In Progress - Can not open anything | PC Help Forum
  1. Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Virus removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
    Dismiss Notice

In Progress Can not open anything

Discussion in 'Malware Removal' started by Cory, Oct 2, 2017.

  1. Cory

    Cory PCHF Member PCHF Donator PCHF Member

    Joined:
    Feb 16, 2017
    Messages:
    29
    I have a samsung laptop that is running Windows 7 and I can not get it to boot up and open anything. I have tried booting into safemode with network so I could start a malwarebytes update and run a scan but I can not get anything to open. What can I do next?
     
  2. Cory

    Cory PCHF Member PCHF Donator PCHF Member

    Joined:
    Feb 16, 2017
    Messages:
    29
    I was able to start the pre-wrok. It is just taking very long, everything is taking a long time to open.
     
  3. jmarket

    jmarket PCHF Owner PCHF Owner Support Team Security Team

    Joined:
    Jan 10, 2015
    Messages:
    1,297
    Hi @Cory :)

    It sounds like you have a very serious infection, and the prework is absolutely necessary to get underway. It may take a while, but it will finish :)
     
  4. g3n-h@ckm@n

    g3n-h@ckm@n PCHF Security Advisor Security Advisor PCHF Member

    Joined:
    Sep 5, 2016
    Messages:
    53
    Hello

    Paste the content of the reports you made with prework, and after that,

    Download Quick Diag to your desktop.
    Very Important!! — Make sure program is on your desktop.
    Disable your Antivirus/Antispyware prior to scanning.
    Right Click Run as Administrator.
    Select the Quick Scan.
    [​IMG]
    Post the log that is generated in your next post.
     
    Last edited: Oct 2, 2017
  5. Cory

    Cory PCHF Member PCHF Donator PCHF Member

    Joined:
    Feb 16, 2017
    Messages:
    29
    The FRST will not finish. I get the FRST file but not the additional file. It is giving me a BSOD. Going to try it again.
     
  6. g3n-h@ckm@n

    g3n-h@ckm@n PCHF Security Advisor Security Advisor PCHF Member

    Joined:
    Sep 5, 2016
    Messages:
    53
    hello try Quickdiag As I wrote
     
  7. Cory

    Cory PCHF Member PCHF Donator PCHF Member

    Joined:
    Feb 16, 2017
    Messages:
    29
    It took several hours to finish. Here is the log from Quickdiag.

    --------------- QuickDiag | g3n-h@ckm@n | V3_04.10.17.1 ---------------

    ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 07/10/2017 12:47:05

    Updated 04/10/2017 | 22.38 (GMT) by g3n-h@ckm@n
    Contact : http://www.sosvirus.net/

    Time Zone : (UTC-06:00) Central Time (US & Canada)
    [Tonya (Administrator)] - [TONYA-PC] (S-1-5-21-2880522861-2664208021-4051181673-1000)

    System: Microsoft Windows 7 Home Premium - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) -> ()
    System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
    Boot : Microsoft Windows 7 Home Premium |C:\windows|\Device\Harddisk0\Partition2
    Boot : SafeMode with network
    PC: QX311/QX411/QX412/QX511 - SAMSUNG ELECTRONICS CO., LTD. - IdNumber: HPHF91BC212095 - UUID: 27A224A0-1DD2-11B2-8000-F37DA3B63CE7
    Processor : X64 - 2494 Mhz - Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    Phoenix SecureCore-Tiano(tm) NB Version 2.1 08HS - en-US - Phoenix Technologies Ltd. - S/N: HPHF91BC212095 - 08HS - SECCSD - 2
    CoreTemp : 29.8 Celsius

    ----------| Quick


    ---------- | SoundDevice

    Realtek High Definition Audio - Status: Unknown - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_144DC0A0&REV_1001\4&3A0AA0FC&0&0001
    Intel(R) Display Audio - Status: Unknown - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000\4&3A0AA0FC&0&0301

    ---------- | Video

    Intel(R) HD Graphics Family - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd64.dll,igd10umd64.dll,igd10umd64.dll,igdumdx32,igd10umd32,igd10umd32 - PNPDeviceID: PCI\VEN_8086&DEV_0126&SUBSYS_C0A0144D&REV_09\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: -1320394752
    Inegrated Video Chipset DeviceName: Intel(R) HD Graphics Family - DriverVersion: 8.15.10.2266 - SpecificationVersion: 1025

    ---------- | Codecs

    c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 - Manufacturer: Microsoft Corporation - Status: OK
    c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK
    c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK
    c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK
    c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK
    c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK
    c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 - Manufacturer: Microsoft Corporation - Status: OK
    c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK
    c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK
    c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK

    ---------- | CPU

    CPU #1 value:0 %
    CPU #2 value:0 %
    CPU #3 value:0 %
    CPU #4 value:0 %
    Total Overall CPU Usage value:0 %

    ---------- | Network

    Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
    Intel[R] Centrino[R] Wireless-N 6150 : SENT:0 bytes/sec / RECVD:0 bytes/sec
    isatap.{E2688C84-BBB3-4E36-80F6-5028CF4B2EC6} : SENT:0 bytes/sec / RECVD:0 bytes/sec
    isatap.Home : SENT:0 bytes/sec / RECVD:0 bytes/sec
    Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec

    Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec

    WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
    WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
    WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
    WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
    WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
    WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
    WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
    Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_C0A0144D&REV_06\4&3A33A527&0&00E3
    WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
    Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000
    RAS Async Adapter - - - Status: - PnPID :
    Intel(R) Centrino(R) WiMAX 6150 - - - Status: - PnPID :
    Microsoft ISATAP Adapter #2 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001
    Intel(R) Centrino(R) Wireless-N 6150 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_0885&SUBSYS_13058086&REV_67\4&1D025BEB&0&00E0
    Microsoft Virtual WiFi Miniport Adapter - - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1FD03075&0&01
    Microsoft ISATAP Adapter #3 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002
    Microsoft Virtual WiFi Miniport Adapter - - - Status: - PnPID :
    Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000
    Microsoft 6to4 Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*6TO4MP\0000

    ---------- | Memory

    RAM = Total (MB) : 6203 | Free (MB) : 5296
    Pagefile = Total (MB) : 12404 | Free (MB) : 11566
    Virtual = Total (MB) : 4194 | Free (MB) : 4003

    Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: Samsung - PartNumber: M471B5273CM0-CH9 - S/N: B4231876
    Physical Memory 2 : Capacity: 2147483648 - ChannelB-DIMM0 - Posit.: 2 - Manufacturer: Samsung - PartNumber: M471B5773DH0-CH9 - S/N: 006BA1C6

    ---------- | SID Users

    Administrator : [S-1-5-21-2880522861-2664208021-4051181673-500]
    Guest : [S-1-5-21-2880522861-2664208021-4051181673-501]
    HomeGroupUser$ : [S-1-5-21-2880522861-2664208021-4051181673-1004]
    Tonya : [S-1-5-21-2880522861-2664208021-4051181673-1000]
    Administrators : [S-1-5-32-544]
    Distributed COM Users : [S-1-5-32-562]
    Event Log Readers : [S-1-5-32-573]
    Guests : [S-1-5-32-546]
    IIS_IUSRS : [S-1-5-32-568]
    Performance Log Users : [S-1-5-32-559]
    Performance Monitor Users : [S-1-5-32-558]
    Users : [S-1-5-32-545]
    HomeUsers : [S-1-5-21-2880522861-2664208021-4051181673-1003]

    ---------- | SystemAccounts

    Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
    Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
    Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
    Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
    Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
    Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
    Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
    Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
    Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
    Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
    Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
    Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
    Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
    Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
    Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
    Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
    Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
    Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
    Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
    Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
    Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
    Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
    Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
    Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
    Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

    ---------- | Drives

    C:\ -> [Fixed] | [] | Total : 365 Go | Free : 289.09 Go -> NTFS [ATA]
    D:\ -> [Fixed] | [] | Total : 547.38 Go | Free : 547.23 Go -> NTFS [ATA]
    E:\ -> [CDROM] | [50941] | Total : 4.16 Go | Free : 0 Go -> CDFS [ATAPI]

    Disk Usage Information [1 total Physical Disks]

    Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec

    Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

    DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : IDE\DISKSAMSUNG_HN-M101MBB______________________2AR10001\4&555A9D6&0&0.0.0

    ---------- | Windows updates

    Last detection : 2017-09-30 15:31:08
    Downloaded last ones : 2017-09-14 22:39:25
    Installed last ones : 2017-09-16 13:14:59
    Next search : 2017-10-03 02:06:03


    ---------- | Browsers

    IE : 11.0.9600.18792 (© Microsoft Corporation.)
    FF : 55.0.3.6445 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
    GC : 61.0.3163.100 (Copyright 2016 Google Inc.)

    Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url ""

    ---------- | FlashPlayer

    FlashPlayer ActiveX : 27.0.0.130
    FlashPlayer Plugin : 27.0.0.130

    ---------- | Security

    AV : Malwarebytes Disabled
    AS : Windows Defender Disabled
    FW : WINDOWS Firewall
    WMI : OK
    WU: Windows Update Service [Auto(2)] = stopped
    AS: Windows Defender [Manual(3)] = stopped
    WMI: Windows Management Instrumentation [Auto(2)] = Running



    ---------- | Running processes

    300 | [Owner : SYSTEM | Parent : 4(System) | 1.25 Mo] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.23889) = C:\Windows\System32\smss.exe [14/09/2017 17:38:50] CPU Usage:0 % --> Command Line :
    392 | [Owner : SYSTEM | Parent : 384() | 4.35 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 18:19:49] CPU Usage:0 % --> Command Line :
    428 | [Owner : SYSTEM | Parent : 420() | 6.08 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 18:19:49] CPU Usage:0 % --> Command Line :
    436 | [Owner : SYSTEM | Parent : 384() | 4.88 Mo] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [13/07/2009 18:52:37] CPU Usage:0 % --> Command Line :
    476 | [Owner : SYSTEM | Parent : 420() | 5.79 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [15/10/2014 19:40:23] CPU Usage:0 % --> Command Line :
    528 | [Owner : SYSTEM | Parent : 436(wininit.exe) | 8.04 Mo] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [12/05/2015 13:37:47] CPU Usage:0 % --> Command Line :
    536 | [Owner : SYSTEM | Parent : 436(wininit.exe) | 11.8 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23889) = C:\Windows\System32\lsass.exe [14/09/2017 17:38:46] CPU Usage:0 % --> Command Line :
    544 | [Owner : SYSTEM | Parent : 436(wininit.exe) | 4.33 Mo] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [20/11/2010 22:23:53] CPU Usage:0 % --> Command Line :
    640 | [Owner : SYSTEM | Parent : 528(services.exe) | 9.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
    712 | [Owner : NETWORK SERVICE | Parent : 528(services.exe) | 7.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
    812 | [Owner : SYSTEM | Parent : 528(services.exe) | 40.02 Mo] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.209.0) = C:\Program Files\Microsoft Security Client\MsMpEng.exe [14/11/2016 22:14:42] CPU Usage:0 % --> Command Line :
    848 | [Owner : LOCAL SERVICE | Parent : 528(services.exe) | 11.98 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
    880 | [Owner : SYSTEM | Parent : 528(services.exe) | 21.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
    980 | [Owner : LOCAL SERVICE | Parent : 528(services.exe) | 7.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
    1016 | [Owner : NETWORK SERVICE | Parent : 528(services.exe) | 14.52 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
    356 | [Owner : SYSTEM | Parent : 528(services.exe) | 16.38 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
    612 | [Owner : LOCAL SERVICE | Parent : 528(services.exe) | 13.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
    1772 | [Owner : Tonya | Parent : 1900() | 50.66 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.23537) = C:\Windows\explorer.exe [12/10/2016 20:31:01] CPU Usage:0 % --> Command Line :
    1976 | [Owner : Tonya | Parent : 1772(explorer.exe) | 3.77 Mo] - (.Microsoft Corporation - CTF Loader.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe [13/07/2009 18:39:05] CPU Usage:0 % --> Command Line :
    1560 | [Owner : Tonya | Parent : 640(svchost.exe) | 15.33 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) = C:\Windows\System32\dllhost.exe [13/07/2009 18:59:17] CPU Usage:0 % --> Command Line :
    2384 | [Owner : Tonya | Parent : 1772(explorer.exe) | 31.63 Mo] - (.SosVirus - QuickDiag.) - (4.10.17.1) = C:\Users\Tonya\Desktop\QuickDiag.exe [07/10/2017 12:45:39] CPU Usage:0 % --> Command Line :
    2556 | [Owner : NETWORK SERVICE | Parent : 640(svchost.exe) | 9.85 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 22:24:15] CPU Usage:0 % --> Command Line :
    2608 | [Owner : SYSTEM | Parent : 640(svchost.exe) | 6.89 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 22:24:15] CPU Usage:0 % --> Command Line :
    2664 | [Owner : NETWORK SERVICE | Parent : 640(svchost.exe) | 7.29 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [20/11/2010 22:24:27] CPU Usage:0 % --> Command Line :

    ---------- | MD5

    [MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [12/10/2016 20:31:01] - (.© Microsoft Corporation. - Windows Explorer.) - [3154 Ko] - (6.1.7601.23537) : C:\windows\Explorer.exe
    [MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [20/11/2010 22:23:55] - (.© Microsoft Corporation. - Windows Command Processor.) - [337 Ko] - (6.1.7601.17514) : C:\windows\System32\cmd.exe
    [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [13/07/2009 18:19:49] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [7.5 Ko] - (6.1.7600.16385) : C:\windows\System32\csrss.exe
    [MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [13/07/2009 18:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\windows\System32\dllhost.exe
    [MD5.A0AB7ED46853E87E8BB66A404F366E16] - [14/09/2017 17:38:50] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [1136 Ko] - (6.1.7601.23889) : C:\windows\System32\Kernel32.dll
    [MD5.00A54A6CEDF599AABB72C20E0815BC37] - [14/09/2017 17:38:46] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23889) : C:\windows\System32\lsass.exe
    [MD5.3F1A199859B4F3F8357B2A0AF5666A54] - [14/09/2017 17:38:50] - (.© Microsoft Corporation. - Distributed COM Services.) - [500 Ko] - (6.1.7601.23889) : C:\windows\System32\rpcss.dll
    [MD5.C36BB659F08F046B139C8D1B980BF1AC] - [13/06/2017 18:00:28] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [45 Ko] - (6.1.7601.23755) : C:\windows\System32\rundll32.exe
    [MD5.71C85477DF9347FE8E7BC55768473FCA] - [12/05/2015 13:37:47] - (.© Microsoft Corporation. - Services and Controller app.) - [321 Ko] - (6.1.7601.18829) : C:\windows\System32\services.exe
    [MD5.6F68F63794097E54F36474ED4384B759] - [01/02/2012 17:59:11] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [27 Ko] - (6.1.7601.17568) : C:\windows\System32\svchost.exe
    [MD5.34BA256FBF83457F9D5E51A56DB54542] - [13/12/2016 18:45:45] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [985.5 Ko] - (6.1.7601.23594) : C:\windows\System32\user32.dll
    [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [20/11/2010 22:24:28] - (.© Microsoft Corporation. - Userinit Logon Application.) - [30 Ko] - (6.1.7601.17514) : C:\windows\System32\userinit.exe
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [13/07/2009 18:52:37] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [126 Ko] - (6.1.7600.16385) : C:\windows\System32\Wininit.exe
    [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [15/10/2014 19:40:23] - (.© Microsoft Corporation. - Windows Logon Application.) - [444.5 Ko] - (6.1.7601.18540) : C:\windows\System32\Winlogon.exe
    [MD5.0DC2A9882540DEA4A55B08785E09D8FC] - [09/05/2017 20:22:16] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [484.5 Ko] - (6.1.7601.23761) : C:\windows\System32\Drivers\afd.sys
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [13/07/2009 18:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\atapi.sys
    [MD5.059F00DEF82BF41E433B7ED465847726] - [10/09/2013 18:11:48] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\windows\System32\Drivers\ataport.sys
    [MD5.B8BD2BB284668C84865658C77574381A] - [13/07/2009 18:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\cdfs.sys
    [MD5.F036CE71586E93D94DAB220D7BDF4416] - [20/11/2010 22:23:47] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\cdrom.sys
    [MD5.9B38580063D281A99E68EF5813022A5F] - [12/10/2016 20:32:57] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [104 Ko] - (6.1.7601.23542) : C:\windows\System32\Drivers\dfsc.sys
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [20/11/2010 22:23:47] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\hdaudbus.sys
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [13/07/2009 18:19:58] - (.© Microsoft Corporation. - i8042 Port Driver.) - [103 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\i8042prt.sys
    [MD5.F7CE9BE72EDAC499B713ECA6DAE5D26F] - [01/02/2012 17:32:28] - (.Copyright(C) Intel Corporation 1994-2010 - Intel Rapid Storage Technology driver - x64.) - [427.02 Ko] - (10.0.0.1046) : C:\windows\System32\Drivers\iastor.sys
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [13/07/2009 19:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\ipnat.sys
    [MD5.F77E8ABD746B93B9B4F9C13250302C47] - [14/09/2017 17:38:50] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23889) : C:\windows\System32\Drivers\mrxsmb.sys
    [MD5.F7309F42555F8AAB7144A51A1F2585B0] - [10/11/2015 19:12:20] - (.© Microsoft Corporation. - NDIS 6.20 driver.) - [928.44 Ko] - (6.1.7601.19030) : C:\windows\System32\Drivers\ndis.sys
    [MD5.734837208CAFD6E0959A7A0333C95C9D] - [14/09/2017 17:38:58] - (.© Microsoft Corporation. - MBT Transport driver.) - [256.5 Ko] - (6.1.7601.23889) : C:\windows\System32\Drivers\netbt.sys
    [MD5.7FD5A7FB8F55254E9AF5666C653AF3CA] - [11/07/2017 21:50:06] - (.© Microsoft Corporation. - NT File System Driver.) - [1641.23 Ko] - (6.1.7601.23839) : C:\windows\System32\Drivers\ntfs.sys
    [MD5.0086431C29C35BE1DBC43F52CC273887] - [13/07/2009 19:00:41] - (.© Microsoft Corporation. - Parallel Port Driver.) - [95 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\parport.sys
    [MD5.471815800AE33E6F1C32FB1B97C490CA] - [20/11/2010 22:24:33] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\rasl2tp.sys
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [13/07/2009 19:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\smb.sys
    [MD5.7FB36A0A036ADDACE0A868E4A43C1C27] - [11/07/2017 21:50:02] - (.© Microsoft Corporation. - TCP/IP Driver.) - [1851.23 Ko] - (6.1.7601.23821) : C:\windows\System32\Drivers\tcpip.sys
    [MD5.4DD986720F7CB7A8A5D1226793097B9A] - [13/08/2017 09:44:10] - (.© Microsoft Corporation. - TDI Translation Driver.) - [114.5 Ko] - (6.1.7601.23880) : C:\windows\System32\Drivers\tdx.sys
    [MD5.DF8126BD41180351A093A3AD2FC8903B] - [01/02/2012 17:59:05] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [289.38 Ko] - (6.1.7601.17567) : C:\windows\System32\Drivers\volsnap.sys

    ---------- | Locked Applications


    ---------- | Explorer.exe component call (Microsoft Files Whitelisted)

    (.Malwarebytes.-.Malwarebytes.) - (3.0.0.16) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
    (..-..) - (0.0.0.0) -- C:\PROGRA~2\PrivaZer\PRIVAM~1.DLL

    ---------- | Svchost.exe component call (Microsoft Files Whitelisted)


    ---------- | ZeroAccess Check

    [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
    [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
    [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
    [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
    [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
    [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
    [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
    [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
    [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

    ---------- | Startings up

    McAfee Security Scan Plus - (C:\PROGRA~1\MCAFEE~1\311~1.599\SSSCHE~1.EXE [Common Startup]) - User: Public
    Everything - ("C:\Program Files\Everything\Everything.exe" -startup [HKLM\SOFTWARE\...\Run]) - User: Public

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Command Processor]
    "CompletionChar"=9
    "DefaultColor"=0
    "EnableExtensions"=1
    "PathCompletionChar"=9

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "UserSelectedDefault"=1
    "Device"=Canon MP495 series Printer WS,winspool,Ne08:

    [HKLM\Software\Microsoft\Command Processor]
    "CompletionChar"=64
    "DefaultColor"=0
    "EnableExtensions"=1
    "PathCompletionChar"=64

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    "Everything"="C:\Program Files\Everything\Everything.exe" -startup

    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "IconServiceLib"=IconCodecService.dll
    "DdeSendTimeout"=0
    "DesktopHeapLogging"=1
    "GDIProcessHandleQuota"=10000
    "ShutdownWarningDialogTimeout"=4294967295
    "USERNestedWindowLimit"=50
    "USERPostMessageLimit"=10000
    "USERProcessHandleQuota"=10000
    ""=mnmsrvc
    "DeviceNotSelectedTimeout"=15
    "Spooler"=yes
    "TransmissionRetryTimeout"=90
    "AppInit_DLLs"=
    "LoadAppInit_DLLs"=0

    [HKLM\Software\WOW6432Node\Microsoft\Command Processor]
    "CompletionChar"=64
    "DefaultColor"=0
    "EnableExtensions"=1
    "PathCompletionChar"=64

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
    "IconServiceLib"=IconCodecService.dll
    "DdeSendTimeout"=0
    "DesktopHeapLogging"=1
    "GDIProcessHandleQuota"=10000
    "ShutdownWarningDialogTimeout"=4294967295
    "USERNestedWindowLimit"=50
    "USERPostMessageLimit"=10000
    "USERProcessHandleQuota"=10000
    ""=mnmsrvc
    "DeviceNotSelectedTimeout"=15
    "Spooler"=yes
    "TransmissionRetryTimeout"=90
    "AppInit_DLLs"=
    "LoadAppInit_DLLs"=0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}


    ---------- | Win.ini :



    ---------- | System.ini :



    ---------- | Tasks List


    ---------- | Startings up registry � Folder

    [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner] : "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
    [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] : C:\windows\system32\hkcmd.exe [01/02/2012 20:17:28]
    [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] : C:\windows\system32\igfxtray.exe [01/02/2012 20:17:30]
    [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelWireless] : "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] : "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup] : C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [01/06/2010 01:33:10]
    [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] : C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    ---------- | Other keys


    [HKLM\System\CurrentControlSet\Control]
    "PreshutdownOrder"=wuauserv
    gpsvc
    trustedinstaller
    "WaitToKillServiceTimeout"=200
    "CurrentUser"=USERNAME
    "BootDriverFlags"=0
    "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll
    "SystemStartOptions"= NOEXECUTE=OPTIN NUMPROC=4 SAFEBOOT:NETWORK SOS BOOTLOG NOGUIBOOT BOOTLOGO
    "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
    "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)

    [HKLM\System\CurrentControlSet\Control\lsa]
    "auditbaseobjects"=0
    "auditbasedirectories"=0
    "crashonauditfail"=0
    "fullprivilegeauditing"=0x00
    "Bounds"=0x0030000000200000
    "LimitBlankPasswordUse"=1
    "NoLmHash"=1
    "Notification Packages"=scecli
    "Security Packages"=kerberos
    msv1_0
    schannel
    wdigest
    tspkg
    pku2u
    livessp
    "Authentication Packages"=msv1_0
    "LsaPid"=536
    "SecureBoot"=1
    "ProductType"=3
    "disabledomaincreds"=0
    "everyoneincludesanonymous"=0
    "forceguest"=0
    "restrictanonymous"=2
    "restrictanonymoussam"=1

    [HKLM\System\CurrentControlSet\Control\SecurityProviders]
    "SecurityProviders"=credssp.dll

    [HKLM\System\CurrentControlSet\Control\Session Manager]
    "CriticalSectionTimeout"=2592000
    "GlobalFlag"=0
    "HeapDeCommitFreeBlockThreshold"=0
    "HeapDeCommitTotalFreeThreshold"=0
    "HeapSegmentCommit"=0
    "HeapSegmentReserve"=0
    "ProcessorControl"=2
    "ResourceTimeoutCount"=648000
    "BootExecute"=autocheck autochk *
    "ExcludeFromKnownDlls"=
    "ObjectDirectories"=\Windows
    \RPC Control
    "ProtectionMode"=1
    "NumberOfInitialSessions"=2
    "SetupExecute"=

    [HKLM\System\CurrentControlSet\Control\Terminal Server]
    "RCDependentServices"=CertPropSvc
    SessionEnv
    "NotificationTimeOut"=0
    "SnapshotMonitors"=1
    "ProductVersion"=5.1
    "AllowRemoteRPC"=0
    "DelayConMgrTimeout"=0
    "fDenyTSConnections"=1
    "StartRCM"=0
    "TSAdvertise"=0
    "DeleteTempDirsOnExit"=1
    "fSingleSessionPerUser"=1
    "PerSessionTempDir"=0
    "TSUserEnabled"=0
    "InstanceID"=7b49b9a8-6958-4b7a-9aaa-b2161e3
    "fCredentialLessLogonSupported"=1
    "fCredentialLessLogonSupportedTSS"=1
    "fCredentialLessLogonSupportedKMRDP"=1


    ---------- | .LNK with Arguments


    ---------- | AppCertDlls


    ---------- | Dnsapi.dll

    C:\windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
    C:\windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

    ---------- | Policies | Registry

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Control Panel\Desktop]
    "ScreenSaveActive"=1
    "ActiveWndTrackTimeout"=0
    "BlockSendInputResets"=0
    "CaretWidth"=1
    "ClickLockTime"=1200
    "CoolSwitchColumns"=7
    "CoolSwitchRows"=3
    "CursorBlinkRate"=530
    "DockMoving"=1
    "DragFromMaximize"=1
    "DragFullWindows"=1
    "DragHeight"=4
    "DragWidth"=4
    "FocusBorderHeight"=1
    "FocusBorderWidth"=1
    "FontSmoothing"=2
    "FontSmoothingGamma"=0
    "FontSmoothingOrientation"=1
    "FontSmoothingType"=2
    "ForegroundFlashCount"=7
    "ForegroundLockTimeout"=200000
    "LeftOverlapChars"=3
    "MenuShowDelay"=400
    "PaintDesktopVersion"=0
    "Pattern"=0
    "RightOverlapChars"=3
    "SnapSizing"=1
    "TileWallpaper"=0
    "WallpaperOriginX"=0
    "WallpaperOriginY"=0
    "WallpaperStyle"=0
    "WheelScrollChars"=3
    "WheelScrollLines"=3
    "WindowArrangementActive"=1
    "UserPreferencesMask"=0x9E3E078012000000
    "Wallpaper"=C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp [07/12/2015 22:15:41]
    "SCRNSAVE.EXE"=C:\windows\system32\scrnsave.scr [13/07/2009 18:56:35]
    "ScreenSaveTimeOut"=1800
    "ScreenSaverIsSecure"=1
    "WaitToKillAppTimeout"=200

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=145

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
    "ExplorerStartupTraceRecorded"=1
    "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000
    "CleanShutdown"=0
    "Browse For Folder Width"=318
    "Browse For Folder Height"=288
    "link"=0x16000000
    "NoFileFolderConnection"=1

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "Start_SearchFiles"=2
    "ServerAdminUI"=0
    "Start_PowerButtonAction"=16
    "Hidden"=2
    "ShowCompColor"=1
    "HideFileExt"=1
    "DontPrettyPath"=0
    "ShowInfoTip"=1
    "HideIcons"=0
    "MapNetDrvBtn"=0
    "WebView"=1
    "Filter"=0
    "SuperHidden"=0
    "SeparateProcess"=0
    "AutoCheckSelect"=0
    "IconsOnly"=0
    "ShowTypeOverlay"=1
    "ListviewAlphaSelect"=1
    "ListviewShadow"=1
    "TaskbarAnimations"=1
    "StartMenuInit"=4
    "TaskbarSizeMove"=0
    "DisablePreviewDesktop"=0
    "TaskbarSmallIcons"=0
    "TaskbarGlomLevel"=0
    ""=0

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
    "MRUListEx"=0x020000000100000000000000FFFFFFFF
    "0"=0x43006800650063006B005F00420072006F00770073006500720073005F004C004E004B000000
    "1"=0x70006F00770065007200200070006F0069006E0074000000
    "2"=0x66006C00610073006800200070006C0061007900650072000000

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=0
    "ConsentPromptBehaviorUser"=3
    "EnableInstallerDetection"=1
    "EnableLUA"=0
    "EnableSecureUIAPaths"=1
    "EnableUIADesktopToggle"=0
    "EnableVirtualization"=1
    "PromptOnSecureDesktop"=0
    "ValidateAdminCodeSignatures"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "scforceoption"=0
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "FilterAdministratorToken"=0

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoActiveDesktop"=1
    "NoActiveDesktopChanges"=1
    "ForceActiveDesktopOn"=0

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
    "NoAddingComponents"=1
    "NoComponents"=1

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
    "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
    "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
    "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
    "{871C5380-42A0-1069-A2EA-08002B30309D}"=1
    "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
    "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
    "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
    "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
    "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
    "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
    "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
    "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    "Text"=@shell32.dll,-30500
    "Type"=radio
    "CheckedValue"=1
    "ValueName"=Hidden
    "DefaultValue"=2
    "HKeyRoot"=2147483649
    "HelpID"=shell.hlp#51105

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
    "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
    "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
    "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
    "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
    "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
    "IconUnderline"=2
    "GlobalAssocChangedCounter"=188
    "MultipleInvokePromptMinimum"=10000

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "TaskbarSizeMove"=0

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
    "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=0
    "ConsentPromptBehaviorUser"=3
    "EnableInstallerDetection"=1
    "EnableLUA"=0
    "EnableSecureUIAPaths"=1
    "EnableUIADesktopToggle"=0
    "EnableVirtualization"=1
    "PromptOnSecureDesktop"=0
    "ValidateAdminCodeSignatures"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "scforceoption"=0
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "FilterAdministratorToken"=0

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoActiveDesktop"=1
    "NoActiveDesktopChanges"=1
    "ForceActiveDesktopOn"=0

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
    "NoAddingComponents"=1
    "NoComponents"=1

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
    "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
    "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
    "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
    "{871C5380-42A0-1069-A2EA-08002B30309D}"=1
    "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
    "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
    "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
    "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
    "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
    "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
    "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
    "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    "Text"=@shell32.dll,-30500
    "Type"=radio
    "CheckedValue"=1
    "ValueName"=Hidden
    "DefaultValue"=2
    "HKeyRoot"=2147483649
    "HelpID"=shell.hlp#51105

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
    "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
    "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
    "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
    "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
    "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
    "IconUnderline"=2
    "GlobalAssocChangedCounter"=529

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "TaskbarSizeMove"=0

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
    "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s


    ---------- | Winlogon

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin
    "BuildNumber"=7601
    "FirstLogon"=0
    "ParseAutoexec"=1

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "ReportBootOk"=1
    "Shell"=explorer.exe
    "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
    "Userinit"=C:\Windows\system32\userinit.exe,
    "VMApplet"=SystemPropertiesPerformance.exe /pagefile
    "AutoRestartShell"=1
    "Background"=0 0 0
    "CachedLogonsCount"=10
    "DebugServerCommand"=no
    "ForceUnlockLogon"=0
    "LegalNoticeCaption"=
    "LegalNoticeText"=
    "PasswordExpiryWarning"=5
    "PowerdownAfterShutdown"=0
    "ShutdownWithoutLogon"=0
    "WinStationsDisabled"=0
    "DisableCAD"=1
    "scremoveoption"=0
    "ShutdownFlags"=39
    "AutoAdminLogon"=0
    "DefaultUserName"=Tonya

    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "ReportBootOk"=1
    "Shell"=explorer.exe
    "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
    "DefaultDomainName"=
    "DefaultUserName"=
    "Userinit"=userinit.exe,
    "VMApplet"=SystemPropertiesPerformance.exe /pagefile


    ---------- | Associations

    [HKLM\Software\Classes\.exe]
    ""=exefile
    "Content Type"=application/x-msdownload

    [HKLM\Software\Classes\exefile\Shell\Open\Command]
    ""="%1" %*
    "IsolatedCommand"="%1" %*

    [HKLM\Software\Classes\.com]
    ""=comfile

    [HKLM\Software\Classes\comfile\Shell\Open\Command]
    ""="%1" %*

    [HKLM\Software\Classes\.reg]
    ""=regfile

    [HKLM\Software\Classes\regfile\Shell\Open\Command]
    ""=regedit.exe "%1"

    [HKLM\Software\Classes\.scr]
    ""=scrfile

    [HKLM\Software\Classes\scrfile\Shell\Open\Command]
    ""="%1" /S

    [HKLM\Software\Classes\.bat]
    ""=batfile

    [HKLM\Software\Classes\batfile\Shell\Open\Command]
    ""="%1" %*

    [HKLM\Software\Classes\.cmd]
    ""=cmdfile

    [HKLM\Software\Classes\cmdfile\Shell\Open\Command]
    ""="%1" %*

    [HKLM\Software\Classes\.pif]
    ""=piffile

    [HKLM\Software\Classes\piffile\Shell\Open\Command]
    ""="%1" %*

    [HKLM\Software\Classes\.inf]
    ""=inffile

    [HKLM\Software\Classes\inffile\Shell\Open\Command]
    ""=%SystemRoot%\system32\NOTEPAD.EXE %1

    [HKLM\Software\Classes\.url]
    ""=InternetShortcut

    [HKLM\Software\Classes\.lnk]
    ""=lnkfile

    [HKLM\Software\Classes\.hta]
    "PerceivedType"=text
    ""=htafile
    "Content Type"=application/hta

    [HKLM\Software\Classes\htafile\Shell\Open\Command]
    ""=C:\Windows\SysWOW64\mshta.exe "%1" %*

    [HKLM\Software\Classes\InternetShortcut]
    "NeverShowExt"=
    "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
    "EditFlags"=2
    "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
    "IsShortcut"=
    "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046
    "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment

    [HKLM\Software\Classes\Application.Manifest]
    ""=Application Manifest
    "EditFlags"=65536
    "BrowserFlags"=4096
    "FriendlyTypeName"=@dfshim.dll,-200

    [HKLM\Software\Classes\Application.Reference]
    "NeverShowExt"=
    ""=Application Reference
    "IsShortcut"=
    "EditFlags"=131072
    "FriendlyTypeName"=@dfshim.dll,-201

    [HKLM\Software\Classes\Folder]
    "ContentViewModeLayoutPatternForBrowse"=delta
    "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
    "ContentViewModeLayoutPatternForSearch"=alpha
    "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
    ""=Folder
    "EditFlags"=0xD2030000
    "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size
    "NoRecentDocs"=
    "ThumbnailCutoff"=0
    "TileInfo"=prop:System.Title;System.ItemTypeText

    [HKLM\Software\WOW6432Node\Classes\.exe]
    ""=exefile
    "Content Type"=application/x-msdownload

    [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
    ""="%1" %*
    "IsolatedCommand"="%1" %*

    [HKLM\Software\WOW6432Node\Classes\.com]
    ""=comfile

    [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
    ""="%1" %*

    [HKLM\Software\WOW6432Node\Classes\.reg]
    ""=regfile

    [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
    ""=regedit.exe "%1"

    [HKLM\Software\WOW6432Node\Classes\.scr]
    ""=scrfile

    [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
    ""="%1" /S

    [HKLM\Software\WOW6432Node\Classes\.bat]
    ""=batfile

    [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
    ""="%1" %*

    [HKLM\Software\WOW6432Node\Classes\.cmd]
    ""=cmdfile

    [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
    ""="%1" %*

    [HKLM\Software\WOW6432Node\Classes\.pif]
    ""=piffile

    [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
    ""="%1" %*

    [HKLM\Software\WOW6432Node\Classes\.inf]
    ""=inffile

    [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
    ""=%SystemRoot%\system32\NOTEPAD.EXE %1

    [HKLM\Software\WOW6432Node\Classes\.url]
    ""=InternetShortcut

    [HKLM\Software\WOW6432Node\Classes\.lnk]
    ""=lnkfile

    [HKLM\Software\WOW6432Node\Classes\.hta]
    "PerceivedType"=text
    ""=htafile
    "Content Type"=application/hta

    [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
    ""=C:\Windows\SysWOW64\mshta.exe "%1" %*

    [HKLM\Software\WOW6432Node\Classes\InternetShortcut]
    "NeverShowExt"=
    "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
    "EditFlags"=2
    "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
    "IsShortcut"=
    "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046
    "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment

    [HKLM\Software\WOW6432Node\Classes\Application.Manifest]
    ""=Application Manifest
    "EditFlags"=65536
    "BrowserFlags"=4096
    "FriendlyTypeName"=@dfshim.dll,-200

    [HKLM\Software\WOW6432Node\Classes\Application.Reference]
    "NeverShowExt"=
    ""=Application Reference
    "IsShortcut"=
    "EditFlags"=131072
    "FriendlyTypeName"=@dfshim.dll,-201

    [HKLM\Software\WOW6432Node\Classes\Folder]
    "ContentViewModeLayoutPatternForBrowse"=delta
    "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
    "ContentViewModeLayoutPatternForSearch"=alpha
    "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
    ""=Folder
    "EditFlags"=0xD2030000
    "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size
    "NoRecentDocs"=
    "ThumbnailCutoff"=0
    "TileInfo"=prop:System.Title;System.ItemTypeText

    [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
    ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
    [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
    "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

    [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
    ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
    "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

    [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
    ""=C:\Program Files\Internet Explorer\iexplore.exe [14/09/2017 17:38:58]
    [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
    "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

    [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
    ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
    [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
    "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

    [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
    ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
    "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

    [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
    ""=C:\Program Files\Internet Explorer\iexplore.exe [14/09/2017 17:38:58]
    [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
    "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


    ---------- | AppcompatFlags

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
    "SIGN.MEDIA=277C674 EPSETUP.EXE"=1
    "C:\Users\Tonya\Downloads\Samsung_MES100803-02_Normal.exe"=1
    "C:\Users\Tonya\Downloads\mbam-setup-1.70.0.1100.exe"=1
    "C:\Users\Tonya\Downloads\ChromeSetup.exe"=1
    "C:\Users\Tonya\Downloads\vlc-2.2.0-win32.exe"=1
    "C:\Users\Tonya\Downloads\QuickTimeInstaller.exe"=1
    "C:\Users\Tonya\Downloads\GoProStudioPC-2.5.5.443.exe"=1
    "SIGN.MEDIA=1652C6 install.EXE"=1
    "C:\Users\Tonya\Desktop\PatchMyPC.exe"=1
    "C:\Users\Tonya\Desktop\ccsetup527.exe"=1
    "C:\Users\Tonya\Desktop\Everything-1.3.4.686.x64.Multilingual-Setup.exe"=1
    "C:\Users\Tonya\Desktop\privazer_free.exe"=1
    "C:\Users\Tonya\Desktop\Setup_SmartDefrag.exe"=1
    "C:\Users\Tonya\Downloads\jxpiinstall(2).exe"=1
    "C:\Users\Tonya\AppData\Local\Temp\jre-8u141-windows-au.exe"=1


    ---------- | IFEO


    ---------- | Mountpoints2

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{4c9d58d1-59f7-11e1-8884-806e6f6e6963}] : E:\Start.exe (AutoRun)

    ---------- | Windows

    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
    "MouseSpeed"=#USR:Control Panel\Mouse
    "MouseThreshold1"=#USR:Control Panel\Mouse
    "MouseThreshold2"=#USR:Control Panel\Mouse
    "SwapMouseButtons"=#USR:Control Panel\Mouse
    "Beep"=#USR:Control Panel\Sound
    "DoubleClickSpeed"=#USR:Control Panel\Mouse
    "CoolSwitch"=USR:Control Panel\Desktop
    "DoubleClickHeight"=#USR:Control Panel\Mouse
    "DoubleClickWidth"=#USR:Control Panel\Mouse
    "DragFullWindows"=USR:Control Panel\Desktop
    "InitialKeyboardIndicators"=USR:Control Panel\Keyboard
    "LowPowerActive"=#USR:Control Panel\Desktop
    "LowPowerTimeOut"=#USR:Control Panel\Desktop
    "PowerOffActive"=#USR:Control Panel\Desktop
    "PowerOffTimeOut"=#USR:Control Panel\Desktop
    "ScreenSaveActive"=#USR:Control Panel\Desktop
    "ScreenSaveTimeOut"=#USR:Control Panel\Desktop
    "SnapToDefaultButton"=#USR:Control Panel\Mouse
    ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
    "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
    "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
    "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
    "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
    "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
    "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
    ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
    "ScreenSaverActive"=USR:Control Panel\Desktop
    "ScreenSaverIsSecure"=USR:Control Panel\Desktop
    "SCRNSAVE.EXE"=USR:Control Panel\Desktop
    "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
    "MouseSpeed"=#USR:Control Panel\Mouse
    "MouseThreshold1"=#USR:Control Panel\Mouse
    "MouseThreshold2"=#USR:Control Panel\Mouse
    "SwapMouseButtons"=#USR:Control Panel\Mouse
    "Beep"=#USR:Control Panel\Sound
    "DoubleClickSpeed"=#USR:Control Panel\Mouse
    "CoolSwitch"=USR:Control Panel\Desktop
    "DoubleClickHeight"=#USR:Control Panel\Mouse
    "DoubleClickWidth"=#USR:Control Panel\Mouse
    "DragFullWindows"=USR:Control Panel\Desktop
    "InitialKeyboardIndicators"=USR:Control Panel\Keyboard
    "LowPowerActive"=#USR:Control Panel\Desktop
    "LowPowerTimeOut"=#USR:Control Panel\Desktop
    "PowerOffActive"=#USR:Control Panel\Desktop
    "PowerOffTimeOut"=#USR:Control Panel\Desktop
    "ScreenSaveActive"=#USR:Control Panel\Desktop
    "ScreenSaveTimeOut"=#USR:Control Panel\Desktop
    "SnapToDefaultButton"=#USR:Control Panel\Mouse
    "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
    "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
    "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
    "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
    "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
    ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
    "ScreenSaverActive"=USR:Control Panel\Desktop
    "ScreenSaverIsSecure"=USR:Control Panel\Desktop
    "SCRNSAVE.EXE"=USR:Control Panel\Desktop
    "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

    [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
    "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    ---------- | Security center

    [HKLM\SOFTWARE\Microsoft\Security Center]
    "cval"=1

    [HKLM\SOFTWARE\Microsoft\Security Center\svc]
    "VistaSp1"=128920218544262440
    "AntiVirusOverride"=0
    "AntiSpywareOverride"=0
    "FirewallOverride"=0

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=1
    "DisableRoutinelyTakingAction"=0
    "ProductStatus"=0
    "InstallTime"=0x18D98D99BFE1CC01

    [HKLM\Software\WOW6432Node\Microsoft\Windows Defender]
    "DisableAntiSpyware"=0
    "DisableRoutinelyTakingAction"=1

    [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=1

    [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=1

    [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=1


    ---------- | Safeboot

    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

    ---------- | Winsock (Whitelist)


    ---------- | Hosts

    127.0.0.1 localhost
    ::1 localhost
    0.0.0.1 mssplus.mcafee.com

    ---------- | Ping

    Pinging google.com [2607:f8b0:4009:813::200e] with 32 bytes of data:
    Reply from 2607:f8b0:4009:813::200e: time=22ms
    Reply from 2607:f8b0:4009:813::200e: time=23ms
    Reply from 2607:f8b0:4009:813::200e: time=23ms
    Reply from 2607:f8b0:4009:813::200e: time=22ms

    Ping statistics for 2607:f8b0:4009:813::200e:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 23ms, Average = 22ms

    ---------- | @

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main]
    "Disable Script Debugger"=yes
    "Anchor Underline"=yes
    "Cache_Update_Frequency"=Once_Per_Session
    "Display Inline Images"=yes
    "Do404Search"=0x01000000
    "Local Page"=C:\windows\system32\blank.htm
    "Save_Session_History_On_Exit"=no
    "Show_FullURL"=no
    "Show_StatusBar"=yes
    "Show_ToolBar"=yes
    "Show_URLinStatusBar"=yes
    "Show_URLToolBar"=yes
    "Use_DlgBox_Colors"=yes
    "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
    "XMLHTTP"=1
    "NoUpdateCheck"=1
    "DisableScriptDebuggerIE"=yes
    "UseClearType"=no
    "Enable Browser Extensions"=yes
    "Play_Background_Sounds"=yes
    "Play_Animations"=yes
    "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
    "Default_Page_URL"=
    "DisableFirstRunCustomize"=3
    "CompatibilityFlags"=0
    "FullScreen"=no
    "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000200300002C020000
    "IE9RunOnceLastShown"=1
    "IE9RunOnceLastShown_TIMESTAMP"=0xFC0D11FDCF64CE01
    "IconCache"=1h02yqh
    "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3B01000055000000BB03000035020000
    "Use FormSuggest"=no
    "Check_Associations"=no
    "IE9RunOncePerInstallCompleted"=1
    "IE9RunOnceCompletionTime"=0x80D928FB9968CE01
    "OperationalData"=5
    "IE10RunOnceLastShown"=1
    "IE10RunOnceLastShown_TIMESTAMP"=0x2223BD88FDCCCE01
    "IE10RunOncePerInstallCompleted"=1
    "IE10RunOnceCompletionTime"=0x8683EB7862F5CE01
    "ImageStoreRandomFolder"=w9wjkr6
    "DoNotTrack"=1
    "DefSpellLang"=en-US
    "Start Page_TIMESTAMP"=0x076AD880FBACD201
    "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
    "SearchBandRestoreBarCount"=0
    "SearchBandMigrationVersion"=1

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
    "IE5_UA_Backup_Flag"=5.0
    "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    "EmailName"=User@
    "PrivDiscUiShown"=1
    "EnableHttp1_1"=1
    "WarnOnIntranet"=1
    "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
    "AutoConfigProxy"=wininet.dll
    "UseSchannelDirectly"=0x01000000
    "WarnOnPost"=0x01000000
    "UrlEncoding"=0
    "SecureProtocols"=2720
    "PrivacyAdvanced"=0
    "ZonesSecurityUpgrade"=0x8920552BEEF2CE01
    "DisableCachingOfSSLPages"=0
    "WarnonZoneCrossing"=0
    "CertificateRevocation"=1
    "EnableNegotiate"=1
    "MigrateProxy"=1
    "ProxyEnable"=0
    "SyncMode5"=0
    "EnableAutodial"=0
    "NoNetAutodial"=0

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    "AutoHide"=yes
    "Security Risk Page"=about:SecurityRisk
    "Extensions Off Page"=about:NoAdd-ons
    "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
    "Anchor_Visitation_Horizon"=0x01000000
    "Cache_Percent_of_Disk"=0x0A000000
    "Placeholder_Width"=0x1A000000
    "Placeholder_Height"=0x1A000000
    "Default_Secondary_Page_URL"=
    "Use_Async_DNS"=yes
    "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
    "Local Page"=C:\Windows\System32\blank.htm
    "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Delete_Temp_Files_On_Exit"=yes
    "Enable_Disk_Cache"=yes
    "TabProcGrowth"=Medium
    "Print_Background"=0
    "AlwaysShowMenus"=0
    "StatusBarWeb"=1
    "ApplicationTileImmersiveActivation"=1
    "AssociationActivationMode"=0
    "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    [HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
    "blank"=res://mshtml.dll/blank.htm
    "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
    "InPrivate"=res://ieframe.dll/inprivate_win7.htm
    "NavigationFailure"=res://ieframe.dll/navcancl.htm
    "NoAdd-ons"=res://ieframe.dll/noaddon.htm
    "Home"=270
    "PostNotCached"=res://ieframe.dll/repost.htm
    "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
    "NavigationCanceled"=res://ieframe.dll/navcancl.htm
    "SecurityRisk"=res://ieframe.dll/securityatrisk.htm
    "Compat"=res://mshtml.dll/compat.htm

    [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
    ""=http://

    [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
    "mosaic"=http://
    "www"=http://
    "home"=http://
    "ftp"=ftp://
    "gopher"=gopher://

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
    "EnablePunycode"=1
    "CodeBaseSearchPath"=CODEBASE
    "WarnOnIntranet"=1
    "MinorVersion"=0
    "ActiveXCache"=C:\Windows\Downloaded Program Files

    [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
    "AutoHide"=yes
    "Security Risk Page"=about:SecurityRisk
    "Extensions Off Page"=about:NoAdd-ons
    "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
    "Anchor_Visitation_Horizon"=0x01000000
    "Cache_Percent_of_Disk"=0x0A000000
    "Placeholder_Width"=0x1A000000
    "Placeholder_Height"=0x1A000000
    "Default_Secondary_Page_URL"=
    "Use_Async_DNS"=yes
    "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
    "Local Page"=C:\Windows\SysWOW64\blank.htm
    "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Delete_Temp_Files_On_Exit"=yes
    "Enable_Disk_Cache"=yes
    "TabProcGrowth"=Medium
    "Print_Background"=0
    "AlwaysShowMenus"=0
    "StatusBarWeb"=1
    "ApplicationTileImmersiveActivation"=1
    "AssociationActivationMode"=0
    "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "Check_Associations"=yes

    [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
    "blank"=res://mshtml.dll/blank.htm
    "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
    "InPrivate"=res://ieframe.dll/inprivate_win7.htm
    "NavigationFailure"=res://ieframe.dll/navcancl.htm
    "NoAdd-ons"=res://ieframe.dll/noaddon.htm
    "Home"=270
    "PostNotCached"=res://ieframe.dll/repost.htm
    "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
    "NavigationCanceled"=res://ieframe.dll/navcancl.htm
    "SecurityRisk"=res://ieframe.dll/securityatrisk.htm
    "Compat"=res://mshtml.dll/compat.htm

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
    ""=http://

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
    "mosaic"=http://
    "www"=http://
    "home"=http://
    "ftp"=ftp://

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
    "EnablePunycode"=1
    "CodeBaseSearchPath"=CODEBASE
    "WarnOnIntranet"=1
    "MinorVersion"=0
    "ActiveXCache"=C:\Windows\Downloaded Program Files


    ---------- | Proxy


    ---------- | reparsepoint


    ---------- | Detection of offsets


    ---------- | Notify

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll

    ---------- | Execution FileExts









    ---------- | SIOI | SEH | URLSH

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll
    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll
    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=


    ---------- | Toolbar

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "Locked"=0
    "ShowDiscussionButton"=Yes

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "ITBar7Layout"=0x13000000000000000000000020000000100000000000000001000000800600005E01000006000000C9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000071CB8D86DF844388428FA844297B3F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    "ITBar7Height"=0

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    "Version"=4
    "UpgradeTime"=0xB8C3C3E587F7CF01
    "KnownProvidersUpgradeTime"=0x3992287C62F5CE01
    "DefaultPackCorrection"=1
    "DefaultPackNTCorrection"=1

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "Locked"=0

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
    "Locked"=0

    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}


    ---------- | Extensions

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - []
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - []
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}] : (@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003) - []
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - []
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{328ECD19-C167-40eb-A0C7-16FE7634105E}] : () - []
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - []

    ---------- | SearchScopes

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}] - (Google) - http://www.google.com/search?q={searchTerms} :
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 :
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86E38F40-F4D6-4C13-89D0-827B2577DB70}] - (Yahoo Search) - https://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle :
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - :

    ---------- | Browser Helper Objects

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Windows Live ID Sign-in Helper) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [28/03/2011 06:35:06]
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 08:37:48]
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] -> (Canon Easy-WebPrint EX BHO) : C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [25/10/2013 22:11:38]
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [24/07/2017 22:38:39]
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Windows Live ID Sign-in Helper) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [28/03/2011 06:35:06]
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA609D72-8482-4076-8991-8CDAE5B93BCB}] -> (Samsung BHO Class) : C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [01/02/2012 17:57:20]
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 08:37:48]
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [24/07/2017 22:38:39]

    ---------- | Chrome

    C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\extensions\hikeppggmbhdgodhakicedaejpleoigm = : __MSG_newtab_chrome_extension_description__ - __MSG_newtab_chrome_extension_name__ - https://clients2.google.com/service/update2/crx
    C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
    C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

    [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\hikeppggmbhdgodhakicedaejpleoigm]

    ---------- | Opera


    ---------- | Firefox


    [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 27.0.0.130 Plugin) : C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll
    [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
    [HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
    [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 27.0.0.130 Plugin) : C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\@canon.com/EPPEX] - (Canon Easy-PhotoPrint EX) : C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.141.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.141.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\@nitropdf.com/NitroPDF] - (NitroPDF Web Browser Plugin) : C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


    C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\pcw27saw.default\Prefs.js

    user_pref("browser.startup.homepage_override.buildID", "20170824053622");
    user_pref("browser.startup.homepage_override.mstone", "55.0.3");
    user_pref("extensions.blocklist.pingCountTotal", 791);
    user_pref("extensions.blocklist.pingCountVersion", 3);
    user_pref("extensions.databaseSchema", 21);
    user_pref("extensions.e10s.rollout.blocklist", "");
    user_pref("extensions.e10s.rollout.hasAddon", false);
    user_pref("extensions.e10s.rollout.policy", "50allmpc");
    user_pref("extensions.e10sBlockedByAddons", false);
    user_pref("extensions.e10sMultiBlockedByAddons", false);
    user_pref("extensions.followonsearch.cohortSample", "0.280814");
    user_pref("extensions.getAddons.cache.lastUpdate", 1506902017);
    user_pref("extensions.getAddons.databaseSchema", 5);
    user_pref("extensions.hotfix.lastVersion", "20170302.01");
    user_pref("extensions.lastAppVersion", "55.0.3");
    user_pref("extensions.lastPlatformVersion", "55.0.3");
    user_pref("extensions.pendingOperations", false);
    user_pref("extensions.shield-recipe-client.api_url", "https://normandy.cdn.mozilla.net/api/v1");
    user_pref("extensions.shield-recipe-client.dev_mode", false);
    user_pref("extensions.shield-recipe-client.enabled", true);
    user_pref("extensions.shield-recipe-client.first_run", false);
    user_pref("extensions.shield-recipe-client.logging.level", 50);
    user_pref("extensions.shield-recipe-client.run_interval_seconds", 86400);
    user_pref("extensions.shield-recipe-client.startup_delay_seconds", 300);
    user_pref("extensions.shield-recipe-client.user_id", "36003d82-768c-43f2-b08b-814b58ee14a0");
    user_pref("extensions.shownSelectionUI", true);
    user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{429fe9f6-4535-4f5d-98c5-66b5f799dddc}\",\"addons\":{\"clicktoplay-rollout@mozilla.org\":{\"version\":\"1.4\"},\"e10srollout@mozilla.org\":{\"version\":\"2.05\"},\"followonsearch@mozilla.com\":{\"version\":\"0.9.4\"},\"onboarding@mozilla.org\":{\"version\":\"0.1\"},\"screenshots@mozilla.org\":{\"version\":\"10.12.0\"}}}");
    user_pref("extensions.ui.dictionary.hidden", true);
    user_pref("extensions.ui.lastCategory", "addons://discover/");
    user_pref("extensions.ui.locale.hidden", true);

    C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\pcw27saw.default

    [Profile0] - Name=default -> Profiles/pcw27saw.default

    ---------- | DNS

    [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
    "DhcpNameServer"=75.75.76.76 75.75.75.75
    [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}]
    "DhcpNameServer"=75.75.76.76 75.75.75.75
    [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}]
    "DhcpNameServer"=75.75.76.76 75.75.75.75
    [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}]
    "DhcpNameServer"=75.75.76.76 75.75.75.75

    ---------- | Applications

    [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
    [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
    [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
    [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
    [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
    [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
    [HKLM\SOFTWARE\Classes\Applications\QuickTimePlayer.exe] : C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe "%1"
    [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
    [HKLM\SOFTWARE\Classes\Applications\WLXPhotoGallery.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
    [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
    [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
    [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\QuickTimePlayer.exe] : C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe "%1"
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoGallery.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
    [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

    ---------- | SvcHost (Whitelist)

    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
    "regsvc"=RemoteRegistry
    "DcomLaunch"=Power
    PlugPlay
    DcomLaunch
    "secsvcs"=WinDefend
    "bthsvcs"=bthserv

    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
    "DcomLaunch"=Power
    PlugPlay
    DcomLaunch


    ---------- | SvcHost - Netsvcs (Whitelist)


    ---------- | Software

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Adobe]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\AppDataLow]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Apple Computer, Inc.]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Apple Inc.]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Avg]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\AVG Web TuneUp]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\BitTorrent]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\BugSplat]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Canon]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Chromium]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\CineForm]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Clients]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\CyberLink]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Digital River Mso]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Elantech]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\EPSON]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\g3n-h@ckm@n]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Geek Uninstaller]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Google]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\GoPro]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\IM Providers]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Intel]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\JavaSoft]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Lake]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Leadertech]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Local AppWizard-Generated Applications]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Macromedia]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Malwarebytes]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Malwarebytes' Anti-Malware]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\MCAFEE]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\MichaelOborne]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Mozilla]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Netscape]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Nitro PDF]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\ODBC]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Piriform]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Policies]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\PrivaZer]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\puush]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Realtek]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Renesas Electronics]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Samsung]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Skype]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\SSPrint]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\sysinternals]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Valve]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Wow6432Node]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\ZHP]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\AppDataLow\Software\Canon]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\AppDataLow\Software\JavaSoft]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\AppDataLow\Software\Microsoft]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\DWM]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\Shell]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\ShellNoRoam]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\TabletPC]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\Windows Error Reporting]
    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows NT\CurrentVersion]
    [HKLM\Software\Apple Computer, Inc.]
    [HKLM\Software\Apple Inc.]
    [HKLM\Software\ATI Technologies]
    [HKLM\Software\AVG]
    [HKLM\Software\Best Buy]
    [HKLM\Software\Canon]
    [HKLM\Software\CBSTEST]
    [HKLM\Software\Clients]
    [HKLM\Software\Cyberlink]
    [HKLM\Software\Dolby]
    [HKLM\Software\EPSON]
    [HKLM\Software\g3n-h@ckm@n]
    [HKLM\Software\GEAR Software]
    [HKLM\Software\IM Providers]
    [HKLM\Software\Intel]
    [HKLM\Software\Knowles]
    [HKLM\Software\Macromedia]
    [HKLM\Software\McAfee.com]
    [HKLM\Software\mcafeeupdater]
    [HKLM\Software\Microsoft]
    [HKLM\Software\Mozilla]
    [HKLM\Software\MozillaPlugins]
    [HKLM\Software\Nitro PDF]
    [HKLM\Software\ODBC]
    [HKLM\Software\PANDhcpDns]
    [HKLM\Software\Patch My PC]
    [HKLM\Software\Policies]
    [HKLM\Software\Realtek]
    [HKLM\Software\RegisteredApplications]
    [HKLM\Software\RTLSetup]
    [HKLM\Software\Samsung]
    [HKLM\Software\Sonic]
    [HKLM\Software\SRS Labs]
    [HKLM\Software\SSPrint]
    [HKLM\Software\SSScan]
    [HKLM\Software\Symantec]
    [HKLM\Software\sysinternals]
    [HKLM\Software\TrendMicro]
    [HKLM\Software\VideoLAN]
    [HKLM\Software\Waves Audio]
    [HKLM\Software\WiMax]
    [HKLM\Software\Wow6432Node]
    [HKLM\Software\ZmnGlobalSDK]
    [HKLM\Software\Microsoft\Windows\CurrentVersion]
    [HKLM\Software\Microsoft\Windows\HTML Help]
    [HKLM\Software\Microsoft\Windows\ITStorage]
    [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
    [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
    [HKLM\Software\Microsoft\Windows\Tablet PC]
    [HKLM\Software\Microsoft\Windows\TabletPC]
    [HKLM\Software\Microsoft\Windows\Windows Error Reporting]
    [HKLM\Software\Microsoft\Windows\Windows Search]
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
    [HKLM\Software\WOW6432Node\Adobe]
    [HKLM\Software\WOW6432Node\Apple Computer, Inc.]
    [HKLM\Software\WOW6432Node\Apple Inc.]
    [HKLM\Software\WOW6432Node\AVG Web TuneUp]
    [HKLM\Software\WOW6432Node\Canon]
    [HKLM\Software\WOW6432Node\CyberLink]
    [HKLM\Software\WOW6432Node\EPSON]
    [HKLM\Software\WOW6432Node\Google]
    [HKLM\Software\WOW6432Node\IM Providers]
    [HKLM\Software\WOW6432Node\Intel]
    [HKLM\Software\WOW6432Node\JavaSoft]
    [HKLM\Software\WOW6432Node\JreMetrics]
    [HKLM\Software\WOW6432Node\Lake]
    [HKLM\Software\WOW6432Node\Macromedia]
    [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
    [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware (Trial)]
    [HKLM\Software\WOW6432Node\McAfee.com]
    [HKLM\Software\WOW6432Node\mcafeeupdater]
    [HKLM\Software\WOW6432Node\Microsoft]
    [HKLM\Software\WOW6432Node\MimarSinan]
    [HKLM\Software\WOW6432Node\Mozilla]
    [HKLM\Software\WOW6432Node\mozilla.org]
    [HKLM\Software\WOW6432Node\MozillaPlugins]
    [HKLM\Software\WOW6432Node\Nitro PDF]
    [HKLM\Software\WOW6432Node\ODBC]
    [HKLM\Software\WOW6432Node\Realtek]
    [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
    [HKLM\Software\WOW6432Node\Samsung]
    [HKLM\Software\WOW6432Node\Samsung Electronics Co., Ltd.]
    [HKLM\Software\WOW6432Node\Samsung Printers]
    [HKLM\Software\WOW6432Node\Skype]
    [HKLM\Software\WOW6432Node\SSScan]
    [HKLM\Software\WOW6432Node\TrendMicro]
    [HKLM\Software\WOW6432Node\Valve]
    [HKLM\Software\WOW6432Node\VideoLAN]
    [HKLM\Software\WOW6432Node\Yahoo]
    [HKLM\Software\WOW6432Node\Clients]
    [HKLM\Software\WOW6432Node\Policies]
    [HKLM\Software\WOW6432Node\RegisteredApplications]
    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
    [HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
    [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
    [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
    [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
    [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
    [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
    [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

    ---------- | Drives


    D:


    ---------- | C:

    [25/02/2017 17:57:11] - |SHD| - [65200939] - C:\$RECYCLE.BIN
    [16/09/2017 07:58:57] - |SHD| - [0] - C:\Config.Msi
    [14/07/2009 00:08:56] - |SHD| - [0] - C:\Documents and Settings
    [MD5.FF790DCB45FC8CD3EFE42FB73F72C8B5] - [11/08/2015 21:13:18] - |A| - (.-.) - [84] - (0.0.0.0) - C:\DVDPATH.TXT
    [MD5.EDE06CD4D95178D6A2DEF6B60BD267F4] - [24/02/2017 10:28:43] - |A| - (.-.) - [42] - (0.0.0.0) - C:\folders.log
    [22/02/2017 10:34:47] - |D| - [417327914] - C:\FRST
    [MD5.E7832D67AD190A920970CB5ADFC6D5D1] - [02/11/2015 05:28:48] - |A| - (.-.) - [383] - (0.0.0.0) - C:\ftconfig.ini
    [01/02/2012 17:32:04] - |D| - [634076] - C:\Intel
    [31/07/2012 23:29:56] - |RHD| - [649878279] - C:\MSOCache
    [MD5.EF5C9109EFF3C3E8F3794DB4A02BE79E] - [23/06/2015 00:41:38] - |A| - (.-.) - [9216] - (0.0.0.0) - C:\My3DGraph.grf
    [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/02/2012 21:50:10] - |ASH| - (.-.) - [6351798272] - (0.0.0.0) - C:\pagefile.sys
    [13/07/2009 22:20:08] - |D| - [0] - C:\PerfLogs
    [13/07/2009 22:20:08] - |RD| - [1767108897] - C:\Program Files
    [13/07/2009 22:20:08] - |D| - [6931281643] - C:\Program Files (x86)
    [13/07/2009 22:20:08] - |HD| - [2860198009] - C:\ProgramData
    [07/10/2017 12:46:57] - |D| - [262052] - C:\QuickDiag
    [MD5.C46D7C4162AFEEB097412EAE52123CEB] - [07/10/2017 12:47:05] - |A| - (.-.) - [103611] - (0.0.0.0) - C:\QuickDiag.txt
    [01/06/2012 04:28:25] - |SHD| - [172384274] - C:\Recovery
    [MD5.260EDE6FDA5C1FCA0E47D99483BA2714] - [01/02/2012 17:33:30] - |A| - (.-.) - [2184] - (0.0.0.0) - C:\RHDSetup.log
    [MD5.ECB410F70405A7EDCE21207350940EC2] - [24/02/2017 10:18:28] - |A| - (.-.) - [3077] - (0.0.0.0) - C:\runcheck.txt
    [MD5.2A51B7CDB1CF3D525AFED6A90BBECF62] - [01/02/2012 17:33:30] - |A| - (.-.) - [163] - (0.0.0.0) - C:\setup.log
    [02/02/2012 10:27:44] - |SHD| - [0] - C:\System Volume Information
    [MD5.986D6F28E3411BCCC1F857AB9629DAE6] - [23/02/2017 08:09:33] - |A| - (.-.) - [810] - (0.0.0.0) - C:\TONYA-PC.rtf
    [13/07/2009 22:20:08] - |RD| - [18590676982] - C:\Users
    [13/07/2009 22:20:08] - |D| - [42563124916] - C:\Windows
    [MD5.F5C006622F21D4ED4F748448FEE14968] - [15/11/2016 22:37:24] - |A| - (.-.) - [14876] - (0.0.0.0) - C:\WirelessDiagLog.csv
    [24/02/2017 15:53:35] - |D| - [129] - C:\zoek
    [MD5.A4C1B82897B7D7352CD71072D1E03C14] - [24/02/2017 10:19:11] - |A| - (.-.) - [3207] - (0.0.0.0) - C:\zoek-results.log
    [MD5.C4A143BFB9B30D672D2C069DAF13E371] - [24/02/2017 15:44:25] - |A| - (.-.) - [2743] - (0.0.0.0) - C:\zoek-results2017-02-24-152905.log
    [24/02/2017 10:18:26] - |D| - [26109913] - C:\zoek_backup

    ---------- | C:\windows

    [14/07/2009 00:32:38] - |D| - [802] - C:\windows\addins
    [13/07/2009 22:20:08] - |D| - [43689776] - C:\windows\AppCompat
    [13/07/2009 22:20:08] - |D| - [10989676] - C:\windows\AppPatch
    [01/02/2012 18:24:03] - |D| - [106352] - C:\windows\ar
    [13/07/2009 22:20:08] - |RSD| - [1665810188] - C:\windows\assembly
    [MD5.317CD1CE327B6520BF4EE007BCD39E61] - [20/11/2010 22:24:22] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [71168] - (6.1.7601.17514) - C:\windows\bfsvc.exe
    [01/02/2012 18:24:07] - |D| - [107376] - C:\windows\bg
    [13/07/2009 22:20:09] - |D| - [29188318] - C:\windows\Boot
    [MD5.2B2D096F4B9E9B89C36DA022ADDAB2F9] - [14/07/2009 00:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\windows\bootstat.dat
    [13/07/2009 22:20:09] - |D| - [2418176] - C:\windows\Branding
    [01/02/2012 18:24:11] - |D| - [106864] - C:\windows\cs
    [MD5.235618680EE3BD8EA9B9785358151D21] - [01/02/2012 18:34:56] - |A| - (.-.) - [10] - (0.0.0.0) - C:\windows\Csup.txt
    [13/07/2009 22:20:09] - |D| - [2113488] - C:\windows\Cursors
    [01/02/2012 18:24:14] - |D| - [106864] - C:\windows\da
    [01/02/2012 18:24:17] - |D| - [107888] - C:\windows\de
    [13/07/2009 23:45:54] - |D| - [680487] - C:\windows\debug
    [14/07/2009 00:32:38] - |D| - [3003724] - C:\windows\diagnostics
    [14/07/2009 00:37:46] - |D| - [0] - C:\windows\DigitalLocker
    [29/01/2013 20:36:49] - |D| - [1924593] - C:\windows\Downloaded Installations
    [14/07/2009 00:32:38] - |D| - [65] - C:\windows\Downloaded Program Files
    [01/02/2012 20:25:37] - |D| - [117965961] - C:\windows\ehome
    [01/02/2012 18:24:21] - |D| - [107888] - C:\windows\el
    [01/02/2012 18:26:30] - |D| - [106864] - C:\windows\en
    [14/07/2009 00:37:46] - |D| - [110080] - C:\windows\en-US
    [MD5.EDBA75522C06F1772CCD2441857F26C7] - [05/06/2012 18:31:04] - |A| - (.-.) - [44] - (0.0.0.0) - C:\windows\EPNX100.ini
    [MD5.2A66E81AE941E54A237490FC35D387C8] - [31/05/2012 08:15:39] - |A| - (.-.) - [1945] - (0.0.0.0) - C:\windows\epplauncher.mif
    [01/02/2012 18:24:24] - |D| - [107376] - C:\windows\es
    [MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [12/10/2016 20:31:01] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [3229696] - (6.1.7601.23537) - C:\windows\explorer.exe
    [01/02/2012 18:24:28] - |D| - [106864] - C:\windows\fi
    [13/07/2009 22:20:09] - |RSD| - [397324495] - C:\windows\Fonts
    [01/02/2012 18:24:31] - |D| - [107376] - C:\windows\fr
    [MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [13/07/2009 18:22:13] - |A| - (.© Microsoft Corporation. - BitLocker Drive Encryption Servicing Utility.) - [15360] - (6.1.7600.16385) - C:\windows\fveupdate.exe
    [13/07/2009 22:20:09] - |D| - [32090797] - C:\windows\Globalization
    [01/02/2012 18:24:35] - |D| - [106352] - C:\windows\he
    [13/07/2009 22:20:09] - |D| - [29929539] - C:\windows\Help
    [MD5.A66E522F3CBFB8709EA37844922A002E] - [13/06/2017 18:00:33] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [733696] - (6.1.7601.23834) - C:\windows\HelpPane.exe
    [MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [13/07/2009 19:29:03] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [16896] - (6.1.7600.16385) - C:\windows\hh.exe
    [MD5.0D776C3A36F2B6E657939BB96096E070] - [21/11/2010 02:16:47] - |A| - (.-.) - [48223] - (0.0.0.0) - C:\windows\HomeBasic.xml
    [MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [01/02/2012 20:26:04] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\windows\HomePremium.xml
    [MD5.1FE78FF8E40A21AC4B9B3FA15AAA7A54] - [01/02/2012 18:07:54] - |A| - (.(c) Samsung Electronics. - HotfixChecker.) - [407040] - (1.0.0.2) - C:\windows\HotfixChecker.exe
    [MD5.981A237904ADDC01FAC22F7D8AC0A977] - [01/02/2012 17:53:35] - |A| - (.-.) - [2686] - (0.0.0.0) - C:\windows\HotFixList.ini
    [01/02/2012 18:24:39] - |D| - [107376] - C:\windows\hr
    [01/02/2012 18:24:43] - |D| - [106864] - C:\windows\hu
    [13/07/2009 22:20:09] - |D| - [143546732] - C:\windows\IME
    [13/07/2009 22:20:10] - |D| - [133279302] - C:\windows\inf
    [01/02/2012 17:35:00] - |SHD| - [12548795767] - C:\windows\Installer
    [01/02/2012 18:24:46] - |D| - [106864] - C:\windows\it
    [01/02/2012 18:24:50] - |D| - [105328] - C:\windows\ko
    [13/07/2009 22:20:10] - |D| - [48371] - C:\windows\L2Schemas
    [13/07/2009 22:20:10] - |D| - [0] - C:\windows\LiveKernelReports
    [13/07/2009 22:20:10] - |D| - [87296235] - C:\windows\Logs
    [01/02/2012 18:24:53] - |D| - [107376] - C:\windows\lt
    [01/02/2012 18:24:57] - |D| - [106864] - C:\windows\lv
    [13/07/2009 22:20:10] - |RSD| - [13358214] - C:\windows\Media
    [MD5.23AF90D2355D8C83AA4567EF1763B467] - [13/07/2009 19:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\windows\mib.bin
    [13/07/2009 22:20:10] - |D| - [754514409] - C:\windows\Microsoft.NET
    [19/01/2014 11:28:41] - |D| - [4014] - C:\windows\Migration
    [01/10/2017 21:09:22] - |D| - [276313] - C:\windows\Minidump
    [13/07/2009 22:20:10] - |D| - [0] - C:\windows\ModemLogs
    [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [13/07/2009 21:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\windows\msdfmap.ini
    [01/02/2012 20:24:08] - |D| - [75566347] - C:\windows\MSetup
    [01/02/2012 18:25:01] - |D| - [107376] - C:\windows\nl
    [01/02/2012 18:25:05] - |D| - [107376] - C:\windows\no
    [MD5.B32189BDFF6E577A92BAA61AD49264E6] - [08/09/2015 17:31:37] - |A| - (.© Microsoft Corporation. - Notepad.) - [193536] - (6.1.7601.18917) - C:\windows\notepad.exe
    [MD5.7794CC01EE5C65F8BA057C548B862E66] - [01/10/2017 17:46:00] - |A| - (.-.) - [527046] - (0.0.0.0) - C:\windows\ntbtlog.txt
    [14/07/2009 00:32:38] - |D| - [65] - C:\windows\Offline Web Pages
    [11/02/2011 14:57:05] - |D| - [698523] - C:\windows\Panther
    [01/02/2012 18:18:47] - |D| - [0] - C:\windows\PCHEALTH
    [14/07/2009 00:32:38] - |D| - [62305402] - C:\windows\Performance
    [MD5.846CB36F0CF050CD2436C6F06E738D80] - [24/02/2017 14:52:46] - |A| - (.-.) - [6368] - (0.0.0.0) - C:\windows\PFRO.log
    [01/02/2012 18:31:55] - |D| - [107376] - C:\windows\pl
    [13/07/2009 22:20:10] - |D| - [1109514] - C:\windows\PLA
    [13/07/2009 22:20:10] - |D| - [2360204] - C:\windows\PolicyDefinitions
    [11/02/2011 14:58:10] - |D| - [45940032] - C:\windows\Prefetch
    [MD5.9ED422FB854BBD72616989C0ABE306D1] - [09/02/2011 23:03:48] - |A| - (.-.) - [326] - (0.0.0.0) - C:\windows\primopdf.ini
    [23/02/2017 16:49:13] - |D| - [0] - C:\windows\pss
    [01/02/2012 18:31:59] - |D| - [107376] - C:\windows\pt-br
    [01/02/2012 18:32:04] - |D| - [107888] - C:\windows\pt-pt
    [MD5.2E2C937846A0B8789E5E91739284D17A] - [13/07/2009 18:27:10] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [427008] - (6.1.7600.16385) - C:\windows\regedit.exe
    [13/07/2009 22:20:10] - |D| - [22588] - C:\windows\registration
    [MD5.9D40BFEF0B34CBC1E3A074A6E7D9644A] - [01/02/2012 18:43:03] - |A| - (.-.) - [44378] - (0.0.0.0) - C:\windows\Report.htm
    [13/07/2009 22:20:10] - |D| - [4218339] - C:\windows\rescache
    [MD5.B543F54C0E5C551066129C389CA3BF26] - [03/02/2012 13:37:34] - |A| - (.TODO: (c) <Company name>. - TODO: <File description>.) - [423936] - (1.0.0.1) - C:\windows\Reseal64.exe
    [13/07/2009 22:20:10] - |D| - [1676583] - C:\windows\Resources
    [01/02/2012 18:32:08] - |D| - [107376] - C:\windows\ro
    [MD5.568F4520EE62383F7B14C1B403E4D7FC] - [01/02/2012 17:33:30] - |N| - (.Copyright (C) 2011 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1698408] - (1.0.3.0) - C:\windows\RtlExUpd.dll
    [01/02/2012 18:32:12] - |D| - [106864] - C:\windows\ru
    [MD5.C45ED6183D5A8A47BA338CF1D334CC77] - [01/02/2012 17:40:41] - |A| - (.Copyright © 2004-2010 Jan Kolarik & Ondrej Vaverka - Screensaver created with InstantStorm.) - [14392507] - (2.0.0.0) - C:\windows\Samsung Astro Orbit I.scr
    [MD5.F53B03707C7ED9A9D69393FD84E5B6CD] - [01/02/2012 17:40:43] - |A| - (.-.) - [16018] - (0.0.0.0) - C:\windows\Samsung.png
    [13/07/2009 22:20:10] - |D| - [0] - C:\windows\SchCache
    [13/07/2009 22:20:10] - |D| - [58021] - C:\windows\schemas
    [11/02/2011 14:56:44] - |D| - [241744] - C:\windows\Sec
    [13/07/2009 22:20:10] - |D| - [1056768] - C:\windows\security
    [13/07/2009 23:45:47] - |D| - [288445506] - C:\windows\ServiceProfiles
    [13/07/2009 22:20:10] - |D| - [235370137] - C:\windows\servicing
    [MD5.2226109C5FCC0BD014F40D50432DE3EA] - [01/02/2012 18:34:53] - |A| - (.Copyright (C) 2005 - SetDisplayResolution MFC Program.) - [307200] - (1.2.0.8) - C:\windows\SetDisplayResolution.exe
    [MD5.99781C9D6344FB1D65D93B962B508942] - [01/02/2012 18:34:53] - |A| - (.-.) - [3282] - (0.0.0.0) - C:\windows\SetDisplayResolutionDT.xml
    [MD5.201FDD2F8231EF33C1D9210577624F4D] - [01/02/2012 18:34:53] - |A| - (.-.) - [3282] - (0.0.0.0) - C:\windows\SetDisplayResolutionNP.xml
    [MD5.4673C94AEE1AD9C4BEAE58ECC3DBC2B8] - [01/02/2012 17:58:40] - |A| - (.Samsung Electronics Co., Ltd. - SetLCDStretchMode.) - [345600] - (1.0.2.1) - C:\windows\SetLCDStretchMode.exe
    [13/07/2009 23:45:50] - |D| - [13802] - C:\windows\Setup
    [MD5.3F76D0BC023FA554AC88B05C05BEAE62] - [24/02/2017 14:53:43] - |A| - (.-.) - [1714] - (0.0.0.0) - C:\windows\setupact.log
    [MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/02/2017 14:53:43] - |A| - (.-.) - [0] - (0.0.0.0) - C:\windows\setuperr.log
    [01/02/2012 20:25:37] - |D| - [35886] - C:\windows\ShellNew
    [01/02/2012 18:32:16] - |D| - [107376] - C:\windows\sk
    [01/02/2012 18:32:21] - |D| - [107376] - C:\windows\sl
    [MD5.A34D5E02AA86ECAC7B3B19B1EFABD07D] - [01/02/2012 17:56:19] - |A| - (.-.) - [433] - (0.0.0.0) - C:\windows\SlientUninstall.iss
    [01/02/2012 17:36:34] - |D| - [1348475432] - C:\windows\SoftwareDistribution
    [13/07/2009 22:20:10] - |D| - [181014046] - C:\windows\Speech
    [MD5.127AA81343A7C6F665C22CB1293B0A90] - [20/08/2012 07:29:53] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\windows\splwow64.exe
    [01/02/2012 18:32:25] - |D| - [107376] - C:\windows\sr-latn-cs
    [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 00:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\windows\Starter.xml
    [03/01/2013 20:27:38] - |D| - [0] - C:\windows\Sun
    [MD5.6306FFC26C6F488E517175881D76FF77] - [01/02/2012 20:20:44] - |A| - (.Copyright (C) 2010 - Samsung Universal Print Utility.) - [258864] - (2.1.5.0) - C:\windows\SUPDRun.exe
    [MD5.BC4133E8F2311394FF990DE5A8F2F7D9] - [01/06/2012 04:41:18] - |A| - (.-.) - [562718] - (0.0.0.0) - C:\windows\surbey.ico
    [01/02/2012 18:32:30] - |D| - [106864] - C:\windows\sv
    [13/07/2009 22:20:10] - |D| - [0] - C:\windows\system
    [MD5.286A9EDB379DC3423A528B0864A0F111] - [13/07/2009 21:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\windows\system.ini
    [13/07/2009 22:20:10] - |D| - [4391966145] - C:\windows\System32
    [13/07/2009 22:20:14] - |D| - [1221517049] - C:\windows\SysWOW64
    [13/07/2009 22:20:14] - |D| - [15] - C:\windows\TAPI
    [13/07/2009 22:20:14] - |D| - [32554] - C:\windows\Tasks
    [13/07/2009 22:20:14] - |D| - [85632846] - C:\windows\Temp
    [01/02/2012 18:32:34] - |D| - [106352] - C:\windows\th
    [01/02/2012 18:32:39] - |D| - [106864] - C:\windows\tr
    [13/07/2009 22:20:14] - |D| - [0] - C:\windows\tracing
    [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 16:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\windows\twain.dll
    [14/07/2009 00:32:38] - |D| - [41207796] - C:\windows\twain_32
    [MD5.163A95975E1D8819E653AA3E961371CA] - [20/11/2010 22:25:10] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\windows\twain_32.dll
    [01/02/2012 17:58:07] - |D| - [10270866] - C:\windows\twain_64
    [MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 17:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\windows\twunk_16.exe
    [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [13/07/2009 19:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\windows\twunk_32.exe
    [13/07/2009 22:20:14] - |D| - [12420] - C:\windows\Vss
    [13/07/2009 22:20:14] - |D| - [41213768] - C:\windows\Web
    [MD5.43E89724BB8934402DABB6990F2C64CA] - [01/02/2012 17:58:17] - |A| - (.- INF Scanner Installer.) - [142128] - (1.0.71.0) - C:\windows\wiainst64.exe
    [MD5.B31FFE3250040EE72E63CDA5A8A18EE6] - [13/07/2009 21:34:57] - |A| - (.-.) - [387] - (0.0.0.0) - C:\windows\win.ini
    [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [13/07/2009 23:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\windows\WindowsShell.Manifest
    [MD5.FF5C9806B4297C688AAA456E60042659] - [01/02/2012 17:36:33] - |A| - (.-.) - [1376339] - (0.0.0.0) - C:\windows\WindowsUpdate.log
    [MD5.1D420D66250BCAAAED05724FB34008CF] - [13/07/2009 19:12:29] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.1.7600.16385) - C:\windows\winhlp32.exe
    [13/07/2009 22:20:14] - |D| - [18470786136] - C:\windows\winsxs
    [MD5.4D620865394151B96C54752B743D6D12] - [13/05/2011 01:42:24] - |A| - (.© 2010 Microsoft Corporation. - Windows Live Photos Screen Saver.) - [302448] - (15.4.3538.513) - C:\windows\WLXPGSS.SCR
    [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 15:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\windows\WMSysPr9.prx
    [MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [13/07/2009 18:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\windows\write.exe
    [MD5.3872EF941069CB15D1B97CA6AB2C2EF7] - [23/02/2017 15:41:03] - |A| - (.-.) - [55237] - (0.0.0.0) - C:\windows\ZAM.krnl.trace
    [MD5.88FAD69082A478DBD7A01EDD23475F79] - [23/02/2017 15:41:03] - |A| - (.-.) - [3638575] - (0.0.0.0) - C:\windows\ZAM_Guard.krnl.trace
    [01/02/2012 18:32:43] - |D| - [104816] - C:\windows\zh-cn
    [01/02/2012 18:32:47] - |D| - [104816] - C:\windows\zh-tw
    [MD5.F9F4905664C5B42B49E78EFA12D1A6B6] - [01/02/2012 18:23:47] - |A| - (.-.) - [20] - (0.0.0.0) - C:\windows\Àùr

    ---------- | C:\windows\System32\GroupPolicy


    ---------- | Systemroot\System


    ---------- | Systemroot\Installer (Microsoft Files Whitelisted)

    [13/10/2010 18:55:48] - C:\windows\Installer\17d0c2d.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [08/02/2012 10:42:14] - C:\windows\Installer\17d0fb6.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [06/06/2015 13:54:19] - C:\windows\Installer\198dbc93.msi : (puush installer - Dean Herbert) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [01/02/2012 18:27:55] - C:\windows\Installer\1b3fc.msi : (Windows Live Messenger Resources setup package - Корпорация Майкрософт) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [01/02/2012 18:28:42] - C:\windows\Installer\1b5bd.msi : (Windows Live Mail setup package - Корпорация Майкрософт) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [18/07/2014 14:59:47] - C:\windows\Installer\1d0cb9e7.msi : (Mission Planner Installer - Michael Oborne) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [17/03/2015 03:42:22] - C:\windows\Installer\282d71.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [07/10/2014 17:12:54] - C:\windows\Installer\2a185ca7.msi : (QuickTime Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [22/07/2017 15:22:48] - C:\windows\Installer\3059b78e.msi : (Java SE Runtime Environment 8 Update 141 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [22/07/2017 15:22:39] - C:\windows\Installer\3059b79b.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [23/02/2017 08:03:06] - C:\windows\Installer\3203861.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [23/02/2017 08:08:27] - C:\windows\Installer\3203973.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [04/05/2017 21:11:47] - C:\windows\Installer\38e4d837.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [01/06/2012 05:50:09] - C:\windows\Installer\394cfe.msi : (Intel(R) Turbo Boost Technology Monitor 2.0 - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [04/09/2011 13:45:50] - C:\windows\Installer\39f3df.msi : ( - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [14/06/2011 20:45:52] - C:\windows\Installer\3b2ff.msi : (Intel® PROSet/Wireless WiMAX Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [12/01/2011 12:21:18] - C:\windows\Installer\3b306.msi : (Intel(R) WiFi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [01/02/2012 17:36:56] - C:\windows\Installer\3b30f.msi : (Asmedia ASM104x USB 3.0 Host Controller Driver - Asmedia Technology) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [02/12/2010 23:55:32] - C:\windows\Installer\3b314.msi : (USB 3.0 Host Controller Driver - Renesas Electronics Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [26/07/2010 14:12:44] - C:\windows\Installer\3b31d.msi : (Easy Content Share - Samsung Electronics Co., LTD) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [30/11/2010 18:39:23] - C:\windows\Installer\3b349.msi : (Intel(R) Wireless Display - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [18/12/2010 11:47:30] - C:\windows\Installer\3b352.msi : ( - Samsung Electronics. Co. Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [01/02/2012 17:42:55] - C:\windows\Installer\3b359.msi : (Best Buy pc app Setup Installation - Best Buy) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [26/10/2010 21:20:10] - C:\windows\Installer\3b37b.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [05/10/2010 14:54:48] - C:\windows\Installer\3b394.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [06/10/2010 22:54:06] - C:\windows\Installer\3b39a.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [15/10/2010 20:46:58] - C:\windows\Installer\3b3a0.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [27/10/2010 21:40:10] - C:\windows\Installer\3b3ac.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [01/06/2010 01:38:36] - C:\windows\Installer\3b3b4.msi : (Norton Online Backup Installer - Symantec Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [10/12/2010 12:16:56] - C:\windows\Installer\3b3c4.msi : ( - Samsung) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [17/05/2013 21:47:03] - C:\windows\Installer\3b8ba.msi : (Spelling Dictionaries for Adobe Reader 9 - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [29/01/2013 20:36:49] - C:\windows\Installer\4dda4738.msi : (Amazon Unbox Video - Amazon.com) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [30/04/2012 16:43:42] - C:\windows\Installer\54d8114.msi : (Nitro Reader 2.3.1.7 - Nitro PDF Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [15/08/2017 17:33:47] - C:\windows\Installer\6c23b245.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [10/11/2010 23:14:02] - C:\windows\Installer\d4f4e.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [21/02/2017 11:28:19] - C:\windows\Installer\db7b6.msi : (Visual Studio 2012 x64 Redistributables - AVG Technologies) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [21/02/2017 11:28:27] - C:\windows\Installer\db7ba.msi : (Visual Studio 2012 x86 Redistributables - AVG Technologies CZ, s.r.o.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
    [12/11/2014 20:33:30] - C:\windows\Installer\f28d7f1.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

    ---------- | %System%\*.in*

    [13/07/2009 23:57:09] - [73] - C:\windows\System32\desktop.ini
    [14/04/2015 22:40:09] - [16303] - C:\windows\System32\ieuinit.inf
    [14/07/2009 00:13:15] - [786514] - C:\windows\System32\PerfStringBackup.INI
    [10/06/2009 16:01:25] - [60124] - C:\windows\System32\tcpmon.ini
    [14/04/2015 22:40:14] - [16303] - C:\windows\Syswow64\ieuinit.inf
    [13/07/2009 23:55:01] - [535] - C:\windows\Syswow64\mapisvc.inf
    [31/05/2012 08:15:27] - [779128] - C:\windows\Syswow64\PerfStringBackup.INI
    [05/06/2012 18:32:05] - [97] - C:\windows\Syswow64\PICSDK.ini

    ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:08] - [0 Ko] - C:\windows\AppPatch\Custom\Custom64
    [MD5.9B59AB9A6E428972A44E7B2CB174775E] - |A| - [11/07/2017 21:50:19] - (.-.) - [122.74 Ko] - (0.0.0.0) - C:\windows\AppPatch\AppPatch64\sysmain.sdb
    [MD5.00000000000000000000000000000000] - |D| - [30/09/2017 10:32:46] - [0 Ko] - C:\windows\Temp\93FA44C1-AB37-4530-8216-FD41E873EC12-Sigs
    [MD5.7E6C145988519041AD7988F9135FD67C] - |A| - [06/05/2017 14:18:53] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\windows\Temp\AdobeARM.log
    [MD5.00000000000000000000000000000000] - |D| - [23/02/2017 15:26:08] - [93.18 Ko] - C:\windows\Temp\Amazon Digital Video
    [MD5.5BA0DA98FC377A1FF2D033957762B4BE] - |A| - [20/04/2017 17:45:29] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00000.log
    [MD5.BAC51F1182D691D0766D1F37F099CC1E] - |A| - [20/04/2017 17:45:41] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00001.log
    [MD5.D2E6A3DF23C63D30D0B87E57C43CC97D] - |A| - [11/05/2017 21:14:44] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00002.log
    [MD5.0277F155C44407D32DF1D2636288D9EB] - |A| - [11/05/2017 21:14:57] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00003.log
    [MD5.0AFF4C77E3263FC53788747E00A2E945] - |A| - [16/08/2017 19:16:27] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00004.log
    [MD5.627E0DA63F26654DFB6AAAE140D18F75] - |A| - [16/08/2017 19:16:38] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00005.log
    [MD5.256A3733765A078843DB9D16CCCDCDDB] - |A| - [16/09/2017 07:59:50] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00006.log
    [MD5.BC35DEE764FA9C56BD5DE20210E3FED3] - |A| - [16/09/2017 08:00:05] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00007.log
    [MD5.9DFA3F7B61C9D399F0E897DD22DB5C86] - |A| - [05/04/2017 21:20:29] - (.-.) - [93.17 Ko] - (0.0.0.0) - C:\windows\Temp\chrome_installer.log
    [MD5.8D182D57D22C6636FB7285CD48D3E27A] - |A| - [20/08/2017 19:06:18] - (.© McAfee, Inc. - McAfee Scanner Content Installer.) - [1519.46 Ko] - (3.0.113.1) - C:\windows\Temp\contentDATs.exe
    [MD5.00000000000000000000000000000000] - |D| - [05/04/2017 21:20:29] - [0.04 Ko] - C:\windows\Temp\Crashpad
    [MD5.00000000000000000000000000000000] - |D| - [26/09/2017 18:51:46] - [112.61 Ko] - C:\windows\Temp\CR_DA55A.tmp
    [MD5.AC662664040332780AF0794FB515E529] - |A| - [11/05/2017 21:12:10] - (.-.) - [1.22 Ko] - (0.0.0.0) - C:\windows\Temp\dd_NDP46-KB4014511-x64_decompression_log.txt
    [MD5.343613BF114EE8A9887963CEE66FF0DF] - |A| - [20/04/2017 17:43:31] - (.-.) - [1.19 Ko] - (0.0.0.0) - C:\windows\Temp\dd_NDP46-KB4014553-x64_decompression_log.txt
    [MD5.4683CC1DF075F6B8EC6DE50592A5D717] - |A| - [16/09/2017 07:58:13] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\windows\Temp\dd_ndp46-kb4040973-x64_decompression_log.txt
    [MD5.0808B888682676D4389AF26D7BE3E98F] - |A| - [16/08/2017 19:14:02] - (.-.) - [1.22 Ko] - (0.0.0.0) - C:\windows\Temp\dd_ndp47-kb3186495-x86-x64-enu_decompression_log.txt
    [MD5.DDBED41C03998190104FB1CF2477EC78] - |A| - [16/08/2017 19:14:22] - (.-.) - [1.61 Ko] - (0.0.0.0) - C:\windows\Temp\dd_SetupUtility.txt
    [MD5.28D23AE961411B3F25B2FDF35C32E483] - |A| - [20/04/2017 17:45:18] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170420_224518_107.txt
    [MD5.1B202C8CAC53799B27EB1352688DE0EF] - |A| - [20/04/2017 17:45:21] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170420_224521_370.txt
    [MD5.D53DC8E5B24F6B083FB5FC0DDECFBF0D] - |A| - [11/05/2017 21:14:33] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170512_021433_494.txt
    [MD5.7ADAE560EB924182D94458F0906D49D7] - |A| - [11/05/2017 21:14:35] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170512_021435_967.txt
    [MD5.7EAB8EF7D42A888C62FF7CB2615B01F6] - |A| - [16/08/2017 19:16:11] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170817_001611_868.txt
    [MD5.0BC5DBC7F449CAE71F153402AC082412] - |A| - [16/08/2017 19:16:23] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170817_001623_385.txt
    [MD5.ADB7CEC88690F956FB03F6803D759D2F] - |A| - [16/09/2017 07:59:39] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170916_125939_988.txt
    [MD5.1D5C84760FFF238EEC4ABEF76AE2CABA] - |A| - [16/09/2017 07:59:44] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170916_125944_466.txt
    [MD5.30326C10B88E7DB189BF93C57A7778DE] - |A| - [07/03/2017 00:19:10] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile00.sqm
    [MD5.867F4BC34D3F79899827105F1C2FD434] - |A| - [18/03/2017 11:26:42] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile01.sqm
    [MD5.828C2BA1F506F986DF3C71C6E89242D4] - |A| - [03/04/2017 23:28:07] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile02.sqm
    [MD5.C53ED116C184F80B4E0F792E26C795C0] - |A| - [04/04/2017 22:47:47] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile03.sqm
    [MD5.7E0C93F3B385FE2A35EB8E81B2E7EC25] - |A| - [08/04/2017 22:00:46] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile04.sqm
    [MD5.EB9E76AE07DAAE1842C74A79112D9D65] - |A| - [23/04/2017 20:32:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile05.sqm
    [MD5.ADB9206E192571D51EB7B7E95FF82302] - |A| - [13/05/2017 09:19:35] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile06.sqm
    [MD5.52DBC3FFE257EC3B5F8BA5D1D1B00F2D] - |A| - [29/05/2017 21:39:24] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile07.sqm
    [MD5.66EA077045775AD57E676B59EB533412] - |A| - [16/06/2017 11:52:30] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile08.sqm
    [MD5.9CEC111855DFC75B92C2EF18537176F2] - |A| - [15/07/2017 05:50:32] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile09.sqm
    [MD5.06550C33A19BE2C829B377D651D1B19A] - |A| - [15/07/2017 13:41:26] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile10.sqm
    [MD5.74CB0FCF02116D286F9BFC6070038D03] - |A| - [25/07/2017 17:56:13] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile11.sqm
    [MD5.8AF8E7A058970644ECBDCE30F83D9F50] - |A| - [25/08/2017 18:20:07] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile12.sqm
    [MD5.AA5C10AB7272361A34C891479EE3E7E6] - |A| - [24/09/2017 20:31:04] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile13.sqm
    [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 16:55:11] - (.-.) - [0 Ko] - (0.0.0.0) - C:\windows\Temp\GUR9C68.tmp
    [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 17:20:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\windows\Temp\GURD01A.tmp
    [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 17:08:10] - (.-.) - [0 Ko] - (0.0.0.0) - C:\windows\Temp\GURD7E7.tmp
    [MD5.58B2297376FFF8616A8409768FA2E461] - |A| - [11/05/2017 21:12:46] - (.-.) - [16737.5 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014511_20170511_211232611-Microsoft .NET Framework 4.6.1-MSP0.txt
    [MD5.27178A34908ED492F3F7DDAB124FEC88] - |A| - [11/05/2017 21:12:31] - (.-.) - [78.46 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014511_20170511_211232611.html
    [MD5.293D9076C25763ABDD53156CA6EAFF66] - |A| - [20/04/2017 17:43:56] - (.-.) - [16043.53 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014553_20170420_174345103-Microsoft .NET Framework 4.6.1-MSP0.txt
    [MD5.4F42918F366882F94D5ED265E9224307] - |A| - [20/04/2017 17:43:40] - (.-.) - [77.07 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014553_20170420_174345103.html
    [MD5.3BFF186D1C6D775D3F5245B48F199441] - |A| - [16/09/2017 07:58:22] - (.-.) - [8386.28 Ko] - (0.0.0.0) - C:\windows\Temp\KB4040973_20170916_075818822-Microsoft .NET Framework 4.7-MSP0.txt
    [MD5.277486BAE87CD544916009CB16DB1119] - |A| - [16/09/2017 07:58:18] - (.-.) - [97.14 Ko] - (0.0.0.0) - C:\windows\Temp\KB4040973_20170916_075818822.html
    [MD5.B147C6BAA0DD641BF45D9F45273E1B88] - |A| - [16/08/2017 19:14:26] - (.-.) - [20273.38 Ko] - (0.0.0.0) - C:\windows\Temp\Microsoft .NET Framework 4.7 Setup_20170816_191418963-MSI_netfx_Full_x64.msi.txt
    [MD5.CA18E82FAA86AE12DD4EA1DA5B0D091B] - |A| - [16/08/2017 19:14:16] - (.-.) - [629.24 Ko] - (0.0.0.0) - C:\windows\Temp\Microsoft .NET Framework 4.7 Setup_20170816_191418963.html
    [MD5.489FAFE1FE704CC2CA4C007E200F347A] - |A| - [24/02/2017 15:05:11] - (.-.) - [669.53 Ko] - (0.0.0.0) - C:\windows\Temp\MpCmdRun.log
    [MD5.18ABBA0D6A7464BA61597855BDF77AEE] - |A| - [25/02/2017 15:05:54] - (.-.) - [750.32 Ko] - (0.0.0.0) - C:\windows\Temp\MpSigStub.log
    [MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [16/08/2017 19:16:29] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI5BDB.tmp
    [MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [16/08/2017 19:16:29] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI5BDB.tmp-tmp
    [MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [16/09/2017 07:59:52] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI7258.tmp
    [MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [16/09/2017 07:59:52] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI7258.tmp-tmp
    [MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [11/05/2017 21:14:46] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI8A8C.tmp
    [MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [11/05/2017 21:14:46] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI8A8C.tmp-tmp
    [MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [20/04/2017 17:45:31] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI930D.tmp
    [MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [20/04/2017 17:45:31] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI930D.tmp-tmp
    [MD5.0EFB76D2BBBD8BDDE4CE34A95CC23128] - |A| - [20/08/2017 19:05:45] - (.� McAfee, Inc. - McAfee Security Scan Plus Installer.) - [10770.2 Ko] - (3.11.599.11) - C:\windows\Temp\SecurityScan_Release.exe
    [MD5.BDC04751F38DCEF295D41D302BEC95BD] - |A| - [15/03/2017 20:48:49] - (.-.) - [2.44 Ko] - (0.0.0.0) - C:\windows\Temp\Silverlight0.log
    [MD5.FBDCC249F1DCA09C7B842435A10DD889] - |A| - [15/03/2017 20:48:50] - (.-.) - [6530.87 Ko] - (0.0.0.0) - C:\windows\Temp\SilverlightMSI.log
    [MD5.9D70F869D2ACAF37620074A2A3A72B85] - |A| - [11/05/2017 21:18:58] - (.-.) - [1.71 Ko] - (0.0.0.0) - C:\windows\Temp\TFR65C2.tmp
    [MD5.59071590099D21DD439896592338BF95] - |AT| - [01/10/2017 17:20:14] - (.-.) - [512 Ko] - (0.0.0.0) - C:\windows\Temp\TMPAEB0815EAF4C0FAE
    [MD5.3E2268E5841EA0B41B6867A8D767592F] - |A| - [25/09/2017 21:34:37] - (.-.) - [12 Ko] - (0.0.0.0) - C:\windows\Temp\WFV1FE8.tmp
    [MD5.00000000000000000000000000000000] - |D| - [12/09/2017 22:00:21] - [98.44 Ko] - C:\windows\Temp\{B63B41E2-D092-4D68-B86E-1388601C43B0}
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [0 Ko] - C:\windows\System32\0409
    [MD5.6581B78CE6B5107CE071146097A874FD] - |AH| - [13/07/2009 23:45:49] - (.-.) - [28.17 Ko] - (0.0.0.0) - C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [MD5.6581B78CE6B5107CE071146097A874FD] - |AH| - [13/07/2009 23:45:49] - (.-.) - [28.17 Ko] - (0.0.0.0) - C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [4987.5 Ko] - C:\windows\System32\AdvancedInstallers
    [MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [13/07/2009 20:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\windows\System32\brcoinst.dll
    [MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [13/07/2009 19:07:04] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\windows\System32\BthpanContextHandler.dll
    [MD5.00000000000000000000000000000000] - |HD| - [25/10/2013 22:07:01] - [3229.78 Ko] - C:\windows\System32\CanonIJ Uninstaller Information
    [MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [13/07/2009 18:56:54] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\windows\System32\CardGames.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [134675.91 Ko] - C:\windows\System32\catroot
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [27623.76 Ko] - C:\windows\System32\catroot2
    [MD5.EA88F93CA71EDEB959BB483998E84730] - |A| - [20/06/2014 19:43:56] - (.-.) - [12.5 Ko] - (0.0.0.0) - C:\windows\System32\CNC1747D.TBL
    [MD5.022E082550DB4ABA33AAF06DD1C9048D] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - WIA Scanner Driver 64-bit Edition.) - [1322.5 Ko] - (1.0.0.0) - C:\windows\System32\CNC495C.dll
    [MD5.8E29A4B8746BB7146F420DDB3192F20C] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - WIA Scanner Driver Image Enhancement dll 64-bit Edition.) - [109.5 Ko] - (1.0.0.0) - C:\windows\System32\CNC495I.dll
    [MD5.2DC005681DEA0EB6E710940035DE9DE7] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - LLD.) - [340.5 Ko] - (1.0.0.0) - C:\windows\System32\CNC495L.dll
    [MD5.832AC9632BC028DE0FC6F405D991E406] - |A| - [03/06/2010 06:12:14] - (.Copyright CANON INC. 2010 All Rights Reserved - Canon WIA scanner co-installer 64bit Edition.) - [101 Ko] - (3.1.2.60) - C:\windows\System32\CNC495O.dll
    [MD5.493574E218AA18161D14EECFD572A0E8] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [17.5 Ko] - (1.4.1.1) - C:\windows\System32\CNHMCA6.dll
    [MD5.09F6C9BF8B22D230CA73CBF17C5F9700] - |A| - [25/10/2013 22:06:13] - (.Copyright CANON INC. 2006-2010 All Rights Reserved - Canon IJ Driver Installer.) - [242.5 Ko] - (1.8.0.70) - C:\windows\System32\CNMIUA9.DLL
    [MD5.93B9E4D0B7BD601372C5B50FE0381533] - |A| - [20/06/2014 19:44:13] - (.Copyright CANON INC. 2000-2011 All Rights Reserved - IJ Language Monitor.) - [376 Ko] - (0.3.0.1) - C:\windows\System32\CNMLMA9.DLL
    [MD5.A14F896D4E5314E4E8732F894661F03B] - |A| - [25/10/2013 22:05:46] - (.Copyright CANON INC. 2003-2010 All Rights Reserved - Canon IJ Network 64bit comm Module.) - [320 Ko] - (2.7.0.60) - C:\windows\System32\CNMN6PPM.DLL
    [MD5.45D92AA41553C4F6E6D8518EB1C291F6] - |A| - [25/10/2013 22:05:47] - (.Copyright CANON INC. 2003-2010 All Rights Reserved - Canon IJ Network 64bit UI Module.) - [36.5 Ko] - (2.7.0.60) - C:\windows\System32\CNMN6UI.DLL
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [10610.8 Ko] - C:\windows\System32\CodeIntegrity
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [357 Ko] - C:\windows\System32\com
    [MD5.00000000000000000000000000000000] - |SD| - [07/05/2014 21:11:10] - [4945.69 Ko] - C:\windows\System32\CompatTel
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [471497.87 Ko] - C:\windows\System32\config
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [432 Ko] - C:\windows\System32\cs-CZ
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [427.5 Ko] - C:\windows\System32\da-DK
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [457.5 Ko] - C:\windows\System32\de-DE
    [MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [13/07/2009 23:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\windows\System32\desktop.ini
    [MD5.3550D4BCB4796300EF119605FA68D9A0] - |A| - [01/02/2012 20:17:27] - (.-.) - [175.52 Ko] - (0.0.0.0) - C:\windows\System32\difx64.exe
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [5314 Ko] - C:\windows\System32\Dism
    [MD5.5F06A5E87DD2A416045E08A80AD5D03F] - |A| - [13/06/2011 20:38:10] - (.Copyright (C) 2007 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [621 Ko] - (6.5.1037.1) - C:\windows\System32\DMWrapper.dll
    [MD5.B6EE79D3648E51767FADFA593F91D92C] - |A| - [13/06/2011 20:29:54] - (.Copyright (C) 2007 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [443.5 Ko] - (6.5.1037.1) - C:\windows\System32\DnDWrapper.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [72795.62 Ko] - C:\windows\System32\drivers
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [1269733.38 Ko] - C:\windows\System32\DriverStore
    [MD5.00000000000000000000000000000000] - |DC| - [15/09/2014 20:49:56] - [0 Ko] - C:\windows\System32\DRVSTORE
    [MD5.355AF0E5CD3E8F52C5BFFDE2BA6788AB] - |A| - [01/02/2012 20:20:43] - (.Copyright (C) 2010 - Samsung Universal Print Driver I/O Manager.) - [351 Ko] - (2.1.0.2) - C:\windows\System32\DscPnt.dll
    [MD5.8B5A737AD11EF45D9B1AEB4ED6884968] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [711.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSBassEnhancementDLL64.dll
    [MD5.21B38D4D86A87909491F690883AE6D1E] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Boost COM DLL.) - [1452.1 Ko] - (1.0.0.1) - C:\windows\System32\DTSBoostDLL64.dll
    [MD5.FF31A2F57AAAB58DB78FCC961A58B206] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [418.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSGainCompensatorDLL64.dll
    [MD5.BC0474E5476E5EA0D0E1AA5AC41E2061] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS GFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\windows\System32\DTSGFXAPO64.dll
    [MD5.3B8FB5376F5431C0101747D5138BCB9B] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS GFX APO.) - [236.1 Ko] - (1.0.0.3) - C:\windows\System32\DTSGFXAPONS64.dll
    [MD5.B3977C8BA77559F4F8752AE8EB724C87] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS LFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\windows\System32\DTSLFXAPO64.dll
    [MD5.192A03A21636D3775CEE4C049C3BEB2A] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Limiter COM DLL.) - [422.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSLimiterDLL64.dll
    [MD5.2EF5442E8E7ED20F7634EEFB09640C8F] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS NEO:pC COM DLL.) - [479.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSNeoPCDLL64.dll
    [MD5.F7C357462077156DC211AC2112FC8C53] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1531.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSS2HeadphoneDLL64.dll
    [MD5.F132C08BD8C58579B400DFAA71F34CFB] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1715.1 Ko] - (1.0.0.1) - C:\windows\System32\DTSS2SpeakerDLL64.dll
    [MD5.9948969B2C1987B1D64789EFEB284A84] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Symmetry COM DLL.) - [695.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSSymmetryDLL64.dll
    [MD5.DE32448E6B40141C80DAABFF6FBE1744] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [677.1 Ko] - (1.0.0.1) - C:\windows\System32\DTSVoiceClarityDLL64.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [457 Ko] - C:\windows\System32\el-GR
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [1804 Ko] - C:\windows\System32\en
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [35007.27 Ko] - C:\windows\System32\en-US
    [MD5.46B8E04B3C35CB93F89EF27746D7A908] - |A| - [13/07/2009 20:20:15] - (.Copyright (C) SEIKO EPSON CORPORATION 2008. - Epson Printer Driver.) - [76 Ko] - (1.0.0.0) - C:\windows\System32\EP0SLM01.DLL
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [448 Ko] - C:\windows\System32\es-ES
    [MD5.5FFF863DB5BC54685FEF62886C51E899] - |A| - [05/06/2012 18:31:40] - (.Copyright (C) SEIKO EPSON CORP. 2006 - EPSON WIA Module.) - [82 Ko] - (1.7.3.1) - C:\windows\System32\esxcwiad.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [160.5 Ko] - C:\windows\System32\et-EE
    [MD5.36883ACDE963E75C32BBCBD94838A10A] - |A| - [13/06/2011 20:24:56] - (.-.) - [2 Ko] - (0.0.0.0) - C:\windows\System32\EventLogMessages.dll
    [MD5.9891511E620B74DAC5FC6376667F10BE] - |A| - [05/06/2012 18:58:51] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2007. - ECBTEGB AMD64.) - [79.5 Ko] - (2.1.0.0) - C:\windows\System32\E_IBCBEDA.DLL
    [MD5.2A07D47A4E19ABA5857CF159E4B83C1E] - |A| - [11/11/2013 19:55:17] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\windows\System32\E_IBCBIBA.DLL
    [MD5.5119CA537F22E38019C811C0BE314EC2] - |A| - [05/06/2012 18:58:52] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2007. - EPSON Bi-directional Monitor AMD64.) - [105.5 Ko] - (2.8.0.0) - C:\windows\System32\E_ILMEDA.DLL
    [MD5.EC03B2D63A9A3AB25A7062CC9036F453] - |A| - [11/11/2013 19:55:22] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2011. - EPSON Bi-directional Monitor AMD64.) - [117.5 Ko] - (3.3.0.0) - C:\windows\System32\E_ILMIBA.DLL
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [430 Ko] - C:\windows\System32\fi-FI
    [MD5.FEEF1EF699CC02B998F3B3DAEAE6FEA5] - |A| - [24/02/2017 14:53:08] - (.-.) - [408.52 Ko] - (0.0.0.0) - C:\windows\System32\FNTCACHE.DAT
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [454 Ko] - C:\windows\System32\fr-FR
    [MD5.653CDCA6BE222085FEFEE8B2B94D42F2] - |A| - [31/01/2014 16:22:14] - (.Copyright © 2006-2014 FTDI Ltd. - FTDI USB Serial Converter Property Page Provider.) - [108.86 Ko] - (1.3.0.1) - C:\windows\System32\ftbusui.dll
    [MD5.1349D33B23E6A218D57BB507CE9D2B16] - |A| - [31/01/2014 16:22:16] - (.Copyright © 2001-2014 FTDI Ltd. - FTD2XX Dynamic Link Library.) - [252.36 Ko] - (3.2.8.0) - C:\windows\System32\ftd2xx.dll
    [MD5.F4446E14847F77B78093E5565D9FEC96] - |A| - [31/01/2014 16:22:16] - (.Copyright © 2001-2013 FTDI Ltd. - FTDI Multi-Lingual Property Page Text Library.) - [210.86 Ko] - (1.5.2.1) - C:\windows\System32\FTLang.dll
    [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\System32\FxsTmp
    [MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 15:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\windows\System32\gatherNetworkInfo.vbs
    [MD5.C3AB41E0AC1FD0A76F6B2ACFF2D026F6] - |A| - [01/02/2012 20:17:27] - (.-.) - [150.75 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ar-SA.resources
    [MD5.95010458D8FE989A9701A73A6A3C9CCB] - |A| - [01/02/2012 20:17:27] - (.-.) - [128.81 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.cs-CZ.resources
    [MD5.4807D80B51F138D68137C5CCF6666588] - |A| - [01/02/2012 20:17:27] - (.-.) - [124.13 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.da-DK.resources
    [MD5.996D188997F062A4B7A6D36D0CADD0DB] - |A| - [01/02/2012 20:17:27] - (.-.) - [133.03 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.de-DE.resources
    [MD5.00B110E8451CC833832B4BDE2A9C2DC5] - |A| - [01/02/2012 20:17:27] - (.-.) - [191.09 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.el-GR.resources
    [MD5.60E1F44D2BB3243CF57F20555F4BF1D7] - |A| - [01/02/2012 20:17:27] - (.-.) - [119.77 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.en-US.resources
    [MD5.E4E57FAFF34A606205B80C400D159A81] - |A| - [01/02/2012 20:17:27] - (.-.) - [132.98 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.es-ES.resources
    [MD5.75E69F3FC2A7AE68B2C70CE781C15260] - |A| - [01/02/2012 20:17:27] - (.-.) - [128.38 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.fi-FI.resources
    [MD5.B62B5B76EBE28F69F0F9DBA283552AE1] - |A| - [01/02/2012 20:17:27] - (.-.) - [130.94 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.fr-FR.resources
    [MD5.B76B7FF4396BC54589ABE49D94992FC5] - |A| - [01/02/2012 20:17:27] - (.-.) - [143.94 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.he-IL.resources
    [MD5.247F5387208FA65E58A40DF8D7871A67] - |A| - [01/02/2012 20:17:27] - (.-.) - [127.36 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.hr-HR.resources
    [MD5.17621A4FC0896CEA65926548FB30895A] - |A| - [01/02/2012 20:17:27] - (.-.) - [129.75 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.hu-HU.resources
    [MD5.323F5D8F5623EA1B95F192E6A24C3E6B] - |A| - [01/02/2012 20:17:27] - (.-.) - [135.39 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.it-IT.resources
    [MD5.32967A254EFFE93213A9463C61520BB8] - |A| - [01/02/2012 20:17:27] - (.-.) - [147.8 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ja-JP.resources
    [MD5.AB29B5A1E56A2177E009B766EA01239F] - |A| - [01/02/2012 20:17:27] - (.-.) - [133.79 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ko-KR.resources
    [MD5.15C92E815FC7FE5933BC538EC864ED2D] - |A| - [01/02/2012 20:17:27] - (.-.) - [124.38 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.nb-NO.resources
    [MD5.97DF38E931E5152EB5FD650DF4B85D4F] - |A| - [01/02/2012 20:17:27] - (.-.) - [129.76 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.nl-NL.resources
    [MD5.E9DB6BD9A68E934383F6C17EFF0ECD34] - |A| - [01/02/2012 20:17:27] - (.-.) - [128.62 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.pl-PL.resources
    [MD5.B0561C3DB5AD76416C0ED2CF1925D1A0] - |A| - [01/02/2012 20:17:27] - (.-.) - [130.2 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.pt-BR.resources
    [MD5.635C4388BA353BAAF2D720ACE65D8CA0] - |A| - [01/02/2012 20:17:27] - (.-.) - [129.2 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.pt-PT.resources
    [MD5.6BDD8BA6EB2BB04C8CACBADD8DFCD6A3] - |A| - [01/02/2012 20:17:28] - (.-.) - [131.95 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ro-RO.resources
    [MD5.F4349F0D97EDF72A70D9BAB8B6B3B6D7] - |A| - [01/02/2012 20:17:28] - (.-.) - [176.02 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ru-RU.resources
    [MD5.EFEBE343C2C47474D87F10734538A3AC] - |A| - [01/02/2012 20:17:28] - (.-.) - [128.21 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.sk-SK.resources
    [MD5.DFD46E1831E1656BFDE0EF7DB8056AC9] - |A| - [01/02/2012 20:17:28] - (.-.) - [124.61 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.sl-SI.resources
    [MD5.BD522E7DC9836177C0B730BF36CC7C85] - |A| - [01/02/2012 20:17:28] - (.-.) - [129.32 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.sv-SE.resources
    [MD5.D62F6ED4661EB4B4977F8BBC4C6E43D1] - |A| - [01/02/2012 20:17:28] - (.-.) - [203.45 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.th-TH.resources
    [MD5.391439BB43EB98A96AF10F7EC18584BF] - |A| - [01/02/2012 20:17:28] - (.-.) - [130.73 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.tr-TR.resources
    [MD5.BF60311546618E46D9F8163B21197F77] - |A| - [01/02/2012 20:17:28] - (.-.) - [112.5 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.zh-CN.resources
    [MD5.2B78ED3326A225296FD7E23B2CF15A4A] - |A| - [01/02/2012 20:17:28] - (.-.) - [113.68 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.zh-TW.resources
    [MD5.FFB49EE58EF3E271AA25F847D3299047] - |A| - [01/02/2012 20:17:28] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\windows\System32\GfxUI.exe.config
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [0 Ko] - C:\windows\System32\GroupPolicy
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [0 Ko] - C:\windows\System32\GroupPolicyUsers
    [MD5.105CFE016CCB20175BEACEC146F175AB] - |A| - [01/02/2012 20:17:28] - (.-.) - [92 Ko] - (0.0.0.0) - C:\windows\System32\IccLibDll_x64.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [36.27 Ko] - C:\windows\System32\icsxml
    [MD5.093C86CD529A3932C9E58C3387DA4AAC] - |A| - [13/07/2009 16:59:35] - (.-.) - [407.56 Ko] - (0.0.0.0) - C:\windows\System32\igcompkrng500.bin
    [MD5.481F6E1CD63E09F0516B5E78B35D333E] - |A| - [01/02/2012 20:17:29] - (.-.) - [142.39 Ko] - (0.0.0.0) - C:\windows\System32\igcompkrng600.bin
    [MD5.87031985145FE4FC13E8DABF387E78A4] - |A| - [13/07/2009 16:59:36] - (.-.) - [136.55 Ko] - (0.0.0.0) - C:\windows\System32\igfcg500.bin
    [MD5.44E5EA6A6AB4D6343B8FBC1DE19B5005] - |A| - [13/07/2009 16:59:36] - (.-.) - [95.16 Ko] - (0.0.0.0) - C:\windows\System32\igfcg500m.bin
    [MD5.C079421BCDD8C152F7A1AA013C8B5A98] - |A| - [01/02/2012 20:17:29] - (.-.) - [202.52 Ko] - (0.0.0.0) - C:\windows\System32\igfcg600m.bin
    [MD5.6AFDFEE5C401303211ACCCDFD300D721] - |A| - [01/02/2012 20:17:29] - (.Copyright (C) 2010 - CM Runtime Dynamic Link Library.) - [104 Ko] - (1.0.0.2) - C:\windows\System32\igfxcmrt64.dll
    [MD5.D4E9ECDDC271B76E8C7C6DCA0AEC9556] - |A| - [01/02/2012 20:17:30] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [90.5 Ko] - (1.2.30.0) - C:\windows\System32\igfxCoIn_v2266.dll
    [MD5.1404000553F9B10B275114B64099C5CD] - |A| - [01/02/2012 20:17:29] - (.-.) - [4 Ko] - (1.0.0.0) - C:\windows\System32\IGFXDEVLib.dll
    [MD5.71E96C791D10CAACF4867C5AD65FA19B] - |A| - [13/07/2009 16:59:36] - (.-.) - [959.18 Ko] - (0.0.0.0) - C:\windows\System32\igkrng500.bin
    [MD5.7764AEA3A2C15976CDF43E7F5BD6E53C] - |A| - [01/02/2012 20:17:30] - (.-.) - [938.42 Ko] - (0.0.0.0) - C:\windows\System32\igkrng600.bin
    [MD5.9A014CE65642722D72588D5196F147CE] - |A| - [01/02/2012 20:17:30] - (.-.) - [1945.25 Ko] - (0.0.0.0) - C:\windows\System32\iglhxa64.cpa
    [MD5.DB945DDE9D7825BB4A173CD108193C49] - |A| - [01/02/2012 20:17:30] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\windows\System32\iglhxa64.vp
    [MD5.A980B0ED5543E3DFD1C21058B06C5A65] - |A| - [01/02/2012 20:17:30] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\windows\System32\iglhxc64.vp
    [MD5.82001B2CC6728CE282EF036ABC2BC975] - |A| - [01/02/2012 20:17:30] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\windows\System32\iglhxg64.vp
    [MD5.3B6C78580EC3B9A0346D2AD63EC7906A] - |A| - [01/02/2012 20:17:30] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\windows\System32\iglhxo64.vp
    [MD5.E6CC8FD97AE9FD7B3A2DA169E7C0EDE2] - |A| - [01/02/2012 20:17:30] - (.-.) - [13.2 Ko] - (0.0.0.0) - C:\windows\System32\iglhxs64.vp
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [36875.94 Ko] - C:\windows\System32\IME
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [0 Ko] - C:\windows\System32\inetsrv
    [MD5.B2E8FACE9CD0BD906CBBEACE9C1160C1] - |A| - [01/06/2015 15:05:03] - (.-.) - [24.19 Ko] - (0.0.0.0) - C:\windows\System32\iPod Software License.rtf
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [452 Ko] - C:\windows\System32\it-IT
    [MD5.8672D1FBB5420FB0A4366FB9186CF592] - |A| - [13/06/2011 20:29:24] - (.Copyright (C) 2007 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [557 Ko] - (6.5.1037.1) - C:\windows\System32\iWmxSDK.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [365 Ko] - C:\windows\System32\ja-JP
    [MD5.8E50E3BA76CCD8868EF0415F2C388129] - |A| - [01/02/2012 17:33:32] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [589.33 Ko] - (4.1104.6000.51) - C:\windows\System32\KAAPORT64.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [360 Ko] - C:\windows\System32\ko-KR
    [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [13/07/2009 21:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\windows\System32\korwbrkr.lex
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [2704.67 Ko] - C:\windows\System32\LogFiles
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [165 Ko] - C:\windows\System32\lt-LT
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [166 Ko] - C:\windows\System32\lv-LV
    [MD5.00000000000000000000000000000000] - |D| - [02/06/2012 03:21:06] - [90235.54 Ko] - C:\windows\System32\Macromed
    [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 15:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\windows\System32\manage-bde.wsf
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [1981.88 Ko] - C:\windows\System32\manifeststore
    [MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [01/02/2012 17:33:32] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\windows\System32\MaxxAudioAPO20.dll
    [MD5.03E0955A7D8E5E74E7F6986A56A66196] - |A| - [01/02/2012 17:33:32] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [333.34 Ko] - (3.2.1.1) - C:\windows\System32\MaxxAudioAPO30.dll
    [MD5.87B5AB256A5A068EDDA0F4B4FAC728CC] - |A| - [01/02/2012 17:33:32] - (.Copyright © 1996-2007 -.) - [2145.77 Ko] - (5.9.7.0) - C:\windows\System32\MaxxAudioEQ.dll
    [MD5.F5960A7D7DD19FD17F0F5640D7BAFA2A] - |A| - [01/02/2012 17:33:32] - (.Copyright © 1996-2008 -.) - [2185.84 Ko] - (1.2.0.0) - C:\windows\System32\MaxxAudioRealtek.dll
    [MD5.CF171618F3999FEB4F95C77A8C376C92] - |A| - [01/02/2012 17:33:32] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [326.84 Ko] - (3.1.0.0) - C:\windows\System32\MaxxVolumeSDAPO.dll
    [MD5.00000000000000000000000000000000] - |SD| - [13/07/2009 23:45:42] - [1134.89 Ko] - C:\windows\System32\Microsoft
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [3464.93 Ko] - C:\windows\System32\migration
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [37830.93 Ko] - C:\windows\System32\migwiz
    [MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [13/07/2009 23:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\windows\System32\migwiz.lnk
    [MD5.00000000000000000000000000000000] - |D| - [22/07/2013 18:21:50] - [0 Ko] - C:\windows\System32\MRT
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [4148.28 Ko] - C:\windows\System32\Msdtc
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [11.33 Ko] - C:\windows\System32\MUI
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [422.5 Ko] - C:\windows\System32\nb-NO
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [512 Ko] - C:\windows\System32\NDF
    [MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 17:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\windows\System32\NetTrace.PLA.Diagnostics.xml
    [MD5.8194259C88214B45D094239098EE5AE4] - |A| - [03/06/2012 18:33:09] - (.Copyright (C) 2000-2011 Nitro PDF Software - Windows NT Nitro Print PDF Interface Driver.) - [29.02 Ko] - (7.0.0.1) - C:\windows\System32\nitrolocalmon2.dll
    [MD5.39170876ED0CF5E35A79A68CE80531A9] - |A| - [03/06/2012 18:33:09] - (.Copyright (C) 2000-2011 Nitro PDF Software - Windows NT Nitro Print PDF Interface Driver.) - [17.52 Ko] - (7.0.0.1) - C:\windows\System32\nitrolocalui2.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [443.5 Ko] - C:\windows\System32\nl-NL
    [MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [13/07/2009 21:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\windows\System32\noise.kor
    [MD5.00000000000000000000000000000000] - |D| - [11/02/2011 14:56:44] - [2.67 Ko] - C:\windows\System32\OEM
    [MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 15:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\windows\System32\onlinesetup.cmd
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [14327.36 Ko] - C:\windows\System32\oobe
    [MD5.02DD9F55F1EE107C41C456DD26529B59] - |A| - [13/07/2009 21:36:59] - (.-.) - [120.44 Ko] - (0.0.0.0) - C:\windows\System32\perfc009.dat
    [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 15:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\windows\System32\PerfCenterCpl.ico
    [MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [13/07/2009 21:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\windows\System32\perfd009.dat
    [MD5.46D04DA6BC0F62B24CFEF596F6B5422B] - |A| - [13/07/2009 21:36:59] - (.-.) - [649.96 Ko] - (0.0.0.0) - C:\windows\System32\perfh009.dat
    [MD5.2957533384947F69137557EAF34B08F5] - |A| - [14/07/2009 00:13:15] - (.-.) - [768.08 Ko] - (0.0.0.0) - C:\windows\System32\PerfStringBackup.INI
    [MD5.DE230CD4F6B0832084DFB39424F7AB74] - |A| - [13/06/2011 20:25:10] - (.Copyright (C) 2006 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [232 Ko] - (6.5.1037.1) - C:\windows\System32\PipeHandler.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [439 Ko] - C:\windows\System32\pl-PL
    [MD5.962874341190719614FC9B37D5DE71F8] - |A| - [03/06/2012 18:31:18] - (.-.) - [92.78 Ko] - (0.0.0.0) - C:\windows\System32\Primomonnt.dll
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:50] - [413.88 Ko] - C:\windows\System32\Printing_Admin_Scripts
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [436 Ko] - C:\windows\System32\pt-BR
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [438.5 Ko] - C:\windows\System32\pt-PT
    [MD5.8B211FFCCC2C08DDC0FD023E70A13DD8] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [115.34 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEA64A.dll
    [MD5.B90443404596E62B2E60A9EEA5FAF5CA] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [416.34 Ko] - (7.2.7000.6) - C:\windows\System32\R4EED64A.dll
    [MD5.E05E98B73A089BC6DDADE5577B64D1E6] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [72.34 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEG64A.dll
    [MD5.E0B4052B55114ACD0BFE627AE050E751] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [132.84 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEL64A.dll
    [MD5.8D2AF770C4781E11A2AEC2089D5154C5] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [3230.84 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEP64A.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [23.75 Ko] - C:\windows\System32\ras
    [MD5.91F5D442F081FC900953F45ED1EE9C17] - |A| - [27/04/2015 10:10:54] - (.Copyright © 2014 Razer Inc. All rights reserved - RazerCoinstaller.) - [78.5 Ko] - (0.0.0.5) - C:\windows\System32\RazerCoinstaller.dll
    [MD5.AFB17CFACCCA8C722B92C83DF7C04022] - |A| - [01/02/2012 18:13:37] - (.-.) - [15.61 Ko] - (0.0.0.0) - C:\windows\System32\results.xml
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [169 Ko] - C:\windows\System32\ro-RO
    [MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [01/02/2012 17:33:33] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\windows\System32\RP3DAA64.dll
    [MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [01/02/2012 17:33:33] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\windows\System32\RP3DHT64.dll
    [MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\windows\System32\RTEED64A.dll
    [MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\windows\System32\RTEEG64A.dll
    [MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\windows\System32\RTEEL64A.dll
    [MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\windows\System32\RTEEP64A.dll
    [MD5.92C704590FCEDDA971B7A77945DCCDA4] - |A| - [01/02/2012 17:34:23] - (.- About Page.) - [72.53 Ko] - (1.2.0.3) - C:\windows\System32\RtNicProp64.dll
    [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [20/11/2010 22:24:25] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\windows\System32\ScavengeSpace.xml
    [MD5.9C4CF2E875035DBA252A736E424BF37D] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [76.34 Ko] - (3.0.0.14) - C:\windows\System32\SFAPO64.dll
    [MD5.ED27D943336C2956DCE43A7B777FAEFE] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [79.34 Ko] - (3.0.0.14) - C:\windows\System32\SFCOM64.dll
    [MD5.D95A37963E504EBE32693F3C2946C4C9] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [215.34 Ko] - (3.0.0.14) - C:\windows\System32\SFNHK64.dll
    [MD5.9AC714C16412F3EA11E8CE13B0E5BF8A] - |A| - [01/02/2012 20:07:53] - (.-.) - [239.43 Ko] - (0.0.0.0) - C:\windows\System32\SingleBom.xml
    [MD5.22DD1EAC3C61AE4D66E972E2AEB9AE45] - |A| - [01/02/2012 20:20:44] - (.SEC. - Samsung Smart Printer Driver Utility.) - [250 Ko] - (1.0.0.3) - C:\windows\System32\SIPDUtil.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [169.5 Ko] - C:\windows\System32\sk-SK
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [166 Ko] - C:\windows\System32\sl-SI
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [37.8 Ko] - C:\windows\System32\slmgr
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [43713.02 Ko] - C:\windows\System32\SMI
    [MD5.9AC714C16412F3EA11E8CE13B0E5BF8A] - |A| - [01/02/2012 20:07:53] - (.-.) - [239.43 Ko] - (0.0.0.0) - C:\windows\System32\SNE8-03-9A-11-E1-16.xml
    [MD5.BAEFF14E578F81F36DDF525B0865A8CB] - |A| - [01/02/2012 20:20:36] - (.-.) - [101 Ko] - (2.1.10.0) - C:\windows\System32\SnErHdlr.dll
    [MD5.C40A1E11BB8C142F6C03D338067918FD] - |A| - [01/02/2012 20:20:36] - (.-.) - [160 Ko] - (2.1.10.0) - C:\windows\System32\SnImgFlt.dll
    [MD5.D4BFA432474B85D60D87E78DDD62E044] - |A| - [01/02/2012 20:20:36] - (.-.) - [693 Ko] - (2.1.10.0) - C:\windows\System32\SnMinDrv.dll
    [MD5.E817892623C6F1E1E246945DE82C306A] - |A| - [01/02/2012 17:58:00] - (.Samsung - Samsung MUI DLL.) - [273.5 Ko] - (1.1.0.0) - C:\windows\System32\snWIAMUI.dll
    [MD5.53FD32411162922DDF4EE8A3D5479687] - |A| - [01/02/2012 20:20:36] - (.-.) - [203 Ko] - (2.1.10.0) - C:\windows\System32\SNWIAUI.dll
    [MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 16:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\windows\System32\spcinstrumentation.man
    [MD5.FC21BF5A1667FC745FE53D05DA4CB8A2] - |A| - [01/02/2012 20:20:43] - (.Copyright (C) 2004 Co., Ltd. - SSCoInst.) - [87.5 Ko] - (1.0.0.4) - C:\windows\System32\spd__ci.dll
    [MD5.7E8730A98ACA451163A87CACF4A8E549] - |A| - [01/02/2012 20:20:44] - (.- UPD Co-Installer.) - [148 Ko] - (2.0.0.4) - C:\windows\System32\spd__ci.exe
    [MD5.6490E8960C28412EDE6A3A8D7A030946] - |A| - [01/02/2012 20:20:43] - (.- Language Monitor for Status Monitor.) - [27 Ko] - (1.4.6.71) - C:\windows\System32\spd__l.dll
    [MD5.4941CF4F5D206512E32FC60699C5691F] - |A| - [01/02/2012 20:20:43] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\windows\System32\spd__l.smt
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [26875.5 Ko] - C:\windows\System32\Speech
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [319827.5 Ko] - C:\windows\System32\spool
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [1959.75 Ko] - C:\windows\System32\spp
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [30.19 Ko] - C:\windows\System32\sppui
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [170 Ko] - C:\windows\System32\sr-Latn-CS
    [MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [01/02/2012 17:33:34] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\windows\System32\SRSHP64.dll
    [MD5.A028717B791416182959B325D5B40679] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\windows\System32\SRSTSH64.dll
    [MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [01/02/2012 17:33:34] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\windows\System32\SRSTSX64.dll
    [MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [01/02/2012 17:33:34] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\windows\System32\SRSWOW64.dll
    [MD5.FFAC652120F6914916ED1B767BE7CE67] - |A| - [01/02/2012 20:20:36] - (.Copyright Samsung Electronics 2001 - Device Monitor.) - [65.5 Ko] - (1.5.8.0) - C:\windows\System32\Ssdevm64.dll
    [MD5.4B16688EDD7FF1E5B7EAC811E95438DC] - |A| - [01/02/2012 20:20:37] - (.Copyright Samsung Electronics 2001 - USB Device.) - [42.5 Ko] - (1.0.0.0) - C:\windows\System32\Ssusbp64.dll
    [MD5.00000000000000000000000000000000] - |D| - [25/10/2013 22:05:47] - [14 Ko] - C:\windows\System32\STRING
    [MD5.D641337B75B9A9D5AE10687AA1097755] - |A| - [01/02/2012 20:20:44] - (.(c) Samsung Electronics CO., LTD. - Samsung UPD Service.) - [162.8 Ko] - (2.1.0.2) - C:\windows\System32\SUPDSvc.exe
    [MD5.4967FD3B3134DBE0B49F047F3DE25E7A] - |A| - [01/02/2012 20:20:44] - (.(c) Samsung Electronics CO., LTD. - Samsung UPD Service Agent.) - [158.3 Ko] - (2.1.0.2) - C:\windows\System32\SUPDSvcA.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [426.5 Ko] - C:\windows\System32\sv-SE
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [204.76 Ko] - C:\windows\System32\sysprep
    [MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [20/11/2010 22:24:36] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\windows\System32\systemsf.ebd
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [281.46 Ko] - C:\windows\System32\Tasks
    [MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 16:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\windows\System32\tcpmon.ini
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [157 Ko] - C:\windows\System32\th-TH
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [424 Ko] - C:\windows\System32\tr-TR
    [MD5.00318FE42A997AB68FE4BDAE6FCE1989] - |A| - [01/02/2012 20:20:37] - (.(C) 1993-2009 TWAIN Working Group. - TWAIN 64 Source Manager (Image Acquisition Interface).) - [156.52 Ko] - (2.1.1.0) - C:\windows\System32\TWAINDSM.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [166.5 Ko] - C:\windows\System32\uk-UA
    [MD5.05F9840831C29F5BE93AD8BE810D5614] - |A| - [13/07/2009 23:45:37] - (.-.) - [18 Ko] - (0.0.0.0) - C:\windows\System32\umstartup.etl
    [MD5.F736AA948D0C3CBCE212B7B2CB0EF115] - |A| - [13/07/2009 23:45:37] - (.-.) - [45 Ko] - (0.0.0.0) - C:\windows\System32\umstartup000.etl
    [MD5.71A48CA6300620F06753F4CA44D01AF6] - |A| - [01/02/2012 17:33:35] - (.Copyright © 1996-2007 - General Library for Plug-Ins.) - [2540.84 Ko] - (1.2.0.0) - C:\windows\System32\WavesGUILib.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [45636.67 Ko] - C:\windows\System32\wbem
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:50] - [60.46 Ko] - C:\windows\System32\WCN
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [75032.38 Ko] - C:\windows\System32\wdi
    [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 16:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\windows\System32\WdsUnattendTemplate.xml
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\System32\wfp
    [MD5.989890289984AA7CCA8FEB2A4B7510C8] - |A| - [01/02/2012 20:20:37] - (.-.) - [82.61 Ko] - (0.0.0.0) - C:\windows\System32\WIAEXSTR.loc
    [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\System32\WinBioDatabase
    [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [73.5 Ko] - C:\windows\System32\WinBioPlugIns
    [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [8584.71 Ko] - C:\windows\System32\WindowsPowerShell
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [105684 Ko] - C:\windows\System32\winevt
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [99.06 Ko] - C:\windows\System32\winrm
    [MD5.EA88F93CA71EDEB959BB483998E84730] - |A| - [20/06/2014 19:43:56] - (.-.) - [12.5 Ko] - (0.0.0.0) - C:\windows\SysWOW64\CNC1747D.TBL
    [MD5.0A294F1A46F4BCB5C4323FFEB276393D] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - LLD.) - [300 Ko] - (1.0.0.0) - C:\windows\SysWOW64\CNC495L.dll
    [MD5.7B0B9146146B111E2F3EA58C0F3B5756] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - Scanner Driver.) - [104 Ko] - (1.0.0.0) - C:\windows\SysWOW64\CNC495U.dll
    [MD5.D16CF34B17899F90A8FCF2A3F77B4A27] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [15.5 Ko] - (1.4.1.1) - C:\windows\SysWOW64\CNHMCA.dll
    [MD5.B3B13025E236417E8B6BC8E96D7773EF] - |A| - [05/02/2010 04:37:33] - (.Copyright CANON INC. 2003-2010 All Rights Reserved - Canon IJ Network 32bit comm Module.) - [333 Ko] - (2.7.0.60) - C:\windows\SysWOW64\CNMNPPM.DLL
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [302.5 Ko] - C:\windows\SysWOW64\com
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1523.77 Ko] - C:\windows\SysWOW64\config
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [427.5 Ko] - C:\windows\SysWOW64\cs-CZ
    [MD5.846B03F22587A13AAF419096F9684F6E] - |A| - [01/02/2012 17:32:06] - (.Copyright 2008 - CSVer.) - [52 Ko] - (9.2.0.1019) - C:\windows\SysWOW64\CSVer.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [422.5 Ko] - C:\windows\SysWOW64\da-DK
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [452 Ko] - C:\windows\SysWOW64\de-DE
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [4135 Ko] - C:\windows\SysWOW64\Dism
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [3495.5 Ko] - C:\windows\SysWOW64\drivers
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1.05 Ko] - C:\windows\SysWOW64\DriverStore
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [451.5 Ko] - C:\windows\SysWOW64\el-GR
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [1648 Ko] - C:\windows\SysWOW64\en
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [31830.02 Ko] - C:\windows\SysWOW64\en-US
    [MD5.861CCF1A77792AD4E7A39D9106B58E73] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.33 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_BP.cfg
    [MD5.CC553A14E5E33464E53717953E9C7E79] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.22 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_CF.cfg
    [MD5.28D6D18D2D51AFF6BFD3D6545AEDE2B6] - |A| - [05/06/2012 18:32:05] - (.-.) - [12.37 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_EN.cfg
    [MD5.788091375D05FE6FEDDC3031B5EC9638] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_ES.cfg
    [MD5.CC553A14E5E33464E53717953E9C7E79] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.22 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_FR.cfg
    [MD5.861CCF1A77792AD4E7A39D9106B58E73] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.33 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_PT.cfg
    [MD5.29E93E8EEAF957BDC03182A5B383FF4F] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 1.10.) - [50.16 Ko] - (1.1.0.1) - C:\windows\SysWOW64\EpPicMgr.dll
    [MD5.6F8256E5C21DCA0B71E2960BD1574A4F] - |A| - [05/06/2012 18:32:05] - (.-.) - [28.43 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern1.dat
    [MD5.99B39A991604A09125A63D1F83A1668F] - |A| - [05/06/2012 18:32:05] - (.-.) - [26.77 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern121.dat
    [MD5.C35D83EF6773F875E85A37CD389FC98A] - |A| - [05/06/2012 18:32:05] - (.-.) - [30.33 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern131.dat
    [MD5.1330F7E87620F5A3B2B2F769C73749AE] - |A| - [05/06/2012 18:32:05] - (.-.) - [12.97 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern2.dat
    [MD5.74096ECE9DCA5340883D2871E92B0E13] - |A| - [05/06/2012 18:32:05] - (.-.) - [20.53 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern3.dat
    [MD5.0D2E4219C97CDCC3CFAA5E3077CB6280] - |A| - [05/06/2012 18:32:05] - (.-.) - [10.42 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern4.dat
    [MD5.D67E0E406C42FB5192865073D96B3B4A] - |A| - [05/06/2012 18:32:05] - (.-.) - [15.3 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern5.dat
    [MD5.E000BC718432CBB8F8AF9A2DD4EBCC59] - |A| - [05/06/2012 18:32:05] - (.-.) - [4.83 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern6.dat
    [MD5.5A84A0F8D547CCEAFA5F94BB96D05A7E] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_BP.dat
    [MD5.DF1FC390514F29307D1AB8DC62E2CBF7] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_CF.dat
    [MD5.DD3199930A3D8F9BED7B29280B4CF30B] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.08 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_EN.dat
    [MD5.11F898E51C743BECDFD9E8386C908F7D] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_ES.dat
    [MD5.DF1FC390514F29307D1AB8DC62E2CBF7] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_FR.dat
    [MD5.5A84A0F8D547CCEAFA5F94BB96D05A7E] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_PT.dat
    [MD5.C22208277045909CEAC3D1A8050DEB1A] - |A| - [05/06/2012 18:32:05] - (.-.) - [71.5 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPrinterDB.dat
    [MD5.2259687A780CDD3895649A9F632983D5] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 1.10.) - [50.16 Ko] - (1.1.0.1) - C:\windows\SysWOW64\EpPicPrt.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [443 Ko] - C:\windows\SysWOW64\es-ES
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [160.5 Ko] - C:\windows\SysWOW64\et-EE
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [425 Ko] - C:\windows\SysWOW64\fi-FI
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [449 Ko] - C:\windows\SysWOW64\fr-FR
    [MD5.E326988DEAE82D6106CAC4DF79EDAF21] - |A| - [31/01/2014 16:22:16] - (.Copyright © 2001-2014 FTDI Ltd. - FTD2XX Dynamic Link Library.) - [214.86 Ko] - (3.2.8.0) - C:\windows\SysWOW64\ftd2xx.dll
    [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\SysWOW64\FxsTmp
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\GroupPolicy
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\GroupPolicyUsers
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [191.5 Ko] - C:\windows\SysWOW64\he-IL
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [168 Ko] - C:\windows\SysWOW64\hr-HR
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [429 Ko] - C:\windows\SysWOW64\hu-HU
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [36.27 Ko] - C:\windows\SysWOW64\icsxml
    [MD5.093C86CD529A3932C9E58C3387DA4AAC] - |A| - [13/07/2009 16:59:35] - (.-.) - [407.56 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igcompkrng500.bin
    [MD5.481F6E1CD63E09F0516B5E78B35D333E] - |A| - [01/02/2012 20:17:29] - (.-.) - [142.39 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igcompkrng600.bin
    [MD5.87031985145FE4FC13E8DABF387E78A4] - |A| - [13/07/2009 16:59:36] - (.-.) - [136.55 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igfcg500.bin
    [MD5.44E5EA6A6AB4D6343B8FBC1DE19B5005] - |A| - [13/07/2009 16:59:36] - (.-.) - [95.16 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igfcg500m.bin
    [MD5.C079421BCDD8C152F7A1AA013C8B5A98] - |A| - [01/02/2012 20:17:29] - (.-.) - [202.52 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igfcg600m.bin
    [MD5.71E96C791D10CAACF4867C5AD65FA19B] - |A| - [13/07/2009 16:59:36] - (.-.) - [959.18 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igkrng500.bin
    [MD5.7764AEA3A2C15976CDF43E7F5BD6E53C] - |A| - [01/02/2012 20:17:30] - (.-.) - [938.42 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igkrng600.bin
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [34096.94 Ko] - C:\windows\SysWOW64\IME
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\inetsrv
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1160 Ko] - C:\windows\SysWOW64\InstallShield
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [447 Ko] - C:\windows\SysWOW64\it-IT
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [361 Ko] - C:\windows\SysWOW64\ja-JP
    [MD5.F8211DB97BF852C3292C3E9C710C19D9] - |A| - [18/11/2013 23:18:23] - (.Copyright © 2016 - Java(TM) Web Start Launcher.) - [263.56 Ko] - (11.101.2.13) - C:\windows\SysWOW64\javaws.exe
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [356.5 Ko] - C:\windows\SysWOW64\ko-KR
    [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [13/07/2009 21:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\windows\SysWOW64\korwbrkr.lex
    [MD5.0D3D161D2364A7830CE231103365233F] - |A| - [01/02/2012 17:32:39] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\windows\SysWOW64\log.txt
    [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\SysWOW64\LogFiles
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [165 Ko] - C:\windows\SysWOW64\lt-LT
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [166 Ko] - C:\windows\SysWOW64\lv-LV
    [MD5.00000000000000000000000000000000] - |D| - [01/02/2012 17:40:47] - [66333.24 Ko] - C:\windows\SysWOW64\Macromed
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1968.26 Ko] - C:\windows\SysWOW64\manifeststore
    [MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [13/07/2009 23:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\windows\SysWOW64\mapisvc.inf
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [3178.93 Ko] - C:\windows\SysWOW64\migration
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [32737.45 Ko] - C:\windows\SysWOW64\migwiz
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [52.28 Ko] - C:\windows\SysWOW64\Msdtc
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [11.33 Ko] - C:\windows\SysWOW64\MUI
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [418 Ko] - C:\windows\SysWOW64\nb-NO
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\NDF
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [51 Ko] - C:\windows\SysWOW64\NetworkList
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [438.5 Ko] - C:\windows\SysWOW64\nl-NL
    [MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [13/07/2009 21:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\windows\SysWOW64\noise.kor
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [2566.05 Ko] - C:\windows\SysWOW64\oobe
    [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 16:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\windows\SysWOW64\PerfCenterCpl.ico
    [MD5.B30946193228EE8BB8ECACF8EFF5ED2D] - |A| - [31/05/2012 08:15:27] - (.-.) - [760.87 Ko] - (0.0.0.0) - C:\windows\SysWOW64\PerfStringBackup.INI
    [MD5.68D2DE06776BEC0409AF80D26C2FD42E] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 3.0.) - [106.16 Ko] - (3.0.0.2) - C:\windows\SysWOW64\PICEntry.dll
    [MD5.93C3E9EE30280A8ED2D56DCEDA0FAF3F] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 3.0.) - [78.15 Ko] - (3.0.0.1) - C:\windows\SysWOW64\PICSDK.dll
    [MD5.7F0934D17E976BC53BB0D226D6E9E781] - |A| - [05/06/2012 18:32:05] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\windows\SysWOW64\PICSDK.ini
    [MD5.17152A7F21C9802E7826DE63D2DF184C] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 3.0.) - [490.15 Ko] - (3.0.1.3) - C:\windows\SysWOW64\PICSDK2.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [434 Ko] - C:\windows\SysWOW64\pl-PL
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [413.88 Ko] - C:\windows\SysWOW64\Printing_Admin_Scripts
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [431 Ko] - C:\windows\SysWOW64\pt-BR
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [433 Ko] - C:\windows\SysWOW64\pt-PT
    [MD5.977CD878C93F15CBEA0DC92EDF17FB57] - |A| - [13/10/2014 22:14:54] - (.Copyright © 2014 Razer Inc. All rights reserved - Razer RzDeviceDLL Manager.) - [87 Ko] - (1.0.29.5) - C:\windows\SysWOW64\rzdevinfo.dll
    [MD5.9AC714C16412F3EA11E8CE13B0E5BF8A] - |A| - [01/02/2012 20:07:53] - (.-.) - [239.43 Ko] - (0.0.0.0) - C:\windows\SysWOW64\SingleBom.xml
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [169.5 Ko] - C:\windows\SysWOW64\sk-SK
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [166 Ko] - C:\windows\SysWOW64\sl-SI
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [37.8 Ko] - C:\windows\SysWOW64\slmgr
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [2800 Ko] - C:\windows\SysWOW64\Speech
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1142.37 Ko] - C:\windows\SysWOW64\spp
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [30.19 Ko] - C:\windows\SysWOW64\sppui
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [170 Ko] - C:\windows\SysWOW64\sr-Latn-CS
    [MD5.BF3F5010F4F005A96A07FD7D10318767] - |A| - [01/02/2012 20:20:36] - (.Copyright Samsung Electronics 2001 - Device Monitor.) - [66 Ko] - (1.5.8.0) - C:\windows\SysWOW64\Ssdevm.dll
    [MD5.D7F4BAF51DBEE3DC9EAF51BEE5B8F94B] - |A| - [01/02/2012 20:20:37] - (.Copyright Samsung Electronics 2001 - USB Device.) - [48 Ko] - (0.6.0.0) - C:\windows\SysWOW64\Ssusbpn.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [421.5 Ko] - C:\windows\SysWOW64\sv-SE
    [MD5.00000000000000000000000000000000] - |D| - [27/11/2014 03:28:35] - [0 Ko] - C:\windows\SysWOW64\SysInfo
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [0 Ko] - C:\windows\SysWOW64\sysprep
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\Tasks
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [157 Ko] - C:\windows\SysWOW64\th-TH
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [419 Ko] - C:\windows\SysWOW64\tr-TR
    [MD5.FF1FB7E7B0372138C14F43EDF54D424D] - |A| - [01/02/2012 20:20:37] - (.(C) 1993-2009 TWAIN Working Group. - TWAIN 32 Source Manager (Image Acquisition Interface).) - [140.52 Ko] - (2.1.1.0) - C:\windows\SysWOW64\TWAINDSM.dll
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [166.5 Ko] - C:\windows\SysWOW64\uk-UA
    [MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [13/07/2009 21:35:41] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\windows\SysWOW64\vfpodbc.dll
    [MD5.00000000000000000000000000000000] - |D| - [02/06/2012 03:26:15] - [237.33 Ko] - C:\windows\SysWOW64\Wat
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [8883.12 Ko] - C:\windows\SysWOW64\wbem
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [60.46 Ko] - C:\windows\SysWOW64\WCN
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [101.23 Ko] - C:\windows\SysWOW64\wdi
    [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [8539.71 Ko] - C:\windows\SysWOW64\WindowsPowerShell
    [MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [99.06 Ko] - C:\windows\SysWOW64\winrm
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [333.5 Ko] - C:\windows\SysWOW64\zh-CN
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [255.5 Ko] - C:\windows\SysWOW64\zh-HK
    [MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [334 Ko] - C:\windows\SysWOW64\zh-TW

    ---------- | Shell Folders

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
    "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
    "AppData"=C:\Users\Tonya\AppData\Roaming [01/06/2012 04:28:39]
    "Local AppData"=C:\Users\Tonya\AppData\Local [01/06/2012 04:28:39]
    "My Video"=C:\Users\Tonya\Videos [01/06/2012 04:28:39]
    "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Libraries [01/06/2012 04:41:49]
    "My Pictures"=C:\Users\Tonya\Pictures [01/06/2012 04:28:39]
    "Desktop"=C:\Users\Tonya\Desktop [01/06/2012 04:28:39]
    "History"=C:\Users\Tonya\AppData\Local\Microsoft\Windows\History [01/06/2012 04:28:39]
    "NetHood"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Network Shortcuts [01/06/2012 04:28:39]
    "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Tonya\Contacts [01/06/2012 04:41:40]
    "Cookies"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Cookies [01/06/2012 04:28:39]
    "Favorites"=C:\Users\Tonya\Favorites [01/06/2012 04:28:39]
    "SendTo"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\SendTo [01/06/2012 04:28:39]
    "Start Menu"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu [01/06/2012 04:28:39]
    "My Music"=C:\Users\Tonya\Music [01/06/2012 04:28:39]
    "Programs"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [01/06/2012 04:28:39]
    "Recent"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Recent [01/06/2012 04:28:39]
    "CD Burning"=C:\Users\Tonya\AppData\Local\Microsoft\Windows\Burn\Burn [24/02/2017 15:06:26]
    "PrintHood"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [01/06/2012 04:28:39]
    "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Tonya\Searches [01/06/2012 04:41:49]
    "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Tonya\Downloads [01/06/2012 04:28:39]
    "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Tonya\AppData\LocalLow [01/06/2012 04:28:40]
    "Startup"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [01/06/2012 04:28:39]
    "Administrative Tools"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [01/06/2012 04:41:49]
    "Personal"=C:\Users\Tonya\Documents [01/06/2012 04:28:39]
    "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Tonya\Links [01/06/2012 04:28:39]
    "Cache"=C:\Users\Tonya\AppData\Local\Microsoft\Windows\Temporary Internet Files [01/06/2012 04:28:39]
    "Templates"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Templates [01/06/2012 04:28:39]
    "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Tonya\Saved Games [01/06/2012 04:28:39]
    "Fonts"=C:\windows\Fonts [13/07/2009 22:20:09]

    [HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
    "AppData"=%USERPROFILE%\AppData\Roaming
    "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files
    "Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies
    "Desktop"=%USERPROFILE%\Desktop
    "Favorites"=%USERPROFILE%\Favorites
    "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History
    "Local AppData"=%USERPROFILE%\AppData\Local
    "My Music"=%USERPROFILE%\Music
    "My Pictures"=%USERPROFILE%\Pictures
    "My Video"=%USERPROFILE%\Videos
    "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
    "Personal"=%USERPROFILE%\Documents
    "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
    "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
    "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
    "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
    "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
    "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads
    "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
    "Common Desktop"=C:\Users\Public\Desktop [13/07/2009 22:20:08]
    "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [13/07/2009 22:20:08]
    "CommonVideo"=C:\Users\Public\Videos [13/07/2009 22:20:08]
    "CommonPictures"=C:\Users\Public\Pictures [13/07/2009 22:20:08]
    "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [13/07/2009 22:20:08]
    "CommonMusic"=C:\Users\Public\Music [13/07/2009 22:20:08]
    "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 00:32:38]
    "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [13/07/2009 22:20:08]
    "Common Documents"=C:\Users\Public\Documents [13/07/2009 22:20:08]
    "OEM Links"=C:\ProgramData\OEM Links
    "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [13/07/2009 22:20:08]
    "Common AppData"=C:\ProgramData [13/07/2009 22:20:08]

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
    "Common Desktop"=%PUBLIC%\Desktop
    "Common Documents"=%PUBLIC%\Documents
    "CommonPictures"=%PUBLIC%\Pictures
    "CommonMusic"=%PUBLIC%\Music
    "CommonVideo"=%PUBLIC%\Videos
    "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads
    "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
    "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
    "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
    "Common AppData"=%ProgramData%
    "Common Templates"=%ProgramData%\Microsoft\Windows\Templates

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
    "Common Desktop"=C:\Users\Public\Desktop [13/07/2009 22:20:08]
    "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [13/07/2009 22:20:08]
    "CommonVideo"=C:\Users\Public\Videos [13/07/2009 22:20:08]
    "CommonPictures"=C:\Users\Public\Pictures [13/07/2009 22:20:08]
    "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [13/07/2009 22:20:08]
    "CommonMusic"=C:\Users\Public\Music [13/07/2009 22:20:08]
    "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 00:32:38]
    "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [13/07/2009 22:20:08]
    "Common Documents"=C:\Users\Public\Documents [13/07/2009 22:20:08]
    "OEM Links"=C:\ProgramData\OEM Links
    "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [13/07/2009 22:20:08]
    "Common AppData"=C:\ProgramData [13/07/2009 22:20:08]

    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
    "Common Desktop"=%PUBLIC%\Desktop
    "Common Documents"=%PUBLIC%\Documents
    "CommonPictures"=%PUBLIC%\Pictures
    "CommonMusic"=%PUBLIC%\Music
    "CommonVideo"=%PUBLIC%\Videos
    "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads
    "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
    "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
    "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
    "Common AppData"=%ProgramData%
    "Common Templates"=%ProgramData%\Microsoft\Windows\Templates


    ---------- | [Public]


    ---------- | [Tonya]

    [01/06/2012 04:28:39] - |D| - [1635643120] - C:\Users\Tonya\AppData\Local
    [01/06/2012 04:28:40] - |D| - [2648558] - C:\Users\Tonya\AppData\LocalLow
    [01/06/2012 04:28:39] - |D| - [152996103] - C:\Users\Tonya\AppData\Roaming
    [01/06/2012 08:45:34] - |D| - [2745913] - C:\Users\Tonya\AppData\Local\Adobe
    [15/09/2014 20:47:45] - |D| - [0] - C:\Users\Tonya\AppData\Local\Apple
    [15/09/2014 20:50:18] - |D| - [76422393] - C:\Users\Tonya\AppData\Local\Apple Computer
    [01/06/2012 04:28:40] - |SHD| - [16962042232] - C:\Users\Tonya\AppData\Local\Application Data
    [01/06/2012 04:42:23] - |D| - [0] - C:\Users\Tonya\AppData\Local\Apps
    [21/02/2017 11:18:01] - |D| - [0] - C:\Users\Tonya\AppData\Local\CEF
    [01/06/2012 08:55:05] - |D| - [6427] - C:\Users\Tonya\AppData\Local\CyberLink
    [01/06/2012 04:42:22] - |D| - [0] - C:\Users\Tonya\AppData\Local\Deployment
    [05/06/2012 18:23:34] - |D| - [439051] - C:\Users\Tonya\AppData\Local\ElevatedDiagnostics
    [01/06/2012 04:39:11] - |D| - [295606] - C:\Users\Tonya\AppData\Local\eMusic
    [03/06/2017 11:18:42] - |A| - [113992] - C:\Users\Tonya\AppData\Local\GDIPFONTCACHEV1.DAT
    [20/02/2013 18:28:34] - |D| - [533149838] - C:\Users\Tonya\AppData\Local\Google
    [01/06/2015 14:52:10] - |D| - [71] - C:\Users\Tonya\AppData\Local\GWX
    [01/06/2012 04:28:40] - |SHD| - [130] - C:\Users\Tonya\AppData\Local\History
    [03/01/2013 20:28:23] - |D| - [55690729] - C:\Users\Tonya\AppData\Local\HorizonWimba
    [23/02/2017 15:23:13] - |AH| - [2844732] - C:\Users\Tonya\AppData\Local\IconCache.db
    [24/06/2012 12:38:17] - |D| - [0] - C:\Users\Tonya\AppData\Local\Macromedia
    [01/06/2012 04:28:39] - |D| - [464597354] - C:\Users\Tonya\AppData\Local\Microsoft
    [01/06/2012 06:45:46] - |D| - [0] - C:\Users\Tonya\AppData\Local\Microsoft Help
    [01/06/2012 05:56:37] - |D| - [1373504] - C:\Users\Tonya\AppData\Local\MicrosoftStore
    [01/06/2012 23:30:47] - |D| - [384085062] - C:\Users\Tonya\AppData\Local\Mozilla
    [01/06/2012 04:42:23] - |D| - [40960] - C:\Users\Tonya\AppData\Local\Power2Go
    [24/02/2017 07:49:48] - |D| - [1132211] - C:\Users\Tonya\AppData\Local\PrivaZer
    [06/02/2013 22:41:57] - |D| - [0] - C:\Users\Tonya\AppData\Local\Programs
    [02/07/2015 22:31:59] - |D| - [864] - C:\Users\Tonya\AppData\Local\Razer_Inc
    [12/05/2015 13:07:35] - |D| - [0] - C:\Users\Tonya\AppData\Local\Steam
    [01/06/2012 04:28:39] - |D| - [112633245] - C:\Users\Tonya\AppData\Local\Temp
    [01/06/2012 04:28:40] - |SHD| - [148644216] - C:\Users\Tonya\AppData\Local\Temporary Internet Files
    [07/04/2014 01:18:18] - |D| - [69632] - C:\Users\Tonya\AppData\Local\Windows Live
    [01/03/2017 20:51:35] - |D| - [0] - C:\Users\Tonya\AppData\Local\YSearchUtil
    [23/02/2017 15:40:37] - |D| - [1536] - C:\Users\Tonya\AppData\Local\Zemana
    [01/10/2017 17:09:40] - |A| - [0] - C:\Users\Tonya\AppData\Local\{347A7B5A-EBBF-40ED-8CF5-576ACC06E515}
    [17/11/2013 23:21:14] - |D| - [125558] - C:\Users\Tonya\AppData\LocalLow\Adobe
    [23/06/2015 00:29:48] - |D| - [8770] - C:\Users\Tonya\AppData\LocalLow\Apple Computer
    [25/10/2013 22:11:43] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Canon Easy-WebPrint EX
    [25/10/2013 22:11:43] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Canon Easy-WebPrint EX2
    [30/11/2014 12:45:44] - |SHD| - [0] - C:\Users\Tonya\AppData\LocalLow\EmieBrowserModeList
    [21/06/2014 11:18:29] - |SHD| - [0] - C:\Users\Tonya\AppData\LocalLow\EmieSiteList
    [21/06/2014 11:18:29] - |SHD| - [0] - C:\Users\Tonya\AppData\LocalLow\EmieUserList
    [01/06/2012 04:45:48] - |SD| - [1441717] - C:\Users\Tonya\AppData\LocalLow\Microsoft
    [19/12/2016 07:47:12] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Mozilla
    [23/12/2012 10:31:14] - |D| - [1072513] - C:\Users\Tonya\AppData\LocalLow\Sun
    [20/06/2014 19:42:30] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Temp
    [01/06/2012 04:45:34] - |D| - [360982] - C:\Users\Tonya\AppData\Roaming\Adobe
    [15/09/2014 20:50:18] - |D| - [208301] - C:\Users\Tonya\AppData\Roaming\Apple Computer
    [01/06/2012 08:55:05] - |D| - [2418] - C:\Users\Tonya\AppData\Roaming\CyberLink
    [05/06/2012 18:55:18] - |D| - [262] - C:\Users\Tonya\AppData\Roaming\EPSON
    [23/02/2017 16:41:53] - |D| - [7266061] - C:\Users\Tonya\AppData\Roaming\Everything
    [22/02/2017 17:50:39] - |D| - [10085] - C:\Users\Tonya\AppData\Roaming\Geek Uninstaller
    [23/06/2015 00:27:18] - |D| - [72049661] - C:\Users\Tonya\AppData\Roaming\GoPro
    [01/06/2012 04:41:41] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\Identities
    [01/06/2012 05:48:51] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\InstallShield
    [01/06/2012 04:28:41] - |D| - [1272] - C:\Users\Tonya\AppData\Roaming\Intel
    [05/06/2012 18:35:59] - |D| - [543] - C:\Users\Tonya\AppData\Roaming\Leadertech
    [01/06/2012 04:45:34] - |D| - [41555] - C:\Users\Tonya\AppData\Roaming\Macromedia
    [13/10/2013 23:42:46] - |A| - [36] - C:\Users\Tonya\AppData\Roaming\mbam.context.scan
    [01/06/2012 04:28:39] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\Media Center Programs
    [01/06/2012 04:28:39] - |SD| - [18002876] - C:\Users\Tonya\AppData\Roaming\Microsoft
    [01/06/2012 23:30:47] - |D| - [47280289] - C:\Users\Tonya\AppData\Roaming\Mozilla
    [03/06/2012 18:33:31] - |D| - [241] - C:\Users\Tonya\AppData\Roaming\Nitro PDF
    [06/06/2015 13:55:57] - |D| - [400] - C:\Users\Tonya\AppData\Roaming\puush
    [13/09/2012 06:52:55] - |D| - [4836424] - C:\Users\Tonya\AppData\Roaming\Skype
    [12/10/2016 20:06:20] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\Sun
    [12/03/2015 20:49:08] - |D| - [85758] - C:\Users\Tonya\AppData\Roaming\vlc
    [20/11/2012 22:44:35] - |D| - [27] - C:\Users\Tonya\AppData\Roaming\WebApp
    [01/03/2017 20:52:18] - |D| - [370] - C:\Users\Tonya\AppData\Roaming\Yahoo
    [23/02/2017 16:55:46] - |D| - [2848542] - C:\Users\Tonya\AppData\Roaming\ZHP
    [01/06/2012 04:41:49] - |ASH| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
    [01/06/2012 04:28:39] - |RD| - [25489] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
    [01/06/2012 04:28:39] - |RD| - [14619] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [01/06/2012 04:41:49] - |RD| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [01/06/2012 04:41:49] - |ASH| - [476] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
    [26/02/2017 09:40:41] - |D| - [2053] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
    [01/06/2012 04:42:07] - |A| - [1417] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [01/06/2012 04:28:39] - |RD| - [580] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [18/07/2014 15:01:23] - |D| - [2170] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mission Planner
    [24/02/2017 07:49:48] - |D| - [3826] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
    [01/06/2012 04:28:39] - |RD| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [01/06/2012 04:41:49] - |ASH| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

    ---------- | C:\ProgramData

    [15/09/2014 20:48:38] - |D| - [4772] - C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [01/02/2012 17:44:09] - |D| - [503041403] - C:\ProgramData\Adobe
    [29/01/2013 22:07:53] - |D| - [8336] - C:\ProgramData\Amazon
    [15/09/2014 20:46:24] - |D| - [44791248] - C:\ProgramData\Apple
    [15/09/2014 20:48:38] - |D| - [28567064] - C:\ProgramData\Apple Computer
    [14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Application Data
    [25/10/2013 22:07:11] - |HD| - [24945081] - C:\ProgramData\CanonBJ
    [05/01/2014 17:18:38] - |HD| - [114] - C:\ProgramData\CanonIJEGV
    [25/10/2013 22:11:49] - |D| - [2675] - C:\ProgramData\CanonIJMSetup
    [27/10/2013 19:05:43] - |HD| - [116] - C:\ProgramData\CanonIJMyPrinter
    [14/11/2013 18:32:48] - |D| - [65690] - C:\ProgramData\CanonIJPLM
    [27/10/2013 19:06:10] - |HD| - [1652] - C:\ProgramData\CanonIJSolutionMenuEX
    [25/10/2013 22:10:52] - |D| - [67887] - C:\ProgramData\CanonIJWSpt
    [21/02/2017 11:16:22] - |HD| - [96] - C:\ProgramData\Common Files
    [01/02/2012 17:44:34] - |D| - [106689] - C:\ProgramData\CyberLink
    [14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Desktop
    [14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Documents
    [05/06/2012 18:31:50] - |D| - [2034968] - C:\ProgramData\EPSON
    [14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Favorites
    [05/06/2012 08:06:24] - |D| - [692223] - C:\ProgramData\Hewlett-Packard
    [01/02/2012 17:35:38] - |D| - [13060] - C:\ProgramData\Intel
    [06/02/2013 22:42:13] - |D| - [159185594] - C:\ProgramData\Malwarebytes
    [20/08/2017 13:35:35] - |D| - [186064] - C:\ProgramData\McAfee
    [02/10/2017 20:16:00] - |D| - [1432] - C:\ProgramData\McAfee Security Scan
    [13/07/2009 22:20:08] - |SD| - [1857255688] - C:\ProgramData\Microsoft
    [01/06/2012 06:45:44] - |D| - [366320] - C:\ProgramData\Microsoft Help
    [03/06/2012 18:33:05] - |D| - [241] - C:\ProgramData\Nitro PDF
    [18/11/2013 23:18:30] - |D| - [72304784] - C:\ProgramData\Oracle
    [24/02/2017 07:49:48] - |D| - [71] - C:\ProgramData\privazer
    [02/07/2015 17:32:57] - |D| - [2283] - C:\ProgramData\Razer
    [01/02/2012 17:36:28] - |D| - [0] - C:\ProgramData\Roaming
    [01/03/2017 20:45:38] - |D| - [1607] - C:\ProgramData\salesforce.com
    [01/02/2012 17:38:30] - |D| - [537310] - C:\ProgramData\SAMSUNG
    [01/02/2012 17:53:38] - |D| - [148035224] - C:\ProgramData\Skype
    [14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Start Menu
    [01/02/2012 17:53:13] - |D| - [44732] - C:\ProgramData\Symantec
    [01/02/2012 17:44:34] - |D| - [677670] - C:\ProgramData\Temp
    [14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Templates
    [05/06/2012 18:35:00] - |D| - [2251] - C:\ProgramData\UDL
    [01/02/2012 17:54:14] - |D| - [17253664] - C:\ProgramData\WinClon

    ---------- | C:\ProgramData\Microsoft\Windows\Start Menu

    [14/07/2009 00:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    [13/07/2009 23:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
    [13/07/2009 22:20:08] - |RD| - [311312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
    [13/07/2009 23:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

    ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

    [13/07/2009 22:20:08] - |RD| - [41931] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    [21/02/2017 08:55:49] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    [14/07/2009 00:32:38] - |RD| - [18363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [29/01/2013 22:07:34] - |D| - [2000] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
    [01/02/2012 17:37:00] - |D| - [1890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
    [25/10/2013 22:07:01] - |D| - [2828] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series
    [25/10/2013 22:07:30] - |D| - [3590] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series Manual
    [25/10/2013 22:11:48] - |D| - [4152] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series User Registration
    [25/10/2013 22:08:15] - |D| - [24712] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
    [23/02/2017 16:46:54] - |D| - [922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [01/02/2012 17:45:07] - |RD| - [9525] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
    [01/06/2012 04:40:59] - |RD| - [3643] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
    [01/03/2017 20:45:38] - |A| - [1134] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Loader.lnk
    [13/07/2009 23:54:23] - |SH| - [1748] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
    [05/06/2012 18:31:40] - |D| - [12789] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    [05/06/2012 18:35:00] - |D| - [4384] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    [14/07/2009 00:32:38] - |RD| - [5742] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    [20/02/2013 18:33:06] - |A| - [2155] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    [01/02/2012 17:33:14] - |RD| - [2593] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    [01/02/2012 17:42:09] - |D| - [2124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
    [01/02/2012 17:35:40] - |D| - [2108] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
    [01/02/2012 17:42:09] - |A| - [2112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Wireless Display.lnk
    [01/03/2017 20:48:45] - |D| - [6407] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [13/07/2009 22:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
    [21/02/2017 10:37:18] - |D| - [3794] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    [02/10/2017 20:16:38] - |D| - [3035] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [02/02/2012 10:30:20] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [31/07/2012 23:33:32] - |D| - [28673] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [01/02/2012 18:15:01] - |A| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
    [31/05/2012 08:15:29] - |A| - [2117] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [13/03/2013 19:39:33] - |D| - [2225] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [01/06/2012 23:30:44] - |A| - [1123] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [03/06/2012 18:33:08] - |A| - [2507] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
    [01/02/2012 17:53:13] - |D| - [2451] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
    [03/06/2012 18:31:19] - |D| - [3607] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
    [24/02/2017 07:49:48] - |A| - [1861] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
    [06/06/2015 13:55:29] - |D| - [943] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
    [23/06/2015 00:31:52] - |D| - [6698] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [01/02/2012 17:37:30] - |D| - [2557] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
    [01/02/2012 17:37:52] - |D| - [33606] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    [01/02/2012 17:57:19] - |D| - [17608] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
    [13/07/2009 23:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [23/02/2017 08:09:38] - |D| - [2097] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [13/07/2009 22:20:08] - |RD| - [2138] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    [24/02/2017 10:05:45] - |D| - [2035] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE
    [12/03/2015 20:47:46] - |D| - [5580] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [13/07/2009 23:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [02/02/2012 10:30:15] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [13/07/2009 23:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [01/02/2012 18:25:07] - |RD| - [4580] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    [01/02/2012 18:22:22] - |A| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [01/02/2012 18:20:33] - |A| - [2486] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [01/02/2012 18:23:59] - |A| - [1305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [01/02/2012 18:23:53] - |A| - [1374] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [13/07/2009 23:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [13/07/2009 23:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

    ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

    [13/07/2009 23:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
    [20/08/2017 13:35:37] - |A| - [1964] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

    ---------- | C:\Program Files (x86)

    [17/05/2013 21:47:32] - |D| - [325577527] - C:\Program Files (x86)\Adobe
    [29/01/2013 22:07:39] - |D| - [2589753] - C:\Program Files (x86)\Amazon
    [01/02/2012 17:36:58] - |D| - [2299140] - C:\Program Files (x86)\ASM104xUSB3
    [25/10/2013 22:05:02] - |D| - [354992024] - C:\Program Files (x86)\Canon
    [01/02/2012 17:35:38] - |D| - [6695110] - C:\Program Files (x86)\Cisco
    [13/07/2009 22:20:08] - |D| - [1670785561] - C:\Program Files (x86)\Common Files
    [01/02/2012 17:44:37] - |D| - [1201139406] - C:\Program Files (x86)\CyberLink
    [13/07/2009 23:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
    [05/06/2012 18:31:39] - |D| - [22534276] - C:\Program Files (x86)\epson
    [05/06/2012 18:34:21] - |D| - [83559974] - C:\Program Files (x86)\Epson Software
    [20/02/2013 18:28:34] - |D| - [426251069] - C:\Program Files (x86)\Google
    [01/02/2012 17:32:27] - |HD| - [200825512] - C:\Program Files (x86)\InstallShield Installation Information
    [01/02/2012 17:32:06] - |D| - [19696565] - C:\Program Files (x86)\Intel
    [01/02/2012 17:42:07] - |D| - [54613438] - C:\Program Files (x86)\Intel Corporation
    [13/07/2009 22:20:08] - |D| - [10537025] - C:\Program Files (x86)\Internet Explorer
    [01/03/2017 20:48:23] - |D| - [167658430] - C:\Program Files (x86)\Java
    [31/07/2012 23:30:19] - |D| - [39769547] - C:\Program Files (x86)\Microsoft Analysis Services
    [01/02/2012 18:15:00] - |D| - [560680348] - C:\Program Files (x86)\Microsoft Office
    [31/05/2012 08:15:26] - |D| - [1527760] - C:\Program Files (x86)\Microsoft Security Client
    [13/03/2013 19:38:41] - |D| - [42892246] - C:\Program Files (x86)\Microsoft Silverlight
    [01/02/2012 18:23:47] - |D| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [01/06/2012 06:48:16] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
    [18/07/2014 15:00:44] - |D| - [105250150] - C:\Program Files (x86)\Mission Planner
    [15/07/2017 13:23:02] - |D| - [125167785] - C:\Program Files (x86)\Mozilla Firefox
    [23/02/2017 08:03:45] - |D| - [90079] - C:\Program Files (x86)\Mozilla Maintenance Service
    [14/07/2009 00:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild
    [03/06/2012 18:31:16] - |D| - [85563774] - C:\Program Files (x86)\Nitro PDF
    [24/02/2017 07:49:48] - |D| - [20526943] - C:\Program Files (x86)\PrivaZer
    [06/06/2015 13:55:28] - |D| - [568904] - C:\Program Files (x86)\puush
    [23/06/2015 00:30:49] - |D| - [73605940] - C:\Program Files (x86)\QuickTime
    [01/02/2012 17:33:30] - |D| - [5836757] - C:\Program Files (x86)\Realtek
    [14/07/2009 00:32:38] - |D| - [36945665] - C:\Program Files (x86)\Reference Assemblies
    [01/02/2012 17:37:29] - |D| - [719987] - C:\Program Files (x86)\Renesas Electronics
    [01/03/2017 20:45:38] - |D| - [14206812] - C:\Program Files (x86)\salesforce.com
    [01/02/2012 17:37:49] - |D| - [440232243] - C:\Program Files (x86)\Samsung
    [01/02/2012 17:58:28] - |D| - [1953792] - C:\Program Files (x86)\SamsungPrinterLiveUpdate
    [23/02/2017 08:09:37] - |RD| - [85321101] - C:\Program Files (x86)\Skype
    [01/02/2012 17:53:13] - |D| - [6446523] - C:\Program Files (x86)\Symantec
    [24/02/2017 10:05:45] - |D| - [2003623] - C:\Program Files (x86)\Toolwiz Smart Defrag FREE
    [12/03/2015 20:46:47] - |D| - [117120538] - C:\Program Files (x86)\VideoLAN
    [14/07/2009 00:32:38] - |D| - [512000] - C:\Program Files (x86)\Windows Defender
    [01/02/2012 18:20:05] - |D| - [569962652] - C:\Program Files (x86)\Windows Live
    [13/07/2009 22:20:08] - |D| - [6115840] - C:\Program Files (x86)\Windows Mail
    [14/07/2009 00:32:38] - |D| - [5008657] - C:\Program Files (x86)\Windows Media Player
    [13/07/2009 22:20:08] - |D| - [12061876] - C:\Program Files (x86)\Windows NT
    [14/07/2009 00:32:38] - |D| - [4394248] - C:\Program Files (x86)\Windows Photo Viewer
    [14/07/2009 00:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices
    [14/07/2009 00:32:38] - |D| - [5990148] - C:\Program Files (x86)\Windows Sidebar
    [01/03/2017 20:51:35] - |D| - [829136] - C:\Program Files (x86)\Yahoo!

    ---------- | C:\Program Files

    [25/10/2013 22:08:09] - |D| - [6157320] - C:\Program Files\Canon
    [25/10/2013 22:06:01] - |HD| - [10728478] - C:\Program Files\CanonBJ
    [23/02/2017 16:46:49] - |D| - [20447168] - C:\Program Files\CCleaner
    [13/07/2009 22:20:08] - |D| - [140634357] - C:\Program Files\Common Files
    [13/07/2009 23:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini
    [18/07/2014 15:01:57] - |D| - [1047632] - C:\Program Files\DIFX
    [14/07/2009 00:32:38] - |D| - [90245652] - C:\Program Files\DVD Maker
    [01/06/2012 04:38:48] - |D| - [47860976] - C:\Program Files\Elantech
    [23/02/2017 16:41:52] - |D| - [1969104] - C:\Program Files\Everything
    [01/02/2012 17:35:12] - |D| - [129583140] - C:\Program Files\Intel
    [13/07/2009 22:20:08] - |D| - [31061348] - C:\Program Files\Internet Explorer
    [21/02/2017 10:36:51] - |D| - [134080922] - C:\Program Files\Malwarebytes
    [20/08/2017 19:05:59] - |D| - [20662876] - C:\Program Files\McAfee Security Scan
    [14/07/2009 00:32:38] - |D| - [149182514] - C:\Program Files\Microsoft Games
    [31/07/2012 23:30:25] - |D| - [6718465] - C:\Program Files\Microsoft Office
    [31/05/2012 08:15:24] - |D| - [33437421] - C:\Program Files\Microsoft Security Client
    [13/03/2013 19:38:42] - |D| - [55725526] - C:\Program Files\Microsoft Silverlight
    [14/07/2009 00:32:38] - |D| - [25757] - C:\Program Files\MSBuild
    [01/02/2012 17:33:43] - |D| - [18754584] - C:\Program Files\Realtek
    [14/07/2009 00:32:38] - |D| - [34604713] - C:\Program Files\Reference Assemblies
    [01/02/2012 17:40:34] - |D| - [624286233] - C:\Program Files\SAMSUNG
    [01/02/2012 17:57:19] - |D| - [14723171] - C:\Program Files\Samsung AnyWeb Print
    [23/02/2017 08:04:25] - |D| - [134539102] - C:\Program Files\VideoLAN
    [14/07/2009 00:32:38] - |D| - [4016640] - C:\Program Files\Windows Defender
    [01/02/2012 18:18:33] - |D| - [12748927] - C:\Program Files\Windows Live
    [13/07/2009 22:20:08] - |D| - [6602240] - C:\Program Files\Windows Mail
    [14/07/2009 00:32:38] - |D| - [7665069] - C:\Program Files\Windows Media Player
    [13/07/2009 22:20:08] - |D| - [12491956] - C:\Program Files\Windows NT
    [14/07/2009 00:32:38] - |D| - [5492504] - C:\Program Files\Windows Photo Viewer
    [14/07/2009 00:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices
    [14/07/2009 00:32:38] - |D| - [11370192] - C:\Program Files\Windows Sidebar

    ---------- | C:\Program Files (x86)\Common Files

    [01/02/2012 17:44:06] - |D| - [10544601] - C:\Program Files (x86)\Common Files\Adobe
    [01/06/2012 04:39:52] - |D| - [28502386] - C:\Program Files (x86)\Common Files\Adobe AIR
    [15/09/2014 20:46:24] - |D| - [0] - C:\Program Files (x86)\Common Files\Apple
    [01/02/2012 17:45:05] - |D| - [0] - C:\Program Files (x86)\Common Files\CyberLink
    [17/05/2014 09:58:24] - |D| - [99992] - C:\Program Files (x86)\Common Files\DESIGNER
    [01/02/2012 17:33:28] - |D| - [3692915] - C:\Program Files (x86)\Common Files\InstallShield
    [01/02/2012 17:33:11] - |D| - [13811953] - C:\Program Files (x86)\Common Files\Intel
    [01/02/2012 17:42:07] - |D| - [70684086] - C:\Program Files (x86)\Common Files\Intel Corporation
    [24/07/2017 22:39:58] - |D| - [1941064] - C:\Program Files (x86)\Common Files\Java
    [13/07/2009 22:20:08] - |D| - [205749452] - C:\Program Files (x86)\Common Files\microsoft shared
    [03/06/2012 18:33:03] - |D| - [16035234] - C:\Program Files (x86)\Common Files\Nitro PDF
    [01/02/2012 17:32:36] - |D| - [161212] - C:\Program Files (x86)\Common Files\postureAgent
    [01/02/2012 17:40:03] - |D| - [4617163] - C:\Program Files (x86)\Common Files\Samsung
    [13/07/2009 22:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
    [23/02/2017 08:09:37] - |D| - [2574296] - C:\Program Files (x86)\Common Files\Skype
    [13/07/2009 22:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines
    [12/05/2015 13:03:42] - |D| - [569024] - C:\Program Files (x86)\Common Files\Steam
    [13/07/2009 22:20:08] - |D| - [10488867] - C:\Program Files (x86)\Common Files\System
    [01/02/2012 18:17:02] - |D| - [1260206831] - C:\Program Files (x86)\Common Files\Windows Live

    ---------- | C:\Program Files\Common files

    [25/10/2013 22:11:00] - |D| - [560] - C:\Program Files\Common files\CANON
    [11/11/2013 19:55:52] - |D| - [330944] - C:\Program Files\Common files\EPSON
    [01/02/2012 17:33:12] - |D| - [30853630] - C:\Program Files\Common files\Intel
    [13/07/2009 22:20:08] - |D| - [83295708] - C:\Program Files\Common files\Microsoft Shared
    [03/06/2012 18:33:04] - |D| - [13396394] - C:\Program Files\Common files\Nitro PDF
    [13/07/2009 22:20:08] - |D| - [2702] - C:\Program Files\Common files\Services
    [13/07/2009 22:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines
    [13/07/2009 22:20:08] - |D| - [12145651] - C:\Program Files\Common files\System

    ---------- | Tasks

    [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 00:08:49] - |AH| - [6] - C:\windows\Tasks\SA.DAT
    [MD5.BDA50892CA0F022DC0BC688BEA595699] - [14/07/2009 00:08:49] - |A| - [32548] - C:\windows\Tasks\SCHEDLGU.TXT
    [MD5.95D2F4DD5F0970D49CCABFE8B0D3156C] - [26/04/2017 19:58:41] - |A| - [4476] - C:\windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    [MD5.855FD8364D820E4F612D145F38ADC52C] - [20/08/2017 13:35:32] - |A| - [4474] - C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe
    [MD5.B1E95243608B6B622202A2EA4B0F9216] - [20/08/2017 13:35:32] - |A| - [4324] - C:\windows\System32\Tasks\Adobe Flash Player Updater : C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    [MD5.086987E8DF4B930CB9690FBECF155D99] - [23/02/2017 16:46:58] - |A| - [2792] - C:\windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe"
    [MD5.EF3A66D2E608C3C017B2168A7C8C192F] - [05/04/2017 21:14:24] - |A| - [3202] - C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    [MD5.4158805613FF9EC6EBD6AB1A112995D3] - [05/04/2017 21:14:25] - |A| - [3330] - C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    [MD5.00000000000000000000000000000000] - [13/07/2009 22:20:13] - |D| - [247776] - C:\windows\System32\Tasks\Microsoft
    [MD5.00000000000000000000000000000000] - [01/06/2012 06:49:03] - |D| - [4392] - C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    [MD5.E19FBA42DAB689DEBABDEF29B8EB5E74] - [01/02/2012 17:38:29] - |A| - [2994] - C:\windows\System32\Tasks\WifiManager : "%programfiles(x86)%\Samsung\Easy Display Manager\WifiManager.exe"
    [MD5.00000000000000000000000000000000] - [14/07/2009 00:09:57] - |D| - [4478] - C:\windows\System32\Tasks\WPD
    [MD5.501871642E0A31B6193596B2E053EBE6] - [18/07/2013 20:59:39] - |A| - [2988] - C:\windows\System32\Tasks\{64A7C46F-B7BD-458F-BCF2-57372439E14B} : C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    [MD5.501871642E0A31B6193596B2E053EBE6] - [18/07/2013 20:59:40] - |A| - [2988] - C:\windows\System32\Tasks\{C30423AA-F180-40E1-8A14-3F221956945A} : C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    [MD5.00000000000000000000000000000000] - [13/07/2009 22:20:14] - |D| - [0] - C:\windows\Syswow64\Tasks\Microsoft

    ---------- | Firewall

    [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
    "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
    "TCP Query User{AAF3E441-D6E6-4BA2-8F3E-F4F2EA6D5309}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|Defer=User|
    "UDP Query User{988FD355-F579-4EBB-BD1B-A08E7B81AC89}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|Defer=User|
    "TCP Query User{E6604BE6-A7FF-4817-A9B3-E1232A13A16F}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|
    "UDP Query User{C2EFEC6D-1483-471C-AFD7-9772728B61FB}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|
    "{FCCA4305-A5D9-45CA-BC8A-D0C161C362D9}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|





    ---------- | Control\Class

    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{027A838E-7356-4A2F-A5BF-25A2A2C33FCC}] : (WiMAX) [] -> @oem12.inf,%ClassName%;Intel(R) Centrino(R) WiMAX adapters
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{034F6FB2-1BCC-41C9-9FD2-DBB357DE0838}] : (WIDI) [] -> @oem21.inf,%ClassName%;Intel(R) Wireless Display
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) [] ->
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] ->
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] ->
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}] : (GEARAspiWDM) [] ->
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) [] ->
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C30ECEA0-11EF-4EF9-B02E-6AF81E6E65C0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
    [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101
    [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
    [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
    [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

    ---------- | Loaded modules (whitelist)

    [02/12/2010 23:55:32] - (2.0.30.0) - (Renesas Electronics Corporation - USB 3.0 Host Controller Driver) - C:\windows\system32\DRIVERS\nusb3xhc.sys
    [01/02/2012 20:24:23] - (10.0.0.9) - (ELAN Microelectronics Corp. - ETD Kernel Center) - C:\windows\system32\DRIVERS\ETD.sys
    [02/12/2010 23:55:32] - (2.0.30.0) - (Renesas Electronics Corporation - USB 3.0 Hub Driver) - C:\windows\system32\DRIVERS\nusb3hub.sys

    ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

    R0 - [Kernel Driver] - ACPI (Microsoft ACPI Driver) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - atapi (IDE Channel) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - Compbatt (Microsoft Composite Battery Driver) -> system32\DRIVERS\compbatt.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - Disk (Disk Driver) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
    R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
    R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - iaStor (Intel AHCI Controller) -> system32\DRIVERS\iaStor.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
    S0 - [File System Driver] - MpFilter (Microsoft Malware Protection Driver) -> system32\DRIVERS\MpFilter.sys - AcceptPause: False - AcceptStop: False
    R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
    R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - pci (PCI Bus Driver) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
    S0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: False
    R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - vdrvroot (Microsoft Virtual Drive Enumerator Driver) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - volmgr (Volume Manager Driver) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - volsnap (Storage volumes) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
    R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - cdrom (CD-ROM Driver) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
    R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
    S1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: False
    R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) -> system32\DRIVERS\mssmbios.sys - AcceptPause: False - AcceptStop: True
    R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
    R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
    R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
    S1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: False
    R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
    S1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: False
    S1 - [Kernel Driver] - SABI (SAMSUNG Kernel Driver For Windows 7) -> \??\C:\windows\system32\Drivers\SABI.sys - AcceptPause: False - AcceptStop: False
    R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - TermDD (Terminal Device Driver) -> system32\DRIVERS\termdd.sys - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
    R1 - [Kernel Driver] - VWiFiFlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True
    S1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False
    R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
    S2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: False
    S2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: False
    S2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: False
    S2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: False
    S2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: False
    S2 - [Kernel Driver] - TurboB (Turbo Boost UI Monitor driver) -> system32\DRIVERS\TurboB.sys - AcceptPause: False - AcceptStop: False

    ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


    ---------- | Uninstall (Whitelist)

    ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}] : (Intel(R) PROSet/Wireless WiFi Software.-.Intel Corporation) -> MsiExec /I{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}] : (Intel(R) Wireless Display.-.) ->
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5C1DA3D9-F590-4317-A4FB-274F658E504B}] : (Intel® PROSet/Wireless WiMAX Software.-.Intel Corporation) -> MsiExec.exe /X{5C1DA3D9-F590-4317-A4FB-274F658E504B}
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7B72A3FB-2563-4A83-B054-98C57415DFFA}] : (Nitro Reader 2.-.Nitro PDF Software) -> MsiExec.exe /X{7B72A3FB-2563-4A83-B054-98C57415DFFA}
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}] : (Visual Studio 2012 x64 Redistributables.-.AVG Technologies) -> MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
    [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}] : (Intel(R) Turbo Boost Technology Monitor 2.0.-.Intel) -> MsiExec.exe /X{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}
    ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}] : (Best Buy pc app.-.Best Buy) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] : (Adobe Flash Player 27 ActiveX.-.Adobe Systems Incorporated) -> C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_ActiveX.exe -maintain activex
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 27 NPAPI.-.Adobe Systems Incorporated) -> C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_Plugin.exe -maintain plugin
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI] : (Adobe Flash Player 27 PPAPI.-.Adobe Systems Incorporated) -> C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe -maintain pepperplugin
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Data Loader] : (Data Loader.-.salesforce.com) -> C:\Program Files (x86)\salesforce.com\Data Loader\Uninstaller.exe
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\McAfee Security Scan] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Toolwiz Smart Defrag FREE_is1] : (Toolwiz Smart Defrag 2011.-.Toolwiz.com.) -> "C:\Program Files (x86)\Toolwiz Smart Defrag FREE\unins000.exe"
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BB8304A-BAFD-4339-B8D7-2BB31F85DADA}] : (Mission Planner.-.Michael Oborne) -> MsiExec.exe /X{1BB8304A-BAFD-4339-B8D7-2BB31F85DADA}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180141F0}] : (Java 8 Update 141.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180141F0}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FB}] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2DDC70C1-C77A-4D08-89D2-9AB648504533}] : (Easy Content Share.-.Samsung Electronics Co., LTD) -> MsiExec.exe /I{2DDC70C1-C77A-4D08-89D2-9AB648504533}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}] : (QuickTime 7.-.Apple Inc.) -> MsiExec.exe /I{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}] : (Norton Online Backup.-.Symantec Corporation) -> MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) ->
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5442DAB8-7177-49E1-8B22-09A049EA5996}] : (Renesas Electronics USB 3.0 Host Controller Driver.-.Renesas Electronics Corporation) -> MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{54A4839E-87F8-4BD1-9682-A349E9943F0A}] : (Amazon Unbox Video.-.Amazon.com) ->
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{63B5DA5A-477B-438D-A6A0-118787A4C71B}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{63B5DA5A-477B-438D-A6A0-118787A4C71B}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8732818E-CA78-4ACB-B077-22311BF4C0E4}] : (Easy Network Manager.-.Samsung) -> MsiExec.exe /I{8732818E-CA78-4ACB-B077-22311BF4C0E4}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}] : (Visual Studio 2012 x86 Redistributables.-.AVG Technologies CZ, s.r.o.) -> MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824237067}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-5464-3428-900000000004}] : (Spelling Dictionaries Support For Adobe Reader 9.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}] : (Почта Windows Live.-.Корпорация Майкрософт) -> MsiExec.exe /I{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}] : (.-.) ->
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3592426-531E-4110-911D-BFECE2CE284B}] : (puush.-.Dean Herbert) -> MsiExec.exe /X{C3592426-531E-4110-911D-BFECE2CE284B}
    ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CBFD061C-4B27-4A89-ADD8-210316EEFA11}] : (Windows Live Messenger.-.Корпорация Майкрософт) -> MsiExec.exe /X{CBFD061C-4B27-4A89-ADD8-210316EEFA11}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}] : (Asmedia ASM104x USB 3.0 Host Controller Driver.-.Asmedia Technology) -> MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F687E657-F636-44DF-8125-9FEEA2C362F5}] : (Samsung Support Center 1.0.-.Samsung) -> MsiExec.exe /I{F687E657-F636-44DF-8125-9FEEA2C362F5}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F84906ED-BB54-4889-B131-FED9C9056FC8}] : (Intel(R) Wireless Display.-.Intel Corporation) -> MsiExec.exe /X{F84906ED-BB54-4889-B131-FED9C9056FC8}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.32.-.Skype Technologies S.A.) -> MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6}
    [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FFD0E594-823B-4E2B-B680-720B3C852588}] : (BatteryLifeExtender.-.Samsung) -> MsiExec.exe /I{FFD0E594-823B-4E2B-B680-720B3C852588}

    ---------- | Ports


    ---------- | Installer

    [HKCR\Installer\Products\046E72916C2A7AB4F834FF2DEAD3CF3F] : Intel(R) PROSet/Wireless WiFi Software -> C:\windows\Installer\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\07E577C8197A8AD4CB3CA67B31F64448] : Visual Studio 2012 x64 Redistributables
    [HKCR\Installer\Products\098990BCF5D15D11E99A0005AB3E711E] : PowerDirector -> C:\windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\1C07CDD2A77C80D4982DA96B84055433] : Easy Content Share -> C:\windows\Installer\{2DDC70C1-C77A-4D08-89D2-9AB648504533}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\38E1FB04BE028D11795C00905C206085] : Power2Go -> C:\windows\Installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\42C6FBF1DF1C10144AB2C065F4E9E897] : PowerStarter -> C:\windows\Installer\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\495E0DFFB328B2E46B0827B0C3585288] : BatteryLifeExtender -> C:\windows\Installer\{FFD0E594-823B-4E2B-B680-720B3C852588}\_6FEFF9B68218417F98F549.exe
    [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110140F] : Java 8 Update 141 -> C:\Program Files (x86)\Java\jre1.8.0_141\\bin\javaws.exe
    [HKCR\Installer\Products\52744B0D6663D294EB6F85A741DBB99D] : MSVCRT_amd64
    [HKCR\Installer\Products\6116D6C8427B0184F8D20D746E7B6DE8] : Mesh Runtime
    [HKCR\Installer\Products\6242953CE135011419D1FBCE2EEC82B4] : puush -> C:\windows\Installer\{C3592426-531E-4110-911D-BFECE2CE284B}\osunew_0001.ico
    [HKCR\Installer\Products\68AB67CA408033019195008142320776] : Adobe Refresh Manager -> C:\windows\Installer\{AC76BA86-0804-1033-1959-001824237067}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\68AB67CA7DA73301B744CAF070E41400] : Adobe Acrobat Reader DC -> C:\windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
    [HKCR\Installer\Products\68AB67CA7DA746454382090000000040] : Spelling Dictionaries Support For Adobe Reader 9 -> C:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\6FD66A043D225B447A3D381B812A0CCD] : Norton Online Backup -> C:\windows\Installer\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}\MainIcon.ico
    [HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.32 -> C:\windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
    [HKCR\Installer\Products\756E786F636FFD441852F9EE2A3C265F] : Samsung Support Center 1.0 -> C:\windows\Installer\{F687E657-F636-44DF-8125-9FEEA2C362F5}\_853F67D554F05449430E7E.exe
    [HKCR\Installer\Products\7664CBBF125287E41BDB78607F4745B9] : Best Buy pc app
    [HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10
    [HKCR\Installer\Products\7E0BA6F1DDC839B4A832AAE92BEFCF4E] : Junk Mail filter update
    [HKCR\Installer\Products\8994BF104C33134458DE70E9E3FE7ED5] : YouCam -> C:\windows\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\8BAD244577171E94B822900A94AE9569] : Renesas Electronics USB 3.0 Host Controller Driver -> C:\windows\Installer\{5442DAB8-7177-49E1-8B22-09A049EA5996}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\93B0BF4E199C7EE459DDA1A187753DD3] : Asmedia ASM104x USB 3.0 Host Controller Driver -> C:\windows\Installer\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
    [HKCR\Installer\Products\9D3AD1C5095F71344ABF72F456E805B4] : Intel® PROSet/Wireless WiMAX Software -> C:\windows\Installer\{5C1DA3D9-F590-4317-A4FB-274F658E504B}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
    [HKCR\Installer\Products\A5AD5B36B774D8346A0A1178784A7CB1] : Adobe AIR
    [HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT
    [HKCR\Installer\Products\A91FFE89BA03B4E49B340FB6C136BE8F] : Visual Studio 2012 x86 Redistributables
    [HKCR\Installer\Products\AE851E081817EF047A1003C16EEB46BA] : MediaShow -> C:\windows\Installer\{80E158EA-7181-40FE-A701-301CE6BE64AB}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\B0AFE77B3DB92214F9A9519A365BAE42] : Intel(R) Turbo Boost Technology Monitor 2.0 -> C:\windows\Installer\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\BF3A27B7365238A40B45895C4751FDAF] : Nitro Reader 2 -> C:\windows\Installer\{7B72A3FB-2563-4A83-B054-98C57415DFFA}\Reader.ico
    [HKCR\Installer\Products\C2CBC2D34D56364478BABBC258C9F1E3] : QuickTime 7 -> C:\windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\Installer.ico
    [HKCR\Installer\Products\DE532CED4A8571542A874CE1D8EABAB3] : PowerDVD -> C:\windows\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\DE60948F45BB98841B13EF9D9C50F68C] : Intel(R) Wireless Display -> C:\windows\Installer\{F84906ED-BB54-4889-B131-FED9C9056FC8}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\E818237887ACBCA40B772213B14F0C4E] : Easy Network Manager -> C:\windows\Installer\{8732818E-CA78-4ACB-B077-22311BF4C0E4}\_6FEFF9B68218417F98F549.exe
    [HKCR\Installer\Products\E9384A458F781DB469283A949E49F3A0] : Amazon Unbox Video -> C:\windows\Installer\{54A4839E-87F8-4BD1-9682-A349E9943F0A}\ARPPRODUCTICON.exe
    [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater

    ---------- | ADS


    ---------- | Drives

    Disk: 0 Size=954G
    Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
    --- ------ ---------- ---- ------ ---- ------------ ------------
    0 0 07-NTFS 100M Yes No 2,048 204,800
    1 1 07-NTFS 374G No No 206,848 765,460,480
    2 2 0F-EXTEND 561G No No 765,667,328 147,936,768
    3 3 27-UNKNWN 19G No No 913,604,096 39,919,616

    ---------- | MBR

    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    BIOS Manufacturer: Phoenix Technologies Ltd.
    System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    System Product Name: QX311/QX411/QX412/QX511
    Logical Drives Mask: 0x0000001c

    Analysis of file "C:\QuickDiag\MBR.bin":
    Unknown MBR code

    64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

    ---------- | 20 LastEventLog

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------

    The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
    .
    ------------


    ----------( EOF)---------- - 3383 | 21:30:42
     

    Attached Files:

  8. g3n-h@ckm@n

    g3n-h@ckm@n PCHF Security Advisor Security Advisor PCHF Member

    Joined:
    Sep 5, 2016
    Messages:
    53
    Hello

    Uninstall McAfee Security Scan Plus, it's useless
    If you don't use this, uninstall it too => Norton Online Backup
    ==

    I don't see any infection in your log, just few pieces of uselesses programs
    how old is the machine ?
     
  9. Cory

    Cory PCHF Member PCHF Donator PCHF Member

    Joined:
    Feb 16, 2017
    Messages:
    29
    It is several years old. It is mostly used for internet and netflix.
     
  10. g3n-h@ckm@n

    g3n-h@ckm@n PCHF Security Advisor Security Advisor PCHF Member

    Joined:
    Sep 5, 2016
    Messages:
    53
    hello , what was the problem to open Malwarebytes log as you said before ?
     
  11. Cory

    Cory PCHF Member PCHF Donator PCHF Member

    Joined:
    Feb 16, 2017
    Messages:
    29
    I wanted to scan the computer for malware. the issue is that something is using all the resources because everything is taking a log time to load. This morning it took me 30 min to open the power options and change the setting to not go to sleep while charging. all of the browsers take a very long time to open, I have tried chrome and firefox. When I left for work this morning I started the computer in normal mode and started FRST to see if it will run. I will post my results.

    Thank you for your help.
     
  12. g3n-h@ckm@n

    g3n-h@ckm@n PCHF Security Advisor Security Advisor PCHF Member

    Joined:
    Sep 5, 2016
    Messages:
    53
    hello okay , we're gonna try something

    do tests with windows updates deactivated in normal mode

    ==

    you can do that too, It'll be goodest than bad :

    Start button => programs => Accessories => Right click "Run as Admin..." on Command prompt , and paste in the black window which will open :

    CHKDSK /R %Homedrive%

    type enter, accept to do it at the reboot as it's asked (typing "Y" ) and reboot the computer, and let it work 'till the session's comeback.

    ==

    See if there's any changes about the speed of the machine
     
    Last edited: Oct 14, 2017
    Malnutrition likes this.
  13. g3n-h@ckm@n

    g3n-h@ckm@n PCHF Security Advisor Security Advisor PCHF Member

    Joined:
    Sep 5, 2016
    Messages:
    53
    Hello no news for us ?
     
    Last edited: Oct 22, 2017 at 1:43 PM