE793E] - [17/06/2017 08:18:09] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [975872] - (10.0.14393.1358) - C:\WINDOWS\HelpPane.exe
[MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 12:42:21] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe
[16/07/2016 12:47:48] - |D| - [173574440] - C:\WINDOWS\IME
[16/07/2016 12:47:48] - |RD| - [6841392] - C:\WINDOWS\ImmersiveControlPanel
[16/07/2016 12:45:54] - |D| - [173357472] - C:\WINDOWS\INF
[16/07/2016 12:47:48] - |D| - [1089238871] - C:\WINDOWS\InfusedApps
[16/07/2016 12:47:48] - |D| - [36285422] - C:\WINDOWS\InputMethod
[16/07/2016 12:47:48] - |SHDC| - [2825693980] - C:\WINDOWS\Installer
[16/07/2016 12:47:48] - |D| - [89407] - C:\WINDOWS\L2Schemas
[MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - [25/04/2015 10:25:57] - |A| - (.-.) - [1769] - (0.0.0.0) - C:\WINDOWS\Language_trs.ini
[16/07/2016 12:47:48] - |D| - [737728236] - C:\WINDOWS\LiveKernelReports
[16/07/2016 07:04:29] - |D| - [41061732] - C:\WINDOWS\Logs
[MD5.BBF1106FEF85FD9049506FA8AD454D75] - [23/01/2014 18:31:12] - |A| - (.Copyright (C) 2003-2006, (주)마크애니 - KTMusic Download ActiveX Module.) - [90112] - (1.7.2009.1116) - C:\WINDOWS\MAMCityDownload.ocx
[MD5.F9FCD1220E1B880111258C03D1650994] - [23/01/2014 18:31:12] - |A| - (.Copyright 2004 - (주)마크애니 ContentSAFER 설치 마법사.) - [330240] - (1.4.2012.508) - C:\WINDOWS\MASetupCaller.dll
[16/07/2016 12:47:48] - |RSD| - [27807331] - C:\WINDOWS\Media
[MD5.95DC9DBE357E8041E175FF2D65DAC9B4] - [01/11/2016 12:30:45] - |A| - (.-.) - [1538908186] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 12:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[16/07/2016 12:47:47] - |RD| - [762362047] - C:\WINDOWS\Microsoft.NET
[16/07/2016 12:47:48] - |D| - [2938] - C:\WINDOWS\Migration
[08/03/2017 23:23:10] - |D| - [14020936] - C:\WINDOWS\Minidump
[16/07/2016 12:47:48] - |RD| - [484593] - C:\WINDOWS\MiracastView
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 03:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\WINDOWS\msdfmap.ini
[28/04/2016 18:38:21] - |HD| - [0] - C:\WINDOWS\msdownld.tmp
[MD5.35783FF1CCAB7CFBFE799EF8D6476C0D] - [23/01/2014 18:31:12] - |A| - (.Copyright (C) 2007 - NYEDownload MFC 응용 프로그램.) - [30568] - (1.0.2007.927) - C:\WINDOWS\MusiccityDownload.exe
[MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 12:43:51] - |A| - (.© Microsoft Corporation. - Notepad.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [16/04/2017 08:14:24] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat
[16/07/2016 15:15:09] - |D| - [219754] - C:\WINDOWS\OCR
[MD5.E8311CD2B156F82A44AA485E5FC40F6B] - [18/12/2013 13:33:18] - |A| - (.-.) - [487] - (0.0.0.0) - C:\WINDOWS\ODBC.INI
[MD5.EED5AF05321D396481BA6DDEE55DAC03] - [18/01/2014 12:42:55] - |A| - (.-.) - [167] - (0.0.0.0) - C:\WINDOWS\ODBCINST.INI
[16/07/2016 12:47:48] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[08/02/2017 21:05:31] - |DC| - [211262337] - C:\WINDOWS\Panther
[06/04/2017 20:54:15] - |D| - [0] - C:\WINDOWS\PCHEALTH
[16/07/2016 12:47:48] - |D| - [33307644] - C:\WINDOWS\Performance
[MD5.7CF451D1A4AFE7198D594918091A3AB0] - [13/04/2017 16:30:50] - |A| - (.-.) - [28794] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[16/07/2016 12:47:48] - |D| - [1121835] - C:\WINDOWS\PLA
[16/07/2016 12:47:48] - |D| - [6188281] - C:\WINDOWS\PolicyDefinitions
[08/02/2017 13:10:49] - |D| - [8795665] - C:\WINDOWS\Prefetch
[16/07/2016 12:47:48] - |RD| - [2037042] - C:\WINDOWS\PrintDialog
[MD5.4ACE1A172D35E492443D29527441BB30] - [16/07/2016 15:30:48] - |A| - (.-.) - [33882] - (0.0.0.0) - C:\WINDOWS\Professional.xml
[16/07/2016 12:47:48] - |D| - [1423310] - C:\WINDOWS\Provisioning
[31/07/2015 14:35:16] - |D| - [54272] - C:\WINDOWS\pss
[MD5.BF5D30514FEA913E25CCC9E546257088] - [15/03/2017 21:53:06] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [320512] - (10.0.14393.953) - C:\WINDOWS\regedit.exe
[16/07/2016 12:47:48] - |D| - [1117148] - C:\WINDOWS\Registration
[16/07/2016 15:29:36] - |D| - [0] - C:\WINDOWS\RemotePackages
[16/07/2016 12:47:48] - |D| - [5381448] - C:\WINDOWS\rescache
[16/07/2016 12:47:48] - |D| - [3661206] - C:\WINDOWS\Resources
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\SchCache
[16/07/2016 12:47:48] - |D| - [121229] - C:\WINDOWS\schemas
[16/07/2016 12:47:48] - |D| - [7565042] - C:\WINDOWS\security
[08/02/2017 20:59:29] - |D| - [45905279] - C:\WINDOWS\ServiceProfiles
[16/07/2016 07:04:24] - |D| - [203730836] - C:\WINDOWS\servicing
[16/07/2016 12:49:46] - |D| - [42] - C:\WINDOWS\Setup
[MD5.8AB364BA80F20DBBC063B95051E8AB53] - [27/05/2014 15:47:51] - |A| - (.Copyright (c) 1987-1998 Microsoft Corporation - Visual Basic 6.0 Setup Toolkit.) - [262144] - (6.0.0.8169) - C:\WINDOWS\Setup1.exe
[MD5.133F0476E7526DD7D41F8014ECAAF29D] - [13/04/2017 16:14:01] - |A| - (.-.) - [7038] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/04/2017 16:14:01] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[16/07/2016 12:47:48] - |D| - [31196672] - C:\WINDOWS\ShellExperiences
[30/10/2015 10:07:42] - |D| - [148292] - C:\WINDOWS\ShellNew
[16/07/2016 15:14:36] - |D| - [3757408] - C:\WINDOWS\SKB
[14/11/2016 16:40:20] - |D| - [220092192] - C:\WINDOWS\SoftwareDistribution
[MD5.9CD83753E2159E134432890E75F56995] - [23/01/2016 12:30:18] - |A| - (.-.) - [150] - (0.0.0.0) - C:\WINDOWS\Song_w.ini
[16/07/2016 12:47:48] - |D| - [107844594] - C:\WINDOWS\Speech
[16/07/2016 12:47:48] - |D| - [55814448] - C:\WINDOWS\Speech_OneCore
[MD5.BCDB205132974EC3AB6F5C01DD93489B] - [08/02/2017 19:00:14] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe
[MD5.EA4E2BA0D35EEADEE23B0C1397C71367] - [27/05/2014 15:47:49] - |A| - (.Copyright © 1987-2000 Microsoft Corp. - Visual Basic Setup Toolkit Uninstaller.) - [73216] - (6.0.97.82) - C:\WINDOWS\ST6UNST.EXE
[16/07/2016 12:47:48] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 03:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[16/07/2016 07:04:24] - |D| - [4683170258] - C:\WINDOWS\System32
[16/07/2016 12:47:48] - |D| - [145561690] - C:\WINDOWS\SystemApps
[16/07/2016 12:47:48] - |D| - [17453661] - C:\WINDOWS\SystemResources
[16/07/2016 07:04:27] - |D| - [1504952128] - C:\WINDOWS\SysWOW64
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\TAPI
[16/07/2016 12:47:48] - |D| - [220] - C:\WINDOWS\Tasks
[16/07/2016 12:47:48] - |D| - [113305350] - C:\WINDOWS\Temp
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\tracing
[16/07/2016 12:47:48] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 12:43:52] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[17/06/2017 13:54:43] - |SD| - [6394488] - C:\WINDOWS\UpdateAssistantV2
[16/07/2016 12:47:48] - |D| - [12420] - C:\WINDOWS\Vss
[16/07/2016 12:47:48] - |D| - [15729830] - C:\WINDOWS\Web
[MD5.B1333C7A61106FCC28C60BE9CAC7EF39] - [14/07/2009 03:34:57] - |A| - (.-.) - [499] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 12:42:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [13/04/2017 16:30:57] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 12:42:48] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe
[16/07/2016 07:04:24] - |D| - [6709765056] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 12:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 12:42:39] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe
[MD5.3F013C8D4761CFB29BD9594EFAC711DB] - [24/06/2017 12:59:30] - |A| - (.-.) - [2222988] - (0.0.0.0) - C:\WINDOWS\ZAM.krnl.trace
[MD5.AB1CCE1A47D67478578579FB07AF5958] - [24/06/2017 12:59:29] - |A| - (.-.) - [297847] - (0.0.0.0) - C:\WINDOWS\ZAM_Guard.krnl.trace

---------- | C:\WINDOWS\System32\GroupPolicy

[MD5.609C36FA5665162FA915FABBAA7C040C] - [21/01/2016 22:13:38] - |A| - (.-.) - [165] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\gpt.ini
[21/01/2016 22:13:38] - |D| - [1178] - C:\WINDOWS\System32\GroupPolicy\Machine
[21/01/2016 22:13:38] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User

---------- | Systemroot\System

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[29/01/2017 02:08:43] - C:\WINDOWS\Installer\11b0a69a.msi : (Google Earth - Google) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/07/2012 05:00:00] - C:\WINDOWS\Installer\155ad876.msi : (HexEdit Installer - Expert Commercial Software Pty Ltd) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/01/2014 21:37:44] - C:\WINDOWS\Installer\17073aa2.msi : ( - COMPELSON Laboratories) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/02/2016 19:32:26] - C:\WINDOWS\Installer\172005.msi : (TextPad 64-bit - Helios) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/03/2017 22:57:35] - C:\WINDOWS\Installer\173033.msi : (Java SE Runtime Environment 8 Update 121 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/03/2017 22:57:21] - C:\WINDOWS\Installer\17304c.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/12/2013 01:45:38] - C:\WINDOWS\Installer\1748f0.msi : (Ancestral Quest 14 - Incline Software, LC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/01/2007 23:04:08] - C:\WINDOWS\Installer\1748ff.msi : (Ancestral Quest Collaboration Support for Win 98/NT/2000/ME/XP - Incline Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/04/2015 10:26:08] - C:\WINDOWS\Installer\197e12bf.msi : (USB 3.0 Host Controller Driver - NEC Electronics Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/04/2017 02:14:56] - C:\WINDOWS\Installer\1f6b682.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/10/2015 16:03:44] - C:\WINDOWS\Installer\22042cc.msi : (OpenOffice 4.1.2 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/10/2015 13:25:17] - C:\WINDOWS\Installer\2386380f.msi : (Adblock Plus for IE - Eyeo GmbH) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/12/2014 22:58:57] - C:\WINDOWS\Installer\25e2794.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/06/2015 08:49:52] - C:\WINDOWS\Installer\25e894a.msi : (System Requirements Lab Detection - Husdawg, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/09/2016 09:33:58] - C:\WINDOWS\Installer\295fc7d.msi : (Kaspersky Secure Connection - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/05/2014 09:00:00] - C:\WINDOWS\Installer\2c54864b.msi : (Blank Project Template - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/11/2014 06:53:16] - C:\WINDOWS\Installer\330c42b4.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/02/2016 19:22:11] - C:\WINDOWS\Installer\3e80765.msi : (CSR Bluetooth Stack - Cambridge Silicon Radio Limited.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/06/2012 00:10:00] - C:\WINDOWS\Installer\4e14dde.msi : ( - SteelSoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 15:06:21] - C:\WINDOWS\Installer\5b930f8.msi : (Kaspersky Total Security - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/07/2016 11:31:46] - C:\WINDOWS\Installer\948e15d.msi : ( - TomTom) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 00:34:20] - C:\WINDOWS\Installer\94a228a.msi : (LWS Help_main - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:18] - C:\WINDOWS\Installer\94a2297.msi : (LWS Webcam Software - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:16] - C:\WINDOWS\Installer\94a22a4.msi : (CameraHelperMsi - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 00:46:08] - C:\WINDOWS\Installer\94a22b1.msi : (Logitech eReg 1.12 merge module-to-MSI converter - Logitech, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/07/2012 23:15:18] - C:\WINDOWS\Installer\94a22be.msi : (LWS Facebook - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/09/2012 23:19:08] - C:\WINDOWS\Installer\94a22cb.msi : (LWS Gallery - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 00:36:58] - C:\WINDOWS\Installer\94a22d8.msi : (LWS Launcher - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:12] - C:\WINDOWS\Installer\94a22e5.msi : (LWS Motion Detection - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:22] - C:\WINDOWS\Installer\94a22f2.msi : (LWS Pictures And Video - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/07/2011 03:51:16] - C:\WINDOWS\Installer\94a22ff.msi : (LWS Twitter - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/06/2011 04:26:48] - C:\WINDOWS\Installer\94a230c.msi : (LWS WLM Plugin - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/11/2011 23:14:28] - C:\WINDOWS\Installer\94a2319.msi : (LWS YouTube Plugin - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%*.in*

[16/07/2016 12:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[08/02/2017 13:16:59] - [1280994] - C:\WINDOWS\System32\PerfStringBackup.INI
[16/07/2016 12:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[16/07/2016 12:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[16/07/2016 12:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[07/01/2003 16:05:08] - [2695] - C:\WINDOWS\Syswow64\OUTLPERF.INI
[08/02/2017 13:16:51] - [968848] - C:\WINDOWS\Syswow64\PerfStringBackup.INI
[16/07/2016 12:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64
[MD5.B7C476BBE4F001F4F33C04D9ABC33DC8] - |A| - [16/07/2016 12:42:17] - (.-.) - [14.52 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
[MD5.8BE31B88D8523648580AFAFB92B78A30] - |A| - [15/03/2017 21:53:25] - (.-.) - [540.84 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
[MD5.12297D7145B939711EED5245E03EB14C] - |A| - [31/07/2015 14:35:16] - (.-.) - [28 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup
[MD5.74E8B3D90B953A85A6E4949419981180] - |ASH| - [31/07/2015 14:35:16] - (.-.) - [25 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [31/07/2015 14:35:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG1
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [31/07/2015 14:35:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG2
[MD5.00000000000000000000000000000000] - |D| - [02/06/2017 23:08:16] - [0 Ko] - C:\WINDOWS\Temp\084C2705-711F-EDB5-4B28-C4CF86B7EC37
[MD5.00000000000000000000000000000000] - |D| - [14/06/2017 17:52:42] - [0 Ko] - C:\WINDOWS\Temp\08A023B4-7FB8-9DEF-9197-2F989176D32B
[MD5.00000000000000000000000000000000] - |D| - [15/04/2017 15:34:21] - [0 Ko] - C:\WINDOWS\Temp\0FD6B391-B504-0065-E8BF-1650ACD8D34B
[MD5.00000000000000000000000000000000] - |D| - [10/06/2017 08:38:58] - [13342.22 Ko] - C:\WINDOWS\Temp\18E5672F-E71C-F9CE-E06A-31C17C82DB25
[MD5.00000000000000000000000000000000] - |D| - [25/05/2017 15:05:31] - [0 Ko] - C:\WINDOWS\Temp\1A7A9CBB-DC11-F562-BCBF-EAAEA00AC1AA
[MD5.00000000000000000000000000000000] - |D| - [24/06/2017 23:16:07] - [0 Ko] - C:\WINDOWS\Temp\1C151345-4BB6-6D5C-E47C-8EA1F3C5FCA9
[MD5.00000000000000000000000000000000] - |D| - [27/05/2017 14:53:40] - [0 Ko] - C:\WINDOWS\Temp\1E3DB601-9FFB-9243-895C-DC3AF36C7BCA
[MD5.00000000000000000000000000000000] - |D| - [21/06/2017 16:03:09] - [0 Ko] - C:\WINDOWS\Temp\20EC404C-A649-9CA8-5A33-5216BACF6FF8
[MD5.00000000000000000000000000000000] - |D| - [29/06/2017 15:54:17] - [0 Ko] - C:\WINDOWS\Temp\29A0C49A-3E01-58FE-D012-79A54063A768
[MD5.00000000000000000000000000000000] - |D| - [23/05/2017 16:46:32] - [0 Ko] - C:\WINDOWS\Temp\2E720918-0C77-18FE-A08B-9C004C1DF24E
[MD5.00000000000000000000000000000000] - |D| - [09/05/2017 00:12:07] - [0 Ko] - C:\WINDOWS\Temp\317E7435-AD21-440D-CF24-4822476104F2
[MD5.00000000000000000000000000000000] - |D| - [13/05/2017 15:10:26] - [0 Ko] - C:\WINDOWS\Temp\33FA4131-610A-EE50-9D56-3409DCE2AA5C
[MD5.00000000000000000000000000000000] - |D| - [06/05/2017 15:36:50] - [0 Ko] - C:\WINDOWS\Temp\3ABC2BF5-2266-138E-1A3D-68B3CD7E88F3
[MD5.00000000000000000000000000000000] - |D| - [14/04/2017 20:22:42] - [0 Ko] - C:\WINDOWS\Temp\42EACB14-9AD7-3C21-1DF9-25A0EAABA4B2
[MD5.00000000000000000000000000000000] - |D| - [24/06/2017 09:03:49] - [874.27 Ko] - C:\WINDOWS\Temp\46EF6E51-1F1E-4059-B363-93ADAA63F89D235c.1d2ecc069659fe7
[MD5.00000000000000000000000000000000] - |D| - [17/06/2017 09:27:46] - [0 Ko] - C:\WINDOWS\Temp\4A3B4405-1F6A-622C-4CBB-B5D275C5ED05
[MD5.00000000000000000000000000000000] - |D| - [27/04/2017 17:06:12] - [0 Ko] - C:\WINDOWS\Temp\4A5347D5-D907-3F22-919F-089E10997B1F
[MD5.00000000000000000000000000000000] - |D| - [01/05/2017 16:04:54] - [0 Ko] - C:\WINDOWS\Temp\4A62A709-C40D-980A-BAB2-0D4EABB97F12
[MD5.00000000000000000000000000000000] - |D| - [13/06/2017 04:53:36] - [0 Ko] - C:\WINDOWS\Temp\4DE0B86A-3A38-F471-A66E-88AAA4A107F5
[MD5.00000000000000000000000000000000] - |D| - [06/04/2017 14:30:49] - [0 Ko] - C:\WINDOWS\Temp\50C85651-3F15-9B88-CC8D-DCA2501134AB
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 19:12:24] - [0 Ko] - C:\WINDOWS\Temp\515AAEEF-6BA3-CB1F-8BF9-11780532400A
[MD5.00000000000000000000000000000000] - |D| - [23/06/2017 19:56:55] - [13367.51 Ko] - C:\WINDOWS\Temp\567B3BD7-ACEC-0B25-9B00-820225D14C0F
[MD5.00000000000000000000000000000000] - |D| - [15/06/2017 20:04:57] - [0 Ko] - C:\WINDOWS\Temp\56EC8019-F8F7-19BE-AE03-03BCE9AB8A0A
[MD5.00000000000000000000000000000000] - |D| - [19/04/2017 17:01:20] - [0 Ko] - C:\WINDOWS\Temp\59D2FCED-7540-C396-7C7C-38C881F31BAE
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 15:26:03] - [0 Ko] - C:\WINDOWS\Temp\63B3B66B-90F1-4E0B-52D1-3C0C3C3B285A
[MD5.00000000000000000000000000000000] - |D| - [08/06/2017 15:24:48] - [0 Ko] - C:\WINDOWS\Temp\640365C8-4A7D-9F3E-C71F-1CFF27714336
[MD5.00000000000000000000000000000000] - |D| - [27/06/2017 00:26:32] - [0 Ko] - C:\WINDOWS\Temp\6502B2E5-3D0C-9E3D-8B07-F0A16256B8F7
[MD5.00000000000000000000000000000000] - |D| - [20/06/2017 15:14:32] - [0 Ko] - C:\WINDOWS\Temp\65F5DC6B-83F7-6BB2-579A-0746661A1837
[MD5.00000000000000000000000000000000] - |D| - [28/04/2017 23:18:41] - [0 Ko] - C:\WINDOWS\Temp\69F1E149-99F7-672C-69FC-9F5C95520B3C
[MD5.00000000000000000000000000000000] - |D| - [26/05/2017 15:37:11] - [0 Ko] - C:\WINDOWS\Temp\6F06C0B6-F8A4-80F1-72B1-5BA9B40D3DB8
[MD5.00000000000000000000000000000000] - |D| - [07/06/2017 17:37:17] - [0 Ko] - C:\WINDOWS\Temp\709798ED-FD8F-6D19-3D41-82C2527758AF
[MD5.00000000000000000000000000000000] - |D| - [10/06/2017 15:12:40] - [0 Ko] - C:\WINDOWS\Temp\75DAD52F-4ACD-A65C-0ACF-0E3088002C64
[MD5.00000000000000000000000000000000] - |D| - [31/05/2017 01:02:27] - [0 Ko] - C:\WINDOWS\Temp\79CE4B86-6E83-C556-BD0C-AD10E2E31531
[MD5.00000000000000000000000000000000] - |D| - [03/05/2017 17:16:26] - [0 Ko] - C:\WINDOWS\Temp\819A7D11-D1FC-470E-9B15-C0823211BBBB
[MD5.00000000000000000000000000000000] - |D| - [11/05/2017 15:12:03] - [0 Ko] - C:\WINDOWS\Temp\82BF2A3B-B97B-7E16-40BE-0313C52CEC96
[MD5.00000000000000000000000000000000] - |D| - [06/05/2017 00:20:43] - [0 Ko] - C:\WINDOWS\Temp\83E3FF09-4B21-F4A1-7732-537DBD702194
[MD5.00000000000000000000000000000000] - |D| - [13/04/2017 16:09:42] - [0 Ko] - C:\WINDOWS\Temp\878834E1-5D2A-BC71-B800-7C14C40C8D5C
[MD5.00000000000000000000000000000000] - |D| - [27/06/2017 16:09:08] - [0 Ko] - C:\WINDOWS\Temp\8A1C4635-8CCC-4A9A-4A53-BFDFA55E24EF
[MD5.00000000000000000000000000000000] - |D| - [08/04/2017 09:29:27] - [0 Ko] - C:\WINDOWS\Temp\92AADA39-05DB-7CB6-06D6-673D9BD52D02
[MD5.00000000000000000000000000000000] - |D| - [28/06/2017 16:01:07] - [0 Ko] - C:\WINDOWS\Temp\93397864-3E00-D6E4-2949-5B67A58F41F0
[MD5.00000000000000000000000000000000] - |D| - [25/04/2017 00:24:42] - [0 Ko] - C:\WINDOWS\Temp\937896BE-B82A-D7B1-9B4E-B6FFC9008A33
[MD5.00000000000000000000000000000000] - |D| - [14/05/2017 14:55:51] - [0 Ko] - C:\WINDOWS\Temp\95F89A56-EE75-3672-5E77-5B70F6D32E18
[MD5.00000000000000000000000000000000] - |D| - [22/04/2017 16:43:18] - [0 Ko] - C:\WINDOWS\Temp\97A49954-4C47-8A10-1E5D-9E250BDF2207
[MD5.00000000000000000000000000000000] - |D| - [19/04/2017 16:56:34] - [13144.12 Ko] - C:\WINDOWS\Temp\99B28B76-7AC2-B974-E394-8B09B9979E19
[MD5.00000000000000000000000000000000] - |D| - [16/04/2017 16:12:06] - [0 Ko] - C:\WINDOWS\Temp\9BB4393D-FF7B-85FE-9333-4F2B9EDA7AFF
[MD5.00000000000000000000000000000000] - |D| - [17/06/2017 14:57:14] - [0 Ko] - C:\WINDOWS\Temp\9CB19679-E66E-32EE-74CC-9CB93C640DF5
[MD5.00000000000000000000000000000000] - |D| - [26/04/2017 12:11:06] - [1276.77 Ko] - C:\WINDOWS\Temp\9DD6FB8C-4F8D-4D4D-AE4A-F5F24A57A281267c.1d2be7dcd172ac6
[MD5.00000000000000000000000000000000] - |D| - [30/04/2017 16:40:59] - [0 Ko] - C:\WINDOWS\Temp\9DDC1B4C-77D5-EEE5-9AD0-5BCCD77DCBE7
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 00:06:17] - [0 Ko] - C:\WINDOWS\Temp\A217986A-DEA5-2FEC-2099-6BC8A3768CD5
[MD5.00000000000000000000000000000000] - |D| - [17/04/2017 14:58:38] - [0 Ko] - C:\WINDOWS\Temp\A461241E-74E5-7926-DA2C-B8736A73ABBA
[MD5.00000000000000000000000000000000] - |D| - [05/05/2017 00:37:01] - [13144.12 Ko] - C:\WINDOWS\Temp\A4E712E6-B0B3-AD0F-A4DB-033EA7A94C99
[MD5.00000000000000000000000000000000] - |D| - [23/05/2017 00:54:44] - [0 Ko] - C:\WINDOWS\Temp\A7F876BE-608A-D847-528C-3C1A8395028D
[MD5.00000000000000000000000000000000] - |D| - [09/05/2017 16:05:46] - [0 Ko] - C:\WINDOWS\Temp\AF7B1AB2-FD92-E8D1-E4B1-F0D7A9DB3B53
[MD5.00000000000000000000000000000000] - |D| - [21/04/2017 22:31:20] - [0 Ko] - C:\WINDOWS\Temp\B1444C68-55CE-D67C-D5AB-7CD37FF3F4A2
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 21:57:50] - [0 Ko] - C:\WINDOWS\Temp\BCB09E35-8969-9CDC-1916-1B7F5D286636
[MD5.00000000000000000000000000000000] - |D| - [24/05/2017 15:48:03] - [0 Ko] - C:\WINDOWS\Temp\BDADF5D3-776E-C121-52FC-6096F2EF1C5E
[MD5.00000000000000000000000000000000] - |D| - [20/06/2017 00:27:39] - [0 Ko] - C:\WINDOWS\Temp\BFA5522C-30E3-8CF7-CC22-51ADEC11994A
[MD5.00000000000000000000000000000000] - |D| - [22/06/2017 15:36:04] - [0 Ko] - C:\WINDOWS\Temp\C50D8DC1-E41B-7A64-28FF-35DFC349B0C7
[MD5.00000000000000000000000000000000] - |D| - [10/05/2017 22:09:34] - [0 Ko] - C:\WINDOWS\Temp\C5E8F634-3A8C-C62E-D8F5-992C244AD933
[MD5.00000000000000000000000000000000] - |D| - [03/06/2017 15:14:42] - [0 Ko] - C:\WINDOWS\Temp\CFB00A51-9C83-6025-964A-8E98D05190BD
[MD5.8493CC7464F6E15239CC913CE936E10B] - |A| - [23/05/2017 00:20:53] - (.-.) - [58.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log
[MD5.00000000000000000000000000000000] - |D| - [04/04/2017 00:08:23] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [26/06/2017 23:21:23] - [1722.33 Ko] - C:\WINDOWS\Temp\CR_47A63.tmp
[MD5.00000000000000000000000000000000] - |D| - [24/06/2017 09:03:17] - [0 Ko] - C:\WINDOWS\Temp\D72F8054-3CDB-4E63-8ECE-4285EE97A3C8-Sigs
[MD5.00000000000000000000000000000000] - |D| - [29/03/2017 09:22:05] - [0 Ko] - C:\WINDOWS\Temp\DE78F3A5-876B-09D9-90B7-8D72FFA46EDA
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 00:14:56] - [0 Ko] - C:\WINDOWS\Temp\DFEE74EF-8868-D7BE-EF58-3C267684008C
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/04/2017 16:53:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DMIE86F.tmp
[MD5.00000000000000000000000000000000] - |D| - [08/04/2017 10:10:37] - [0 Ko] - C:\WINDOWS\Temp\E16317F4-9B23-DC6C-2E20-E88964D4BD40
[MD5.00000000000000000000000000000000] - |D| - [31/05/2017 16:28:14] - [0 Ko] - C:\WINDOWS\Temp\E2DD2D50-4F64-571E-A597-6E92AA012196
[MD5.00000000000000000000000000000000] - |D| - [13/06/2017 16:41:29] - [0 Ko] - C:\WINDOWS\Temp\E9289261-E893-B077-91AF-E0EA4D767C82
[MD5.00000000000000000000000000000000] - |D| - [01/06/2017 15:03:05] - [0 Ko] - C:\WINDOWS\Temp\E9365FB2-00BD-28D6-DA7A-3448899172B6
[MD5.00000000000000000000000000000000] - |D| - [12/04/2017 17:08:11] - [0 Ko] - C:\WINDOWS\Temp\E960EF2F-BD1B-A03D-B3CA-6C7C209A3409
[MD5.00000000000000000000000000000000] - |D| - [26/04/2017 11:30:27] - [13144.12 Ko] - C:\WINDOWS\Temp\EB87AB2F-EE10-13A3-CEAD-E9799A337511
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 11:31:25] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_38MM0ZF4zAhMJsy
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 20:42:08] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_6dTTXLx35wQXaDs
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [25/04/2017 14:39:18] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_6hpd6a7xvXdMLzr
[MD5.EDA9A7AE2507BDA20BA81E0E89AB3D19] - |AHT| - [18/04/2017 08:55:43] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_75ifKi4f9K38Bdi
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 18:59:52] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_7U3UtB1OIuCaxj5
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [20/04/2017 15:32:54] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_8jIgwJroq1mLsQF
[MD5.C2F480660526B7D64085A24320B5801B] - |AHT| - [14/04/2017 09:44:08] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_8SytNPRC3hE0tqx
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/04/2017 10:51:27] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_8TVueni1b4VTYPd
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [29/06/2017 23:36:58] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_9egzpEABDxBlFAv
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 17:36:21] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_9XyuBGO8kbda2GZ
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [13/04/2017 16:31:19] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_alxenXCfTmtAHdT
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [30/06/2017 09:44:18] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_aSxcfOQbXkAKBw0
[MD5.08FCBCE38BD2FF5C59087153C7B43F6A] - |AHT| - [14/04/2017 16:18:06] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_B4BG95qZLx2mgBC
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [27/04/2017 16:16:38] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_bfLsmAaJZrpkWCL
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 20:42:08] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_C8sNz1GFvWlPSCp
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [20/04/2017 21:09:51] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_cB28cTahEgcKYBT
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 21:53:35] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_drg5bhHa1NjjW1u
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 06:28:24] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_ecsr4jcerZYc45s
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [19/04/2017 10:51:27] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_eSKTBQvj9IHEm4r
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 08:55:43] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_eUK8woSksyGiy6g
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [27/04/2017 16:16:38] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_f4pwT3JfgfI7qnn
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 19:49:22] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_f6D8YB1fVr9vdzz
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 09:44:08] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_fdQEfGXrnmS9tGQ
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [20/04/2017 21:09:51] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Foj12ail4qm1ffh
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 12:53:21] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_fSXckMeVKsBgRxL
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 20:07:01] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_fZbx7UCAWpWSibc
[MD5.9E789DAC8239C56141B6B87CDAB4F535] - |AHT| - [14/04/2017 18:59:52] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_g7UPYJdxXF9COW0
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 18:25:35] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_gdbqxJn6NV2qZVd
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 13:19:16] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_GHVlS0abrjkeote
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [20/04/2017 10:03:56] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_gKxKgv47cJVC8Ef
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [20/04/2017 15:32:54] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_hb7QYXLmxYP7RQj
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 20:56:59] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_hevV0rDSTzpOWZK
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/04/2017 22:20:30] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_hGElzNPN5icoQsY
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 20:22:37] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_hJi9GGBK26zYaGD
[MD5.E48723CF8C2A3FD3E7B7BD25529CC297] - |AHT| - [16/04/2017 15:57:37] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_HS6YJR5dYnMHpBq
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [27/05/2017 09:44:17] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_hyEW6GSgJqPbumF
[MD5.DDB8FD2826406C16C0AD7CE8ECF405A3] - |AHT| - [16/04/2017 09:04:38] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_iblagLdyfqxf8rf
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [25/04/2017 15:23:31] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_iQhCZ6kEtXhgf5W
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [27/05/2017 11:10:42] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_J0f7Z0wZ3wqjHK5
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [16/04/2017 15:57:38] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_JGvtzLQPvzWogjR
[MD5.55DEE7A5B95E74D8E46828C37EB0772A] - |AHT| - [14/04/2017 18:25:35] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Jqg8MfgwGzoTRtx
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [23/05/2017 00:13:04] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_k6R6lgWyoezOrby
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [19/04/2017 21:31:41] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_l4GcBVdM2MrozH5
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 09:44:06] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_l8va7Oiadf89Xa1
[MD5.EBD04A23C6C65E0BB1FFBA034B63ECF8] - |AHT| - [17/04/2017 22:11:31] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_lYgL9CUYJudNDJh
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [14/04/2017 19:54:14] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_m3uorjwqYGDzfsN
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [27/05/2017 09:44:17] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_mymh82hq7DXr2uk
[MD5.10C7611BE98332D823567FF0C2C395FC] - |AHT| - [13/04/2017 22:56:18] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_ndYSBfCGlFExs6x
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [20/04/2017 10:03:56] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_OiL3YkeBcbtKFyQ
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [30/06/2017 09:44:18] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Oy2R9lhYWRpAoPr
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 21:53:35] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_P3qkYrNgkjHqPI5
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [16/04/2017 09:04:38] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_PDooXYpVB6iuL0r
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 13:19:16] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_PNAY0BEKCwJPC5p
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 19:49:22] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_qq6brpftVcBQA0h
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [29/06/2017 23:36:58] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_R1wsah7tWwvA8hd
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [13/04/2017 22:56:18] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_rChIfFV2Gl7WbkS
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 16:18:06] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Rcicb3MKQzrNfDD
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [17/04/2017 22:11:31] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_rgsR68P0Cjs6ofq
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [19/04/2017 13:18:49] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_rqjrLMyWRyxLSvt
[MD5.1C0A570AD8CFE2134FE22DFE196BD07A] - |AHT| - [14/04/2017 11:31:25] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Rwsg3Edz8sye6oO
[MD5.299BE55353F9011E2A4D6E7D16823848] - |AHT| - [18/04/2017 09:44:06] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_rZlV0NYz6ZRjPLe
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [14/04/2017 06:28:24] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_s7MWwFKlzrLJepX
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/04/2017 13:18:48] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_STtYZvZAzdxNhbh
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 14:19:01] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_TLlddyEh6BSS7jh
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 17:59:53] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_TmFvZUBjOTyaJne
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 20:56:59] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_TpzWg64Qr495Tn9
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 19:54:15] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_TtkVrjMydIkUcQC
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [19/04/2017 22:20:30] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_U3dzJhu6eEYZ3oM
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/04/2017 21:31:41] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_U8znFvySg2X1org
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 20:22:37] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Uiv9IY8gfaND10l
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [25/04/2017 14:39:18] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_uj5pJXS3UyfskA5
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [27/05/2017 11:10:42] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_URHLu2IsjDpOO8K
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 17:59:53] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_uyij40rocOM3IQ3
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 17:36:21] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_vPiAyY0ultwODDy
[MD5.8474D2B17095DEFFE4445CD90C896FD3] - |AHT| - [14/04/2017 12:53:21] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_VUoyL0FQHOHMuWB
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 14:19:01] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_VWCikxIkO6o9sW3
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [20/04/2017 20:37:56] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_VWPsgJPHSHzvfcA
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 20:07:01] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_wQXbXQbK9K4buE1
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [25/04/2017 15:23:31] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_xPgfpDfv5d1aLtD
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [23/05/2017 00:13:04] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Yl5gn2OMlJD6EdS
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [13/04/2017 16:31:19] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_YPVhbQzkrUMg17a
[MD5.F50F60155CA772E0B5E7C526F1707C59] - |AHT| - [14/04/2017 12:27:54] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_z2eePRjP8TObQVx
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [20/04/2017 20:37:56] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_ZjXRnLCSS44gAzO
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 12:27:54] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_zycSiGzd0McdZCX
[MD5.00000000000000000000000000000000] - |D| - [23/06/2017 23:12:21] - [0 Ko] - C:\WINDOWS\Temp\F832F545-80DD-7D3F-F65C-87DC38D6932B
[MD5.00000000000000000000000000000000] - |D| - [23/05/2017 00:45:47] - [13341.72 Ko] - C:\WINDOWS\Temp\FA923BA6-3BFB-89DB-AFD9-6BBC4C530FAD
[MD5.00000000000000000000000000000000] - |D| - [05/05/2017 00:45:15] - [0 Ko] - C:\WINDOWS\Temp\FAD84EEE-ED11-8B59-27C0-B4D711F5F744
[MD5.00000000000000000000000000000000] - |D| - [18/04/2017 15:01:55] - [0 Ko] - C:\WINDOWS\Temp\FC81FAA4-D588-B4F9-78B1-608F28423139
[MD5.00000000000000000000000000000000] - |D| - [12/05/2017 15:36:13] - [0 Ko] - C:\WINDOWS\Temp\FCE7AC50-AB9C-0B51-D3F3-E829134B5F22
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/04/2017 12:38:47] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/04/2017 12:38:46] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.D0CFF5F6CB5E8D09BA40676892C77FC3] - |A| - [25/04/2017 20:14:41] - (.-.) - [1506.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\kavremvr-srvc 2017-04-25 20-14-41 (pid 1120).log
[MD5.3832FD2E70CBA9D6C8E3B984B4C23681] - |A| - [13/04/2017 16:50:29] - (.-.) - [131.88 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.A5684E68297E7DE5AED2CA0CEFA1171C] - |A| - [26/04/2017 12:10:32] - (.-.) - [33.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.00000000000000000000000000000000] - |D| - [27/04/2017 15:11:43] - [0 Ko] - C:\WINDOWS\Temp\MPTelemetrySubmit
[MD5.00000000000000000000000000000000] - |D| - [10/02/2017 23:18:45] - [0 Ko] - C:\WINDOWS\Temp\MRT
[MD5.273D37FC22C7059503B31BD6A2E0B53A] - |A| - [27/04/2017 15:14:34] - (.-.) - [1802.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI7d94.LOG
[MD5.52D8BC6E2E5D1FE593725B88F94146ED] - |A| - [27/04/2017 15:15:06] - (.-.) - [715.38 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI7d95.LOG
[MD5.00000000000000000000000000000000] - |D| - [27/04/2017 16:28:41] - [20 Ko] - C:\WINDOWS\Temp\NVIDIA Corporation
[MD5.00000000000000000000000000000000] - |D| - [27/04/2017 16:27:39] - [27.26 Ko] - C:\WINDOWS\Temp\NvidiaLogging
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2017 10:28:54] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu10A9.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2017 10:28:54] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu10AA.tmp
[MD5.6C5697EE9BB91645EAB0463DF615591E] - |A| - [14/04/2017 10:28:54] - (.-.) - [355.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu1128.tmp
[MD5.6C5697EE9BB91645EAB0463DF615591E] - |A| - [14/04/2017 10:28:54] - (.-.) - [355.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu1157.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/04/2017 14:51:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu1FCD.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/04/2017 14:51:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu20A9.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/04/2017 14:51:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2107.tmp
[MD5.BA593DC0ECBB8E01C530A7A682E4EDD2] - |A| - [19/04/2017 14:51:58] - (.-.) - [3.77 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2128.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 19:51:50] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2399.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2017 16:10:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2673.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/05/2017 20:34:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2685.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2017 16:10:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu26E1.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2017 16:10:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2721.tmp
[MD5.3822FB56F17CF73BC2C80BA984B1ADF9] - |A| - [21/04/2017 16:10:24] - (.-.) - [3.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2741.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2017 19:02:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu28F4.tmp
[MD5.B98A43787E5CEA857208DCCAA4184A41] - |A| - [14/04/2017 18:27:35] - (.-.) - [122.82 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu29C3.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 19:51:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2AFD.tmp
[MD5.DE06CC479D28CB861928921EA4422A8E] - |A| - [14/04/2017 18:27:36] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2D3F.tmp
[MD5.DD27A44517A1545EC830C117DAC0F949] - |A| - [14/04/2017 19:02:52] - (.-.) - [353.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2D4A.tmp
[MD5.05C9FC711C2C0753D7D4FA65DD895FBB] - |A| - [18/04/2017 19:51:53] - (.-.) - [354.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2DDC.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/04/2017 16:33:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu3F34.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/04/2017 07:58:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu422F.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/04/2017 07:58:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu425F.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/04/2017 07:58:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu427F.tmp
[MD5.C50CE2FFBF104AA0A845086D4932CC1A] - |A| - [15/04/2017 07:58:22] - (.-.) - [3.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu42FD.tmp
[MD5.23BA60BE591618AEF1F5A31D6365104F] - |A| - [14/04/2017 06:29:56] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu477D.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/04/2017 12:31:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu4949.tmp
[MD5.CCC41BD24114634E71FB877928612C7B] - |A| - [19/04/2017 12:31:19] - (.-.) - [354.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu4A06.tmp
[MD5.49B3C378C8BC0FADE407955CAB8571D7] - |A| - [14/04/2017 19:56:25] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu4D68.tmp
[MD5.EC93F4AAE287DB34ECC4CF8A79709D6D] - |A| - [18/04/2017 13:19:58] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu5AD1.tmp
[MD5.E63F433ED806A0BD3F7D928F79670A5C] - |A| - [18/04/2017 13:19:59] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu5CE5.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/04/2017 16:33:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu63F3.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2017 12:38:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu6988.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2017 12:38:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu6A15.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2017 12:38:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu6A64.tmp
[MD5.C488580C4014795E7D03F806880BE040] - |A| - [20/04/2017 12:38:42] - (.-.) - [3.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu6A94.tmp
[MD5.04EBC54C4F80DAC0F68F389C6534E148] - |A| - [16/04/2017 15:58:53] - (.-.) - [7.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu7E4.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/04/2017 16:33:29] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu7ECF.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2017 08:05:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8030.tmp
[MD5.9D6C9E50144EAD155B20BEE60B2F382F] - |A| - [20/04/2017 08:05:41] - (.-.) - [354.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu80CD.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2017 21:04:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu82D6.tmp
[MD5.3B5D5FD9CBABD7D6980A1550710F36B0] - |A| - [18/04/2017 20:58:53] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8323.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2017 08:49:32] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu871C.tmp
[MD5.A3346756E9421A11B9D1B41916BADE5D] - |A| - [21/04/2017 08:49:32] - (.-.) - [3.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu873C.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/04/2017 16:33:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu88F2.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/04/2017 23:58:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8B93.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/04/2017 15:59:27] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8BCA.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/04/2017 23:58:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8CBD.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/04/2017 23:58:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8D4A.tmp
[MD5.8243932642C9420E2ADAEF3FC1202AA1] - |A| - [24/04/2017 23:58:14] - (.-.) - [3.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8D9A.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2017 06:30:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8E1C.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2017 06:30:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu92FF.tmp
[MD5.D9989057331BDEB5667E652F79C0E718] - |A| - [18/04/2017 17:38:23] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu94A8.tmp
[MD5.CEFCC3B30D370ACDFDC27EC421A99F5F] - |A| - [14/04/2017 06:30:16] - (.-.) - [352.79 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9765.tmp
[MD5.0BA6AA6EAB779501E5565AA406B7D2DA] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9D62.tmp
[MD5.BAF484EE83DB8EACCD9D63B2FC3C78BD] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9D82.tmp
[MD5.7367111837BB050FB6043D8ECC70DEC7] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9D93.tmp
[MD5.4E7355D9BE50794AF9DFAA631997A42A] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9DD2.tmp
[MD5.EDD36D7E61831219724350C3111FAFF1] - |A| - [18/04/2017 18:01:39] - (.-.) - [6.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9DFE.tmp
[MD5.1D922BA62FDB2B9F73826C22181873B4] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9E8F.tmp
[MD5.1F73A507CEC6335F6543E418E4018A9D] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9E9F.tmp
[MD5.89FD5C34546C32935C9DEB42DEC143C4] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9EB0.tmp
[MD5.C83032FD790196CB913C610F9A734F3F] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9ED0.tmp
[MD5.248DE7345E8E02558FE0736045350FBB] - |A| - [19/04/2017 21:33:44] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA040.tmp
[MD5.880327FF8EB2EC6804E1C1E307F75D6F] - |A| - [19/04/2017 21:33:44] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA0AF.tmp
[MD5.23E578AB684E5D1064FB8FA02FE8DC23] - |A| - [19/04/2017 21:33:44] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA0B0.tmp
[MD5.B25FBE566AA91032C6B00829E31FB3E7] - |A| - [19/04/2017 21:33:44] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA0E0.tmp
[MD5.8450F155E0121B3A51280DF992B329DA] - |A| - [19/04/2017 21:33:44] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA15E.tmp
[MD5.B44576901C1C5CE4EF27224A3C9587AC] - |A| - [13/04/2017 16:33:15] - (.-.) - [184.74 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA7A3.tmp
[MD5.1A703DEEE323D1EC8BA75FACAD389415] - |A| - [14/04/2017 11:33:12] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA830.tmp
[MD5.F0C1934D037FBA8FF7F87D7E677AB7CB] - |A| - [13/04/2017 16:33:15] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuAA73.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 14:51:03] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuAB54.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 14:51:03] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuAB65.tmp
[MD5.929A50B34B375D8EE2C3E267261042AF] - |A| - [18/04/2017 14:51:03] - (.-.) - [354.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuABF2.tmp
[MD5.929A50B34B375D8EE2C3E267261042AF] - |A| - [18/04/2017 14:51:03] - (.-.) - [354.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuAC51.tmp
[MD5.B875FC88DA2B294AB569F81F672C539A] - |A| - [16/04/2017 15:59:36] - (.-.) - [352.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuAD0F.tmp
[MD5.0F76D676078EBD727A0F248E47F241EB] - |A| - [20/04/2017 20:39:50] - (.-.) - [7.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuB37A.tmp
[MD5.1FE593330A9F9686ADF17F70546CD324] - |A| - [23/05/2017 00:14:33] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuB6D6.tmp
[MD5.1EE8E14F58F7900AE4C978A38F605F36] - |A| - [18/04/2017 21:55:30] - (.-.) - [7.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuB9C4.tmp
[MD5.5AB898EFF25E18D0D1B77E5277B34D85] - |A| - [18/04/2017 20:44:01] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuBA21.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 20:44:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuBD01.tmp
[MD5.7ABFB3AD404BB2C2324445EFC755304B] - |A| - [17/04/2017 22:13:37] - (.-.) - [5093.85 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuBE77.tmp
[MD5.D1E2F9EEB53E8AC51C4F4E6D9EBD7483] - |A| - [17/04/2017 22:13:37] - (.-.) - [533.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuBF52.tmp
[MD5.A458642654B85B81A15FD1CF6C8DBE90] - |A| - [18/04/2017 20:44:03] - (.-.) - [352.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuBFFF.tmp
[MD5.BA1FB357B28AA67BE02D954A6168E6C7] - |A| - [18/04/2017 08:57:37] - (.-.) - [5096.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC1B3.tmp
[MD5.B39CCBB6AAEBDC1EDFC9F38DC4277890] - |A| - [18/04/2017 08:57:38] - (.-.) - [533.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC2AE.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 21:55:33] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC2AF.tmp
[MD5.A2012685B890BA1293651E6FE7DC329C] - |A| - [18/04/2017 08:57:38] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC2BE.tmp
[MD5.C50111C4194F826637CBC95696811F01] - |A| - [27/04/2017 16:18:29] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC31A.tmp
[MD5.B29E0E6DB2AD8069AE5447935B244118] - |A| - [27/04/2017 16:18:29] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC3A8.tmp
[MD5.F59562B97FD3EE35998FCBF7D95F85DC] - |A| - [27/04/2017 16:18:29] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC3D8.tmp
[MD5.1A1C733B3E30221DE7326C728EB325DE] - |A| - [18/04/2017 21:55:34] - (.-.) - [351.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC83D.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/05/2017 11:12:26] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuD87E.tmp
[MD5.18E49F1425572ABA78313C098DA5C1C2] - |A| - [27/05/2017 11:12:27] - (.-.) - [350.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuDB3F.tmp
[MD5.C90692E2420F0AA0347E4BDAA6093029] - |A| - [16/04/2017 09:06:42] - (.-.) - [5086.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuEE03.tmp
[MD5.EB52C879B06E80EA3ACE707908C238AF] - |A| - [16/04/2017 09:06:42] - (.-.) - [16.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuEF4C.tmp
[MD5.B370E12EAAF8889D62DCEF03FFCE1C1B] - |A| - [24/06/2017 10:26:16] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\teredo.txt
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 00:07:23] - [0 Ko] - C:\WINDOWS\Temp\tw6B30.tmp
[MD5.00000000000000000000000000000000] - |D| - [08/04/2017 09:29:41] - [0 Ko] - C:\WINDOWS\Temp\twE231.tmp
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 00:10:47] - [0 Ko] - C:\WINDOWS\Temp\VulkanRT
[MD5.54484BE7652BAD00723EA87198A37DA4] - |A| - [14/04/2017 15:29:17] - (.-.) - [49.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1042.tmp.csv
[MD5.90ED1769F153AD2C53E07F2E3180C878] - |A| - [14/04/2017 15:29:17] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER10A1.tmp.txt
[MD5.ACA63392761BAB2DA73A8A7B893C43A2] - |A| - [14/04/2017 15:29:17] - (.-.) - [49.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER10F0.tmp.csv
[MD5.9A33587CD9877CEDE79E6519EB7FE068] - |A| - [14/04/2017 15:29:17] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1110.tmp.txt
[MD5.E07976DA4B62D04F067BBA6F969E98A3] - |A| - [25/04/2017 15:36:55] - (.-.) - [43.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER19FC.tmp.csv
[MD5.593BF712C018AC9649B125DA9C3E7BC4] - |A| - [25/04/2017 15:36:56] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1AB9.tmp.txt
[MD5.7C4AF7CEB229036220FC683CA63FD250] - |A| - [14/04/2017 16:21:12] - (.-.) - [42.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1CDB.tmp.csv
[MD5.078F38196C4C89C4AD87F77AFFC24F3D] - |A| - [14/04/2017 16:21:12] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1CEB.tmp.txt
[MD5.622F8570E8470CAE2D230915AED679C1] - |A| - [14/04/2017 06:35:05] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER38.tmp.txt
[MD5.E58B19298855B960A63277DB0ACDAFA2] - |A| - [18/04/2017 18:06:43] - (.-.) - [47.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER4023.tmp.csv
[MD5.9429EC2B4E69FD9D397F99B56A0AA130] - |A| - [18/04/2017 18:06:43] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER40C1.tmp.txt
[MD5.1A75CAFD1AA08ED8E56231E17AE7BC83] - |A| - [14/04/2017 15:04:27] - (.-.) - [44.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5306.tmp.csv
[MD5.838876A226FCCC3B40B54CDFF6861410] - |A| - [14/04/2017 15:04:27] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5316.tmp.txt
[MD5.4754C9816CE68F42AEFB42CEBC4710C5] - |A| - [14/04/2017 01:48:24] - (.-.) - [44.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER55CB.tmp.csv
[MD5.E47E404C754A90B4936D40712DB016F7] - |A| - [14/04/2017 01:48:24] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER55FB.tmp.txt
[MD5.CCB0614A042CFA948DF95F609910D609] - |A| - [14/04/2017 12:39:01] - (.-.) - [45.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER6F1F.tmp.csv
[MD5.F070F391453D9EE867CDD03E0010064D] - |A| - [14/04/2017 12:39:01] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER6F40.tmp.txt
[MD5.A81A363030158A0B818F646A40794B69] - |A| - [14/04/2017 10:29:19] - (.-.) - [48.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER718E.tmp.csv
[MD5.53459705BB5B343E8ADF6ACB76B0AE2B] - |A| - [14/04/2017 10:29:19] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER719F.tmp.txt
[MD5.74A7AAD15AA92FAFD4BF7F59168ED0BB] - |A| - [13/04/2017 22:58:08] - (.-.) - [38.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER7456.tmp.csv
[MD5.EAF52C385D0DAACD0CDC484833E0CBBD] - |A| - [13/04/2017 22:58:08] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER7486.tmp.txt
[MD5.A6FCA5B96D6AD049EBC8FA8E7B4A679B] - |A| - [25/04/2017 19:24:31] - (.-.) - [54.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER7826.tmp.csv
[MD5.ECE6E5073902C0ACB50AE74BFFE06F0C] - |A| - [25/04/2017 19:24:31] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER797F.tmp.txt
[MD5.836765996D3377B63E2DB5A4F2A9BD31] - |A| - [19/04/2017 12:31:33] - (.-.) - [47.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER80B9.tmp.csv
[MD5.CC566F991A805857F1EB3C2EF0BE56C5] - |A| - [19/04/2017 12:31:33] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8202.tmp.txt
[MD5.71702F29550C0766180907A7C3857B22] - |A| - [24/06/2017 14:32:49] - (.-.) - [34.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER86AA.tmp.csv
[MD5.157A34B15457FED510A51824E5ECA35E] - |A| - [14/04/2017 12:30:23] - (.-.) - [41.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER86D5.tmp.csv
[MD5.EB6A77B5040A31944045B4D9F6DDDDD7] - |A| - [24/06/2017 14:32:49] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8757.tmp.txt
[MD5.DB5670269A05B4D24102AF2BC8863B8C] - |A| - [14/04/2017 12:30:23] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER87FE.tmp.txt
[MD5.CBF7556E191FD1A67BA745926635BC1A] - |A| - [24/06/2017 11:43:12] - (.-.) - [42.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER98FC.tmp.csv
[MD5.ACD3C591B955D7536D051115E2E70910] - |A| - [24/06/2017 11:43:13] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER9A16.tmp.txt
[MD5.8766D6B087F32C01FEB331990273BEA5] - |A| - [14/04/2017 10:29:30] - (.-.) - [48.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER9F66.tmp.csv
[MD5.D8FAB919D2768794CBB2E43C55168D7C] - |A| - [14/04/2017 10:29:30] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER9F77.tmp.txt
[MD5.10EF544E0F1E703C049DAE9352DF75FC] - |A| - [18/04/2017 19:53:28] - (.-.) - [42.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA247.tmp.csv
[MD5.4516E149EE1410C1EEE30E0EC07BF7E6] - |A| - [18/04/2017 19:53:29] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA313.tmp.txt
[MD5.B9A183B151FCE4756F1E2F529CA60E9B] - |A| - [18/04/2017 18:02:47] - (.-.) - [43.06 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA4DC.tmp.csv
[MD5.8DF6ACF8DBAB6F7D06DFA1710C16F2E8] - |A| - [18/04/2017 18:02:47] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA683.tmp.txt
[MD5.00A11386C150FC502D746CEFA1C3342B] - |A| - [18/04/2017 23:24:12] - (.-.) - [46.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA8B9.tmp.csv
[MD5.492F7C3B3B039D8896ADDEB17BC7953B] - |A| - [18/04/2017 23:24:12] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA985.tmp.txt
[MD5.B21AB1CE61C24B1CD0C441820A17F1DC] - |A| - [27/04/2017 17:17:04] - (.-.) - [44.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERABD7.tmp.csv
[MD5.D7915FE9500AC7DEED014881CCF25307] - |A| - [27/04/2017 17:17:05] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERAD11.tmp.txt
[MD5.F50C0F55CB492297D24023073801F494] - |A| - [25/04/2017 19:24:45] - (.-.) - [54.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERAD32.tmp.csv
[MD5.AE9C4D2B51FA041ABE58B7EA68563D58] - |A| - [25/04/2017 19:24:45] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERAE5C.tmp.txt
[MD5.CB52A96335ACFDD1452DBADB7850B5F6] - |A| - [20/04/2017 08:05:54] - (.-.) - [45.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERB508.tmp.csv
[MD5.B21827EFBDB8CCA8911ADAB6E7F388D3] - |A| - [20/04/2017 08:05:54] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERB5D4.tmp.txt
[MD5.44F0EFF1FD23D62CAB7D5B430D851355] - |A| - [18/04/2017 14:51:10] - (.-.) - [47.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERC939.tmp.csv
[MD5.1B9E604D1A035A05B0E11D1911A5271C] - |A| - [18/04/2017 14:51:10] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERCA15.tmp.txt
[MD5.C1BA1F2B2DA0C636937E2967550AD879] - |A| - [18/04/2017 14:51:16] - (.-.) - [47.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERE157.tmp.csv
[MD5.591D6332B77ECA1BA3596728A349CE1A] - |A| - [18/04/2017 14:51:17] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERE233.tmp.txt
[MD5.E3CF5B0C5ABA88BCAB3BCAE576402938] - |A| - [14/04/2017 15:29:08] - (.-.) - [48.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WEREE31.tmp.csv
[MD5.E45516A8058D129CE42D63D6AED4198C] - |A| - [14/04/2017 15:29:08] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WEREE42.tmp.txt
[MD5.BD09009274B38ADFA5A2DDDC0757FD6E] - |A| - [13/04/2017 23:07:24] - (.-.) - [46.79 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERF0F2.tmp.csv
[MD5.1C7D759BBD81029002112084E43D865B] - |A| - [13/04/2017 23:07:24] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERF141.tmp.txt
[MD5.BBCCB34E53C4C4B98694B932D5594F17] - |A| - [14/04/2017 06:35:05] - (.-.) - [40.84 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERFF0E.tmp.csv
[MD5.00000000000000000000000000000000] - |D| - [15/03/2017 22:04:50] - [0 Ko] - C:\WINDOWS\Temp{224E7D29-03CD-4B7B-820D-34B72F0E6CFC}
[MD5.00000000000000000000000000000000] - |D| - [21/03/2017 01:15:27] - [0 Ko] - C:\WINDOWS\Temp{3BD12E63-B890-42FE-A689-885A880C03FF}
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 15:45:10] - [0 Ko] - C:\WINDOWS\Temp{9DAC6512-5DA6-4056-BC39-D5B19C8D2F92}
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 00:10:52] - [0 Ko] - C:\WINDOWS\Temp{B2327EAB-46D2-428B-B7FF-B4512FC5FAA1}
[MD5.00000000000000000000000000000000] - |D| - [22/03/2017 20:57:48] - [0 Ko] - C:\WINDOWS\Temp{F51459B3-55E5-4557-A864-B6A31329CD54}
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:00] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.0BE2744B6993CA636D0777ABC20C44B6] - |AH| - [14/07/2009 05:45:49] - (.-.) - [20.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.0BE2744B6993CA636D0777ABC20C44B6] - |AH| - [14/07/2009 05:45:49] - (.-.) - [20.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 12:42:35] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [16/07/2016 12:42:05] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32@BackgroundAccessToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 12:42:38] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32@EnrollmentToastIcon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [16/07/2016 12:42:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32@language_notification_icon.png
[MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [16/07/2016 12:42:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 12:42:38] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [16/07/2016 12:42:38] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WiFiNotificationIcon.png
[MD5.58B6CB6A8528BA1B267CFAE325E6B834] - |A| - [16/07/2016 12:42:23] - (.-.) - [20.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WindowsHelloFaceToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:29] - [3176.34 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.1E53DBCFBA49AB327BF00CC7E0759B6C] - |A| - [15/03/2017 21:54:33] - (.-.) - [437.78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [11/07/2015 08:16:34] - [0 Ko] - C:\WINDOWS\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [2487.23 Ko] - C:\WINDOWS\System32\appraiser
[MD5.F94192B47ACA96AFFEBC1073891EBB42] - |A| - [16/07/2016 12:43:20] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AppVStreamingUX.exe.config
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [272 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 20:57:27] - [82.76 Ko] - C:\WINDOWS\System32\BestPractices
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [247.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4451.37 Ko] - C:\WINDOWS\System32\Boot
[MD5.0F98A58AD88377E93770212F5BBE5581] - |A| - [12/11/2016 11:51:50] - (.-.) - [3761.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BootMan.exe
[MD5.31ABC8C02F1CCE0DA39550D763384184] - |A| - [16/07/2016 12:42:12] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:24] - [83892.26 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [43970.9 Ko] - C:\WINDOWS\System32\catroot2
[MD5.11955E07D8B9EB2C537918DB14A97563] - |A| - [22/01/2014 23:37:27] - (.Copyright (c) 2002-2011. Nokia. - Nokia Connectivity Cable WU uninstaller.) - [163 Ko] - (7.1.32.71) - C:\WINDOWS\System32\ccdcmbwux64.dll
[MD5.7655EB239E44FF3C0144BEE459C76DD3] - |A| - [14/07/2009 02:40:20] - (.Copyright CANON INC. 2006-2008 All Rights Reserved - Canon Inkjet Printer Driver.) - [206.5 Ko] - (0.3.1536.1) - C:\WINDOWS\System32\CNBLM3_2.DLL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [2077.97 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [360 Ko] - C:\WINDOWS\System32\Com
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:24] - [385809.4 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [47.64 Ko] - C:\WINDOWS\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [297 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.7485F49BD9D56F2771BD573ED011334B] - |A| - [26/05/2011 22:03:16] - (.Copyright © Cambridge Silicon Radio Limited, 2010Cambridge Silicon Radio Limited - Bluetooth control Panel helper.) - [98.12 Ko] - (1.0.15.0) - C:\WINDOWS\System32\CsrCplHelper.exe
[MD5.013E887C9098B96FD8E0791F88431D6B] - |A| - [26/05/2011 19:49:34] - (.Copyright © Cambridge Silicon Radio Limited, 2010Cambridge Silicon Radio Limited - HCR Client Monitor DLL.) - [69 Ko] - (1.0.15.0) - C:\WINDOWS\System32\csrportmon.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [293 Ko] - C:\WINDOWS\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [177.63 Ko] - C:\WINDOWS\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [329 Ko] - C:\WINDOWS\System32\de-DE
[MD5.306B90493D00011EB635E161C6C024B8] - |A| - [16/07/2016 12:42:22] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [16/07/2016 12:47:52] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [642 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.8B5F7B8C2EFE38CA571FBE24658DF11F] - |A| - [16/07/2016 12:42:36] - (.-.) - [90.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:27] - [7578.09 Ko] - C:\WINDOWS\System32\Dism
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:27] - [1116.16 Ko] - C:\WINDOWS\System32\downlevel
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:24] - [80520.6 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:24] - [1043917.36 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [18/12/2013 13:44:38] - [0 Ko] - C:\WINDOWS\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [149.5 Ko] - C:\WINDOWS\System32\dsc
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [325 Ko] - C:\WINDOWS\System32\el-GR
[MD5.72D5DD7E5C37D3817FF8A2171489269E] - |A| - [17/12/2015 01:00:45] - (.-.) - [22.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:01] - [3445.5 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [236 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [42482.32 Ko] - C:\WINDOWS\System32\en-US
[MD5.DB6C3DBF15DCFE149E247B44FEA6AD46] - |A| - [12/11/2016 11:51:50] - (.-.) - [23.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\epmntdrv.sys
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [318 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [257.5 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [232 Ko] - C:\WINDOWS\System32\et-EE
[MD5.B69A265AD9328E2027C18D84C3D49959] - |A| - [12/11/2016 11:51:50] - (.-.) - [17.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EuEpmGdi.dll
[MD5.08C997734B2CECE882656BB2855E6E76] - |A| - [12/11/2016 11:51:50] - (.-.) - [10.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EuGdiDrv.sys
[MD5.00000000000000000000000000000000] - |D| - [21/12/2013 09:34:36] - [154.5 Ko] - C:\WINDOWS\System32\EventProviders
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [25837.16 Ko] - C:\WINDOWS\System32\F12
[MD5.3C7D1E4786522EA69600111D7A7135EB] - |A| - [19/12/2016 23:29:22] - (.Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. - EaseUS Todo Backup Application.) - [23.54 Ko] - (3.0.0.1) - C:\WINDOWS\System32\fbnative.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [297 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.D90EF7AD8439412B64487027423FC2B2] - |A| - [08/02/2017 13:10:29] - (.-.) - [412.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [264 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [326 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [16/07/2016 12:42:12] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |HD| - [14/07/2009 04:20:11] - [1.31 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [259.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.E80A3D76B6645F0FF96CE865220A927A] - |A| - [17/12/2015 08:13:27] - (.Copyright (C) 1999 - LanguageMonitor.) - [127 Ko] - (61.63.249.0) - C:\WINDOWS\System32\hpz3l4v2.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [241.5 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [300.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.2A571B7728F23E83A800527879105180] - |A| - [16/07/2016 12:42:04] - (.-.) - [44.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.DD3E44126680D1DD8F5BA71E1D36D6A9] - |A| - [26/05/2011 20:49:56] - (.Copyright © Cambridge Silicon Radio Limited, 2010Cambridge Silicon Radio Limited - Csr Icon Resource Library.) - [6816 Ko] - (1.0.15.0) - C:\WINDOWS\System32\IconResource.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.8898B09A8D08E138F238224648DF0739] - |A| - [16/07/2016 12:42:35] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [25924.17 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [5265.25 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.22059DB12DB70AA7AF834227955CCA83] - |A| - [01/05/2017 12:39:47] - (.-.) - [19.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Info.txt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4803 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.5EA855B4A875E08AD93FF901B5D9E275] - |A| - [16/07/2016 12:42:09] - (.-.) - [226 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [323 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [237.5 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [27/04/2017 15:07:54] - (.Copyright © Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\WINDOWS\System32\klfphc.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [235 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [16/07/2016 12:42:22] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 22:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [73.41 Ko] - C:\WINDOWS\System32\Licenses
[MD5.3A990028C3616E00E7CA95A10408B80C] - |A| - [02/03/2016 17:08:22] - (.(C) 1998-2015 Logitech. - Logitech KMDF Co-Installer (UNICODE).) - [1810.64 Ko] - (5.90.38.0) - C:\WINDOWS\System32\LkmdfCoInst.dll
[MD5.C6FA07D254B8A0A3CFC41616B460E9BB] - |A| - [19/03/2014 01:24:42] - (.(C) 1998-2013 Logitech. - Logitech Bluetooth Co-Installer (UNICODE).) - [51.77 Ko] - (5.80.3.0) - C:\WINDOWS\System32\LMouFiltCoInst.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [11964.55 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [20/09/2012 17:02:06] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [237 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [238.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.4EF6769EE36DD9717A5B6C6001332C48] - |A| - [12/11/2015 16:25:58] - (.-.) - [9.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoinst.log
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [58796.59 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [16/07/2016 12:44:03] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [0 Ko] - C:\WINDOWS\System32\manifeststore
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [16/07/2016 12:42:22] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 20:59:29] - [17.92 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [7441.23 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [47558.48 Ko] - C:\WINDOWS\System32\migwiz
[MD5.00000000000000000000000000000000] - |D| - [18/12/2013 17:54:50] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4228.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 20:57:27] - [12304.66 Ko] - C:\WINDOWS\System32\msmq
[MD5.18403DE4979A328F21279DECB2E4298F] - |A| - [16/07/2016 12:43:08] - (.-.) - [3.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqpub.mof
[MD5.E0640DE5407EEE4C6E16D839243B71F9] - |A| - [16/07/2016 12:43:08] - (.-.) - [8.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqtrc.mof
[MD5.3ED9AC3EE11EE2C16E2E41F0DC4BAD42] - |A| - [16/07/2016 12:43:08] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqtrcRemove.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [6 Ko] - C:\WINDOWS\System32\MUI
[MD5.849946AD8A164ED1460B2C5F3D957500] - |A| - [22/02/2014 15:42:53] - (.Freeware - MyDefrag Script Interpreter.) - [1120.5 Ko] - (4.3.1.0) - C:\WINDOWS\System32\MyDefragScreenSaver_v4.3.1.exe
[MD5.FB76AB9B8C9869882EA8EFF133FB0F37] - |A| - [22/02/2014 15:42:53] - (.Freeware - MyDefrag Script Interpreter.) - [474 Ko] - (4.3.1.0) - C:\WINDOWS\System32\MyDefragScreenSaver_v4.3.1.scr
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [288 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [1024 Ko] - C:\WINDOWS\System32\NDF
[MD5.EE7010410C0E8155FD2D93918C14239F] - |A| - [08/02/2017 13:10:43] - (.-.) - [44.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [16/07/2016 12:42:12] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [102 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [308 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.11E3B7CE5CC1C5421BE1A075B6EB816F] - |A| - [22/01/2014 23:38:10] - (.Copyright (c) 2002,2003,2004,2005. Nokia. - Wireless Communication Device Class Installer.) - [67.5 Ko] - (7.1.30.51) - C:\WINDOWS\System32\nmwcdclsx64.dll
[MD5.530C14375D42BA5A0CDB0B360C93A93C] - |A| - [22/01/2014 23:37:27] - (.Copyright (c) 2002-2011. Nokia. - Wireless Communication Device Class Co-Installer.) - [625 Ko] - (7.1.32.71) - C:\WINDOWS\System32\nmwcdcoclsx64.dll
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
[MD5.2BF0CEEDCF4C5581E199FC4A265B3F71] - |A| - [27/04/2017 16:25:59] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json
[MD5.B118600075AA8BD0596510F44D9F4274] - |A| - [27/04/2017 16:28:16] - (.-.) - [7608.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin
[MD5.D6B802667DFEF58A249C725633CC9C10] - |A| - [27/04/2017 16:25:59] - (.-.) - [42.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb
[MD5.F54598052A618ADC0231853D870A22BE] - |A| - [16/07/2016 12:47:53] - (.-.) - [15.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [16/07/2016 12:42:11] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [12630.2 Ko] - C:\WINDOWS\System32\oobe
[MD5.42D2360079B1DF3230024AE920737367] - |A| - [16/07/2016 12:42:22] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.775D376E089CE8AB91A9F6EF76CBF740] - |A| - [16/07/2016 12:49:31] - (.-.) - [415.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [16/07/2016 12:49:35] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.3617A516BD67DB0F0A1EEF5662096F93] - |A| - [16/07/2016 12:49:31] - (.-.) - [1335.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.E4076A474987FD5EE3DECE68EB120E80] - |A| - [08/02/2017 13:16:59] - (.-.) - [1250.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [306 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [559.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [413.88 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [16/07/2016 12:42:31] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [308 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [303.5 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.FB0267CE1DD06E428C9BFFA0AE42FF47] - |A| - [18/01/2014 12:42:16] - (.Copyright © 2002-2006 by Tracker Software - PDF-XChange Port Monitor.) - [6.5 Ko] - (3.50.0.98) - C:\WINDOWS\System32\pxc35pm.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.5D9616D2A76F38EF94866248CA4EDB2C] - |A| - [16/07/2016 12:43:18] - (.Copyright (C) 2009 - RemoteFX Helper.) - [106 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [2.05 Ko] - C:\WINDOWS\System32\Recovery
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [16/07/2016 12:42:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.D67CDB8D2584AAC165A77488C5A7A987] - |A| - [16/07/2016 12:42:37] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.4FE9CE56EFA89779D81B988698D2454C] - |A| - [16/07/2016 12:42:37] - (.-.) - [8.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [243.5 Ko] - C:\WINDOWS\System32\ro-RO
[MD5.AF47D6660569DFA46BC4E1CD21E1624B] - |A| - [28/09/2012 20:45:16] - (.-.) - [240.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rtvcvfw64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [300 Ko] - C:\WINDOWS\System32\ru-RU
[MD5.212E30726DAF3567E4F689B84743E3E2] - |A| - [21/01/2016 21:43:32] - (.Copyright (c) 2012-2014 Focusrite Audio Engineering Limited. - Focusrite Scarlett Family Audio Driver.) - [1084.5 Ko] - (3.1.10.221) - C:\WINDOWS\System32\Scarlett_UAC2PropertyPage.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [16/07/2016 12:43:50] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [16/07/2016 12:42:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.4B91350942AA13F7566277CC6899E142] - |A| - [12/11/2016 11:51:50] - (.-.) - [99.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\setupempdrvx64.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [245 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [240.5 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 13:10:39] - [29648 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [45.92 Ko] - C:\WINDOWS\System32\slmgr
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [16/07/2016 12:42:22] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:24] - [13641.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [7576.34 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [8566.38 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [179673.86 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [9926.77 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [21/12/2013 09:36:58] - [1775.5 Ko] - C:\WINDOWS\System32\SPReview
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [243.5 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [244 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [16/07/2016 12:42:16] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [33176 Ko] - C:\WINDOWS\System32\sru
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [293.5 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [16/07/2016 12:43:20] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:27] - [1624.64 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [912.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [587.56 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [629.76 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [16/07/2016 12:42:39] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [227.5 Ko] - C:\WINDOWS\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [289.5 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.C8F2952DAE3971614DBD0C509F35BE93] - |A| - [16/07/2016 12:42:38] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [16/07/2016 12:42:38] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials. xslt
[MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [16/07/2016 12:43:20] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config
[MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [16/07/2016 12:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [240 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [17/06/2017 08:27:20] - [2137.72 Ko] - C:\WINDOWS\System32\UNP
[MD5.E7482D1D449217C8641762F5C38E157C] - |A| - [16/07/2016 12:42:12] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VpnSohDesktop.dll
[MD5.F5AA1CD090726ED32C0026FBD023FCF7] - |A| - [26/01/2017 01:09:16] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [315 Ko] - (1.0.39.1) - C:\WINDOWS\System32\vulkan-1-1-0-39-1.dll
[MD5.F5AA1CD090726ED32C0026FBD023FCF7] - |A| - [27/04/2017 16:32:34] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [315 Ko] - (1.0.39.1) - C:\WINDOWS\System32\vulkan-1.dll
[MD5.6D2AD21CD6674F1B66CCB8C4C433A4E1] - |A| - [26/01/2017 01:09:50] - (.-.) - [115.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-39-1.exe
[MD5.6D2AD21CD6674F1B66CCB8C4C433A4E1] - |A| - [27/04/2017 16:32:34] - (.-.) - [115.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [19/12/2013 19:20:15] - [0 Ko] - C:\WINDOWS\System32\Wat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [85906.63 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [56413.07 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [16/07/2016 12:42:11] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\WINDOWS\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [1.1 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [42585.77 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [9878.88 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [158264 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4228.5 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [100.11 Ko] - C:\WINDOWS\System32\winrm
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [16/07/2016 12:42:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [16/07/2016 12:42:27] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [210 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [202.5 Ko] - C:\WINDOWS\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [204.5 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [21/12/2013 15:15:49] - [0.08 Ko] - C:\WINDOWS\SysWOW64%Report%
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.00EC541EA46F1CFF806E5DC3458D9CB0] - |A| - [23/01/2014 18:31:08] - (.-.) - [140 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\3DAudio.ax
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 12:43:00] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 12:43:02] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 12:43:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@VpnToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:30] - [2141.84 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [250 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.212F87EE837B4E35E43A93BBFC44E7A7] - |A| - [08/07/2014 21:42:14] - (.Copyright (C) 2004 - AsIO DLL.) - [24 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\AsIO.dll
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 20:57:27] - [12.45 Ko] - C:\WINDOWS\SysWOW64\BestPractices
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [222 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.779757290A9BF117CFB9936A88DD52DE] - |A| - [12/11/2016 11:51:50] - (.-.) - [2867.69 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\BootMan.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot2
[MD5.209FDF5096AFD1312B98527B8B7B852E] - |A| - [23/01/2014 18:31:08] - (.-.) - [952 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\cis-2.4.dll
[MD5.76BDA2CA70F62390D0D0BFCD4915EDA1] - |A| - [22/02/2014 11:31:42] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CleanGenius3Trial.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [318 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [57.89 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [47.64 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [267.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [264.5 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [298.5 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [19 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [14/04/2017 10:33:05] - [0 Ko] - C:\WINDOWS\SysWOW64\directx
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:27] - [6007.05 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:27] - [1068.16 Ko] - C:\WINDOWS\SysWOW64\downlevel
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [3434.24 Ko] - C:\WINDOWS\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [3108.5 Ko] - C:\WINDOWS\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [213 Ko] - C:\WINDOWS\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [34669.87 Ko] - C:\WINDOWS\SysWOW64\en-US
[MD5.3EE5337BCC0027FDBEE0150FB8EDBF17] - |A| - [12/11/2016 11:51:50] - (.-.) - [243 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\epmntdrv.pdb
[MD5.5F2D1F871FF277EDE5FAEB971D8335ED] - |A| - [12/11/2016 11:51:50] - (.-.) - [20.99 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\epmntdrv.sys
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [287.5 Ko] - C:\WINDOWS\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [231.5 Ko] - C:\WINDOWS\SysWOW64\es-MX
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [209 Ko] - C:\WINDOWS\SysWOW64\et-EE
[MD5.980F2EEDACFEBD6C371A165046FD6237] - |A| - [12/11/2016 11:51:50] - (.-.) - [20.59 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\EuEpmGdi.dll
[MD5.886CDC85E0B6C9AC2547F919E5B224A3] - |A| - [12/11/2016 11:51:50] - (.-.) - [9.97 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\EuGdiDrv.sys
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [21626.66 Ko] - C:\WINDOWS\SysWOW64\F12
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [267.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [237 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [294 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [238.5 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.A4001C78F2806662B3BD91ACB44E6330] - |A| - [18/12/2013 17:38:29] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\initdebug.nfo
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [201 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.D8D6FA22135619B3C3B32441571B3C4F] - |A| - [23/01/2014 18:31:08] - (.-.) - [80 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_bs-2.3.dll
[MD5.18DB794E8C223A248671D4A9409AED23] - |A| - [23/01/2014 18:31:08] - (.-.) - [64 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_pe-2.3.dll
[MD5.F7D4D358EE74ADF1ECDEEFBA35765D22] - |A| - [23/01/2014 18:31:08] - (.-.) - [56 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_se-2.3.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.F4C8B34A60CB26D40036CDC39F37336B] - |A| - [17/02/2014 23:12:42] - (.-.) - [5.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
[MD5.03FBE0CC9DE23172E774AC4FC365966A] - |A| - [30/05/2014 08:00:01] - (.-.) - [4.33 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
[MD5.92D5703393512609AE46448F528AA387] - |A| - [15/10/2014 08:19:54] - (.-.) - [4.2 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\jupdate-1.7.0_71-b14.log
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [212.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [73.41 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [213.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [50038.65 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.8901A0803B5601DC1DF5ECC99339C09B] - |A| - [23/01/2014 18:31:10] - (.Copyright (C) 2003-2004, (주) 마크애니 - 클라이언트 프로토콜 라이브러리.) - [44 Ko] - (1.2.2005.128) - C:\WINDOWS\SysWOW64\MACXMLProto.dll
[MD5.C2CDFD61447D278C96B441C13F8F71BE] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2003 - MaDRM DLL.) - [116 Ko] - (3.0.2004.1011) - C:\WINDOWS\SysWOW64\MaDRM.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.B5B76E18B10724CF0D88CCC9B1F4FB37] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2003, (주) 마크애니 - MaJGUILib DLL.) - [48 Ko] - (1.0.2004.301) - C:\WINDOWS\SysWOW64\MaJGUILib.dll
[MD5.9B2F9CC5BD4D266A2E76DBFECDDB0122] - |A| - [23/01/2014 18:31:08] - (.Copyright ⓒ 2004 MarkAny Inc. - 마크애니 MAC 주소 추출 DLL.) - [44.26 Ko] - (1.0.2009.930) - C:\WINDOWS\SysWOW64\MAMACExtract.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\WINDOWS\SysWOW64\manifeststore
[MD5.2C16CF611C87FAB86B287CFFBA91B647] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2004 - (주)마크애니 ContentSAFER Cleaner.) - [24 Ko] - (3.0.2006.925) - C:\WINDOWS\SysWOW64\MASetupCleaner.exe
[MD5.AD2454F9D19FDCA0FF26F48E809F5361] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2003-2004, (주) 마크애니 - MaXMLProto DLL.) - [44 Ko] - (1.0.2004.602) - C:\WINDOWS\SysWOW64\MaXMLProto.dll
[MD5.6C5F63ED6968F6874B9541CC50489B2A] - |A| - [22/02/2014 10:18:05] - (.-.) - [72.95 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mfc45.dat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [3774.89 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [821.34 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.01FB39AD6F00AEF968372027259E8F13] - |A| - [23/01/2014 18:31:08] - (.Copyright ⓒ 2004 - MK_Lyric.) - [56 Ko] - (1.0.1124.1) - C:\WINDOWS\SysWOW64\MK_Lyric.dll
[MD5.422D36A4743BF9CC2A787A68D9C9A988] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2005 Teruten Inc. - MSCLib DLL.) - [240 Ko] - (1.0.0.8) - C:\WINDOWS\SysWOW64\MSCLib.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc
[MD5.99089A2B318765568F2745BBF1A4F870] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2005 Teruten Inc. - MSFLib DLL.) - [152 Ko] - (1.0.0.7) - C:\WINDOWS\SysWOW64\MSFLib.dll
[MD5.18403DE4979A328F21279DECB2E4298F] - |A| - [16/07/2016 12:44:01] - (.-.) - [3.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqpub.mof
[MD5.E0640DE5407EEE4C6E16D839243B71F9] - |A| - [16/07/2016 12:44:01] - (.-.) - [8.88 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqtrc.mof
[MD5.3ED9AC3EE11EE2C16E2E41F0DC4BAD42] - |A| - [16/07/2016 12:44:01] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqtrcRemove.mof
[MD5.CF25249C36368124E0FF9E6B68194460] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2001 Telechips Inc., - USB Dynamic Link Library for TCC730.) - [40 Ko] - (1.9.4.2) - C:\WINDOWS\SysWOW64\MTTELECHIP.dll
[MD5.E8558EFAD97B3D10A73E8DC9426E4DCA] - |A| - [23/01/2014 18:31:08] - (.Copyright 2004 Marktek Inc. - MTXSYNCICON Module.) - [56 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\MTXSYNCICON.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.8CB1DDC3EAC6B60213C75B21DAE06FF5] - |A| - [23/01/2014 18:31:10] - (.Copyright Musiccity Co.Ltd. - AOD Sourcer Filter.) - [132 Ko] - (1.0.0.60410) - C:\WINDOWS\SysWOW64\muzaf1.dll
[MD5.4F9BD5F58F631920BBAAEB9D9960286D] - |A| - [23/01/2014 18:31:08] - (.Copyright 2003 - MUZAoDAppCtrl Module.) - [480 Ko] - (1.3.9.303) - C:\WINDOWS\SysWOW64\muzapp.dll
[MD5.A12FB1A9FC4433CD64C77A7250821A02] - |A| - [23/01/2014 18:31:08] - (.Copyright Musiccity Co.Ltd. - MUZAoDApp Module.) - [168 Ko] - (1.0.9.222) - C:\WINDOWS\SysWOW64\muzapp.exe
[MD5.C763946CD9EDB212ADE1930E7B1F4037] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) 2002 - 2007, PeeringPortal - PCube Audio Decoder Filter.) - [556 Ko] - (1.0.0.60207) - C:\WINDOWS\SysWOW64\muzdecode.ax
[MD5.A198190A504C60B1F9BEE4B32AD843B4] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) 2002 - 2007, (c) PeeringPortal - P3AudioEffect Filter.) - [120 Ko] - (1.0.0.60210) - C:\WINDOWS\SysWOW64\muzeffect.ax
[MD5.92B0830A8EED421ECFE454747379A13C] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) PeeringPortal - P3MP4Splitter Filter.) - [108 Ko] - (1.0.0.60210) - C:\WINDOWS\SysWOW64\muzmp4sp.ax
[MD5.D93808F389158531CAE0766FE51E9D8E] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) 2002 - 2007, (c) PeeringPortal - PCube MPEG Splitter Filter.) - [128 Ko] - (1.1.7.911) - C:\WINDOWS\SysWOW64\muzmpgsp.ax
[MD5.1B84845FB7372D457B3CBC3CE518F997] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) 2004 SK TELECOM. - OGG Splitter.) - [252 Ko] - (1.0.0.60207) - C:\WINDOWS\SysWOW64\muzoggsp.ax
[MD5.0A2003F4CFD58C350C7B2E2D9807D12D] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) PeeringPortal All rights reserved - P3WMTSplitter Filter.) - [196 Ko] - (1.0.0.60208) - C:\WINDOWS\SysWOW64\muzwmts.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [260.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [278 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.E256CF02FDF09732C42AF1C7AB9521DD] - |A| - [27/04/2017 16:25:59] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json
[MD5.BC71FF7DA14ECA943FA0AD815F72B8CB] - |A| - [07/01/2003 16:05:06] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OUTLPERF.H
[MD5.509A7197AE66401D1DA76F4BAC1DD0A8] - |A| - [07/01/2003 16:05:08] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OUTLPERF.INI
[MD5.0331ED0CEE624BDC9CB02702F35D427B] - |A| - [08/02/2017 13:16:51] - (.-.) - [946.14 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [275.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:03] - [413.88 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [278.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [273.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0.76 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.A64711C9CF690718EADA750370EC5EB2] - |A| - [23/05/2014 09:01:53] - (.Copyright (c) 2000 - 2010 Dmitry Streblechenko - Outlook Redemption COM library.) - [4550.5 Ko] - (4.8.0.1184) - C:\WINDOWS\SysWOW64\Redemption.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [218.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.03944ABAE856DC164BD167526E07E953] - |A| - [28/09/2012 20:45:06] - (.-.) - [241.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\rtvcvfw32.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [270.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU
[MD5.7753FC56F9CAC4B5AFDA3196DB654F21] - |A| - [23/05/2014 09:01:54] - (.Copyright © 2004-2010 MAPILab Ltd. & Add-in Express Ltd. - Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard.) - [141.27 Ko] - (3.0.0.0) - C:\WINDOWS\SysWOW64\secman.dll
[MD5.0CA49026F2DA1F2D3BEE9CD779AA806D] - |A| - [12/11/2016 11:51:50] - (.-.) - [86.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\setupempdrv03.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [219 Ko] - C:\WINDOWS\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:03] - [45.92 Ko] - C:\WINDOWS\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4199.34 Ko] - C:\WINDOWS\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [6323.17 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
[MD5.0FFE35F0B0CD5A324BBE22F02569AE3B] - |A| - [29/12/2012 21:59:38] - (.Copyright © Almico Software 2001-2013 - SpeedFan x64 Driver.) - [27.99 Ko] - (2.3.11.0) - C:\WINDOWS\SysWOW64\speedfan.sys
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [1677.83 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [31.88 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.EE68B052A08FEC0F574F2DAE2003DF27] - |A| - [28/07/2014 10:29:38] - (. SQLite Copyright - SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - [635.47 Ko] - (3.8.5.0) - C:\WINDOWS\SysWOW64\sqlite3.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [223 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [219.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [265.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [205 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [261.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [16/07/2016 12:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.C758EBC719C0D07B1B0E251C77F11BFD] - |A| - [05/01/1999 18:30:02] - (.Copyright © 1998, VideoSoft - vsFlex3 ActiveX Controls.) - [220 Ko] - (3.0.0.36) - C:\WINDOWS\SysWOW64\VSFLEX3.OCX
[MD5.4287C9D06A1086CDF75C697A494BE4B7] - |A| - [26/01/2017 01:12:46] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [319 Ko] - (1.0.39.1) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
[MD5.4287C9D06A1086CDF75C697A494BE4B7] - |A| - [27/04/2017 16:32:34] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [319 Ko] - (1.0.39.1) - C:\WINDOWS\SysWOW64\vulkan-1.dll
[MD5.BB0B3644D206847B9E39745E7A25BC64] - |A| - [26/01/2017 01:13:16] - (.-.) - [101.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
[MD5.BB0B3644D206847B9E39745E7A25BC64] - |A| - [27/04/2017 16:32:34] - (.-.) - [101.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [19/12/2013 19:20:15] - [0 Ko] - C:\WINDOWS\SysWOW64\Wat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [16743.71 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [8876.16 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4228.5 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:03] - [100.11 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.1CD08C0FA0C5BD53450E332F35304381] - |A| - [06/10/2009 08:16:02] - (.-.) - [800 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xvidcore.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [190.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“!Do not use this registry key”=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
“AppData”=C:\Users\Gary\AppData\Roaming [08/02/2017 13:17:56]
“Local AppData”=C:\Users\Gary\AppData\Local [08/02/2017 13:17:56]
“{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}”=C:\Users\Gary\AppData\Roaming\Micro soft\Windows\Libraries [18/12/2013 13:21:30]
“My Video”=C:\Users\Gary\Videos [18/12/2013 13:20:59]
“My Pictures”=C:\Users\Gary\Pictures [18/12/2013 13:20:59]
“Desktop”=C:\Users\Gary\Desktop [18/12/2013 13:20:59]
“History”=C:\Users\Gary\AppData\Local\Microsoft\Wi ndows\History [18/12/2013 13:20:59]
“NetHood”=C:\Users\Gary\AppData\Roaming\Microsoft\ Windows\Network Shortcuts [08/02/2017 13:17:56]
“{56784854-C6CB-462B-8169-88E350ACB882}”=C:\Users\Gary\Contacts [18/12/2013 13:21:14]
“{00BCFC5A-ED94-4E48-96A1-3F6217F21990}”=C:\Users\Gary\AppData\Local\Microso ft\Windows\RoamingTiles [17/12/2015 01:04:20]
“Cookies”=C:\Users\Gary\AppData\Local\Microsoft\Wi ndows\INetCookies [18/12/2013 13:20:59]
“Favorites”=C:\Users\Gary\Favorites [18/12/2013 13:20:59]
“SendTo”=C:\Users\Gary\AppData\Roaming\Microsoft\W indows\SendTo [08/02/2017 13:17:56]
“Start Menu”=C:\Users\Gary\AppData\Roaming\Microsoft\Wind ows\Start Menu [08/02/2017 13:17:56]
“My Music”=C:\Users\Gary\Music [18/12/2013 13:20:59]
“Programs”=C:\Users\Gary\AppData\Roaming\Microsoft \Windows\Start Menu\Programs [08/02/2017 13:17:56]
“Recent”=C:\Users\Gary\AppData\Roaming\Microsoft\W indows\Recent [18/12/2013 13:20:59]
“CD Burning”=C:\Users\Gary\AppData\Local\Microsoft\Win dows\Burn\Burn [08/02/2017 13:49:56]
“PrintHood”=C:\Users\Gary\AppData\Roaming\Microsof t\Windows\Printer Shortcuts [08/02/2017 13:17:56]
“{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}”=C:\Users\Gary\Searches [18/12/2013 13:21:30]
“{374DE290-123F-4565-9164-39C4925E467B}”=C:\Users\Gary\Downloads [18/12/2013 13:20:59]
“{A520A1A4-1780-4FF6-BD18-167343C5AF16}”=C:\Users\Gary\AppData\LocalLow [18/12/2013 13:20:59]
“Startup”=C:\Users\Gary\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup [18/12/2013 13:21:30]
“Administrative Tools”=C:\Users\Gary\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Administrative Tools [18/12/2013 13:21:30]
“Personal”=C:\Users\Gary\Documents [18/12/2013 13:20:59]
“{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}”=C:\Users\Gary\Links [18/12/2013 13:20:59]
“Cache”=C:\Users\Gary\AppData\Local\Microsoft\Wind ows\INetCache [08/02/2017 13:17:56]
“Templates”=C:\Users\Gary\AppData\Roaming\Microsof t\Windows\Templates [08/02/2017 13:17:56]
“{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}”=C:\Users\Gary\Saved Games [18/12/2013 13:20:59]
“Fonts”=C:\WINDOWS\Fonts [16/07/2016 12:47:48]

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“AppData”=%USERPROFILE%\AppData\Roaming
“Desktop”=%USERPROFILE%\Desktop
“Favorites”=%USERPROFILE%\Favorites
“History”=%USERPROFILE%\AppData\Local\Microsoft\Wi ndows\History
“Local AppData”=%USERPROFILE%\AppData\Local
“My Music”=%USERPROFILE%\Music
“My Pictures”=%USERPROFILE%\Pictures
“My Video”=%USERPROFILE%\Videos
“NetHood”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Network Shortcuts
“Personal”=%USERPROFILE%\Documents
“PrintHood”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Printer Shortcuts
“Programs”=%USERPROFILE%\AppData\Roaming\Microsoft \Windows\Start Menu\Programs
“Recent”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\Recent
“SendTo”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\SendTo
“Start Menu”=%USERPROFILE%\AppData\Roaming\Microsoft\Wind ows\Start Menu
“Startup”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup
“Templates”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Templates
“{374DE290-123F-4565-9164-39C4925E467B}”=%USERPROFILE%\Downloads
“Cache”=C:\Users\Gary\AppData\Local\Microsoft\Wind ows\INetCache [08/02/2017 13:17:56]
“Cookies”=C:\Users\Gary\AppData\Local\Microsoft\Wi ndows\INetCookies [18/12/2013 13:20:59]
“CD Burning”=%USERPROFILE%\AppData\Local\Microsoft\Win dows\Burn\Burn

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/07/2016 12:47:48]
“Common AppData”=C:\ProgramData [16/07/2016 12:47:48]
“Common Desktop”=C:\Users\Public\Desktop [14/07/2009 04:20:08]
“Common Documents”=C:\Users\Public\Documents [14/07/2009 04:20:08]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 12:47:48]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 12:47:48]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 12:47:48]
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [14/07/2009 04:20:08]
“CommonMusic”=C:\Users\Public\Music [14/07/2009 04:20:08]
“CommonPictures”=C:\Users\Public\Pictures [14/07/2009 04:20:08]
“CommonVideo”=C:\Users\Public\Videos [14/07/2009 04:20:08]
“OEM Links”=C:\ProgramData\OEM\Links

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“Common AppData”=%ProgramData%
“Common Desktop”=%PUBLIC%\Desktop
“Common Documents”=%PUBLIC%\Documents
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es
“CommonMusic”=%PUBLIC%\Music
“CommonPictures”=%PUBLIC%\Pictures
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Shell Folders]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/07/2016 12:47:48]
“Common AppData”=C:\ProgramData [16/07/2016 12:47:48]
“Common Desktop”=C:\Users\Public\Desktop [14/07/2009 04:20:08]
“Common Documents”=C:\Users\Public\Documents [14/07/2009 04:20:08]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 12:47:48]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 12:47:48]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 12:47:48]
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [14/07/2009 04:20:08]
“CommonMusic”=C:\Users\Public\Music [14/07/2009 04:20:08]
“CommonPictures”=C:\Users\Public\Pictures [14/07/2009 04:20:08]
“CommonVideo”=C:\Users\Public\Videos [14/07/2009 04:20:08]
“OEM Links”=C:\ProgramData\OEM\Links
“Personal”=C:\Users\Gary\Documents\ [// ::]

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\User Shell Folders]
“Common AppData”=%ProgramData%
“Common Desktop”=%PUBLIC%\Desktop
“Common Documents”=%PUBLIC%\Documents
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es
“CommonMusic”=%PUBLIC%\Music
“CommonPictures”=%PUBLIC%\Pictures
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads

---------- | [Gary]

[08/02/2017 13:17:56] - |D| - [143923757906] - C:\Users\Gary\AppData\Local
[18/12/2013 13:20:59] - |D| - [563224426] - C:\Users\Gary\AppData\LocalLow
[08/02/2017 13:17:56] - |D| - [1014164731] - C:\Users\Gary\AppData\Roaming
[17/12/2015 01:08:05] - |D| - [0] - C:\Users\Gary\AppData\Local\ActiveSync
[01/11/2014 11:10:29] - |D| - [0] - C:\Users\Gary\AppData\Local\Adobe
[08/02/2017 13:17:56] - |SHD| - [132126876464] - C:\Users\Gary\AppData\Local\Application Data
[18/12/2013 13:40:01] - |D| - [0] - C:\Users\Gary\AppData\Local\Apps
[18/12/2013 13:40:57] - |A| - [96088] - C:\Users\Gary\AppData\Local\ars (2).cache
[18/12/2013 13:41:24] - |A| - [96088] - C:\Users\Gary\AppData\Local\ars (3).cache
[18/12/2013 13:39:56] - |A| - [96088] - C:\Users\Gary\AppData\Local\ars.cache
[22/01/2016 15:22:12] - |D| - [4874744] - C:\Users\Gary\AppData\Local\Audacity
[01/07/2016 18:42:10] - |D| - [76616682] - C:\Users\Gary\AppData\Local\Axialis
[08/03/2017 22:45:57] - |D| - [0] - C:\Users\Gary\AppData\Local\CEF
[18/12/2013 13:40:57] - |A| - [9384331] - C:\Users\Gary\AppData\Local\census (2).cache
[18/12/2013 13:41:24] - |A| - [9384331] - C:\Users\Gary\AppData\Local\census (3).cache
[18/12/2013 13:39:56] - |A| - [9384331] - C:\Users\Gary\AppData\Local\census.cache
[04/08/2016 23:00:09] - |D| - [388166720] - C:\Users\Gary\AppData\Local\Chromium
[17/12/2015 01:23:46] - |D| - [20996120] - C:\Users\Gary\AppData\Local\Comms
[21/09/2016 16:29:15] - |D| - [2114128] - C:\Users\Gary\AppData\Local\ConnectedDevicesPlatfo rm
[04/02/2016 10:33:06] - |D| - [322878283] - C:\Users\Gary\AppData\Local\CrashDumps
[20/10/2015 12:08:25] - |D| - [629] - C:\Users\Gary\AppData\Local\DAI
[20/10/2015 12:06:48] - |D| - [645] - C:\Users\Gary\AppData\Local\DAIToolsSuite_Loader
[18/12/2013 13:40:01] - |D| - [0] - C:\Users\Gary\AppData\Local\Diagnostics
[18/12/2013 13:40:01] - |D| - [32919] - C:\Users\Gary\AppData\Local\DOSBox
[18/12/2013 13:40:01] - |D| - [1307462610] - C:\Users\Gary\AppData\Local\Downloaded Installations
[18/12/2013 13:40:07] - |D| - [0] - C:\Users\Gary\AppData\Local\ElevatedDiagnostics
[19/11/2014 23:05:42] - |SHD| - [0] - C:\Users\Gary\AppData\Local\EmieBrowserModeList
[20/04/2014 15:26:30] - |SHD| - [0] - C:\Users\Gary\AppData\Local\EmieSiteList
[20/04/2014 15:26:30] - |SHD| - [0] - C:\Users\Gary\AppData\Local\EmieUserList
[09/12/2015 19:52:29] - |A| - [2370560] - C:\Users\Gary\AppData\Local\file__0.localstorage
[18/12/2013 13:40:07] - |D| - [0] - C:\Users\Gary\AppData\Local\FLT
[29/05/2015 12:30:22] - |D| - [5968036] - C:\Users\Gary\AppData\Local\fontconfig
[25/01/2017 21:56:02] - |D| - [193940] - C:\Users\Gary\AppData\Local\Foxit Reader
[27/09/2016 00:20:51] - |A| - [110600] - C:\Users\Gary\AppData\Local\GDIPFONTCACHEV1.DAT
[29/05/2015 12:30:16] - |D| - [660] - C:\Users\Gary\AppData\Local\gegl-0.2
[18/12/2013 13:40:07] - |D| - [775846037] - C:\Users\Gary\AppData\Local\Google
[29/05/2015 12:40:36] - |D| - [207] - C:\Users\Gary\AppData\Local\gtk-2.0
[22/06/2015 20:20:54] - |D| - [71] - C:\Users\Gary\AppData\Local\GWX
[08/02/2017 13:17:56] - |SHD| - [580] - C:\Users\Gary\AppData\Local\History
[18/12/2013 13:40:58] - |A| - [36] - C:\Users\Gary\AppData\Local\housecall.guid (2).cache
[18/12/2013 13:41:25] - |A| - [36] - C:\Users\Gary\AppData\Local\housecall.guid (3).cache
[18/12/2013 13:39:57] - |A| - [36] - C:\Users\Gary\AppData\Local\housecall.guid.cache
[18/12/2013 13:40:01] - |AH| - [3268555] - C:\Users\Gary\AppData\Local\IconCache (2).db
[18/12/2013 13:40:59] - |AH| - [3268555] - C:\Users\Gary\AppData\Local\IconCache (3).db
[18/12/2013 13:41:25] - |AH| - [3268555] - C:\Users\Gary\AppData\Local\IconCache (4).db
[31/03/2017 20:06:07] - |AH| - [80326] - C:\Users\Gary\AppData\Local\IconCache.db
[11/01/2014 10:13:07] - |AH| - [4096] - C:\Users\Gary\AppData\Local\keyfile3.drm
[16/06/2014 19:54:02] - |D| - [14989161] - C:\Users\Gary\AppData\Local\Kingsoft
[12/11/2015 16:31:12] - |D| - [2914129] - C:\Users\Gary\AppData\Local\Logitech® Webcam Software
[18/12/2013 23:34:46] - |D| - [0] - C:\Users\Gary\AppData\Local\Macromedia
[08/02/2017 13:17:56] - |D| - [1399060340] - C:\Users\Gary\AppData\Local\Microsoft
[18/12/2013 16:34:30] - |D| - [335404] - C:\Users\Gary\AppData\Local\Microsoft Games
[06/01/2016 00:56:10] - |D| - [82095] - C:\Users\Gary\AppData\Local\MicrosoftEdge
[13/03/2015 20:01:34] - |D| - [588] - C:\Users\Gary\AppData\Local\Mod_Manager
[18/12/2013 20:20:55] - |D| - [367354457] - C:\Users\Gary\AppData\Local\Mozilla
[05/05/2017 12:13:07] - |D| - [41247] - C:\Users\Gary\AppData\Local\OCCT_-Ocbase-_Adrien_Me
[26/11/2014 21:30:43] - |D| - [79631289] - C:\Users\Gary\AppData\Local\Origin
[17/12/2015 01:04:16] - |D| - [540464706] - C:\Users\Gary\AppData\Local\Packages
[19/12/2015 03:56:19] - |D| - [0] - C:\Users\Gary\AppData\Local\PeerDistRepub
[18/12/2013 14:25:10] - |D| - [0] - C:\Users\Gary\AppData\Local\Programs
[17/12/2015 01:06:35] - |D| - [0] - C:\Users\Gary\AppData\Local\Publishers
[18/12/2013 18:30:03] - |D| - [11930312] - C:\Users\Gary\AppData\Local\RadioSure
[12/05/2017 22:10:10] - |A| - [5187] - C:\Users\Gary\AppData\Local\recently-used.xbel
[04/08/2016 22:58:56] - |D| - [1058362] - C:\Users\Gary\AppData\Local\rote
[23/05/2014 09:05:44] - |D| - [61510] - C:\Users\Gary\AppData\Local\Samsung
[18/12/2014 22:59:47] - |D| - [4887745] - C:\Users\Gary\AppData\Local\Skype
[10/08/2015 08:18:48] - |D| - [40] - C:\Users\Gary\AppData\Local\TeamViewer
[24/06/2017 12:44:23] - |D| - [4292850] - C:\Users\Gary\AppData\Local\Temp
[08/02/2017 13:17:56] - |SHD| - [53130933] - C:\Users\Gary\AppData\Local\Temporary Internet Files
[17/12/2015 01:04:06] - |D| - [15622144] - C:\Users\Gary\AppData\Local\TileDataLayer
[30/08/2016 09:27:10] - |D| - [6277180492] - C:\Users\Gary\AppData\Local\TomTom
[29/06/2017 23:37:26] - |D| - [0] - C:\Users\Gary\AppData\Local\UNP
[18/12/2013 13:21:12] - |D| - [5793483] - C:\Users\Gary\AppData\Local\VirtualStore
[23/02/2016 12:45:27] - |D| - [17408] - C:\Users\Gary\AppData\Local\webkit
[18/12/2013 13:40:59] - |A| - [17408] - C:\Users\Gary\AppData\Local\WebpageIcons (2).db
[18/12/2013 13:41:25] - |A| - [17408] - C:\Users\Gary\AppData\Local\WebpageIcons (3).db
[18/12/2013 13:40:01] - |A| - [17408] - C:\Users\Gary\AppData\Local\WebpageIcons.db
[16/02/2015 09:17:14] - |D| - [24040] - C:\Users\Gary\AppData\Local\WindowsUpdate
[31/05/2017 18:20:00] - |D| - [13525808] - C:\Users\Gary\AppData\Local\WinISO Computing
[24/06/2017 12:58:48] - |D| - [57767858] - C:\Users\Gary\AppData\Local\Zemana
[20/06/2017 10:27:51] - |D| - [434964] - C:\Users\Gary\AppData\Local\ZHP
[18/12/2013 13:40:01] - |A| - [0] - C:\Users\Gary\AppData\Local{259F73BA-24B0-4D1A-9F92-5B087D8B988A}
[18/12/2013 13:41:00] - |A| - [0] - C:\Users\Gary\AppData\Local{259F73BA-24B0-4D1A-9F92-5B087D8B988A} (2)
[18/12/2013 13:41:25] - |A| - [0] - C:\Users\Gary\AppData\Local{259F73BA-24B0-4D1A-9F92-5B087D8B988A} (3)
[04/08/2016 22:58:58] - |D| - [257043] - C:\Users\Gary\AppData\Local{6AB85CE4-4E10-305C-2388-15B407E0E92C}
[31/01/2014 23:47:45] - |AD| - [21309512] - C:\Users\Gary\AppData\LocalLow\Adblock Plus for IE
[19/11/2014 23:05:40] - |SHD| - [0] - C:\Users\Gary\AppData\LocalLow\EmieBrowserModeList
[20/04/2014 14:44:35] - |SHD| - [0] - C:\Users\Gary\AppData\LocalLow\EmieSiteList
[20/04/2014 15:26:52] - |SHD| - [0] - C:\Users\Gary\AppData\LocalLow\EmieUserList
[27/11/2014 19:26:29] - |D| - [359042590] - C:\Users\Gary\AppData\LocalLow\Google
[18/12/2013 13:28:47] - |SD| - [8076618] - C:\Users\Gary\AppData\LocalLow\Microsoft
[15/11/2016 23:41:20] - |D| - [0] - C:\Users\Gary\AppData\LocalLow\Mozilla
[15/10/2014 08:57:08] - |D| - [94494720] - C:\Users\Gary\AppData\LocalLow\Oracle
[19/12/2013 15:11:51] - |D| - [80300986] - C:\Users\Gary\AppData\LocalLow\Sun
[18/12/2013 13:54:25] - |SD| - [0] - C:\Users\Gary\AppData\LocalLow\Temp
[21/01/2016 22:13:33] - |D| - [4148552] - C:\Users\Gary\AppData\Roaming\Ableton
[18/12/2013 14:15:32] - |D| - [42390] - C:\Users\Gary\AppData\Roaming\Adobe
[13/01/2015 13:31:03] - |D| - [5920] - C:\Users\Gary\AppData\Roaming\AstroGrep
[24/08/2014 11:34:33] - |D| - [5034] - C:\Users\Gary\AppData\Roaming\Audacity
[01/07/2016 18:42:31] - |D| - [839793] - C:\Users\Gary\AppData\Roaming\Axialis
[18/12/2013 20:25:36] - |D| - [2843462] - C:\Users\Gary\AppData\Roaming\DAEMON Tools Lite
[04/02/2014 13:39:30] - |D| - [300264] - C:\Users\Gary\AppData\Roaming\ECSoftware
[13/11/2016 18:30:56] - |D| - [63] - C:\Users\Gary\AppData\Roaming\epm
[24/09/2016 12:15:36] - |D| - [12] - C:\Users\Gary\AppData\Roaming\Foxit AgentInformation
[18/12/2013 18:49:16] - |D| - [240589523] - C:\Users\Gary\AppData\Roaming\Foxit Software
[22/07/2016 21:16:24] - |D| - [15256] - C:\Users\Gary\AppData\Roaming\FreeCAD
[17/01/2014 18:28:30] - |D| - [108719] - C:\Users\Gary\AppData\Roaming\FreeFileSync
[22/01/2016 11:40:51] - |D| - [197830] - C:\Users\Gary\AppData\Roaming\GoldWave
[19/12/2013 20:13:20] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Google
[18/12/2013 17:05:27] - |D| - [97573] - C:\Users\Gary\AppData\Roaming\Helios
[18/12/2013 13:21:17] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Identities
[18/01/2014 12:43:42] - |D| - [3924] - C:\Users\Gary\AppData\Roaming\Incline Software
[31/12/2014 10:20:51] - |D| - [0] - C:\Users\Gary\AppData\Roaming\InstallShield
[16/06/2014 19:51:46] - |D| - [1036579] - C:\Users\Gary\AppData\Roaming\Kingsoft
[12/11/2015 16:26:18] - |D| - [345] - C:\Users\Gary\AppData\Roaming\Leadertech
[07/08/2015 10:29:25] - |D| - [2962862] - C:\Users\Gary\AppData\Roaming\LibreOffice
[19/12/2013 18:14:10] - |D| - [346838] - C:\Users\Gary\AppData\Roaming\Logishrd
[19/12/2013 18:14:10] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Logitech
[18/12/2013 14:15:33] - |D| - [32432] - C:\Users\Gary\AppData\Roaming\Macromedia
[18/12/2013 14:25:45] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Malwarebytes
[18/12/2013 13:20:59] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Media Center Programs
[08/02/2017 13:17:56] - |SD| - [183242628] - C:\Users\Gary\AppData\Roaming\Microsoft
[22/01/2014 23:42:20] - |D| - [1254478] - C:\Users\Gary\AppData\Roaming\MOBILedit
[18/12/2013 20:20:55] - |D| - [298601163] - C:\Users\Gary\AppData\Roaming\Mozilla
[19/12/2013 21:50:57] - |D| - [502811] - C:\Users\Gary\AppData\Roaming\Notepad++
[28/04/2017 13:42:35] - |D| - [17973] - C:\Users\Gary\AppData\Roaming\NVIDIA
[27/01/2015 19:23:11] - |D| - [102414394] - C:\Users\Gary\AppData\Roaming\OpenOffice
[26/11/2014 21:30:45] - |D| - [19070] - C:\Users\Gary\AppData\Roaming\Origin
[24/08/2014 12:21:01] - |D| - [9751264] - C:\Users\Gary\AppData\Roaming\RaimaRadioPro
[23/05/2014 09:05:41] - |D| - [118426452] - C:\Users\Gary\AppData\Roaming\Samsung
[14/01/2014 22:32:48] - |D| - [9384331] - C:\Users\Gary\AppData\Roaming\Skype
[24/08/2014 12:14:04] - |D| - [878064] - C:\Users\Gary\AppData\Roaming\streamWriter
[30/08/2015 13:02:27] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Sun
[14/05/2014 22:28:21] - |D| - [7270] - C:\Users\Gary\AppData\Roaming\TeamViewer
[13/10/2014 19:07:46] - |D| - [17685] - C:\Users\Gary\AppData\Roaming\Unified Remote
[18/12/2013 18:03:19] - |D| - [87910] - C:\Users\Gary\AppData\Roaming\vlc
[31/05/2017 18:20:00] - |D| - [672] - C:\Users\Gary\AppData\Roaming\WinISO Computing
[18/12/2013 23:31:14] - |D| - [12] - C:\Users\Gary\AppData\Roaming\WinRAR
[20/06/2017 10:27:52] - |D| - [35981183] - C:\Users\Gary\AppData\Roaming\ZHP
[18/12/2013 13:21:30] - |ASH| - [174] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\desktop.ini
[08/02/2017 13:17:56] - |RD| - [77386] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs
[21/01/2016 22:11:39] - |A| - [847] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Ableton Live 9 Lite.lnk
[08/02/2017 13:17:56] - |RD| - [3888] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessibility
[08/02/2017 13:17:56] - |RD| - [4227] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories
[18/12/2013 13:21:30] - |RD| - [174] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Administrative Tools
[01/07/2016 18:42:38] - |D| - [3953] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Axialis Software
[04/08/2016 23:00:32] - |A| - [1233] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chromium.lnk
[08/02/2017 13:46:59] - |ASH| - [174] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\desktop.ini
[20/12/2013 22:13:47] - |A| - [1093] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\DigiGuide TV Guide.lnk
[22/01/2016 11:40:48] - |D| - [2408] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\GoldWave
[22/07/2016 10:08:41] - |D| - [1127] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Grey Olltwit’s Software
[08/02/2017 13:17:56] - |D| - [170] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Maintenance
[28/04/2016 18:37:32] - |D| - [7668] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\MSI Afterburner
[17/04/2017 21:14:00] - |D| - [3911] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\NirSoft BlueScreenView
[19/12/2013 21:51:02] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Notepad++
[05/05/2017 12:16:16] - |D| - [2991] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\OCCT
[17/12/2015 01:10:44] - |A| - [2393] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\OneDrive.lnk
[17/12/2015 01:09:29] - |A| - [1043] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Optional Features.lnk
[18/12/2013 18:30:04] - |D| - [1150] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\RadioSure
[28/04/2016 18:38:09] - |D| - [8118] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\RivaTuner Statistics Server
[23/01/2016 12:30:19] - |D| - [5331] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Singing Tutor 4.5.1
[18/12/2013 17:38:33] - |D| - [4437] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\SpeedFan
[18/12/2013 13:21:30] - |RD| - [174] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup
[08/02/2017 13:17:56] - |RD| - [5318] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\System Tools
[09/12/2015 19:15:10] - |D| - [3799] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\TechPowerUp GPU-Z
[07/03/2015 22:48:15] - |A| - [1022] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\TextPad.lnk
[29/06/2017 15:54:13] - |A| - [1248] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Update and Privacy Settings.lnk
[08/02/2017 13:17:56] - |RD| - [7238] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows PowerShell
[31/05/2017 18:19:54] - |D| - [2251] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\WinISO
[18/12/2013 18:38:55] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\WinRAR
[18/12/2013 13:21:30] - |ASH| - [174] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\desktop.ini

---------- | [Public]

---------- | C:\ProgramData

[21/01/2016 22:11:43] - |D| - [1376740978] - C:\ProgramData\Ableton
[22/02/2014 11:31:42] - |D| - [11757810] - C:\ProgramData\Amigabit
[08/02/2017 13:44:51] - |SHD| - [2522582358155] - C:\ProgramData\Application Data
[19/12/2013 17:57:42] - |D| - [83486] - C:\ProgramData\BioWare
[22/11/2016 11:36:43] - |D| - [2438647] - C:\ProgramData\BitMeterOS
[04/06/2015 21:47:38] - |D| - [0] - C:\ProgramData\boost_interprocess
[06/11/2015 13:19:01] - |HD| - [156830] - C:\ProgramData\CanonBJ
[16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\Comms
[18/12/2013 20:24:39] - |D| - [1842] - C:\ProgramData\DAEMON Tools Lite
[08/02/2017 13:44:51] - |SHD| - [68967] - C:\ProgramData\Desktop
[08/02/2017 13:44:51] - |SHD| - [17707067315] - C:\ProgramData\Documents
[08/05/2014 23:50:34] - |D| - [0] - C:\ProgramData\EA Core
[08/05/2014 23:50:33] - |D| - [2396] - C:\ProgramData\Electronic Arts
[08/02/2017 13:44:51] - |SHD| - [0] - C:\ProgramData\Favorites
[24/09/2016 12:15:36] - |D| - [29] - C:\ProgramData\Foxit ContentPlatform
[24/09/2016 12:15:39] - |D| - [16384] - C:\ProgramData\Foxit Software
[19/12/2013 20:12:37] - |D| - [531424] - C:\ProgramData\Google
[11/02/2014 23:15:30] - |D| - [52764] - C:\ProgramData\Hewlett-Packard
[22/02/2014 10:18:04] - |D| - [365] - C:\ProgramData\iolo
[18/12/2013 13:43:58] - |D| - [716549815] - C:\ProgramData\Kaspersky Lab
[16/06/2014 19:52:38] - |D| - [0] - C:\ProgramData\Kingsoft
[19/12/2013 18:14:31] - |D| - [23931988] - C:\ProgramData\LogiShrd
[24/03/2015 10:13:42] - |D| - [1339] - C:\ProgramData\Logitech
[18/12/2013 14:25:34] - |D| - [174753404] - C:\ProgramData\Malwarebytes
[06/06/2015 09:04:24] - |D| - [7423840] - C:\ProgramData\Malwarebytes Anti-Exploit
[18/12/2013 22:24:11] - |D| - [64290] - C:\ProgramData\McAfee
[18/12/2013 22:04:34] - |D| - [918] - C:\ProgramData\Media Center Programs
[16/07/2016 12:47:48] - |SD| - [207112460671] - C:\ProgramData\Microsoft
[08/02/2017 13:50:11] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[19/12/2013 12:32:46] - |A| - [148] - C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc
[18/12/2013 20:20:16] - |D| - [38052] - C:\ProgramData\Mozilla
[26/04/2017 11:35:55] - |A| - [8192] - C:\ProgramData\ntuser.dat
[26/04/2017 11:35:55] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG1
[26/04/2017 11:35:55] - |ASH| - [0] - C:\ProgramData\ntuser.dat.LOG2
[26/04/2017 11:35:55] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{019859b2-29c4-11e7-abd5-20cf305c4f2f}.TM.blf
[26/04/2017 11:35:55] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{019859b2-29c4-11e7-abd5-20cf305c4f2f}.TMContainer00000000000000000001.regt rans-ms
[26/04/2017 11:35:55] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{019859b2-29c4-11e7-abd5-20cf305c4f2f}.TMContainer00000000000000000002.regt rans-ms
[21/01/2016 22:13:39] - |RASH| - [874] - C:\ProgramData\ntuser.pol
[27/04/2017 16:27:54] - |D| - [8352] - C:\ProgramData\NVIDIA
[27/04/2017 16:27:40] - |D| - [2747631] - C:\ProgramData\NVIDIA Corporation
[19/12/2013 15:15:13] - |D| - [82551982] - C:\ProgramData\Oracle
[26/11/2014 21:25:52] - |D| - [348558802] - C:\ProgramData\Origin
[31/01/2014 23:47:16] - |D| - [31794824] - C:\ProgramData\Package Cache
[16/07/2016 12:47:48] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft
[16/01/2016 20:07:54] - |A| - [10218] - C:\ProgramData\regid.2015-05.exe.textpad_83F5EF12-C2F9-4C11-A5C5-57A7B2D7AD25.swidtag
[24/06/2017 08:55:48] - |D| - [718903] - C:\ProgramData\RogueKiller
[23/05/2014 09:01:19] - |D| - [12220769] - C:\ProgramData\Samsung
[14/01/2014 22:32:21] - |D| - [50761728] - C:\ProgramData\Skype
[16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[08/02/2017 13:44:51] - |SHD| - [379246] - C:\ProgramData\Start Menu
[19/12/2013 15:15:05] - |D| - [294] - C:\ProgramData\Sun
[08/02/2017 13:44:51] - |SHD| - [31386] - C:\ProgramData\Templates
[11/09/2014 13:16:07] - |D| - [4524] - C:\ProgramData\Unchecky
[16/07/2016 12:47:48] - |D| - [2431] - C:\ProgramData\USOPrivate
[08/02/2017 13:45:17] - |D| - [3198976] - C:\ProgramData\USOShared

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[16/07/2016 12:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[18/12/2013 13:32:42] - |A| - [2615] - C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
[18/12/2013 13:32:42] - |A| - [2625] - C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
[16/07/2016 12:47:48] - |RD| - [373832] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[27/05/2014 15:48:29] - |D| - [3720] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3G Super GSM Reader II v2.8.10
[16/07/2016 12:47:48] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[16/07/2016 12:47:48] - |RD| - [17432] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[16/07/2016 12:47:48] - |RD| - [23012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[18/01/2014 12:41:58] - |D| - [14690] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ancestral Quest 14
[08/07/2014 21:42:25] - |D| - [5256] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[24/08/2014 11:34:22] - |A| - [1084] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[04/02/2017 12:18:49] - |D| - [6002] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[08/02/2014 00:29:17] - |D| - [5369] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BadCopy Pro
[23/09/2014 08:15:36] - |A| - [2128] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[22/11/2016 11:36:43] - |D| - [112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter OS
[08/01/2016 11:04:38] - |D| - [963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[28/09/2015 14:41:38] - |D| - [8903] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
[22/02/2014 11:31:03] - |D| - [2172] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanGenius 3
[15/08/2015 09:47:04] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
[18/12/2013 20:25:40] - |D| - [3245] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[18/12/2013 18:19:13] - |D| - [3476] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[16/07/2016 12:47:50] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[19/10/2016 21:07:07] - |D| - [14048] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[26/11/2014 22:22:40] - |D| - [6269] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
[18/12/2013 22:04:28] - |D| - [5244] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Origins
[18/01/2014 12:30:51] - |D| - [4996] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 7.0
[12/11/2016 11:51:58] - |D| - [3010] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 11.9
[19/12/2016 23:31:38] - |D| - [2710] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2
[26/05/2015 19:59:43] - |D| - [1136] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch
[01/06/2017 21:43:59] - |D| - [2900] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[22/07/2016 21:08:39] - |D| - [2040] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.16
[17/01/2014 18:27:48] - |A| - [948] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
[19/12/2013 12:30:16] - |A| - [2667] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeInternetRadio.lnk
[14/07/2009 06:32:38] - |RD| - [1064] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[09/12/2015 19:17:58] - |D| - [3067] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
[29/05/2015 12:29:44] - |A| - [939] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[23/01/2014 10:06:54] - |A| - [2272] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[29/01/2017 02:09:03] - |D| - [8954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[04/02/2014 13:39:31] - |D| - [6568] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexEdit
[16/07/2016 12:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[15/10/2014 08:20:27] - |D| - [6962] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[24/09/2016 09:36:41] - |D| - [5861] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
[27/04/2017 15:08:42] - |D| - [6734] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
[18/12/2013 17:52:10] - |A| - [1113] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[25/05/2017 08:21:24] - |SD| - [9526] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.3
[19/12/2013 18:14:32] - |D| - [3397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[16/07/2016 12:47:48] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[24/06/2017 11:47:29] - |D| - [4038] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[18/12/2013 13:32:41] - |D| - [39877] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[13/08/2015 00:15:04] - |D| - [2338] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[16/07/2016 12:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[22/01/2014 23:33:24] - |D| - [1096] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILedit!
[18/12/2013 20:20:20] - |A| - [1224] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[28/04/2016 18:39:22] - |D| - [2289] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 3
[22/02/2014 15:42:53] - |D| - [6851] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
[25/04/2015 10:27:24] - |D| - [2533] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
[31/12/2014 10:21:27] - |D| - [3449] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100M Genie
[19/12/2013 21:51:02] - |D| - [1065] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[18/03/2016 14:31:11] - |SD| - [7350] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
[26/11/2014 21:28:34] - |D| - [3214] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[22/07/2016 21:46:03] - |D| - [3364] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint XP
[18/01/2014 12:42:15] - |D| - [5333] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
[16/07/2016 12:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[24/08/2014 12:21:04] - |D| - [2125] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RarmaRadio
[17/01/2014 18:27:48] - |A| - [924] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
[18/12/2013 18:19:42] - |D| - [3652] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[12/11/2016 10:30:36] - |D| - [3567] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[24/06/2017 08:55:33] - |D| - [917] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
[23/05/2014 09:01:56] - |D| - [6345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[21/01/2016 21:43:32] - |D| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scarlett
[18/12/2014 22:59:22] - |D| - [2137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[08/01/2016 11:06:08] - |D| - [935] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[18/12/2013 17:38:33] - |D| - [4134] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[25/10/2016 13:36:37] - |D| - [1272] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQLite Forensic Explorer
[16/07/2016 12:47:48] - |RD| - [1317] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[24/08/2014 12:13:23] - |D| - [1169] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\streamWriter
[22/02/2014 12:57:17] - |D| - [5209] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysInfoTools PST Merge x32(Demo) v3.0
[16/07/2016 12:47:48] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[21/03/2017 01:18:16] - |A| - [1040] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
[05/02/2016 19:33:43] - |D| - [3905] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextPad 7
[30/08/2016 09:27:08] - |D| - [2299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[26/02/2014 09:48:22] - |D| - [1942] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
[09/12/2015 19:52:17] - |D| - [9885] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[16/03/2014 14:20:49] - |D| - [1032] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnstopCpy
[18/12/2013 17:58:15] - |D| - [7164] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[07/01/2014 18:51:03] - |D| - [2941] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Subst
[22/03/2016 18:03:39] - |D| - [2474] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
[19/12/2013 12:30:16] - |A| - [2667] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebRadio.lnk
[17/04/2017 21:09:37] - |D| - [905] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[26/01/2017 11:55:44] - |A| - [731] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
[08/02/2017 13:27:41] - |A| - [1519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[18/12/2013 18:38:55] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[24/06/2017 12:59:21] - |D| - [1231] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[24/06/2017 12:40:48] - |D| - [1932] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[16/07/2016 12:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[31/12/2014 10:21:29] - |A| - [1143] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk

---------- | C:\Program Files (x86)

[13/01/2015 13:28:50] - |D| - [407001] - C:\Program Files (x86)\AstroGrep
[08/07/2014 21:42:04] - |D| - [2882716] - C:\Program Files (x86)\ASUS
[24/08/2014 11:34:11] - |AD| - [65476241] - C:\Program Files (x86)\Audacity
[19/12/2013 22:46:06] - |D| - [768309] - C:\Program Files (x86)\Auto Clicker
[01/07/2016 18:42:31] - |D| - [24279545] - C:\Program Files (x86)\Axialis
[23/09/2014 08:15:36] - |D| - [6624572] - C:\Program Files (x86)\Belarc
[28/09/2015 14:41:30] - |AD| - [32543094] - C:\Program Files (x86)\Cheat Engine 6.4
[05/11/2015 13:03:57] - |D| - [354805] - C:\Program Files (x86)\ChipGenius_v4_00_1024_0047
[22/02/2014 11:30:55] - |AD| - [41412996] - C:\Program Files (x86)\CleanGenius 3
[22/11/2016 11:36:02] - |D| - [1517008] - C:\Program Files (x86)\Codebox
[16/07/2016 07:04:24] - |D| - [462155577] - C:\Program Files (x86)\Common Files
[22/01/2014 23:34:49] - |D| - [109806] - C:\Program Files (x86)\COMPELSON Labs
[02/02/2016 19:23:27] - |D| - [648328] - C:\Program Files (x86)\CSR
[18/12/2013 20:25:35] - |D| - [28033103] - C:\Program Files (x86)\DAEMON Tools Lite
[16/07/2016 12:47:50] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[20/12/2013 22:13:19] - |D| - [229492345] - C:\Program Files (x86)\DigiGuide TV Guide
[19/10/2016 21:07:07] - |D| - [4507970] - C:\Program Files (x86)\DOSBox-0.74
[18/01/2014 12:30:50] - |D| - [722213674] - C:\Program Files (x86)\EaseUS
[26/05/2015 19:59:43] - |D| - [8831286] - C:\Program Files (x86)\FamilySearch
[09/01/2014 22:39:47] - |D| - [175834910] - C:\Program Files (x86)\Foxit Software
[09/12/2015 19:17:57] - |D| - [11048903] - C:\Program Files (x86)\Geeks3D
[18/12/2013 14:27:55] - |D| - [517989752] - C:\Program Files (x86)\Google
[09/12/2015 19:15:09] - |D| - [1924066] - C:\Program Files (x86)\GPU-Z
[04/02/2014 13:39:30] - |AD| - [7520225] - C:\Program Files (x86)\HexEdit
[18/01/2014 12:41:57] - |D| - [33077318] - C:\Program Files (x86)\Incline Software
[26/11/2014 21:28:07] - |AD| - [37215033976] - C:\Program Files (x86)\Inquisition
[18/01/2014 12:42:30] - |HD| - [30331595] - C:\Program Files (x86)\InstallShield Installation Information
[16/07/2016 12:47:48] - |D| - [1988467] - C:\Program Files (x86)\Internet Explorer
[22/02/2014 10:18:04] - |D| - [0] - C:\Program Files (x86)\iolo
[19/12/2013 15:14:10] - |D| - [164989821] - C:\Program Files (x86)\Java
[08/02/2014 00:28:54] - |D| - [835742] - C:\Program Files (x86)\Jufsoft
[13/08/2015 21:22:58] - |D| - [258622927] - C:\Program Files (x86)\Kaspersky Lab
[18/12/2013 17:52:09] - |AD| - [5708017] - C:\Program Files (x86)\KeePass Password Safe 2
[16/06/2014 19:52:05] - |D| - [0] - C:\Program Files (x86)\Kingsoft
[05/11/2015 15:36:39] - |D| - [410322] - C:\Program Files (x86)\Lexars Bootit
[25/05/2017 08:19:49] - |AD| - [413069045] - C:\Program Files (x86)\LibreOffice 5
[12/11/2015 16:24:52] - |D| - [38884251] - C:\Program Files (x86)\Logitech
[23/05/2014 12:34:15] - |D| - [2530872] - C:\Program Files (x86)\MarkAny
[18/12/2013 13:32:27] - |AD| - [208979] - C:\Program Files (x86)\Microsoft ActiveSync
[16/02/2015 09:47:37] - |D| - [1670519] - C:\Program Files (x86)\Microsoft ASP.NET
[18/12/2013 13:31:33] - |AD| - [367688133] - C:\Program Files (x86)\Microsoft Office
[13/08/2015 00:13:57] - |AD| - [42884494] - C:\Program Files (x86)\Microsoft Silverlight
[18/12/2013 13:32:11] - |D| - [14904] - C:\Program Files (x86)\Microsoft Visual Studio
[18/12/2013 13:32:13] - |D| - [4368271] - C:\Program Files (x86)\Microsoft Works
[16/07/2016 12:47:48] - |D| - [339327] - C:\Program Files (x86)\Microsoft.NET
[22/01/2014 23:33:09] - |AD| - [100401293] - C:\Program Files (x86)\MOBILedit!
[14/06/2017 21:20:52] - |AD| - [93006146] - C:\Program Files (x86)\Mozilla Firefox
[18/12/2013 20:20:16] - |D| - [306087] - C:\Program Files (x86)\Mozilla Maintenance Service
[08/02/2017 20:57:26] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[12/05/2014 12:38:46] - |D| - [39692586] - C:\Program Files (x86)\MSECache
[28/04/2016 18:37:23] - |D| - [42171161] - C:\Program Files (x86)\MSI Afterburner
[30/08/2016 09:26:43] - |AD| - [80537100] - C:\Program Files (x86)\MyDrive Connect
[25/04/2015 10:27:23] - |D| - [978278] - C:\Program Files (x86)\NEC Electronics
[31/12/2014 10:21:27] - |D| - [20252848] - C:\Program Files (x86)\NETGEAR
[17/04/2017 21:14:00] - |D| - [145738] - C:\Program Files (x86)\NirSoft
[19/12/2013 21:50:57] - |D| - [16034519] - C:\Program Files (x86)\Notepad++
[27/04/2017 16:27:34] - |D| - [212257324] - C:\Program Files (x86)\NVIDIA Corporation
[05/05/2017 12:16:07] - |D| - [91986961] - C:\Program Files (x86)\OCCTPT
[27/01/2015 19:20:25] - |AD| - [326123325] - C:\Program Files (x86)\OpenOffice 4
[26/11/2014 21:34:43] - |D| - [9092813] - C:\Program Files (x86)\Origin Games
[22/07/2016 21:46:03] - |AD| - [1407301] - C:\Program Files (x86)\Paint XP
[22/07/2016 10:11:39] - |D| - [5564722] - C:\Program Files (x86)\Plan Maker
[24/08/2014 12:21:00] - |AD| - [17492624] - C:\Program Files (x86)\RarmaRadio
[08/02/2017 20:57:26] - |D| - [36962049] - C:\Program Files (x86)\Reference Assemblies
[28/04/2016 18:38:05] - |D| - [56892070] - C:\Program Files (x86)\RivaTuner Statistics Server
[23/05/2014 09:01:19] - |D| - [257909785] - C:\Program Files (x86)\Samsung
[23/01/2016 12:30:18] - |D| - [1852984] - C:\Program Files (x86)\Singing Tutor
[18/12/2014 22:59:21] - |RD| - [46215968] - C:\Program Files (x86)\Skype
[18/12/2013 17:38:32] - |D| - [9438704] - C:\Program Files (x86)\SpeedFan
[25/10/2016 13:36:35] - |AD| - [26689334] - C:\Program Files (x86)\SQLite Forensic Explorer
[19/12/2013 12:30:16] - |D| - [18149296] - C:\Program Files (x86)\SteelSoft
[24/08/2014 12:13:23] - |AD| - [7069580] - C:\Program Files (x86)\streamWriter
[20/02/2014 00:13:56] - |D| - [2118975] - C:\Program Files (x86)\Synkronizer 9.1
[22/02/2014 12:57:17] - |AD| - [13703788] - C:\Program Files (x86)\SysInfoTools PST Merge x32(Demo) v3.0
[17/06/2015 08:51:08] - |AD| - [645193] - C:\Program Files (x86)\SystemRequirementsLab
[17/02/2014 09:44:31] - |AD| - [94632805] - C:\Program Files (x86)\TeamViewer
[22/11/2016 11:25:56] - |D| - [951709] - C:\Program Files (x86)\thinkbroadband.com
[30/08/2016 09:27:02] - |D| - [22486] - C:\Program Files (x86)\TomTom International B.V
[26/02/2014 09:48:18] - |AD| - [5876396] - C:\Program Files (x86)\Unchecky
[09/12/2015 19:52:13] - |D| - [765865529] - C:\Program Files (x86)\Unigine
[08/02/2017 13:13:02] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[16/03/2014 14:20:49] - |AD| - [844256] - C:\Program Files (x86)\UnstopCpy
[27/05/2014 15:48:21] - |D| - [11900823] - C:\Program Files (x86)\USB 3G Super GSM Reader II v2.8.10
[18/12/2013 17:57:44] - |D| - [133553011] - C:\Program Files (x86)\VideoLAN
[07/01/2014 18:51:03] - |AD| - [179849] - C:\Program Files (x86)\Visual Subst
[27/04/2017 16:32:33] - |D| - [833354] - C:\Program Files (x86)\VulkanRT
[16/07/2016 12:47:48] - |D| - [1922560] - C:\Program Files (x86)\Windows Defender
[16/07/2016 12:47:48] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail
[16/07/2016 12:47:48] - |D| - [3264664] - C:\Program Files (x86)\Windows Media Player
[16/07/2016 12:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform
[16/07/2016 12:47:48] - |D| - [7466690] - C:\Program Files (x86)\Windows NT
[16/07/2016 12:47:48] - |D| - [5418176] - C:\Program Files (x86)\Windows Photo Viewer
[16/07/2016 12:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices
[16/07/2016 12:47:48] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[16/07/2016 12:47:48] - |D| - [2160901] - C:\Program Files (x86)\WindowsPowerShell
[31/05/2017 18:19:52] - |D| - [27216675] - C:\Program Files (x86)\WinISO
[18/12/2013 22:31:55] - |D| - [88979] - C:\Program Files (x86)\xdate
[24/06/2017 12:59:20] - |AD| - [18403825] - C:\Program Files (x86)\Zemana AntiMalware
[24/06/2017 12:40:47] - |AD| - [7233255] - C:\Program Files (x86)\ZHPFix

---------- | C:\Program Files

[31/01/2014 23:47:43] - |AD| - [7333437] - C:\Program Files\Adblock Plus for IE
[04/02/2017 12:18:48] - |D| - [10511564] - C:\Program Files\AutoHotkey
[08/01/2016 11:04:37] - |AD| - [18324752] - C:\Program Files\CCleaner
[16/07/2016 07:04:24] - |D| - [86587872] - C:\Program Files\Common Files
[22/01/2014 23:37:27] - |AD| - [10101834] - C:\Program Files\Compiled Driver Disk (Nokia)
[22/01/2014 23:38:06] - |AD| - [37218608] - C:\Program Files\Compiled Driver Disk (Samsung)
[02/02/2016 19:23:18] - |D| - [39438311] - C:\Program Files\CSR
[18/12/2013 18:19:11] - |AD| - [13615776] - C:\Program Files\Defraggler
[16/07/2016 12:47:50] - |ASH| - [174] - C:\Program Files\desktop.ini
[13/08/2015 22:44:12] - |D| - [159811] - C:\Program Files\DIPS64
[14/07/2009 06:32:38] - |D| - [0] - C:\Program Files\DVD Maker
[22/07/2016 21:05:24] - |D| - [551334997] - C:\Program Files\FreeCAD 0.16
[17/01/2014 18:27:46] - |D| - [39979197] - C:\Program Files\FreeFileSync
[29/05/2015 12:28:37] - |AD| - [326761803] - C:\Program Files\GIMP 2
[22/01/2016 11:40:47] - |D| - [37529530] - C:\Program Files\GoldWave
[19/12/2013 20:12:58] - |D| - [0] - C:\Program Files\Google
[16/07/2016 12:47:47] - |D| - [2581342] - C:\Program Files\Internet Explorer
[19/12/2013 18:14:22] - |D| - [39490002] - C:\Program Files\Logitech
[24/06/2017 11:47:21] - |D| - [137639400] - C:\Program Files\Malwarebytes
[14/07/2009 06:32:38] - |D| - [184] - C:\Program Files\Microsoft Games
[24/05/2014 11:13:42] - |AD| - [3731586] - C:\Program Files\Microsoft Mouse and Keyboard Center
[13/08/2015 00:13:57] - |AD| - [55714702] - C:\Program Files\Microsoft Silverlight
[13/03/2015 19:57:56] - |D| - [303645] - C:\Program Files\Mod Manager DAII
[08/02/2017 20:57:26] - |D| - [25757] - C:\Program Files\MSBuild
[28/04/2016 18:39:19] - |AD| - [54719671] - C:\Program Files\MSI Kombustor 3
[22/02/2014 15:42:53] - |AD| - [3470951] - C:\Program Files\MyDefrag v4.3.1
[27/04/2017 16:21:26] - |D| - [766323593] - C:\Program Files\NVIDIA Corporation
[22/01/2014 23:37:23] - |AD| - [19129768] - C:\Program Files\Phone Drivers Downloader
[18/12/2013 18:19:41] - |AD| - [10928904] - C:\Program Files\Recuva
[08/02/2017 20:57:26] - |D| - [34621097] - C:\Program Files\Reference Assemblies
[24/06/2017 08:55:28] - |AD| - [83171149] - C:\Program Files\RogueKiller
[21/01/2016 21:43:32] - |D| - [3525671] - C:\Program Files\Scarlett
[08/01/2016 11:06:07] - |AD| - [15197840] - C:\Program Files\Speccy
[18/12/2013 14:27:37] - |AD| - [384] - C:\Program Files\SUPERAntiSpyware
[05/02/2016 19:33:42] - |D| - [13445203] - C:\Program Files\TextPad 7
[18/01/2014 12:42:14] - |D| - [18390314] - C:\Program Files\Tracker Software
[14/07/2009 06:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information
[06/02/2016 14:17:32] - |D| - [12352] - C:\Program Files\Unlocker
[17/06/2017 08:27:20] - |AD| - [6450444] - C:\Program Files\UNP
[12/11/2016 10:30:34] - |D| - [22247879] - C:\Program Files\VS Revo Group
[17/04/2017 21:09:37] - |AD| - [13492726] - C:\Program Files\WhoCrashed
[16/07/2016 12:47:47] - |RD| - [14859418] - C:\Program Files\Windows Defender
[16/07/2016 15:29:36] - |D| - [6281288] - C:\Program Files\Windows Defender Advanced Threat Protection
[16/07/2016 12:47:47] - |D| - [6181888] - C:\Program Files\Windows Mail
[16/07/2016 12:47:47] - |D| - [4971196] - C:\Program Files\Windows Media Player
[16/07/2016 12:47:47] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform
[16/07/2016 12:47:47] - |D| - [7730370] - C:\Program Files\Windows NT
[16/07/2016 12:47:47] - |D| - [6216896] - C:\Program Files\Windows Photo Viewer
[16/07/2016 12:47:47] - |D| - [37784] - C:\Program Files\Windows Portable Devices
[16/07/2016 12:47:47] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[16/07/2016 12:47:47] - |HD| - [1830365683] - C:\Program Files\WindowsApps
[16/07/2016 12:47:47] - |D| - [2408113] - C:\Program Files\WindowsPowerShell
[18/12/2013 18:09:49] - |D| - [1393696] - C:\Program Files\WinImage
[18/12/2013 18:38:43] - |AD| - [5760676] - C:\Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[18/12/2013 21:31:10] - |D| - [1401416] - C:\Program Files (x86)\Common Files\BioWare
[18/12/2013 13:32:14] - |AD| - [86016] - C:\Program Files (x86)\Common Files\DESIGNER
[26/11/2014 22:22:31] - |HD| - [6365606] - C:\Program Files (x86)\Common Files\EAInstaller
[18/01/2014 12:40:44] - |D| - [2863093] - C:\Program Files (x86)\Common Files\InstallShield
[08/03/2017 22:58:43] - |D| - [1941064] - C:\Program Files (x86)\Common Files\Java
[18/12/2013 13:32:36] - |AD| - [2742349] - C:\Program Files (x86)\Common Files\L&H
[12/11/2015 16:24:52] - |AD| - [90453739] - C:\Program Files (x86)\Common Files\LogiShrd
[16/07/2016 12:47:48] - |AD| - [216992359] - C:\Program Files (x86)\Common Files\Microsoft Shared
[16/07/2016 12:47:48] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[18/12/2014 22:59:21] - |AD| - [2399872] - C:\Program Files (x86)\Common Files\Skype
[08/02/2017 13:21:32] - |D| - [112931322] - C:\Program Files (x86)\Common Files\SpeechEngines
[16/07/2016 12:47:48] - |AD| - [23976039] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[24/09/2016 09:35:31] - |D| - [1838934] - C:\Program Files\Common files\AV
[05/11/2015 18:35:32] - |D| - [317262] - C:\Program Files\Common files\Canon
[19/12/2013 18:14:20] - |D| - [32604503] - C:\Program Files\Common files\Logishrd
[16/07/2016 12:47:47] - |D| - [38515148] - C:\Program Files\Common files\microsoft shared
[21/01/2016 22:13:33] - |D| - [2507776] - C:\Program Files\Common files\Propellerhead Software
[16/07/2016 12:47:47] - |D| - [2702] - C:\Program Files\Common files\Services
[08/02/2017 13:21:22] - |D| - [599040] - C:\Program Files\Common files\SpeechEngines
[16/07/2016 12:47:47] - |D| - [10202507] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.FBC8C23E3E51EB0E3F65BA359CD7329C] - [29/03/2017 11:26:58] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [08/02/2017 13:39:27] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.B4D1A0421FA7212A1E146AB5E265AB0D] - [08/02/2017 13:39:24] - |A| - [2214] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : “C:\Program Files\CCleaner\CCleaner.exe”
[MD5.DAEFA83125A10F21BC32C5DB2C80DA4D] - [29/03/2017 11:24:02] - |A| - [3638] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnele vatedTask : C:\WINDOWS\Explorer.EXE
[MD5.00000000000000000000000000000000] - [08/02/2017 13:39:24] - |D| - [0] - C:\WINDOWS\System32\Tasks\Event Viewer Tasks
[MD5.5DE9B53B9C48585E231D269A4249D796] - [08/02/2017 13:39:24] - |A| - [3292] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.3FB6966F68CF899ED3675B9E7058F892] - [08/02/2017 13:39:24] - |A| - [3416] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.A7EA2DECBC686478698CE2D82BA1DFAB] - [27/04/2017 15:08:27] - |A| - [3240] - C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launch er_{278ADC42-419D-4547-A6CA-5B74BE0AD901} : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.00000000000000000000000000000000] - [16/07/2016 12:47:48] - |D| - [565664] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.53A3F11431FBED3238FC439E869EC671] - [08/02/2017 13:39:27] - |A| - [2338] - C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launc h_ipoint_exe : c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
[MD5.B48355E16E731879C96C392CC762D2BA] - [08/02/2017 13:39:27] - |A| - [2336] - C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launc h_itype_exe : c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
[MD5.C885D4290D6E8E2175FC7B510F5D4AB3] - [08/02/2017 13:39:27] - |A| - [2364] - C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launc h_mousekeyboardcenter_exe : c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
[MD5.445A75E51DC8C62D7457484FAB6BF42E] - [08/02/2017 13:39:27] - |A| - [2378] - C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task _ipoint.exe : c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
[MD5.44E6DD1AF37E8CAA657E6A3BFF5DE249] - [08/02/2017 13:39:27] - |A| - [2376] - C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task _itype.exe : c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
[MD5.989135CDF197C40C6314B689BEA16542] - [08/02/2017 13:39:27] - |A| - [2766] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 : %localappdata%\Microsoft\OneDrive\OneDriveStandalo neUpdater.exe
[MD5.5497D3D0130D15239E8A00E4BD5A1EF1] - [08/02/2017 13:39:27] - |A| - [3286] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{9CCE1708-B600-4932-8034-8692F7D4C5A2} : C:\Windows\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [08/02/2017 13:39:27] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD
[MD5.BED8D0E2120FDF3DC9FE513933C0D04C] - [08/02/2017 13:39:27] - |A| - [2354] - C:\WINDOWS\System32\Tasks{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972} : C:\WINDOWS\system32\pcalua.exe
[MD5.00000000000000000000000000000000] - [16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedacces s\Parameters\FirewallPolicy\FirewallRules]
“Wininit-Shutdown-In-Rule-TCP-RPC”=v2.26|Action=Allow|Active=FALSE|Dir=In|Protoc ol=6|LPort=RPC|App=%systemroot%\system32\wininit.e xe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
“Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper”=v2.26|Action=Allow|Active=FALSE|Dir=In|P rotocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@ firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
“Netlogon-NamedPipe-In”=v2.26|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
“Netlogon-TCP-RPC-In”=v2.26|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe| Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
“WirelessDisplay-In-TCP”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|Profile=Private|Profile=Public|App=%systemroot %\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSDA;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“WirelessDisplay-Out-TCP”=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=6|Profile=Private|Profile=Public|App=%systemroo t%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSDA;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“WirelessDisplay-Out-UDP”=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=17|Profile=Private|Profile=Public|App=%systemro ot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSDA;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“WirelessDisplay-Infra-In-TCP”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|Profile=Private|Profile=Public|LPort=7250|App= %systemroot%\system32\CastSrv.exe|Name=@wifidispla y.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
“MDNS-In-UDP”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protoco l=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svch ost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\f irewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi .dll,-37302|
“MDNS-Out-UDP”=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=17|LPort=5353|App=%SystemRoot%\system32\svchost .exe|Svc=dnscache|Name=@%SystemRoot%\system32\fire wallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi .dll,-37302|
“IIS-WebServerRole-HTTP-In-TCP”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|LPort=80|App=System|Name=@%windir%\system32\in etsrv\iisres.dll,-30500|Desc=@%windir%\system32\inetsrv\iisres.dll,-30510|EmbedCtxt=@%windir%\system32\inetsrv\iisres. dll,-30501|
“IIS-WebServerRole-HTTPS-In-TCP”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|LPort=443|App=System|Name=@%windir%\system32\i netsrv\iisres.dll,-30502|Desc=@%windir%\system32\inetsrv\iisres.dll,-30512|EmbedCtxt=@%windir%\system32\inetsrv\iisres. dll,-30503|
“WCF-NetTcpActivator-In-TCP-64bit”=v2.26|Action=Allow|Active=TRUE|Dir=In|Proto col=6|LPort=808|Svc=NetTcpActivator|Name=@%systemr oot%\Microsoft.NET\Framework64\v4.0.30319\ServiceM odelEvents.dll,-2000|Desc=@%systemroot%\Microsoft.NET\Framework64\ v4.0.30319\ServiceModelEvents.dll,-2001|EmbedCtxt=@%systemroot%\Microsoft.NET\Framewo rk64\v4.0.30319\ServiceModelEvents.dll,-2002|
“{17E47875-A1C1-4C9A-AE33-26D584C4A7C3}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=EaseUS_SMART |
“{E85CCD5C-1CC4-4745-99BF-4E238946677C}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=EaseUS_SMART |
“{C1596A42-12A7-45FA-9919-5E2ABEAA7470}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=Local TodoBackupService.exe|
“{419076E2-FF0C-4827-9342-C742D8AA63E0}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=Local TodoBackupService.exe|
“{99D896C1-7438-45BB-8EDE-A82D2858B9E5}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe|Name=Local TBConsoleUI.exe|
“{C0E15C5E-D477-479A-BA1F-23C0F91E2D96}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe|Name=Local TBConsoleUI.exe|
“{1B48C320-9F45-4BCD-914D-99A362B13783}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe|Name=TbService.exe|
“{CCBB0F63-804D-45F1-86A8-EC31606A2273}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe|Name=TbService.exe|
“{028DB6EA-34B2-4575-B5FE-EE156DE9CFCC}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2: 6:2|Platform2=GTEQ|
“{592A5094-6B4A-4F09-8E91-C95D49FD002F}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=‘Firefox’ (C:\Program Files (x86)\Mozilla Firefox)|
“{979EED3B-D279-46D0-92F0-042EAF9BA7D6}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=‘Firefox’ (C:\Program Files (x86)\Mozilla Firefox)|
“{70331B05-7BA1-4FA3-95AD-07DD13F82DCB}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Games\Dragon Age 2\bin_ship\DragonAge2.exe|Name=Dragon Age™ II|
“{4D0BE842-1C7A-4A6B-AC18-D093FDC28518}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Games\Dragon Age 2\bin_ship\DragonAge2.exe|Name=Dragon Age™ II|
“{E992101C-F4E5-45B0-9B0E-6C438E2CAE4C}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)|
“{EB4CF5C1-B1BA-4557-BDFF-877E13CC19C1}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)|
“{94501EC9-BCDC-4534-9C22-CA351CAA494A}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Domain|App=C:\Games\Dragon Age 2\DragonAge2Launcher.exe|Name=Dragon Age II Launcher|
“{D2D8E18A-815B-4542-8583-C497179E642C}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Domain|App=C:\Games\Dragon Age 2\DragonAge2Launcher.exe|Name=Dragon Age II Launcher|
“{0FF72E02-15D7-4073-B40E-F9DF24DFE21F}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Domain|App=C:\Games\Dragon Age 2\bin_ship\DragonAge2.exe|Name=Dragon Age II|
“{8C7031AA-9C68-48DC-ABC9-06BC705BB730}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Domain|App=C:\Games\Dragon Age 2\bin_ship\DragonAge2.exe|Name=Dragon Age II|
“{0B64A595-CED5-48EC-9C84-85512F6DB548}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Domain|App=C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe|Name=Dragon Age Origins Updater|
“{DA6C2BCC-B80A-4FD0-8F35-44B4617876FE}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Domain|App=C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe|Name=Dragon Age Origins Updater|
“{FCEA842D-C6CB-4875-AA23-7D75A352AFE5}”=v2.10|Action=Allow|Active=TRUE|Dir= In|App=C:\Program Files (x86)\Skype\Phone\Skype.exe|Name=Skype|
“{A740F33F-BBFD-4024-849E-72ECB37800E2}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.N ET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcp Activator|Name=@C:\Windows\Microsoft.NET\Framework 64\v4.0.30319\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4 .0.30319\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework 64\v4.0.30319\ServiceModelEvents.dll,-2002|
“{A2FCADF7-018C-42EF-BAEC-EB6DBB0D4629}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe|Name=Dragon Age Origins Updater|
“{5FD29ACB-0560-4812-9B46-A087982988F2}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe|Name=Dragon Age Origins Updater|
“{60118917-38F7-4539-A32C-D9F4E3566CAD}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Games\Dragon Age\DAOriginsLauncher.exe|Name=Dragon Age Origins Launcher|
“{0E3D01D5-D97E-47C7-886E-3F0761DF8A65}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Games\Dragon Age\DAOriginsLauncher.exe|Name=Dragon Age Origins Launcher|
“{9AD07DDA-B17B-4224-9708-915E495F0ED6}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Games\Dragon Age\bin_ship\daorigins.exe|Name=Dragon Age Origins Game|
“{A4A424A3-60E1-488C-A7DF-CDF31E090845}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Games\Dragon Age\bin_ship\daorigins.exe|Name=Dragon Age Origins Game|
“{84215F7C-B1F6-45B5-B789-55CA7CC9802E}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|App=C:\Users\Gary\AppData\Roaming\u Torrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
“{EEDBE52F-F485-4842-A15B-2473DB31C44A}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|App=C:\Users\Gary\AppData\Roaming\uT orrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
“{4E7A5678-7753-49F2-9EC5-A115F1229AC8}”=v2.25|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Inquisition\Dragon Age Inquisition\DragonAgeInquisition.exe|Name=Dragon Age™: Inquisition (x64)|
“{8F8AEF4E-37A1-4D83-9675-47A938FA4637}”=v2.25|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Inquisition\Dragon Age Inquisition\DragonAgeInquisition.exe|Name=Dragon Age™: Inquisition (x64)|
“{25815136-C285-4C08-B605-5C4946A1440A}”=v2.25|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=5353|App=C:\Users\Gary\AppDat a\Local\Chromium\Application\chrome.exe|Name=Chrom ium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=Chromium|
“{D0D4083E-0295-43D7-9F2F-703AFBAE1FDD}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2: 6:2|Platform2=GTEQ|
“{537867F1-9DCD-48C5-ACE8-66F24842BC0B}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ|
“DeliveryOptimization-TCP-In”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol =6|LPort=7680|App=%SystemRoot%\system32\svchost.ex e|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
“DeliveryOptimization-UDP-In”=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol =17|LPort=7680|App=%SystemRoot%\system32\svchost.e xe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll ,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
“{5E41A288-57DC-4329-B19E-B5251FB6C465}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
“{18130995-564B-471C-9005-8689D8CACE95}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
“{E8C4730A-A799-49DB-856C-6A380C4B607F}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
“{0029B609-F6E7-4C2B-A577-8B316AC038EE}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
“{5C1A6DDB-B9B5-4198-9A7D-514C01EC9587}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
“{51983114-8C37-44B0-A13D-B7F4811D3799}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
“{371DCB26-06D2-4BA3-A0AD-79D523EB6ACB}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamv iewer Remote Control Service|
“{47CCE595-C8A8-478C-B298-03EEB26FBF01}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamv iewer Remote Control Service|
“{D1D2E891-9A4A-4E17-B5CB-4FAEBAD86597}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2 =GTEQ|
“{66AF85DD-83B9-46AC-BC4F-BA3051E10375}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Profile=Public|N ame=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2 =GTEQ|Edge=TRUE|
“{54056FB5-9843-4740-B595-E52A7C530288}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|
“{2916BA92-25C5-43AA-AD78-42507D53BE90}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Go ogle Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|
“{B0BC937A-D360-4E00-AA7A-20412D1FBD6E}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2 =GTEQ|
“{F8C7398D-109D-4A5B-9180-398FB37E3FDB}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Profile=Public|N ame=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2 =GTEQ|Edge=TRUE|
“{B9891EE4-2F41-41E3-B9B0-B4CA9AD2343A}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platfo rm2=GTEQ|
“{AA9DAC08-92CB-46A7-A155-386517ACF475}”=v2.26|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platfo rm2=GTEQ|
“{BA956CC2-C60C-428D-9911-90705EA0834F}”=v2.26|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=OneNote|Des c=OneNote|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platfo rm2=GTEQ|

---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class{05f5cf e2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) → @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{091BC9 7E-2352-4362-A539-10A6D8FF7596}] : (RDPDR) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{126476 0F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{13e42d fa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) → @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class{14b62f 50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) → @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{1ed2bb f9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) → @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class{25dbce 51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) → @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class{268c95 a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) → @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2a9fe5 32-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) → @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2db153 74-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) → @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B648}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B649}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{36fc9e 60-c465-11cf-8056-444553540000}] : (USB) → @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3e3f06 74-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) → @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3f966b d9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) → @oem39.inf,%ClassName%;SAMSUNG Android Phone
[HKLM\SYSTEM\CurrentControlSet\Control\Class{43675d 81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) → @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4658ee 7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) → @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{473a6b 1d-3407-400e-b91a-f991c5a39dc3}] : (Bluetooth) → @oem4.inf,%ClassName%;Bluetooth Radios
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48721b 56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) → @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48d3eb c4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) → @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{49ce6a c8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) → @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 65-e325-11ce-bfc1-08002be10318}] : (CDROM) → @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 66-e325-11ce-bfc1-08002be10318}] : (Computer) → @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 67-e325-11ce-bfc1-08002be10318}] : (DiskDrive) → @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 68-e325-11ce-bfc1-08002be10318}] : (Display) → @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 69-e325-11ce-bfc1-08002be10318}] : (FDC) → @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6a-e325-11ce-bfc1-08002be10318}] : (HDC) → @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6b-e325-11ce-bfc1-08002be10318}] : (Keyboard) → @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6c-e325-11ce-bfc1-08002be10318}] : (MEDIA) → @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6d-e325-11ce-bfc1-08002be10318}] : (Modem) → @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6e-e325-11ce-bfc1-08002be10318}] : (Monitor) → @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6f-e325-11ce-bfc1-08002be10318}] : (Mouse) → @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 70-e325-11ce-bfc1-08002be10318}] : (MTD) → @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 71-e325-11ce-bfc1-08002be10318}] : (MultiFunction) → @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 72-e325-11ce-bfc1-08002be10318}] : (Net) → @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 73-e325-11ce-bfc1-08002be10318}] : (NetClient) → @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 74-e325-11ce-bfc1-08002be10318}] : (NetService) → @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 75-e325-11ce-bfc1-08002be10318}] : (NetTrans) → @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 77-e325-11ce-bfc1-08002be10318}] : (PCMCIA) → @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 78-e325-11ce-bfc1-08002be10318}] : (Ports) → @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 79-e325-11ce-bfc1-08002be10318}] : (Printer) → @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) → @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7d-e325-11ce-bfc1-08002be10318}] : (System) → @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7e-e325-11ce-bfc1-08002be10318}] : (Unknown) → @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 80-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) → @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4f9191 08-4adf-11d5-882d-00b0d02fe381}] : (Wireless Communication Devices) → @oem61.inf,%WMCClassName%;Wireless Communication Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50127d c3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) → @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50906c b8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) → @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class{509994 4a-f6b9-4057-a056-8c550228544c}] : (Memory) → @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50dd52 30-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) → @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5175d3 34-c371-4806-b3ba-71fd53c9258d}] : (Sensor) → @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{533c5b 84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) → @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53966c b1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) → @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53ccb1 49-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) → @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53d29e f7-377c-4d14-864b-eb3a85769359}] : (Biometric) → @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class{563083 1c-06c9-4856-b327-f5d32586e060}] : (Proximity) → @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{574650 43-616c-6c6f-7574-5f636c617373}] : (WFPCALLOUTS) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5989fc e8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) → @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5c4c33 32-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) → @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5d1b9a aa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) → @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{62f9c7 41-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) → @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6a0a8e 78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) → @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c1-810f-11d0-bec7-08002be2092f}] : (1394) → @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c5-810f-11d0-bec7-08002be2092f}] : (Infrared) → @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c6-810f-11d0-bec7-08002be2092f}] : (Image) → @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6d8078 84-7d21-11cf-801c-08002be10318}] : (TapeDrive) → @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6FAE73 B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71a27c dd-812a-11d0-bec7-08002be2092f}] : (Volume) → @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71aa14 f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) → @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{72631e 54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) → @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class{745a17 a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) → @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{772e18 f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) → @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class{7ebefb c0-3200-11d2-b4c2-00a0c9697d07}] : (61883) → @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class{81C874 65-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8503c9 11-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) → @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88a1c3 42-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) → @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88bae0 32-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) → @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class{89786f f1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) → @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8ecc05 5d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) → @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{990a2b d7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) → @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9D3039 DD-CCA5-4B4D-B33D-E2DDC8A8C52E}] : (dtsoftbus01) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9d6d66 a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) → @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9da2b8 0f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) → @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a588 a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) → @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a701 c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) → @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A3E32D BA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A73C93 F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b1d1a1 69-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) → @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b86dff 51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) → @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{bbbe87 34-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) → @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c06ff2 65-ae09-48f0-812c-16753d7cba83}] : (AVC) → @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c16652 3c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) → @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c243ff bd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) → @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c30ece a0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) → @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c7bc9b 22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) → @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class{CC41EB A2-AB57-4F4E-8C3D-1BC33B1E74E3}] : (RDPDR) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{cdcf09 39-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) → @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{ce5939 ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) → @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d02bc3 da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) → @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d421b0 8e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) → @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d48179 be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) → @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d54650 0a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) → @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d61ca3 65-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) → @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d94ee5 d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) → @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class{db4f6d dd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) → @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e0cbf0 6c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) → @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e2f84c e7-8efa-411c-aa69-97454ca4cb57}] : (Extension) → @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e55fa6 f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) → @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{eec5ad 98-8080-425f-922a-dabf3de3f69a}] : (WPD) → @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f2e7dd 72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) → @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f3586b af-b5aa-49b5-8d6c-0569284c639f}] : (Compression) → @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f72fe0 d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) → @oem40.inf,%ClassName%;ADB Interface
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f75a86 c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) → @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f8ecaf a6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) → @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{fe8f15 72-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) → @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] → ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] → elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] → ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[27/04/2017 15:14:13] - (1.12.3.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Monitor) - C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys
[10/06/2016 06:41:26] - (4.0.74.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\WINDOWS\system32\DRIVERS\cm_km.sys
[07/06/2016 23:33:14] - (12.0.0.6) - (AO Kaspersky Lab - Backup Disk Filter [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys
[27/04/2017 15:14:14] - (10.6.1.0) - (AO Kaspersky Lab - Kaspersky Lab Boot Guard Driver) - C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys
[02/06/2016 03:43:38] - (6.8.0.67) - (AO Kaspersky Lab - Kaspersky Unified Driver) - C:\WINDOWS\system32\DRIVERS\kl1.sys
[19/12/2016 23:31:42] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\EUBKMON.sys
[19/12/2016 23:31:45] - (1.0.1.0) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver) - C:\WINDOWS\system32\drivers\eubakup.sys
[18/12/2013 20:25:39] - (4.47.1.282) - (Disc Soft Ltd - DAEMON Tools Virtual Bus Driver) - C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[27/04/2017 15:06:50] - (12.0.120.62) - (AO Kaspersky Lab - klhk [fre_win8_x64]) - C:\WINDOWS\System32\drivers\klhk.sys
[15/06/2016 00:23:44] - (12.0.0.8) - (AO Kaspersky Lab - Backup File Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klbackupflt.sys
[27/04/2017 15:06:50] - (12.0.31.0) - (AO Kaspersky Lab - Filter Core [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klflt.sys
[27/04/2017 15:06:50] - (12.0.217.0) - (AO Kaspersky Lab - Core System Interceptors [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klif.sys
[31/05/2016 23:31:20] - (12.0.0.6) - (AO Kaspersky Lab - Format Recognizer [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\klpd.sys
[18/06/2016 01:36:24] - (12.0.0.11) - (AO Kaspersky Lab - WFP Network Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klwfp.sys
[29/03/2017 03:21:00] - (13.0.0.8) - (AO Kaspersky Lab - Packet Network Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klim6.sys
[29/03/2017 03:21:00] - (12.0.0.39) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klwtp.sys
[24/06/2017 12:59:24] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\WINDOWS\System32\drivers\zamguard64.sys
[24/06/2017 12:59:24] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\WINDOWS\System32\drivers\zam64.sys
[14/06/2016 17:47:52] - (12.0.0.22) - (AO Kaspersky Lab - Network Processor [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\kneps.sys
[19/12/2016 23:31:45] - (1.0.0.1) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver) - C:\WINDOWS\system32\drivers\EuFdDisk.sys
[19/12/2016 23:31:45] - (1.2.0.1) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver) - C:\WINDOWS\system32\drivers\eudskacs.sys
[08/07/2014 21:42:14] - (0.0.0.0) - ( -) - C:\WINDOWS\SysWow64\drivers\AsIO.sys
[07/06/2016 01:31:06] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\WINDOWS\System32\drivers\kltap.sys
[27/04/2017 16:25:59] - (21.21.13.7872) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 378.72) - C:\WINDOWS\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_0c385245f4e4f578\nvlddmkm.sys
[16/07/2016 12:41:53] - (12.10.13.3) - (Marvell - NDIS6.30 Miniport Driver for Marvell Yukon Ethernet Controller) - C:\WINDOWS\System32\drivers\yk63x64.sys
[17/05/2013 12:13:26] - (1043.6.0.0) - ( - ATK0110 ACPI Utility) - C:\WINDOWS\system32\DRIVERS\ASACPI.sys
[19/05/2016 00:57:36] - (12.0.0.1) - (AO Kaspersky Lab - Keyboard Device Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
[07/06/2015 01:52:56] - (10.0.0.11) - (Kaspersky Lab ZAO - Mouse Device Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klmouflt.sys
[17/06/2017 08:18:07] - (5.1.2.252) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\WINDOWS\System32\ATMFD.DLL
[31/05/2016 23:24:06] - (12.0.0.1) - (AO Kaspersky Lab - Virtual Disk [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\kldisk.sys
[29/12/2012 21:59:38] - (2.3.11.0) - (Almico Software - SpeedFan x64 Driver) - C:\WINDOWS\SysWOW64\speedfan.sys
[31/05/2017 18:19:55] - (3.6.0.0) - (WinISO.com - WinISO Virtual CD Drive) - C:\WINDOWS\system32\drivers\WinisoCDBus.sys
[27/04/2017 15:09:32] - (0.0.0.46) - (AO Kaspersky Lab - Kernel heuristics engine) - C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys
[27/04/2017 15:14:13] - (5.12.3.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Engine) - C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys
[27/04/2017 15:15:25] - (3.6.1.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit) - C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () → System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) → System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) → System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () → System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () → System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () → System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () → System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport’s Miniport Driver) → System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) → System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) → System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) → System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) → system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () → System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) → System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) → System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) → System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) → System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EUBAKUP (EUBAKUP) → system32\drivers\eubakup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - EUBKMON (EUBKMON) → system32\drivers\EUBKMON.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) → System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) → system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) → System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () → System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) → System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) → System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) → System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () → System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) → System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) → system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () → System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - kl1 (kl1) → system32\DRIVERS\kl1.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) → system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - klelam (klelam) → system32\DRIVERS\klelam.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - klupd_klif_arkmon () → System32\Drivers\klupd_klif_arkmon.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - klupd_klif_klbg () → System32\Drivers\klupd_klif_klbg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () → System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () → System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () → System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () → System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () → System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () → System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () → System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () → System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () → System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) → System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () → System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) → System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () → System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) → system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () → System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () → System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) → System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) → System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pciide () → System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pcmcia () → System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) → System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) → system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () → System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () → System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) → System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) → System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) → System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () → System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () → System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) → System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () → System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsof t Standard SATA AHCI Driver) → System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) → System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) → System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) → System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () → System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) → System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) → System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) → System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) → System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) → System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) → System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) → System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () → System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) → System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) → system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) → System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) → system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy .SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) → System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) → \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) → system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () → \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () → \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) → \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) → system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) → system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) → System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - dtsoftbus01 (@oem102.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver) → \SystemRoot\System32\drivers\dtsoftbus01.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - EUDSKACS (EUDSKACS) → ??\C:\WINDOWS\system32\drivers\eudskacs.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - EUFDDISK (EUFDDISK) → ??\C:\WINDOWS\system32\drivers\EuFdDisk.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) → system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) → System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) → system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klhk (@oem33.inf,%klhkDisplayName%;Kaspersky Lab service driver) → \SystemRoot\System32\drivers\klhk.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) → system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - KLIM6 (@oem3.inf,%KLIM6_Desc%;Kaspersky Anti-Virus NDIS 6 Filter) → \SystemRoot\system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) → system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klwfp (klwfp) → \SystemRoot\system32\DRIVERS\klwfp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Klwtp (KLwtp - WFP callout traffic inspector) → \SystemRoot\system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - kneps (kneps) → \SystemRoot\system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) → \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) → system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) → System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) → \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) → system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) → System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) → system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) → \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) → System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM (ZAM Helper Driver) → ??\C:\WINDOWS\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) → ??\C:\WINDOWS\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) → \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - kldisk (kldisk) → \SystemRoot\system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) → system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) → \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) → \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) → system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) → system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) → system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) → system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) → system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - speedfan (speedfan) → ??\C:\WINDOWS\SysWOW64\speedfan.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) → System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) → system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) → System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) → System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) → \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) → \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - WinisoCDBus (WinISO Virtual CD Drive) → system32\drivers\WinisoCDBus.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.78488AF2AB2111D67B3C4044707A519B] - [12/04/2016 10:35:37] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [187.71 Ko] - (0.3.0.4) - C:\WINDOWS\System32\Drivers\1089229B.sys
[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - [08/07/2014 21:42:04] - (.-.) - [9.98 Ko] - (0.0.0.0) - C:\WINDOWS\Syswow64\Drivers\AsInsHelp32.sys
[MD5.EDAA17CE771C696655B6585F7CAD2100] - [08/07/2014 21:42:04] - (.-.) - [11.55 Ko] - (0.0.0.0) - C:\WINDOWS\Syswow64\Drivers\AsInsHelp64.sys
[MD5.68726474C69B738EAC3A62E06B33ADDC] - [08/07/2014 21:42:14] - (.-.) - [13.05 Ko] - (0.0.0.0) - C:\WINDOWS\Syswow64\Drivers\AsIO.sys
[MD5.524D8D450622DB4A7875B111C299A76B] - [11/08/2015 16:19:05] - (.Zaitsev Oleg, Copyright (C) 2004-2006 - AVZ Driver.) - [7 Ko] - (1.2.0.0) - C:\WINDOWS\Syswow64\Drivers\utm2odcz.sys

---------- | Uninstall

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Chromium] : (Chromium.-.Chromium) → “C:\Users\Gary\AppData\Local\Chromium\Application\ 51.0.2683.0\Installer\setup.exe” --uninstall
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Dragon Age Redesigned©] : (Dragon Age Redesigned©.-.) → C:\Users\Gary\Documents\BioWare\Dragon Age\packages\core\override\Uninstall Recommended settings.exe
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\f509cdacb248ec690d546778a66720c4] : (.-.) →
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\RadioSure] : (RadioSure.-.) → C:\Users\Gary\AppData\Local\RadioSure\uninstall.ex e
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\8B3D7924-ED89-486B-8322-E8594065D5CB_is1] : (RogueKiller version 12.11.3.0.-.Adlice Software) → “C:\Program Files\RogueKiller\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\AddressBook] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\AutoHotkey] : (AutoHotkey 1.1.24.05.-.Lexikos) → “C:\Program Files\AutoHotkey\AutoHotkey.exe” “C:\Program Files\AutoHotkey\Installer.ahk”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\CANONIJINBOXADDON100] : (Canon Inkjet Printer Driver Add-On Module.-.) → C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\CCleaner] : (CCleaner.-.Piriform) → “C:\Program Files\CCleaner\uninst.exe”
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Defraggler] : (Defraggler.-.Piriform) → “C:\Program Files\Defraggler\uninst.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Focusrite Scarlett Family Audio Driver_is1] : (Focusrite Scarlett Family Audio Driver 3.1.10.-.Focusrite Audio Engineering Limited.) → “C:\Program Files\Scarlett\USB 2.0 Audio Driver\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\FreeCAD 0.16] : (FreeCAD 0.16 - A free open source CAD system.-.Juergen Riegel) → “C:\Program Files\FreeCAD 0.16\uninstall.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\GIMP-2_is1] : (GIMP 2.8.20.-.The GIMP Team) → “C:\Program Files\GIMP 2\uninst\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\GoldWave v6.19] : (GoldWave v6.19.-.GoldWave Inc.) → “C:\Program Files\GoldWave\unstall.exe” “GoldWave v6.19” “C:\Program Files\GoldWave\unstall.log”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE40] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IEData] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) → “C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MyDefrag v4.3.1_is1] : (MyDefrag v4.3.1.-.J.C. Kessels) → “C:\Program Files\MyDefrag v4.3.1\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\PDF-XChange 3_is1] : (PDF-XChange 3.-.Tracker Software) → “C:\Program Files\Tracker Software\PDF-XChange 3\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Recuva] : (Recuva.-.Piriform) → “C:\Program Files\Recuva\uninst.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SolarApp] : (Logitech Solar App 1.10.-.Logitech) → C:\Program Files\Common Files\LogiShrd\SolarApp_Uninstall\setup.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Speccy] : (Speccy.-.Piriform) → “C:\Program Files\Speccy\uninst.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\VulkanRT1.0.39.1] : (Vulkan Run Time Libraries 1.0.39.1.-.LunarG, Inc.) → C:\Program Files (x86)\VulkanRT\1.0.39.1\UninstallVulkanRT.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WhoCrashed_is1] : (WhoCrashed 5.53.-.Resplendence Software Projects Sp.) → “C:\Program Files\WhoCrashed\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WIC] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WinImage] : (WinImage.-.) → “C:\Program Files\WinImage\winimage.exe” /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WinRAR archiver] : (WinRAR 5.01 (64-bit).-.win.rar GmbH) → C:\Program Files\WinRAR\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{0F347A49-E36C-4639-8D2E-003AD408B8B2}] : (Adblock Plus for IE (32-bit and 64-bit).-.Eyeo GmbH) → MsiExec.exe /X{0F347A49-E36C-4639-8D2E-003AD408B8B2}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.1.2.1733.-.Malwarebytes) → “C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{3DCF00F5-04A5-4543-A088-705480811205}_is1] : (Compiled Driver Disk (Nokia) 1.0.-.COMPELSON Labs) → “C:\Program Files\Compiled Driver Disk (Nokia)\Setup\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{3DCF00F5-04A5-4543-A088-705480811206}_is1] : (Compiled Driver Disk (Samsung) 1.0.-.COMPELSON Labs) → “C:\Program Files\Compiled Driver Disk (Samsung)\Setup\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{6A86F18E-5464-449D-A82D-667974747F38}] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{9130C3A8-3BEA-4A24-88F9-50EFB036F999}] : (Ableton Live 9 Lite.-.Ableton) → MsiExec.exe /X{9130C3A8-3BEA-4A24-88F9-50EFB036F999}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1] : (MSI Kombustor 3.5.1.-.MSI Co., LTD) → “C:\Program Files\MSI Kombustor 3\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1] : (Revo Uninstaller 2.0.1.-.VS Revo Group, Ltd.) → “C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe”
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}Ansel] : (Ansel.-.NVIDIA Corporation) →
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}Display.ControlPanel] : (NVIDIA Control Panel 378.72.-.NVIDIA Corporation) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}Display.Driver] : (NVIDIA Graphics Driver 378.72.-.NVIDIA Corporation) → “C:\WINDOWS\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL”,Uni nstallPackage Display.Driver
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}Display.PhysX] : (NVIDIA PhysX System Software 9.16.0318.-.NVIDIA Corporation) → “C:\WINDOWS\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL”,Uni nstallPackage Display.PhysX
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}installer] : (NVIDIA Install Application.-.NVIDIA Corporation) →
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) →
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}] : (Nokia Connectivity Cable Driver.-.) → RUNDLL32.EXE ccdcmbwux64.dll,WuUninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{BD290B7C-E023-4364-87D4-2B00DE2ED5A7}] : (TextPad 7.-.Helios) → MsiExec.exe /X{BD290B7C-E023-4364-87D4-2B00DE2ED5A7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}is1] : (Phone Drivers Downloader 1.1.-.COMPELSON Labs) → “C:\Program Files\Phone Drivers Downloader\Setup\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{CAF754D7-AD99-409B-A594-C63DB5A51BC2}] : (CSR Harmony Wireless Software Stack.-.Cambridge Silicon Radio Limited.) → MsiExec.exe /X{CAF754D7-AD99-409B-A594-C63DB5A51BC2}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}] : (SAMSUNG USB Driver for Mobile Phones.-.SAMSUNG Electronics Co., Ltd.) → C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\AddressBook] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 26 NPAPI.-.Adobe Systems Incorporated) → C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_ 0_0_131_Plugin.exe -maintain plugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Afterburner] : (MSI Afterburner 4.2.0.-.MSI Co., LTD) → “C:\Program Files (x86)\MSI Afterburner\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Audacity_is1] : (Audacity 2.0.5.-.Audacity Team) → “C:\Program Files (x86)\Audacity\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Audacity®_is1] : (Audacity 2.1.2.-.Audacity Team) → “C:\Program Files (x86)\Audacity\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\BadCopy Pro] : (BadCopy Pro.-.) → C:\PROGRA~2\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~2\Jufsoft\BadCopy\INSTALL.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Belarc Advisor] : (Belarc Advisor 8.4.-.Belarc Inc.) → “C:\Program Files (x86)\Belarc\BelarcAdvisor\Uninstall.exe” “C:\Program Files (x86)\Belarc\BelarcAdvisor\INSTALL.LOG”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\BitMeterOS] : (BitMeter OS.-.) → “C:\Program Files (x86)\Codebox\BitMeterOS\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Cheat Engine 6.4_is1] : (Cheat Engine 6.4.-.Cheat Engine) → “C:\Program Files (x86)\Cheat Engine 6.4\unins000.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DAEMON Tools Lite] : (DAEMON Tools Lite.-.Disc Soft Ltd) → C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DigiGuide TV Guide] : (DigiGuide TV Guide.-.GipsyMedia Limited) → “C:\Program Files (x86)\DigiGuide TV Guide\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\dips64] : (Desktop Icon Position Saver (64-bit).-.) → “C:\Program Files\DIPS64\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Dragon Age 2 - LEGACY 1.03] : (Dragon Age 2 - LEGACY 1.03.-.) → C:\Games\Dragon Age 2\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\EaseUS Data Recovery Wizard 7.0_is1] : (EaseUS Data Recovery Wizard 7.0.-.EaseUS) → “C:\Program Files (x86)\EaseUS\EaseUS Data Recovery Wizard\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\EaseUS Partition Master_is1] : (EaseUS Partition Master 11.9.-.EaseUS) → “C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\EaseUS Todo Backup_is1] : (EaseUS Todo Backup Free 9.2.-.CHENGDU YIWO Tech Development Co., Ltd) → “C:\Program Files (x86)\EaseUS\Todo Backup\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Foxit Reader_is1] : (Foxit Reader.-.Foxit Software Inc.) → “C:\Program Files (x86)\Foxit Software\Foxit Reader\unins001.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\FreeFileSync] : (FreeFileSync 6.1.-.Zenju) → “C:\Program Files\FreeFileSync\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) → “C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Inst aller\setup.exe” --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Grey Olltwit’s Plan Maker] : (Grey Olltwit’s Plan Maker.-.) → C:\PROGRAM FILES (X86)\Plan Maker\planmkrunin.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IconWorkshop] : (Axialis IconWorkshop 6.90.-.Axialis Software) → C:\Program Files (x86)\Axialis\IconWorkshop\UnInstall.exe “IconWorkshop” “IconWorkshop.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE40] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IEData] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield Uninstall Information] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}] : (Ancestral Quest Collaboration Support.-.Incline Software) → C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield{758C8301-2696-4855-AF45-534B1200980A}] : (Samsung Kies.-.Samsung Electronics Co., Ltd.) → “C:\Program Files (x86)\InstallShield Installation Information{758C8301-2696-4855-AF45-534B1200980A}\setup.exe” -runfromtemp -l0x0409 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield{D7BF9739-8A68-4335-BBEE-37752AD9E86B}] : (NEC Electronics USB 3.0 Host Controller Driver.-.NEC Electronics Corporation) → “C:\Program Files (x86)\InstallShield Installation Information{D7BF9739-8A68-4335-BBEE-37752AD9E86B}\setup.exe” -runfromtemp -l0x0409 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield{F5A3D0C9-DAE3-4FA0-935B-F02678079FCC}] : (Ancestral Quest 14.-.Incline Software, LC) → C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{F5A3D0C9-DAE3-4FA0-935B-F02678079FCC}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallWIX{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (Kaspersky Secure Connection.-.Kaspersky Lab) → MsiExec.exe /I{1CF84962-50F8-48CA-9082-B70F3A02C686} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallWIX{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallWIX{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (Kaspersky Total Security.-.Kaspersky Lab) → MsiExec.exe /I{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallWIX{F575F386-57EF-4943-B003-A13F13B05EEB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\KeePassPasswordSafe2_is1] : (KeePass Password Safe 2.24.-.Dominik Reichl) → “C:\Program Files (x86)\KeePass Password Safe 2\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Mozilla Firefox 54.0 (x86 en-US)] : (Mozilla Firefox 54.0 (x86 en-US).-.Mozilla) → “C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MyDriveConnect] : (TomTom MyDrive Connect 4.1.5.3181.-.TomTom) → C:\Program Files (x86)\MyDrive Connect\Uninstall TomTom MyDrive Connect.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\NirSoft BlueScreenView] : (NirSoft BlueScreenView.-.) → “C:\Program Files (x86)\NirSoft\BlueScreenView\uninst.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Notepad++] : (Notepad++.-.Notepad++ Team) → C:\Program Files (x86)\Notepad++\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\OCCT] : (OCCT 4.5.0.-.Ocbase.com) → C:\Program Files (x86)\OCCTPT\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Origin] : (Origin.-.Electronic Arts, Inc.) → C:\Program Files (x86)\Inquisition\OriginUninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\RarmaRadio_is1] : (RarmaRadio 2.69.1.-.RaimerSoft) → “C:\Program Files (x86)\RarmaRadio\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\RTSS] : (RivaTuner Statistics Server 6.4.1.-.Unwinder) → “C:\Program Files (x86)\RivaTuner Statistics Server\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Singing Tutor] : (Singing Tutor.-.) → C:\PROGRA~2\SINGIN~1\UNWISE.EXE C:\PROGRA~2\SINGIN~1\INSTALL.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\SpeedFan] : (SpeedFan (remove only).-.) → “C:\Program Files (x86)\SpeedFan\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\ST6UNST #1] : (USB 3G Super GSM Reader II v2.8.10.-.) → C:\WINDOWS\st6unst.exe -n “C:\Program Files (x86)\USB 3G Super GSM Reader II v2.8.10\ST6UNST.LOG”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\streamWriter_is1] : (streamWriter.-.) → “C:\Program Files (x86)\streamWriter\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\TeamViewer] : (TeamViewer 12.-.TeamViewer) → “C:\Program Files (x86)\TeamViewer\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\TechPowerUp GPU-Z] : (TechPowerUp GPU-Z.-.TechPowerUp) → “C:\Program Files (x86)\GPU-Z\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Unchecky] : (Unchecky v1.0.2.-.RaMMicHaeL) → “C:\Program Files (x86)\Unchecky\Uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Unigine Heaven Benchmark (Basic Edition)_is1] : (Heaven Benchmark version 4.0.-.Unigine Corp.) → “C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Unigine Valley Benchmark_is1] : (Unigine Valley Benchmark version 1.0.-.Unigine Corp.) → “C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Visual Subst] : (Visual Subst.-.NTWind Software) → C:\Program Files (x86)\Visual Subst\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) → C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WIC] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WinISO] : (WinISO.-.WinISO Computing Inc.) → “C:\Program Files (x86)\WinISO\uninst.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\ZHPFix_is1] : (ZHPFix 2015.-.Nicolas Coolman) → “C:\Program Files (x86)\ZHPFix\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{083EF76E-0760-4D7A-9508-0B88A3AF1889}] : (HexEdit.-.Expert Commercial Software Pty Ltd) → MsiExec.exe /I{083EF76E-0760-4D7A-9508-0B88A3AF1889}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{08610298-29AE-445B-B37D-EFBE05802967}] : (LWS Pictures And Video.-.Logitech) → MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{15634701-BACE-4449-8B25-1567DA8C9FD3}] : (CameraHelperMsi.-.Logitech) → MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1651216E-E7AD-4250-92A1-FB8ED61391C9}] : (LWS Help_main.-.Logitech) → MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{174A3B31-4C43-43DD-866F-73C9DB887B48}] : (LWS Twitter.-.Logitech) → MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1A834332-A9EE-440C-9505-2D07F445F05A}] : (MOBILedit! Support Libraries.-.COMPELSON Labs) → MsiExec.exe /I{1A834332-A9EE-440C-9505-2D07F445F05A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}] : (Cool & Quiet.-.) → RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe” -l0x9
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (Kaspersky Secure Connection.-.Kaspersky Lab) → MsiExec.exe /I{1CF84962-50F8-48CA-9082-B70F3A02C686}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{1F13D8B2-94E1-4502-A922-737548AEEABB}] : (System Requirements Lab Detection.-.Husdawg, LLC) → MsiExec.exe /X{1F13D8B2-94E1-4502-A922-737548AEEABB}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}] : (LWS YouTube Plugin.-.Logitech) → MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1] : (Paint XP version 1.5.-.MSPAINTXP.COM) → “C:\Program Files (x86)\Paint XP\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1] : (Geeks3D FurMark 1.19.0.0.-.Geeks3D) → “C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] : (Skype™ 7.0.-.Skype Technologies S.A.) → MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F03217060FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F03217071FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F32180121F0}] : (Java 8 Update 121.-.Oracle Corporation) → MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180121F0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83217051FB}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83218066F0}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83218071F0}] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{278318E2-89F5-43A0-BC54-20E9302244F8}_is1] : (SysInfoTools PST Merge x32(Demo) v3.0.-.SysInfoTools) → “C:\Program Files (x86)\SysInfoTools PST Merge x32(Demo) v3.0\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{32FD738E-D5C6-4F8A-9C93-278859948DD6}] : (SteelSoft Radio(Free Internet Radio).-.SteelSoft) → MsiExec.exe /I{32FD738E-D5C6-4F8A-9C93-278859948DD6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}] : (erLT.-.Logitech, Inc.) → MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4412F224-3849-4461-A3E9-DEEF8D252790}] : (Visual Studio C++ 10.0 Runtime.-.TomTom International B.V.) → MsiExec.exe /I{4412F224-3849-4461-A3E9-DEEF8D252790}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{47C1AE40-7ED8-4743-83C3-C76F76C754A9}_is1] : (CleanGenius 3.2.2.-.Amigabit, Inc.) → “C:\Program Files (x86)\CleanGenius 3\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1] : (MOBILedit! ver. 7.5.3.4200.-.COMPELSON Labs) → “C:\Program Files (x86)\MOBILedit!\Setup\unins000.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4D565319-8B91-41CB-961C-0DDC86101AC5}] : (Dragon Age™ II.-.Electronic Arts) → “C:\Program Files (x86)\Common Files\EAInstaller\Dragon Age 2\Cleanup.exe” uninstall_game -autologging
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}] : (Ancestral Quest Collaboration Support.-.Incline Software) → C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}] : (OpenOffice 4.1.2.-.Apache Software Foundation) → MsiExec.exe /I{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) → MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{683E4F0D-5A86-48BC-BD93-4751849028A8}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}] : (LWS Gallery.-.Logitech) → MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{70828B2E-C97B-4107-BE35-1273211919B5}_is1] : (SQLite Forensic Explorer version 2.0.-.Acquire Forensic) → “C:\Program Files (x86)\SQLite Forensic Explorer\unins000.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{71E66D3F-A009-44AB-8784-75E2819BA4BA}] : (LWS Motion Detection.-.Logitech) → MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{758C8301-2696-4855-AF45-534B1200980A}] : (Samsung Kies.-.Samsung Electronics Co., Ltd.) → MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}] : (LWS Launcher.-.Logitech) → MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{86F2B095-3998-41D5-833D-1C5075300950}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8937D274-C281-42E4-8CDB-A0B2DF979189}] : (LWS Webcam Software.-.Logitech) → MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1] : (Zemana AntiMalware.-.Zemana Ltd.) → “C:\Program Files (x86)\Zemana AntiMalware\unins000.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{9DAEA76B-E50F-4272-A595-0124E826553D}] : (LWS WLM Plugin.-.Logitech) → MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{A306FD29-7D3A-4287-91AC-9A0180931395}_is1] : (Roadkil’s Unstoppable Copier Version 5.2.-.Roadkil.Net) → “C:\Program Files (x86)\UnstopCpy\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AEC81925-9C76-4707-84A9-40696C613ED3}] : (Dragon Age: Origins.-.Electronic Arts, Inc.) → C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C7C4A0C6-8483-4065-851D-CBE5DC17D046}] : (LibreOffice 5.3.3.2.-.The Document Foundation) → MsiExec.exe /I{C7C4A0C6-8483-4065-851D-CBE5DC17D046}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D3580358-0F78-402A-BE53-2E9D06383E04}] : (NETGEAR WNA3100M N300 Wireless USB Adapter.-.NETGEAR) → C:\Program Files (x86)\InstallShield Installation Information{D3580358-0F78-402A-BE53-2E9D06383E04}\setup.exe -runfromtemp -l0x0009 -removeonly -PanelRemove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D40EB009-0499-459c-A8AF-C9C110766215}] : (Logitech Webcam Software.-.Logitech Inc.) → “C:\Program Files (x86)\Common Files\LogiShrd\Installer{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe” /lang=ENU /guid=“{D40EB009-0499-459c-A8AF-C9C110766215}”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}] : (.-.) →
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D7BF9739-8A68-4335-BBEE-37752AD9E86B}] : (NEC Electronics USB 3.0 Host Controller Driver.-.NEC Electronics Corporation) → MsiExec.exe /I{D7BF9739-8A68-4335-BBEE-37752AD9E86B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{D94A8E22-DF2B-4107-9E51-608A60A7671D}] : (Personal Ancestral File 5.-.) → RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{DC4C36DC-4E5B-4262-B0C7-157DF534B969}] : (Dragon Age™: Inquisition.-.Electronic Arts) → “C:\Program Files (x86)\Common Files\EAInstaller\Dragon Age Inquisition\Cleanup.exe” uninstall_game -autologging
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (Kaspersky Total Security.-.Kaspersky Lab) → MsiExec.exe /I{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F2E23139-3404-4E3C-9855-7724415D62A5}] : (Dragon Age II.-.Electronic Arts, Inc.) → “C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age 2.exe”
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F5A3D0C9-DAE3-4FA0-935B-F02678079FCC}] : (Ancestral Quest 14.-.Incline Software, LC) → C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{F5A3D0C9-DAE3-4FA0-935B-F02678079FCC}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{F6430171-B86B-4639-839E-374913E7911D}] : (Google Earth.-.Google) → MsiExec.exe /I{F6430171-B86B-4639-839E-374913E7911D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{fd97d1e2-368a-4cd9-af63-8eeff938044a}] : (Adblock Plus for IE.-.) → “C:\ProgramData\Package Cache{fd97d1e2-368a-4cd9-af63-8eeff938044a}\adblockplusie-1.1.exe” /uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}] : (LWS Facebook.-.Logitech) → MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}

---------- | Ports

---------- | Installer

[HKCR\Installer\Products\00002109020090400000000000 F01FEC] : Compatibility Pack for the 2007 Office system → C:\Windows\Installer{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
[HKCR\Installer\Products\0AB19942EE0FDA44C98CE55CA0 CE6F7B] : Skype™ 7.0 → C:\Windows\Installer{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
[HKCR\Installer\Products\1038C85769625584FA5435B421 0089A0] : Samsung Kies → C:\Windows\Installer{758C8301-2696-4855-AF45-534B1200980A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\10743651ECAB9444B8525176AD C8F93D] : CameraHelperMsi
[HKCR\Installer\Products\13B3A47134C4DD3468F6379CBD 88B784] : LWS Twitter
[HKCR\Installer\Products\1710346FB68B936438E9739431 7E19D1] : Google Earth → C:\WINDOWS\Installer{F6430171-B86B-4639-839E-374913E7911D}\MainIcon.ico
[HKCR\Installer\Products\233438A1EE9AC0445950D2704F 540FA5] : MOBILedit! Support Libraries → C:\Windows\Installer{1A834332-A9EE-440C-9505-2D07F445F05A}_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\26948FC18F05AC8409287BF0A3 206C68] : Kaspersky Secure Connection → C:\WINDOWS\Installer{1CF84962-50F8-48CA-9082-B70F3A02C686}\setup2.ico
[HKCR\Installer\Products\2B8D31F11E4920549A22375784 EAAEBB] : System Requirements Lab Detection → C:\Windows\Installer{1F13D8B2-94E1-4502-A922-737548AEEABB}\icon.ico
[HKCR\Installer\Products\422F2144948316443A9EEDFED8 527209] : Visual Studio C++ 10.0 Runtime
[HKCR\Installer\Products\472D7398182C4E24C8BD0A2BFD 791998] : LWS Webcam Software
[HKCR\Installer\Products\4920FD12D9B61474BAF62BBABF 2D83E7] : LWS YouTube Plugin
[HKCR\Installer\Products\4EA42A62D9304AC4784BF22381 10120F] : Java 8 Update 121 → C:\Program Files (x86)\Java\jre1.8.0_121\bin\javaws.exe
[HKCR\Installer\Products\591761FF4EE90C64C87DBF3A54 E788BA] : LWS Facebook
[HKCR\Installer\Products\6C0A4C7C3848560458D1BC5ECD 710D64] : LibreOffice 5.3.3.2 → C:\WINDOWS\Installer{C7C4A0C6-8483-4065-851D-CBE5DC17D046}\soffice.ico
[HKCR\Installer\Products\7CBCC2E4FBB67094A9333CBB77 638636] : Ancestral Quest Collaboration Support → C:\Windows\Installer{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7D457FAC99DAB9045A496CD35B 5AB12C] : CSR Harmony Wireless Software Stack → C:\WINDOWS\Installer{CAF754D7-AD99-409B-A594-C63DB5A51BC2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\89201680EA92B5443BD7FEEB50 089276] : LWS Pictures And Video
[HKCR\Installer\Products\8A3C0319AEB342A4889F05FE0B 639F99] : Ableton Live 9 Lite
[HKCR\Installer\Products\9002F3925410B0544BAA60D334 BF63C8] : Windows 10 Update and Privacy Settings
[HKCR\Installer\Products\9379FB7D86A85334BBEE7357A2 9D8EB6] : NEC Electronics USB 3.0 Host Controller Driver → C:\Windows\Installer{D7BF9739-8A68-4335-BBEE-37752AD9E86B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446E B8552E] : Google Update Helper
[HKCR\Installer\Products\94A743F0C63E9364D8E200A34D 808B2B] : Adblock Plus for IE (32-bit and 64-bit) → C:\Windows\Installer{0F347A49-E36C-4639-8D2E-003AD408B8B2}\program_icon
[HKCR\Installer\Products\9C0D3A5F3EAD0AF439B50F6287 70F9CC] : Ancestral Quest 14 → C:\Windows\Installer{F5A3D0C9-DAE3-4FA0-935B-F02678079FCC}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745 894BAC] : Google Update Helper
[HKCR\Installer\Products\B67AEAD9F05E27245A5910428E 6255D3] : LWS WLM Plugin
[HKCR\Installer\Products\B7D1B72E43B32A34F90C89825D FD642E] : Kaspersky Total Security → C:\WINDOWS\Installer{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}\setup2.ico
[HKCR\Installer\Products\B8BC69E4E4443AE4E84F6260B0 B014F1] : OpenOffice 4.1.2 → C:\WINDOWS\Installer{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}\soffice.ico
[HKCR\Installer\Products\C3AF8C38AE4F4C6438293DEC53 73836D] : LWS Launcher
[HKCR\Installer\Products\C3CE67F61B43E63479BF845CD8 B7DEDC] : LWS Gallery
[HKCR\Installer\Products\C7B092DB320E4634784DB200ED E25D7A] : TextPad 7 → C:\WINDOWS\Installer{BD290B7C-E023-4364-87D4-2B00DE2ED5A7}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D139E7FE48CDB174D86B8A3385 904547] :
[HKCR\Installer\Products\E6121561DA7E0524291ABFE86D 31199C] : LWS Help_main
[HKCR\Installer\Products\E67FE3800670A7D45980B0883A FA8198] : HexEdit
[HKCR\Installer\Products\E837DF236C5DA8F4C939728895 49D86D] : SteelSoft Radio(Free Internet Radio)
[HKCR\Installer\Products\F3D66E17900ABA447848572E18 B94AAB] : LWS Motion Detection
[HKCR\Installer\Products\F60730A4A66673047777F57284 67D401] : Java Auto Updater

---------- | ADS

@C:\Program Files (x86)\Common Files\System:Win32App_1

---------- | Drives

Disk: 0 Size=954G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors

---

0 0 07-NTFS 100M Yes No 2,048 204,800
1 1 07-NTFS 953G No No 206,848 952,393,216
2 2 27-UNKNWN 450M No No 952,600,064 921,600

---------- | MBR

Windows Version: Professional
Windows Information: (build 9200), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x03806fbc

Analysis of file “C:\QuickDiag\MBR.bin”:
Windows 7 MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog
[HEADING=1]Faulting application name: nvxdsync.exe, version: 8.17.13.7872, time stamp: 0x58a53ec9
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f5b9
Faulting process id: 0x7ec
Faulting application start time: 0x01d2f12803e05298
Faulting application path: C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 71b44ae0-4a81-45a3-bcc0-54d716d6c5bd
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
[HEADING=1]System Error:
Access is denied.
.[/HEADING]
The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 8a0
Start Time: 01d2eceeb790da4f
Termination Time: 62
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: fb30976c-5ac0-11e7-abe4-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

---

[HEADING=1]The Open Procedure for service “BITS” in DLL “C:\Windows\System32\bitsperf.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.[/HEADING]
[HEADING=1]Faulting application name: nvxdsync.exe, version: 8.17.13.7872, time stamp: 0x58a53ec9
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f5b9
Faulting process id: 0x7a8
Faulting application start time: 0x01d2ecee0e30b208
Faulting application path: C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f4254337-2347-4184-88c9-9035d924634e
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 25ac
Start Time: 01d2ecea9a43c624
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 19adbf83-58de-11e7-abe3-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

---

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation
[HEADING=1]Context:
Current State: DoSnapshotSet[/HEADING]
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
[HEADING=1]System Error:
Access is denied.
.[/HEADING]
The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 23b8
Start Time: 01d2ecd5e601845d
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: a82dd1cb-58cf-11e7-abe2-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

---

[HEADING=1]Faulting application name: nvxdsync.exe, version: 8.17.13.7872, time stamp: 0x58a53ec9
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f5b9
Faulting process id: 0x7c4
Faulting application start time: 0x01d2ecd551215d37
Faulting application path: C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f269d6da-1794-4b86-972d-dee07a8d18c0
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3438
Start Time: 01d2ecd1c3fd5572
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: d2e8f6d1-58c5-11e7-abe1-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

---

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation
[HEADING=1]Context:
Current State: DoSnapshotSet[/HEADING]
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
[HEADING=1]System Error:
Access is denied.
.[/HEADING]
[HEADING=1]Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: NetEventPacketCapture.dll, version: 10.0.14393.953, time stamp: 0x58ba5f01
Exception code: 0xc0000005
Fault offset: 0x00000000000160d3
Faulting process id: 0x2ac0
Faulting application start time: 0x01d2eccbedd58517
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\system32\wbem\NetEventPacketCapture.dll
Report Id: b3c6be28-9130-4da4-9330-364ddf7ea414
Faulting package full name:
Faulting package-relative application ID:[/HEADING]
The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2428
Start Time: 01d2ecbf4e6f4b9c
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: bef0ac76-58b2-11e7-abe1-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

---

The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2210
Start Time: 01d2ecbd890397b2
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 41778048-58b2-11e7-abe1-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

---

[HEADING=1]The Open Procedure for service “BITS” in DLL “C:\Windows\System32\bitsperf.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.[/HEADING]
[HEADING=1]The Open Procedure for service “BITS” in DLL “C:\Windows\System32\bitsperf.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.[/HEADING]
The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 29e0
Start Time: 01d2e9ac3c74f3db
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 52325e2f-5669-11e7-abe0-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

---

----------( EOF)---------- - 5190 | 10:51:49

[/SPOILER

]

This log will take some time to look over, I will have a reply for you tomorrow. How is the machine running now?

Thanks. In general use there’s no change, it’s running ok as usual. I’ll have to go back to the graphics intensive game to check if it still crashes. May find time today, otherwise it’d be next week. I’ll update on how it goes.