--------------- QuickDiag | g3n-h@ckm@n | V3_04.10.17.1 ---------------
----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 07/10/2017 12:47:05
Updated 04/10/2017 | 22.38 (GMT) by g3n-h@ckm@n
Contact :
http://www.sosvirus.net/
Time Zone : (UTC-06:00) Central Time (US & Canada)
[Tonya (Administrator)] - [TONYA-PC] (S-1-5-21-2880522861-2664208021-4051181673-1000)
System: Microsoft Windows 7 Home Premium - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) -> ()
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Home Premium |C:\windows|\Device\Harddisk0\Partition2
Boot : SafeMode with network
PC: QX311/QX411/QX412/QX511 - SAMSUNG ELECTRONICS CO., LTD. - IdNumber: HPHF91BC212095 - UUID: 27A224A0-1DD2-11B2-8000-F37DA3B63CE7
Processor : X64 - 2494 Mhz - Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Phoenix SecureCore-Tiano(tm) NB Version 2.1 08HS - en-US - Phoenix Technologies Ltd. - S/N: HPHF91BC212095 - 08HS - SECCSD - 2
CoreTemp : 29.8 Celsius
----------| Quick
---------- | SoundDevice
Realtek High Definition Audio - Status: Unknown - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_144DC0A0&REV_1001\4&3A0AA0FC&0&0001
Intel(R) Display Audio - Status: Unknown - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000\4&3A0AA0FC&0&0301
---------- | Video
Intel(R) HD Graphics Family - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd64.dll,igd10umd64.dll,igd10umd64.dll,igdumdx32,igd10umd32,igd10umd32 - PNPDeviceID: PCI\VEN_8086&DEV_0126&SUBSYS_C0A0144D&REV_09\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: -1320394752
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics Family - DriverVersion: 8.15.10.2266 - SpecificationVersion: 1025
---------- | Codecs
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
---------- | CPU
CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %
---------- | Network
Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
Intel[R] Centrino[R] Wireless-N 6150 : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{E2688C84-BBB3-4E36-80F6-5028CF4B2EC6} : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.Home : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec
Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_C0A0144D&REV_06\4&3A33A527&0&00E3
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000
RAS Async Adapter - - - Status: - PnPID :
Intel(R) Centrino(R) WiMAX 6150 - - - Status: - PnPID :
Microsoft ISATAP Adapter #2 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001
Intel(R) Centrino(R) Wireless-N 6150 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_0885&SUBSYS_13058086&REV_67\4&1D025BEB&0&00E0
Microsoft Virtual WiFi Miniport Adapter - - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1FD03075&0&01
Microsoft ISATAP Adapter #3 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002
Microsoft Virtual WiFi Miniport Adapter - - - Status: - PnPID :
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000
Microsoft 6to4 Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*6TO4MP\0000
---------- | Memory
RAM = Total (MB) : 6203 | Free (MB) : 5296
Pagefile = Total (MB) : 12404 | Free (MB) : 11566
Virtual = Total (MB) : 4194 | Free (MB) : 4003
Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: Samsung - PartNumber: M471B5273CM0-CH9 - S/N: B4231876
Physical Memory 2 : Capacity: 2147483648 - ChannelB-DIMM0 - Posit.: 2 - Manufacturer: Samsung - PartNumber: M471B5773DH0-CH9 - S/N: 006BA1C6
---------- | SID Users
Administrator : [S-1-5-21-2880522861-2664208021-4051181673-500]
Guest : [S-1-5-21-2880522861-2664208021-4051181673-501]
HomeGroupUser$ : [S-1-5-21-2880522861-2664208021-4051181673-1004]
Tonya : [S-1-5-21-2880522861-2664208021-4051181673-1000]
Administrators : [S-1-5-32-544]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-2880522861-2664208021-4051181673-1003]
---------- | SystemAccounts
Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK
---------- | Drives
C:\ -> [Fixed] | [] | Total : 365 Go | Free : 289.09 Go -> NTFS [ATA]
D:\ -> [Fixed] | [] | Total : 547.38 Go | Free : 547.23 Go -> NTFS [ATA]
E:\ -> [CDROM] | [50941] | Total : 4.16 Go | Free : 0 Go -> CDFS [ATAPI]
Disk Usage Information [1 total Physical Disks]
Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : IDE\DISKSAMSUNG_HN-M101MBB______________________2AR10001\4&555A9D6&0&0.0.0
---------- | Windows updates
Last detection : 2017-09-30 15:31:08
Downloaded last ones : 2017-09-14 22:39:25
Installed last ones : 2017-09-16 13:14:59
Next search : 2017-10-03 02:06:03
---------- | Browsers
IE : 11.0.9600.18792 (© Microsoft Corporation.)
FF : 55.0.3.6445 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 61.0.3163.100 (Copyright 2016 Google Inc.)
Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url ""
---------- | FlashPlayer
FlashPlayer ActiveX : 27.0.0.130
FlashPlayer Plugin : 27.0.0.130
---------- | Security
AV : Malwarebytes Disabled
AS : Windows Defender Disabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Auto(2)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running
---------- | Running processes
300 | [Owner : SYSTEM | Parent : 4(System) | 1.25 Mo] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.23889) = C:\Windows\System32\smss.exe [14/09/2017 17:38:50] CPU Usage:0 % --> Command Line :
392 | [Owner : SYSTEM | Parent : 384() | 4.35 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 18:19:49] CPU Usage:0 % --> Command Line :
428 | [Owner : SYSTEM | Parent : 420() | 6.08 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 18:19:49] CPU Usage:0 % --> Command Line :
436 | [Owner : SYSTEM | Parent : 384() | 4.88 Mo] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [13/07/2009 18:52:37] CPU Usage:0 % --> Command Line :
476 | [Owner : SYSTEM | Parent : 420() | 5.79 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [15/10/2014 19:40:23] CPU Usage:0 % --> Command Line :
528 | [Owner : SYSTEM | Parent : 436(wininit.exe) | 8.04 Mo] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [12/05/2015 13:37:47] CPU Usage:0 % --> Command Line :
536 | [Owner : SYSTEM | Parent : 436(wininit.exe) | 11.8 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23889) = C:\Windows\System32\lsass.exe [14/09/2017 17:38:46] CPU Usage:0 % --> Command Line :
544 | [Owner : SYSTEM | Parent : 436(wininit.exe) | 4.33 Mo] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [20/11/2010 22:23:53] CPU Usage:0 % --> Command Line :
640 | [Owner : SYSTEM | Parent : 528(services.exe) | 9.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
712 | [Owner : NETWORK SERVICE | Parent : 528(services.exe) | 7.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
812 | [Owner : SYSTEM | Parent : 528(services.exe) | 40.02 Mo] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.209.0) = C:\Program Files\Microsoft Security Client\MsMpEng.exe [14/11/2016 22:14:42] CPU Usage:0 % --> Command Line :
848 | [Owner : LOCAL SERVICE | Parent : 528(services.exe) | 11.98 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
880 | [Owner : SYSTEM | Parent : 528(services.exe) | 21.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
980 | [Owner : LOCAL SERVICE | Parent : 528(services.exe) | 7.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
1016 | [Owner : NETWORK SERVICE | Parent : 528(services.exe) | 14.52 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
356 | [Owner : SYSTEM | Parent : 528(services.exe) | 16.38 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
612 | [Owner : LOCAL SERVICE | Parent : 528(services.exe) | 13.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7601.17568) = C:\Windows\System32\svchost.exe [01/02/2012 17:59:11] CPU Usage:0 % --> Command Line :
1772 | [Owner : Tonya | Parent : 1900() | 50.66 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.23537) = C:\Windows\explorer.exe [12/10/2016 20:31:01] CPU Usage:0 % --> Command Line :
1976 | [Owner : Tonya | Parent : 1772(explorer.exe) | 3.77 Mo] - (.Microsoft Corporation - CTF Loader.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe [13/07/2009 18:39:05] CPU Usage:0 % --> Command Line :
1560 | [Owner : Tonya | Parent : 640(svchost.exe) | 15.33 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) = C:\Windows\System32\dllhost.exe [13/07/2009 18:59:17] CPU Usage:0 % --> Command Line :
2384 | [Owner : Tonya | Parent : 1772(explorer.exe) | 31.63 Mo] - (.SosVirus - QuickDiag.) - (4.10.17.1) = C:\Users\Tonya\Desktop\QuickDiag.exe [07/10/2017 12:45:39] CPU Usage:0 % --> Command Line :
2556 | [Owner : NETWORK SERVICE | Parent : 640(svchost.exe) | 9.85 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 22:24:15] CPU Usage:0 % --> Command Line :
2608 | [Owner : SYSTEM | Parent : 640(svchost.exe) | 6.89 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 22:24:15] CPU Usage:0 % --> Command Line :
2664 | [Owner : NETWORK SERVICE | Parent : 640(svchost.exe) | 7.29 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [20/11/2010 22:24:27] CPU Usage:0 % --> Command Line :
---------- | MD5
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [12/10/2016 20:31:01] - (.© Microsoft Corporation. - Windows Explorer.) - [3154 Ko] - (6.1.7601.23537) : C:\windows\Explorer.exe
[MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [20/11/2010 22:23:55] - (.© Microsoft Corporation. - Windows Command Processor.) - [337 Ko] - (6.1.7601.17514) : C:\windows\System32\cmd.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [13/07/2009 18:19:49] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [7.5 Ko] - (6.1.7600.16385) : C:\windows\System32\csrss.exe
[MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [13/07/2009 18:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\windows\System32\dllhost.exe
[MD5.A0AB7ED46853E87E8BB66A404F366E16] - [14/09/2017 17:38:50] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [1136 Ko] - (6.1.7601.23889) : C:\windows\System32\Kernel32.dll
[MD5.00A54A6CEDF599AABB72C20E0815BC37] - [14/09/2017 17:38:46] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23889) : C:\windows\System32\lsass.exe
[MD5.3F1A199859B4F3F8357B2A0AF5666A54] - [14/09/2017 17:38:50] - (.© Microsoft Corporation. - Distributed COM Services.) - [500 Ko] - (6.1.7601.23889) : C:\windows\System32\rpcss.dll
[MD5.C36BB659F08F046B139C8D1B980BF1AC] - [13/06/2017 18:00:28] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [45 Ko] - (6.1.7601.23755) : C:\windows\System32\rundll32.exe
[MD5.71C85477DF9347FE8E7BC55768473FCA] - [12/05/2015 13:37:47] - (.© Microsoft Corporation. - Services and Controller app.) - [321 Ko] - (6.1.7601.18829) : C:\windows\System32\services.exe
[MD5.6F68F63794097E54F36474ED4384B759] - [01/02/2012 17:59:11] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [27 Ko] - (6.1.7601.17568) : C:\windows\System32\svchost.exe
[MD5.34BA256FBF83457F9D5E51A56DB54542] - [13/12/2016 18:45:45] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [985.5 Ko] - (6.1.7601.23594) : C:\windows\System32\user32.dll
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [20/11/2010 22:24:28] - (.© Microsoft Corporation. - Userinit Logon Application.) - [30 Ko] - (6.1.7601.17514) : C:\windows\System32\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [13/07/2009 18:52:37] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [126 Ko] - (6.1.7600.16385) : C:\windows\System32\Wininit.exe
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [15/10/2014 19:40:23] - (.© Microsoft Corporation. - Windows Logon Application.) - [444.5 Ko] - (6.1.7601.18540) : C:\windows\System32\Winlogon.exe
[MD5.0DC2A9882540DEA4A55B08785E09D8FC] - [09/05/2017 20:22:16] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [484.5 Ko] - (6.1.7601.23761) : C:\windows\System32\Drivers\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [13/07/2009 18:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\atapi.sys
[MD5.059F00DEF82BF41E433B7ED465847726] - [10/09/2013 18:11:48] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\windows\System32\Drivers\ataport.sys
[MD5.B8BD2BB284668C84865658C77574381A] - [13/07/2009 18:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\cdfs.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [20/11/2010 22:23:47] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\cdrom.sys
[MD5.9B38580063D281A99E68EF5813022A5F] - [12/10/2016 20:32:57] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [104 Ko] - (6.1.7601.23542) : C:\windows\System32\Drivers\dfsc.sys
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [20/11/2010 22:23:47] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\hdaudbus.sys
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [13/07/2009 18:19:58] - (.© Microsoft Corporation. - i8042 Port Driver.) - [103 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\i8042prt.sys
[MD5.F7CE9BE72EDAC499B713ECA6DAE5D26F] - [01/02/2012 17:32:28] - (.Copyright(C) Intel Corporation 1994-2010 - Intel Rapid Storage Technology driver - x64.) - [427.02 Ko] - (10.0.0.1046) : C:\windows\System32\Drivers\iastor.sys
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [13/07/2009 19:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\ipnat.sys
[MD5.F77E8ABD746B93B9B4F9C13250302C47] - [14/09/2017 17:38:50] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23889) : C:\windows\System32\Drivers\mrxsmb.sys
[MD5.F7309F42555F8AAB7144A51A1F2585B0] - [10/11/2015 19:12:20] - (.© Microsoft Corporation. - NDIS 6.20 driver.) - [928.44 Ko] - (6.1.7601.19030) : C:\windows\System32\Drivers\ndis.sys
[MD5.734837208CAFD6E0959A7A0333C95C9D] - [14/09/2017 17:38:58] - (.© Microsoft Corporation. - MBT Transport driver.) - [256.5 Ko] - (6.1.7601.23889) : C:\windows\System32\Drivers\netbt.sys
[MD5.7FD5A7FB8F55254E9AF5666C653AF3CA] - [11/07/2017 21:50:06] - (.© Microsoft Corporation. - NT File System Driver.) - [1641.23 Ko] - (6.1.7601.23839) : C:\windows\System32\Drivers\ntfs.sys
[MD5.0086431C29C35BE1DBC43F52CC273887] - [13/07/2009 19:00:41] - (.© Microsoft Corporation. - Parallel Port Driver.) - [95 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\parport.sys
[MD5.471815800AE33E6F1C32FB1B97C490CA] - [20/11/2010 22:24:33] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\rasl2tp.sys
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [13/07/2009 19:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\smb.sys
[MD5.7FB36A0A036ADDACE0A868E4A43C1C27] - [11/07/2017 21:50:02] - (.© Microsoft Corporation. - TCP/IP Driver.) - [1851.23 Ko] - (6.1.7601.23821) : C:\windows\System32\Drivers\tcpip.sys
[MD5.4DD986720F7CB7A8A5D1226793097B9A] - [13/08/2017 09:44:10] - (.© Microsoft Corporation. - TDI Translation Driver.) - [114.5 Ko] - (6.1.7601.23880) : C:\windows\System32\Drivers\tdx.sys
[MD5.DF8126BD41180351A093A3AD2FC8903B] - [01/02/2012 17:59:05] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [289.38 Ko] - (6.1.7601.17567) : C:\windows\System32\Drivers\volsnap.sys
---------- | Locked Applications
---------- | Explorer.exe component call (Microsoft Files Whitelisted)
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.16) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(..-..) - (0.0.0.0) -- C:\PROGRA~2\PrivaZer\PRIVAM~1.DLL
---------- | Svchost.exe component call (Microsoft Files Whitelisted)
---------- | ZeroAccess Check
[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
---------- | Startings up
McAfee Security Scan Plus - (C:\PROGRA~1\MCAFEE~1\311~1.599\SSSCHE~1.EXE [Common Startup]) - User: Public
Everything - ("C:\Program Files\Everything\Everything.exe" -startup [HKLM\SOFTWARE\...\Run]) - User: Public
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"UserSelectedDefault"=1
"Device"=Canon MP495 series Printer WS,winspool,Ne08:
[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Everything"="C:\Program Files\Everything\Everything.exe" -startup
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"GDIProcessHandleQuota"=10000
"ShutdownWarningDialogTimeout"=4294967295
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
""=mnmsrvc
"DeviceNotSelectedTimeout"=15
"Spooler"=yes
"TransmissionRetryTimeout"=90
"AppInit_DLLs"=
"LoadAppInit_DLLs"=0
[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"GDIProcessHandleQuota"=10000
"ShutdownWarningDialogTimeout"=4294967295
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
""=mnmsrvc
"DeviceNotSelectedTimeout"=15
"Spooler"=yes
"TransmissionRetryTimeout"=90
"AppInit_DLLs"=
"LoadAppInit_DLLs"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
---------- | Win.ini :
---------- | System.ini :
---------- | Tasks List
---------- | Startings up registry � Folder
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner] : "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] : C:\windows\system32\hkcmd.exe [01/02/2012 20:17:28]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] : C:\windows\system32\igfxtray.exe [01/02/2012 20:17:30]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelWireless] : "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] : "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup] : C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [01/06/2010 01:33:10]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] : C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
---------- | Other keys
[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller
"WaitToKillServiceTimeout"=200
"CurrentUser"=USERNAME
"BootDriverFlags"=0
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll
"SystemStartOptions"= NOEXECUTE=OPTIN NUMPROC=4 SAFEBOOT:NETWORK SOS BOOTLOG NOGUIBOOT BOOTLOGO
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)
[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0
"auditbasedirectories"=0
"crashonauditfail"=0
"fullprivilegeauditing"=0x00
"Bounds"=0x0030000000200000
"LimitBlankPasswordUse"=1
"NoLmHash"=1
"Notification Packages"=scecli
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
livessp
"Authentication Packages"=msv1_0
"LsaPid"=536
"SecureBoot"=1
"ProductType"=3
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"restrictanonymous"=2
"restrictanonymoussam"=1
[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000
"GlobalFlag"=0
"HeapDeCommitFreeBlockThreshold"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapSegmentReserve"=0
"ProcessorControl"=2
"ResourceTimeoutCount"=648000
"BootExecute"=autocheck autochk *
"ExcludeFromKnownDlls"=
"ObjectDirectories"=\Windows
\RPC Control
"ProtectionMode"=1
"NumberOfInitialSessions"=2
"SetupExecute"=
[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv
"NotificationTimeOut"=0
"SnapshotMonitors"=1
"ProductVersion"=5.1
"AllowRemoteRPC"=0
"DelayConMgrTimeout"=0
"fDenyTSConnections"=1
"StartRCM"=0
"TSAdvertise"=0
"DeleteTempDirsOnExit"=1
"fSingleSessionPerUser"=1
"PerSessionTempDir"=0
"TSUserEnabled"=0
"InstanceID"=7b49b9a8-6958-4b7a-9aaa-b2161e3
"fCredentialLessLogonSupported"=1
"fCredentialLessLogonSupportedTSS"=1
"fCredentialLessLogonSupportedKMRDP"=1
---------- | .LNK with Arguments
---------- | AppCertDlls
---------- | Dnsapi.dll
C:\windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts
---------- | Policies | Registry
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Control Panel\Desktop]
"ScreenSaveActive"=1
"ActiveWndTrackTimeout"=0
"BlockSendInputResets"=0
"CaretWidth"=1
"ClickLockTime"=1200
"CoolSwitchColumns"=7
"CoolSwitchRows"=3
"CursorBlinkRate"=530
"DockMoving"=1
"DragFromMaximize"=1
"DragFullWindows"=1
"DragHeight"=4
"DragWidth"=4
"FocusBorderHeight"=1
"FocusBorderWidth"=1
"FontSmoothing"=2
"FontSmoothingGamma"=0
"FontSmoothingOrientation"=1
"FontSmoothingType"=2
"ForegroundFlashCount"=7
"ForegroundLockTimeout"=200000
"LeftOverlapChars"=3
"MenuShowDelay"=400
"PaintDesktopVersion"=0
"Pattern"=0
"RightOverlapChars"=3
"SnapSizing"=1
"TileWallpaper"=0
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"WallpaperStyle"=0
"WheelScrollChars"=3
"WheelScrollLines"=3
"WindowArrangementActive"=1
"UserPreferencesMask"=0x9E3E078012000000
"Wallpaper"=C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp [07/12/2015 22:15:41]
"SCRNSAVE.EXE"=C:\windows\system32\scrnsave.scr [13/07/2009 18:56:35]
"ScreenSaveTimeOut"=1800
"ScreenSaverIsSecure"=1
"WaitToKillAppTimeout"=200
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1
"ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000
"CleanShutdown"=0
"Browse For Folder Width"=318
"Browse For Folder Height"=288
"link"=0x16000000
"NoFileFolderConnection"=1
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"ServerAdminUI"=0
"Start_PowerButtonAction"=16
"Hidden"=2
"ShowCompColor"=1
"HideFileExt"=1
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"SuperHidden"=0
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"StartMenuInit"=4
"TaskbarSizeMove"=0
"DisablePreviewDesktop"=0
"TaskbarSmallIcons"=0
"TaskbarGlomLevel"=0
""=0
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x020000000100000000000000FFFFFFFF
"0"=0x43006800650063006B005F00420072006F00770073006500720073005F004C004E004B000000
"1"=0x70006F00770065007200200070006F0069006E0074000000
"2"=0x66006C00610073006800200070006C0061007900650072000000
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=0
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"CheckedValue"=1
"ValueName"=Hidden
"DefaultValue"=2
"HKeyRoot"=2147483649
"HelpID"=shell.hlp#51105
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"IconUnderline"=2
"GlobalAssocChangedCounter"=188
"MultipleInvokePromptMinimum"=10000
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=
http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=0
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"CheckedValue"=1
"ValueName"=Hidden
"DefaultValue"=2
"HKeyRoot"=2147483649
"HelpID"=shell.hlp#51105
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"IconUnderline"=2
"GlobalAssocChangedCounter"=529
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=
http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s
---------- | Winlogon
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin
"BuildNumber"=7601
"FirstLogon"=0
"ParseAutoexec"=1
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1
"Shell"=explorer.exe
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit"=C:\Windows\system32\userinit.exe,
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"AutoRestartShell"=1
"Background"=0 0 0
"CachedLogonsCount"=10
"DebugServerCommand"=no
"ForceUnlockLogon"=0
"LegalNoticeCaption"=
"LegalNoticeText"=
"PasswordExpiryWarning"=5
"PowerdownAfterShutdown"=0
"ShutdownWithoutLogon"=0
"WinStationsDisabled"=0
"DisableCAD"=1
"scremoveoption"=0
"ShutdownFlags"=39
"AutoAdminLogon"=0
"DefaultUserName"=Tonya
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1
"Shell"=explorer.exe
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"DefaultDomainName"=
"DefaultUserName"=
"Userinit"=userinit.exe,
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
---------- | Associations
[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload
[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*
[HKLM\Software\Classes\.com]
""=comfile
[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.reg]
""=regfile
[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"
[HKLM\Software\Classes\.scr]
""=scrfile
[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S
[HKLM\Software\Classes\.bat]
""=batfile
[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.cmd]
""=cmdfile
[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.pif]
""=piffile
[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.inf]
""=inffile
[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\Software\Classes\.url]
""=InternetShortcut
[HKLM\Software\Classes\.lnk]
""=lnkfile
[HKLM\Software\Classes\.hta]
"PerceivedType"=text
""=htafile
"Content Type"=application/hta
[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*
[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"EditFlags"=2
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"EditFlags"=65536
"BrowserFlags"=4096
"FriendlyTypeName"=@dfshim.dll,-200
[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=
""=Application Reference
"IsShortcut"=
"EditFlags"=131072
"FriendlyTypeName"=@dfshim.dll,-201
[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeLayoutPatternForSearch"=alpha
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
""=Folder
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.ItemTypeText
[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload
[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*
[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile
[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile
[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"
[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile
[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S
[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile
[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile
[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile
[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile
[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut
[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile
[HKLM\Software\WOW6432Node\Classes\.hta]
"PerceivedType"=text
""=htafile
"Content Type"=application/hta
[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*
[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"EditFlags"=2
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest
"EditFlags"=65536
"BrowserFlags"=4096
"FriendlyTypeName"=@dfshim.dll,-200
[HKLM\Software\WOW6432Node\Classes\Application.Reference]
"NeverShowExt"=
""=Application Reference
"IsShortcut"=
"EditFlags"=131072
"FriendlyTypeName"=@dfshim.dll,-201
[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeLayoutPatternForSearch"=alpha
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
""=Folder
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.ItemTypeText
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [14/09/2017 17:38:58]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [14/09/2017 17:38:58]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall
---------- | AppcompatFlags
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"SIGN.MEDIA=277C674 EPSETUP.EXE"=1
"C:\Users\Tonya\Downloads\Samsung_MES100803-02_Normal.exe"=1
"C:\Users\Tonya\Downloads\mbam-setup-1.70.0.1100.exe"=1
"C:\Users\Tonya\Downloads\ChromeSetup.exe"=1
"C:\Users\Tonya\Downloads\vlc-2.2.0-win32.exe"=1
"C:\Users\Tonya\Downloads\QuickTimeInstaller.exe"=1
"C:\Users\Tonya\Downloads\GoProStudioPC-2.5.5.443.exe"=1
"SIGN.MEDIA=1652C6 install.EXE"=1
"C:\Users\Tonya\Desktop\PatchMyPC.exe"=1
"C:\Users\Tonya\Desktop\ccsetup527.exe"=1
"C:\Users\Tonya\Desktop\Everything-1.3.4.686.x64.Multilingual-Setup.exe"=1
"C:\Users\Tonya\Desktop\privazer_free.exe"=1
"C:\Users\Tonya\Desktop\Setup_SmartDefrag.exe"=1
"C:\Users\Tonya\Downloads\jxpiinstall(2).exe"=1
"C:\Users\Tonya\AppData\Local\Temp\jre-8u141-windows-au.exe"=1
---------- | IFEO
---------- | Mountpoints2
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{4c9d58d1-59f7-11e1-8884-806e6f6e6963}] : E:\Start.exe (AutoRun)
---------- | Windows
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"SwapMouseButtons"=#USR:Control Panel\Mouse
"Beep"=#USR:Control Panel\Sound
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"CoolSwitch"=USR:Control Panel\Desktop
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"SwapMouseButtons"=#USR:Control Panel\Mouse
"Beep"=#USR:Control Panel\Sound
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"CoolSwitch"=USR:Control Panel\Desktop
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
---------- | Security center
[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920218544262440
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=1
"DisableRoutinelyTakingAction"=0
"ProductStatus"=0
"InstallTime"=0x18D98D99BFE1CC01
[HKLM\Software\WOW6432Node\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=1
[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1
[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1
[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1
---------- | Safeboot
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
---------- | Winsock (Whitelist)
---------- | Hosts
127.0.0.1 localhost
::1 localhost
0.0.0.1 mssplus.mcafee.com
---------- | Ping
Pinging google.com [2607:f8b0:4009:813::200e] with 32 bytes of data:
Reply from 2607:f8b0:4009:813::200e: time=22ms
Reply from 2607:f8b0:4009:813::200e: time=23ms
Reply from 2607:f8b0:4009:813::200e: time=23ms
Reply from 2607:f8b0:4009:813::200e: time=22ms
Ping statistics for 2607:f8b0:4009:813::200e:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 23ms, Average = 22ms
---------- | @
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=
http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=
http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Page_URL"=
"DisableFirstRunCustomize"=3
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000200300002C020000
"IE9RunOnceLastShown"=1
"IE9RunOnceLastShown_TIMESTAMP"=0xFC0D11FDCF64CE01
"IconCache"=1h02yqh
"DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3B01000055000000BB03000035020000
"Use FormSuggest"=no
"Check_Associations"=no
"IE9RunOncePerInstallCompleted"=1
"IE9RunOnceCompletionTime"=0x80D928FB9968CE01
"OperationalData"=5
"IE10RunOnceLastShown"=1
"IE10RunOnceLastShown_TIMESTAMP"=0x2223BD88FDCCCE01
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x8683EB7862F5CE01
"ImageStoreRandomFolder"=w9wjkr6
"DoNotTrack"=1
"DefSpellLang"=en-US
"Start Page_TIMESTAMP"=0x076AD880FBACD201
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
"SearchBandRestoreBarCount"=0
"SearchBandMigrationVersion"=1
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2720
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0x8920552BEEF2CE01
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"SyncMode5"=0
"EnableAutodial"=0
"NoNetAutodial"=0
[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=
http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=
http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=
http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=
http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"TabProcGrowth"=Medium
"Print_Background"=0
"AlwaysShowMenus"=0
"StatusBarWeb"=1
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm
[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://
"gopher"=gopher://
[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=
http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=
http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=
http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Search Page"=
http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"TabProcGrowth"=Medium
"Print_Background"=0
"AlwaysShowMenus"=0
"StatusBarWeb"=1
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Check_Associations"=yes
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files
---------- | Proxy
---------- | reparsepoint
---------- | Detection of offsets
---------- | Notify
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll
---------- | Execution FileExts
---------- | SIOI | SEH | URLSH
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=
---------- | Toolbar
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0
"ShowDiscussionButton"=Yes
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x13000000000000000000000020000000100000000000000001000000800600005E01000006000000C9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000071CB8D86DF844388428FA844297B3F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ITBar7Height"=0
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"Version"=4
"UpgradeTime"=0xB8C3C3E587F7CF01
"KnownProvidersUpgradeTime"=0x3992287C62F5CE01
"DefaultPackCorrection"=1
"DefaultPackNTCorrection"=1
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"Locked"=0
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
---------- | Extensions
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}] : (@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{328ECD19-C167-40eb-A0C7-16FE7634105E}] : () - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - []
---------- | SearchScopes
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}] - (Google) -
http://www.google.com/search?q={searchTerms} :
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) -
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86E38F40-F4D6-4C13-89D0-827B2577DB70}] - (Yahoo Search) -
https://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) -
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - :
---------- | Browser Helper Objects
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Windows Live ID Sign-in Helper) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [28/03/2011 06:35:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 08:37:48]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] -> (Canon Easy-WebPrint EX BHO) : C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [25/10/2013 22:11:38]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [24/07/2017 22:38:39]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Windows Live ID Sign-in Helper) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [28/03/2011 06:35:06]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA609D72-8482-4076-8991-8CDAE5B93BCB}] -> (Samsung BHO Class) : C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [01/02/2012 17:57:20]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 08:37:48]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [24/07/2017 22:38:39]
---------- | Chrome
C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\extensions\hikeppggmbhdgodhakicedaejpleoigm = : __MSG_newtab_chrome_extension_description__ - __MSG_newtab_chrome_extension_name__ -
https://clients2.google.com/service/update2/crx
C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com -
https://clients2.google.com/service/update2/crx
C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com -
https://clients2.google.com/service/update2/crx
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\hikeppggmbhdgodhakicedaejpleoigm]
---------- | Opera
---------- | Firefox
[HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 27.0.0.130 Plugin) : C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 27.0.0.130 Plugin) : C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@canon.com/EPPEX] - (Canon Easy-PhotoPrint EX) : C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.141.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.141.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@nitropdf.com/NitroPDF] - (NitroPDF Web Browser Plugin) : C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\pcw27saw.default\Prefs.js
user_pref("browser.startup.homepage_override.buildID", "20170824053622");
user_pref("browser.startup.homepage_override.mstone", "55.0.3");
user_pref("extensions.blocklist.pingCountTotal", 791);
user_pref("extensions.blocklist.pingCountVersion", 3);
user_pref("extensions.databaseSchema", 21);
user_pref("extensions.e10s.rollout.blocklist", "");
user_pref("extensions.e10s.rollout.hasAddon", false);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.e10sMultiBlockedByAddons", false);
user_pref("extensions.followonsearch.cohortSample", "0.280814");
user_pref("extensions.getAddons.cache.lastUpdate", 1506902017);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20170302.01");
user_pref("extensions.lastAppVersion", "55.0.3");
user_pref("extensions.lastPlatformVersion", "55.0.3");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shield-recipe-client.api_url", "
https://normandy.cdn.mozilla.net/api/v1");
user_pref("extensions.shield-recipe-client.dev_mode", false);
user_pref("extensions.shield-recipe-client.enabled", true);
user_pref("extensions.shield-recipe-client.first_run", false);
user_pref("extensions.shield-recipe-client.logging.level", 50);
user_pref("extensions.shield-recipe-client.run_interval_seconds", 86400);
user_pref("extensions.shield-recipe-client.startup_delay_seconds", 300);
user_pref("extensions.shield-recipe-client.user_id", "36003d82-768c-43f2-b08b-814b58ee14a0");
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{429fe9f6-4535-4f5d-98c5-66b5f799dddc}\",\"addons\":{\"
clicktoplay-rollout@mozilla.org\":{\"version\":\"1.4\"},\"
e10srollout@mozilla.org\":{\"version\":\"2.05\"},\"
followonsearch@mozilla.com\":{\"version\":\"0.9.4\"},\"
onboarding@mozilla.org\":{\"version\":\"0.1\"},\"
screenshots@mozilla.org\":{\"version\":\"10.12.0\"}}}");
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://discover/");
user_pref("extensions.ui.locale.hidden", true);
C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\pcw27saw.default
[Profile0] - Name=default -> Profiles/pcw27saw.default
---------- | DNS
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=75.75.76.76 75.75.75.75
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}]
"DhcpNameServer"=75.75.76.76 75.75.75.75
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}]
"DhcpNameServer"=75.75.76.76 75.75.75.75
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}]
"DhcpNameServer"=75.75.76.76 75.75.75.75
---------- | Applications
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\QuickTimePlayer.exe] : C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe "%1"
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoGallery.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\QuickTimePlayer.exe] : C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoGallery.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
---------- | SvcHost (Whitelist)
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"regsvc"=RemoteRegistry
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"secsvcs"=WinDefend
"bthsvcs"=bthserv
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
PlugPlay
DcomLaunch
---------- | SvcHost - Netsvcs (Whitelist)
---------- | Software
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Adobe]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\AppDataLow]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Apple Inc.]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Avg]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\AVG Web TuneUp]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\BitTorrent]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\BugSplat]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Canon]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Chromium]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\CineForm]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Clients]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\CyberLink]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Digital River Mso]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Elantech]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\EPSON]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Geek Uninstaller]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Google]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\GoPro]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\IM Providers]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Intel]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\JavaSoft]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Lake]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Leadertech]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Local AppWizard-Generated Applications]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Macromedia]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Malwarebytes]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Malwarebytes' Anti-Malware]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\MCAFEE]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\MichaelOborne]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Mozilla]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Netscape]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Nitro PDF]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\ODBC]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Piriform]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Policies]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\PrivaZer]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\puush]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Realtek]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Renesas Electronics]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Samsung]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Skype]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\SSPrint]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\sysinternals]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Valve]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Wow6432Node]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\ZHP]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\AppDataLow\Software\Canon]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVG]
[HKLM\Software\Best Buy]
[HKLM\Software\Canon]
[HKLM\Software\CBSTEST]
[HKLM\Software\Clients]
[HKLM\Software\Cyberlink]
[HKLM\Software\Dolby]
[HKLM\Software\EPSON]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\GEAR Software]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\Knowles]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee.com]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nitro PDF]
[HKLM\Software\ODBC]
[HKLM\Software\PANDhcpDns]
[HKLM\Software\Patch My PC]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\Samsung]
[HKLM\Software\Sonic]
[HKLM\Software\SRS Labs]
[HKLM\Software\SSPrint]
[HKLM\Software\SSScan]
[HKLM\Software\Symantec]
[HKLM\Software\sysinternals]
[HKLM\Software\TrendMicro]
[HKLM\Software\VideoLAN]
[HKLM\Software\Waves Audio]
[HKLM\Software\WiMax]
[HKLM\Software\Wow6432Node]
[HKLM\Software\ZmnGlobalSDK]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Apple Computer, Inc.]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\AVG Web TuneUp]
[HKLM\Software\WOW6432Node\Canon]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\EPSON]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\Lake]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\WOW6432Node\McAfee.com]
[HKLM\Software\WOW6432Node\mcafeeupdater]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\MimarSinan]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nitro PDF]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Samsung]
[HKLM\Software\WOW6432Node\Samsung Electronics Co., Ltd.]
[HKLM\Software\WOW6432Node\Samsung Printers]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\SSScan]
[HKLM\Software\WOW6432Node\TrendMicro]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\Yahoo]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
---------- | Drives
D:
---------- | C:
[25/02/2017 17:57:11] - |SHD| - [65200939] - C:\$RECYCLE.BIN
[16/09/2017 07:58:57] - |SHD| - [0] - C:\Config.Msi
[14/07/2009 00:08:56] - |SHD| - [0] - C:\Documents and Settings
[MD5.FF790DCB45FC8CD3EFE42FB73F72C8B5] - [11/08/2015 21:13:18] - |A| - (.-.) - [84] - (0.0.0.0) - C:\DVDPATH.TXT
[MD5.EDE06CD4D95178D6A2DEF6B60BD267F4] - [24/02/2017 10:28:43] - |A| - (.-.) - [42] - (0.0.0.0) - C:\folders.log
[22/02/2017 10:34:47] - |D| - [417327914] - C:\FRST
[MD5.E7832D67AD190A920970CB5ADFC6D5D1] - [02/11/2015 05:28:48] - |A| - (.-.) - [383] - (0.0.0.0) - C:\ftconfig.ini
[01/02/2012 17:32:04] - |D| - [634076] - C:\Intel
[31/07/2012 23:29:56] - |RHD| - [649878279] - C:\MSOCache
[MD5.EF5C9109EFF3C3E8F3794DB4A02BE79E] - [23/06/2015 00:41:38] - |A| - (.-.) - [9216] - (0.0.0.0) - C:\My3DGraph.grf
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/02/2012 21:50:10] - |ASH| - (.-.) - [6351798272] - (0.0.0.0) - C:\pagefile.sys
[13/07/2009 22:20:08] - |D| - [0] - C:\PerfLogs
[13/07/2009 22:20:08] - |RD| - [1767108897] - C:\Program Files
[13/07/2009 22:20:08] - |D| - [6931281643] - C:\Program Files (x86)
[13/07/2009 22:20:08] - |HD| - [2860198009] - C:\ProgramData
[07/10/2017 12:46:57] - |D| - [262052] - C:\QuickDiag
[MD5.C46D7C4162AFEEB097412EAE52123CEB] - [07/10/2017 12:47:05] - |A| - (.-.) - [103611] - (0.0.0.0) - C:\QuickDiag.txt
[01/06/2012 04:28:25] - |SHD| - [172384274] - C:\Recovery
[MD5.260EDE6FDA5C1FCA0E47D99483BA2714] - [01/02/2012 17:33:30] - |A| - (.-.) - [2184] - (0.0.0.0) - C:\RHDSetup.log
[MD5.ECB410F70405A7EDCE21207350940EC2] - [24/02/2017 10:18:28] - |A| - (.-.) - [3077] - (0.0.0.0) - C:\runcheck.txt
[MD5.2A51B7CDB1CF3D525AFED6A90BBECF62] - [01/02/2012 17:33:30] - |A| - (.-.) - [163] - (0.0.0.0) - C:\setup.log
[02/02/2012 10:27:44] - |SHD| - [0] - C:\System Volume Information
[MD5.986D6F28E3411BCCC1F857AB9629DAE6] - [23/02/2017 08:09:33] - |A| - (.-.) - [810] - (0.0.0.0) - C:\TONYA-PC.rtf
[13/07/2009 22:20:08] - |RD| - [18590676982] - C:\Users
[13/07/2009 22:20:08] - |D| - [42563124916] - C:\Windows
[MD5.F5C006622F21D4ED4F748448FEE14968] - [15/11/2016 22:37:24] - |A| - (.-.) - [14876] - (0.0.0.0) - C:\WirelessDiagLog.csv
[24/02/2017 15:53:35] - |D| - [129] - C:\zoek
[MD5.A4C1B82897B7D7352CD71072D1E03C14] - [24/02/2017 10:19:11] - |A| - (.-.) - [3207] - (0.0.0.0) - C:\zoek-results.log
[MD5.C4A143BFB9B30D672D2C069DAF13E371] - [24/02/2017 15:44:25] - |A| - (.-.) - [2743] - (0.0.0.0) - C:\zoek-results2017-02-24-152905.log
[24/02/2017 10:18:26] - |D| - [26109913] - C:\zoek_backup
---------- | C:\windows
[14/07/2009 00:32:38] - |D| - [802] - C:\windows\addins
[13/07/2009 22:20:08] - |D| - [43689776] - C:\windows\AppCompat
[13/07/2009 22:20:08] - |D| - [10989676] - C:\windows\AppPatch
[01/02/2012 18:24:03] - |D| - [106352] - C:\windows\ar
[13/07/2009 22:20:08] - |RSD| - [1665810188] - C:\windows\assembly
[MD5.317CD1CE327B6520BF4EE007BCD39E61] - [20/11/2010 22:24:22] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [71168] - (6.1.7601.17514) - C:\windows\bfsvc.exe
[01/02/2012 18:24:07] - |D| - [107376] - C:\windows\bg
[13/07/2009 22:20:09] - |D| - [29188318] - C:\windows\Boot
[MD5.2B2D096F4B9E9B89C36DA022ADDAB2F9] - [14/07/2009 00:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\windows\bootstat.dat
[13/07/2009 22:20:09] - |D| - [2418176] - C:\windows\Branding
[01/02/2012 18:24:11] - |D| - [106864] - C:\windows\cs
[MD5.235618680EE3BD8EA9B9785358151D21] - [01/02/2012 18:34:56] - |A| - (.-.) - [10] - (0.0.0.0) - C:\windows\Csup.txt
[13/07/2009 22:20:09] - |D| - [2113488] - C:\windows\Cursors
[01/02/2012 18:24:14] - |D| - [106864] - C:\windows\da
[01/02/2012 18:24:17] - |D| - [107888] - C:\windows\de
[13/07/2009 23:45:54] - |D| - [680487] - C:\windows\debug
[14/07/2009 00:32:38] - |D| - [3003724] - C:\windows\diagnostics
[14/07/2009 00:37:46] - |D| - [0] - C:\windows\DigitalLocker
[29/01/2013 20:36:49] - |D| - [1924593] - C:\windows\Downloaded Installations
[14/07/2009 00:32:38] - |D| - [65] - C:\windows\Downloaded Program Files
[01/02/2012 20:25:37] - |D| - [117965961] - C:\windows\ehome
[01/02/2012 18:24:21] - |D| - [107888] - C:\windows\el
[01/02/2012 18:26:30] - |D| - [106864] - C:\windows\en
[14/07/2009 00:37:46] - |D| - [110080] - C:\windows\en-US
[MD5.EDBA75522C06F1772CCD2441857F26C7] - [05/06/2012 18:31:04] - |A| - (.-.) - [44] - (0.0.0.0) - C:\windows\EPNX100.ini
[MD5.2A66E81AE941E54A237490FC35D387C8] - [31/05/2012 08:15:39] - |A| - (.-.) - [1945] - (0.0.0.0) - C:\windows\epplauncher.mif
[01/02/2012 18:24:24] - |D| - [107376] - C:\windows\es
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [12/10/2016 20:31:01] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [3229696] - (6.1.7601.23537) - C:\windows\explorer.exe
[01/02/2012 18:24:28] - |D| - [106864] - C:\windows\fi
[13/07/2009 22:20:09] - |RSD| - [397324495] - C:\windows\Fonts
[01/02/2012 18:24:31] - |D| - [107376] - C:\windows\fr
[MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [13/07/2009 18:22:13] - |A| - (.© Microsoft Corporation. - BitLocker Drive Encryption Servicing Utility.) - [15360] - (6.1.7600.16385) - C:\windows\fveupdate.exe
[13/07/2009 22:20:09] - |D| - [32090797] - C:\windows\Globalization
[01/02/2012 18:24:35] - |D| - [106352] - C:\windows\he
[13/07/2009 22:20:09] - |D| - [29929539] - C:\windows\Help
[MD5.A66E522F3CBFB8709EA37844922A002E] - [13/06/2017 18:00:33] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [733696] - (6.1.7601.23834) - C:\windows\HelpPane.exe
[MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [13/07/2009 19:29:03] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [16896] - (6.1.7600.16385) - C:\windows\hh.exe
[MD5.0D776C3A36F2B6E657939BB96096E070] - [21/11/2010 02:16:47] - |A| - (.-.) - [48223] - (0.0.0.0) - C:\windows\HomeBasic.xml
[MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [01/02/2012 20:26:04] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\windows\HomePremium.xml
[MD5.1FE78FF8E40A21AC4B9B3FA15AAA7A54] - [01/02/2012 18:07:54] - |A| - (.(c) Samsung Electronics. - HotfixChecker.) - [407040] - (1.0.0.2) - C:\windows\HotfixChecker.exe
[MD5.981A237904ADDC01FAC22F7D8AC0A977] - [01/02/2012 17:53:35] - |A| - (.-.) - [2686] - (0.0.0.0) - C:\windows\HotFixList.ini
[01/02/2012 18:24:39] - |D| - [107376] - C:\windows\hr
[01/02/2012 18:24:43] - |D| - [106864] - C:\windows\hu
[13/07/2009 22:20:09] - |D| - [143546732] - C:\windows\IME
[13/07/2009 22:20:10] - |D| - [133279302] - C:\windows\inf
[01/02/2012 17:35:00] - |SHD| - [12548795767] - C:\windows\Installer
[01/02/2012 18:24:46] - |D| - [106864] - C:\windows\it
[01/02/2012 18:24:50] - |D| - [105328] - C:\windows\ko
[13/07/2009 22:20:10] - |D| - [48371] - C:\windows\L2Schemas
[13/07/2009 22:20:10] - |D| - [0] - C:\windows\LiveKernelReports
[13/07/2009 22:20:10] - |D| - [87296235] - C:\windows\Logs
[01/02/2012 18:24:53] - |D| - [107376] - C:\windows\lt
[01/02/2012 18:24:57] - |D| - [106864] - C:\windows\lv
[13/07/2009 22:20:10] - |RSD| - [13358214] - C:\windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [13/07/2009 19:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\windows\mib.bin
[13/07/2009 22:20:10] - |D| - [754514409] - C:\windows\Microsoft.NET
[19/01/2014 11:28:41] - |D| - [4014] - C:\windows\Migration
[01/10/2017 21:09:22] - |D| - [276313] - C:\windows\Minidump
[13/07/2009 22:20:10] - |D| - [0] - C:\windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [13/07/2009 21:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\windows\msdfmap.ini
[01/02/2012 20:24:08] - |D| - [75566347] - C:\windows\MSetup
[01/02/2012 18:25:01] - |D| - [107376] - C:\windows\nl
[01/02/2012 18:25:05] - |D| - [107376] - C:\windows\no
[MD5.B32189BDFF6E577A92BAA61AD49264E6] - [08/09/2015 17:31:37] - |A| - (.© Microsoft Corporation. - Notepad.) - [193536] - (6.1.7601.18917) - C:\windows\notepad.exe
[MD5.7794CC01EE5C65F8BA057C548B862E66] - [01/10/2017 17:46:00] - |A| - (.-.) - [527046] - (0.0.0.0) - C:\windows\ntbtlog.txt
[14/07/2009 00:32:38] - |D| - [65] - C:\windows\Offline Web Pages
[11/02/2011 14:57:05] - |D| - [698523] - C:\windows\Panther
[01/02/2012 18:18:47] - |D| - [0] - C:\windows\PCHEALTH
[14/07/2009 00:32:38] - |D| - [62305402] - C:\windows\Performance
[MD5.846CB36F0CF050CD2436C6F06E738D80] - [24/02/2017 14:52:46] - |A| - (.-.) - [6368] - (0.0.0.0) - C:\windows\PFRO.log
[01/02/2012 18:31:55] - |D| - [107376] - C:\windows\pl
[13/07/2009 22:20:10] - |D| - [1109514] - C:\windows\PLA
[13/07/2009 22:20:10] - |D| - [2360204] - C:\windows\PolicyDefinitions
[11/02/2011 14:58:10] - |D| - [45940032] - C:\windows\Prefetch
[MD5.9ED422FB854BBD72616989C0ABE306D1] - [09/02/2011 23:03:48] - |A| - (.-.) - [326] - (0.0.0.0) - C:\windows\primopdf.ini
[23/02/2017 16:49:13] - |D| - [0] - C:\windows\pss
[01/02/2012 18:31:59] - |D| - [107376] - C:\windows\pt-br
[01/02/2012 18:32:04] - |D| - [107888] - C:\windows\pt-pt
[MD5.2E2C937846A0B8789E5E91739284D17A] - [13/07/2009 18:27:10] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [427008] - (6.1.7600.16385) - C:\windows\regedit.exe
[13/07/2009 22:20:10] - |D| - [22588] - C:\windows\registration
[MD5.9D40BFEF0B34CBC1E3A074A6E7D9644A] - [01/02/2012 18:43:03] - |A| - (.-.) - [44378] - (0.0.0.0) - C:\windows\Report.htm
[13/07/2009 22:20:10] - |D| - [4218339] - C:\windows\rescache
[MD5.B543F54C0E5C551066129C389CA3BF26] - [03/02/2012 13:37:34] - |A| - (.TODO: (c) <Company name>. - TODO: <File description>.) - [423936] - (1.0.0.1) - C:\windows\Reseal64.exe
[13/07/2009 22:20:10] - |D| - [1676583] - C:\windows\Resources
[01/02/2012 18:32:08] - |D| - [107376] - C:\windows\ro
[MD5.568F4520EE62383F7B14C1B403E4D7FC] - [01/02/2012 17:33:30] - |N| - (.Copyright (C) 2011 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1698408] - (1.0.3.0) - C:\windows\RtlExUpd.dll
[01/02/2012 18:32:12] - |D| - [106864] - C:\windows\ru
[MD5.C45ED6183D5A8A47BA338CF1D334CC77] - [01/02/2012 17:40:41] - |A| - (.Copyright © 2004-2010 Jan Kolarik & Ondrej Vaverka - Screensaver created with InstantStorm.) - [14392507] - (2.0.0.0) - C:\windows\Samsung Astro Orbit I.scr
[MD5.F53B03707C7ED9A9D69393FD84E5B6CD] - [01/02/2012 17:40:43] - |A| - (.-.) - [16018] - (0.0.0.0) - C:\windows\Samsung.png
[13/07/2009 22:20:10] - |D| - [0] - C:\windows\SchCache
[13/07/2009 22:20:10] - |D| - [58021] - C:\windows\schemas
[11/02/2011 14:56:44] - |D| - [241744] - C:\windows\Sec
[13/07/2009 22:20:10] - |D| - [1056768] - C:\windows\security
[13/07/2009 23:45:47] - |D| - [288445506] - C:\windows\ServiceProfiles
[13/07/2009 22:20:10] - |D| - [235370137] - C:\windows\servicing
[MD5.2226109C5FCC0BD014F40D50432DE3EA] - [01/02/2012 18:34:53] - |A| - (.Copyright (C) 2005 - SetDisplayResolution MFC Program.) - [307200] - (1.2.0.8) - C:\windows\SetDisplayResolution.exe
[MD5.99781C9D6344FB1D65D93B962B508942] - [01/02/2012 18:34:53] - |A| - (.-.) - [3282] - (0.0.0.0) - C:\windows\SetDisplayResolutionDT.xml
[MD5.201FDD2F8231EF33C1D9210577624F4D] - [01/02/2012 18:34:53] - |A| - (.-.) - [3282] - (0.0.0.0) - C:\windows\SetDisplayResolutionNP.xml
[MD5.4673C94AEE1AD9C4BEAE58ECC3DBC2B8] - [01/02/2012 17:58:40] - |A| - (.Samsung Electronics Co., Ltd. - SetLCDStretchMode.) - [345600] - (1.0.2.1) - C:\windows\SetLCDStretchMode.exe
[13/07/2009 23:45:50] - |D| - [13802] - C:\windows\Setup
[MD5.3F76D0BC023FA554AC88B05C05BEAE62] - [24/02/2017 14:53:43] - |A| - (.-.) - [1714] - (0.0.0.0) - C:\windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/02/2017 14:53:43] - |A| - (.-.) - [0] - (0.0.0.0) - C:\windows\setuperr.log
[01/02/2012 20:25:37] - |D| - [35886] - C:\windows\ShellNew
[01/02/2012 18:32:16] - |D| - [107376] - C:\windows\sk
[01/02/2012 18:32:21] - |D| - [107376] - C:\windows\sl
[MD5.A34D5E02AA86ECAC7B3B19B1EFABD07D] - [01/02/2012 17:56:19] - |A| - (.-.) - [433] - (0.0.0.0) - C:\windows\SlientUninstall.iss
[01/02/2012 17:36:34] - |D| - [1348475432] - C:\windows\SoftwareDistribution
[13/07/2009 22:20:10] - |D| - [181014046] - C:\windows\Speech
[MD5.127AA81343A7C6F665C22CB1293B0A90] - [20/08/2012 07:29:53] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\windows\splwow64.exe
[01/02/2012 18:32:25] - |D| - [107376] - C:\windows\sr-latn-cs
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 00:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\windows\Starter.xml
[03/01/2013 20:27:38] - |D| - [0] - C:\windows\Sun
[MD5.6306FFC26C6F488E517175881D76FF77] - [01/02/2012 20:20:44] - |A| - (.Copyright (C) 2010 - Samsung Universal Print Utility.) - [258864] - (2.1.5.0) - C:\windows\SUPDRun.exe
[MD5.BC4133E8F2311394FF990DE5A8F2F7D9] - [01/06/2012 04:41:18] - |A| - (.-.) - [562718] - (0.0.0.0) - C:\windows\surbey.ico
[01/02/2012 18:32:30] - |D| - [106864] - C:\windows\sv
[13/07/2009 22:20:10] - |D| - [0] - C:\windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [13/07/2009 21:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\windows\system.ini
[13/07/2009 22:20:10] - |D| - [4391966145] - C:\windows\System32
[13/07/2009 22:20:14] - |D| - [1221517049] - C:\windows\SysWOW64
[13/07/2009 22:20:14] - |D| - [15] - C:\windows\TAPI
[13/07/2009 22:20:14] - |D| - [32554] - C:\windows\Tasks
[13/07/2009 22:20:14] - |D| - [85632846] - C:\windows\Temp
[01/02/2012 18:32:34] - |D| - [106352] - C:\windows\th
[01/02/2012 18:32:39] - |D| - [106864] - C:\windows\tr
[13/07/2009 22:20:14] - |D| - [0] - C:\windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 16:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\windows\twain.dll
[14/07/2009 00:32:38] - |D| - [41207796] - C:\windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [20/11/2010 22:25:10] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\windows\twain_32.dll
[01/02/2012 17:58:07] - |D| - [10270866] - C:\windows\twain_64
[MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 17:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [13/07/2009 19:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\windows\twunk_32.exe
[13/07/2009 22:20:14] - |D| - [12420] - C:\windows\Vss
[13/07/2009 22:20:14] - |D| - [41213768] - C:\windows\Web
[MD5.43E89724BB8934402DABB6990F2C64CA] - [01/02/2012 17:58:17] - |A| - (.- INF Scanner Installer.) - [142128] - (1.0.71.0) - C:\windows\wiainst64.exe
[MD5.B31FFE3250040EE72E63CDA5A8A18EE6] - [13/07/2009 21:34:57] - |A| - (.-.) - [387] - (0.0.0.0) - C:\windows\win.ini
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [13/07/2009 23:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\windows\WindowsShell.Manifest
[MD5.FF5C9806B4297C688AAA456E60042659] - [01/02/2012 17:36:33] - |A| - (.-.) - [1376339] - (0.0.0.0) - C:\windows\WindowsUpdate.log
[MD5.1D420D66250BCAAAED05724FB34008CF] - [13/07/2009 19:12:29] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.1.7600.16385) - C:\windows\winhlp32.exe
[13/07/2009 22:20:14] - |D| - [18470786136] - C:\windows\winsxs
[MD5.4D620865394151B96C54752B743D6D12] - [13/05/2011 01:42:24] - |A| - (.© 2010 Microsoft Corporation. - Windows Live Photos Screen Saver.) - [302448] - (15.4.3538.513) - C:\windows\WLXPGSS.SCR
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 15:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\windows\WMSysPr9.prx
[MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [13/07/2009 18:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\windows\write.exe
[MD5.3872EF941069CB15D1B97CA6AB2C2EF7] - [23/02/2017 15:41:03] - |A| - (.-.) - [55237] - (0.0.0.0) - C:\windows\ZAM.krnl.trace
[MD5.88FAD69082A478DBD7A01EDD23475F79] - [23/02/2017 15:41:03] - |A| - (.-.) - [3638575] - (0.0.0.0) - C:\windows\ZAM_Guard.krnl.trace
[01/02/2012 18:32:43] - |D| - [104816] - C:\windows\zh-cn
[01/02/2012 18:32:47] - |D| - [104816] - C:\windows\zh-tw
[MD5.F9F4905664C5B42B49E78EFA12D1A6B6] - [01/02/2012 18:23:47] - |A| - (.-.) - [20] - (0.0.0.0) - C:\windows\Àùr
---------- | C:\windows\System32\GroupPolicy
---------- | Systemroot\System
---------- | Systemroot\Installer (Microsoft Files Whitelisted)
[13/10/2010 18:55:48] - C:\windows\Installer\17d0c2d.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/02/2012 10:42:14] - C:\windows\Installer\17d0fb6.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/06/2015 13:54:19] - C:\windows\Installer\198dbc93.msi : (puush installer - Dean Herbert) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2012 18:27:55] - C:\windows\Installer\1b3fc.msi : (Windows Live Messenger Resources setup package - Корпорация Майкрософт) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2012 18:28:42] - C:\windows\Installer\1b5bd.msi : (Windows Live Mail setup package - Корпорация Майкрософт) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/07/2014 14:59:47] - C:\windows\Installer\1d0cb9e7.msi : (Mission Planner Installer - Michael Oborne) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 03:42:22] - C:\windows\Installer\282d71.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/10/2014 17:12:54] - C:\windows\Installer\2a185ca7.msi : (QuickTime Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/07/2017 15:22:48] - C:\windows\Installer\3059b78e.msi : (Java SE Runtime Environment 8 Update 141 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/07/2017 15:22:39] - C:\windows\Installer\3059b79b.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/02/2017 08:03:06] - C:\windows\Installer\3203861.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/02/2017 08:08:27] - C:\windows\Installer\3203973.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/05/2017 21:11:47] - C:\windows\Installer\38e4d837.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/06/2012 05:50:09] - C:\windows\Installer\394cfe.msi : (Intel(R) Turbo Boost Technology Monitor 2.0 - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2011 13:45:50] - C:\windows\Installer\39f3df.msi : ( - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/06/2011 20:45:52] - C:\windows\Installer\3b2ff.msi : (Intel® PROSet/Wireless WiMAX Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/01/2011 12:21:18] - C:\windows\Installer\3b306.msi : (Intel(R) WiFi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2012 17:36:56] - C:\windows\Installer\3b30f.msi : (Asmedia ASM104x USB 3.0 Host Controller Driver - Asmedia Technology) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/12/2010 23:55:32] - C:\windows\Installer\3b314.msi : (USB 3.0 Host Controller Driver - Renesas Electronics Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/07/2010 14:12:44] - C:\windows\Installer\3b31d.msi : (Easy Content Share - Samsung Electronics Co., LTD) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[30/11/2010 18:39:23] - C:\windows\Installer\3b349.msi : (Intel(R) Wireless Display - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/12/2010 11:47:30] - C:\windows\Installer\3b352.msi : ( - Samsung Electronics. Co. Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2012 17:42:55] - C:\windows\Installer\3b359.msi : (Best Buy pc app Setup Installation - Best Buy) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/10/2010 21:20:10] - C:\windows\Installer\3b37b.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/10/2010 14:54:48] - C:\windows\Installer\3b394.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/10/2010 22:54:06] - C:\windows\Installer\3b39a.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/10/2010 20:46:58] - C:\windows\Installer\3b3a0.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/10/2010 21:40:10] - C:\windows\Installer\3b3ac.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/06/2010 01:38:36] - C:\windows\Installer\3b3b4.msi : (Norton Online Backup Installer - Symantec Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 12:16:56] - C:\windows\Installer\3b3c4.msi : ( - Samsung) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/05/2013 21:47:03] - C:\windows\Installer\3b8ba.msi : (Spelling Dictionaries for Adobe Reader 9 - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/01/2013 20:36:49] - C:\windows\Installer\4dda4738.msi : (Amazon Unbox Video - Amazon.com) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[30/04/2012 16:43:42] - C:\windows\Installer\54d8114.msi : (Nitro Reader 2.3.1.7 - Nitro PDF Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/08/2017 17:33:47] - C:\windows\Installer\6c23b245.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/11/2010 23:14:02] - C:\windows\Installer\d4f4e.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/02/2017 11:28:19] - C:\windows\Installer\db7b6.msi : (Visual Studio 2012 x64 Redistributables - AVG Technologies) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/02/2017 11:28:27] - C:\windows\Installer\db7ba.msi : (Visual Studio 2012 x86 Redistributables - AVG Technologies CZ, s.r.o.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/11/2014 20:33:30] - C:\windows\Installer\f28d7f1.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
---------- | %System%\*.in*
[13/07/2009 23:57:09] - [73] - C:\windows\System32\desktop.ini
[14/04/2015 22:40:09] - [16303] - C:\windows\System32\ieuinit.inf
[14/07/2009 00:13:15] - [786514] - C:\windows\System32\PerfStringBackup.INI
[10/06/2009 16:01:25] - [60124] - C:\windows\System32\tcpmon.ini
[14/04/2015 22:40:14] - [16303] - C:\windows\Syswow64\ieuinit.inf
[13/07/2009 23:55:01] - [535] - C:\windows\Syswow64\mapisvc.inf
[31/05/2012 08:15:27] - [779128] - C:\windows\Syswow64\PerfStringBackup.INI
[05/06/2012 18:32:05] - [97] - C:\windows\Syswow64\PICSDK.ini
---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:08] - [0 Ko] - C:\windows\AppPatch\Custom\Custom64
[MD5.9B59AB9A6E428972A44E7B2CB174775E] - |A| - [11/07/2017 21:50:19] - (.-.) - [122.74 Ko] - (0.0.0.0) - C:\windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 10:32:46] - [0 Ko] - C:\windows\Temp\93FA44C1-AB37-4530-8216-FD41E873EC12-Sigs
[MD5.7E6C145988519041AD7988F9135FD67C] - |A| - [06/05/2017 14:18:53] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\windows\Temp\AdobeARM.log
[MD5.00000000000000000000000000000000] - |D| - [23/02/2017 15:26:08] - [93.18 Ko] - C:\windows\Temp\Amazon Digital Video
[MD5.5BA0DA98FC377A1FF2D033957762B4BE] - |A| - [20/04/2017 17:45:29] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00000.log
[MD5.BAC51F1182D691D0766D1F37F099CC1E] - |A| - [20/04/2017 17:45:41] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00001.log
[MD5.D2E6A3DF23C63D30D0B87E57C43CC97D] - |A| - [11/05/2017 21:14:44] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00002.log
[MD5.0277F155C44407D32DF1D2636288D9EB] - |A| - [11/05/2017 21:14:57] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00003.log
[MD5.0AFF4C77E3263FC53788747E00A2E945] - |A| - [16/08/2017 19:16:27] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00004.log
[MD5.627E0DA63F26654DFB6AAAE140D18F75] - |A| - [16/08/2017 19:16:38] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00005.log
[MD5.256A3733765A078843DB9D16CCCDCDDB] - |A| - [16/09/2017 07:59:50] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00006.log
[MD5.BC35DEE764FA9C56BD5DE20210E3FED3] - |A| - [16/09/2017 08:00:05] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\windows\Temp\ASPNETSetup_00007.log
[MD5.9DFA3F7B61C9D399F0E897DD22DB5C86] - |A| - [05/04/2017 21:20:29] - (.-.) - [93.17 Ko] - (0.0.0.0) - C:\windows\Temp\chrome_installer.log
[MD5.8D182D57D22C6636FB7285CD48D3E27A] - |A| - [20/08/2017 19:06:18] - (.© McAfee, Inc. - McAfee Scanner Content Installer.) - [1519.46 Ko] - (3.0.113.1) - C:\windows\Temp\contentDATs.exe
[MD5.00000000000000000000000000000000] - |D| - [05/04/2017 21:20:29] - [0.04 Ko] - C:\windows\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [26/09/2017 18:51:46] - [112.61 Ko] - C:\windows\Temp\CR_DA55A.tmp
[MD5.AC662664040332780AF0794FB515E529] - |A| - [11/05/2017 21:12:10] - (.-.) - [1.22 Ko] - (0.0.0.0) - C:\windows\Temp\dd_NDP46-KB4014511-x64_decompression_log.txt
[MD5.343613BF114EE8A9887963CEE66FF0DF] - |A| - [20/04/2017 17:43:31] - (.-.) - [1.19 Ko] - (0.0.0.0) - C:\windows\Temp\dd_NDP46-KB4014553-x64_decompression_log.txt
[MD5.4683CC1DF075F6B8EC6DE50592A5D717] - |A| - [16/09/2017 07:58:13] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\windows\Temp\dd_ndp46-kb4040973-x64_decompression_log.txt
[MD5.0808B888682676D4389AF26D7BE3E98F] - |A| - [16/08/2017 19:14:02] - (.-.) - [1.22 Ko] - (0.0.0.0) - C:\windows\Temp\dd_ndp47-kb3186495-x86-x64-enu_decompression_log.txt
[MD5.DDBED41C03998190104FB1CF2477EC78] - |A| - [16/08/2017 19:14:22] - (.-.) - [1.61 Ko] - (0.0.0.0) - C:\windows\Temp\dd_SetupUtility.txt
[MD5.28D23AE961411B3F25B2FDF35C32E483] - |A| - [20/04/2017 17:45:18] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170420_224518_107.txt
[MD5.1B202C8CAC53799B27EB1352688DE0EF] - |A| - [20/04/2017 17:45:21] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170420_224521_370.txt
[MD5.D53DC8E5B24F6B083FB5FC0DDECFBF0D] - |A| - [11/05/2017 21:14:33] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170512_021433_494.txt
[MD5.7ADAE560EB924182D94458F0906D49D7] - |A| - [11/05/2017 21:14:35] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170512_021435_967.txt
[MD5.7EAB8EF7D42A888C62FF7CB2615B01F6] - |A| - [16/08/2017 19:16:11] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170817_001611_868.txt
[MD5.0BC5DBC7F449CAE71F153402AC082412] - |A| - [16/08/2017 19:16:23] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170817_001623_385.txt
[MD5.ADB7CEC88690F956FB03F6803D759D2F] - |A| - [16/09/2017 07:59:39] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170916_125939_988.txt
[MD5.1D5C84760FFF238EEC4ABEF76AE2CABA] - |A| - [16/09/2017 07:59:44] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\windows\Temp\dd_wcf_CA_smci_20170916_125944_466.txt
[MD5.30326C10B88E7DB189BF93C57A7778DE] - |A| - [07/03/2017 00:19:10] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile00.sqm
[MD5.867F4BC34D3F79899827105F1C2FD434] - |A| - [18/03/2017 11:26:42] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile01.sqm
[MD5.828C2BA1F506F986DF3C71C6E89242D4] - |A| - [03/04/2017 23:28:07] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile02.sqm
[MD5.C53ED116C184F80B4E0F792E26C795C0] - |A| - [04/04/2017 22:47:47] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile03.sqm
[MD5.7E0C93F3B385FE2A35EB8E81B2E7EC25] - |A| - [08/04/2017 22:00:46] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile04.sqm
[MD5.EB9E76AE07DAAE1842C74A79112D9D65] - |A| - [23/04/2017 20:32:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile05.sqm
[MD5.ADB9206E192571D51EB7B7E95FF82302] - |A| - [13/05/2017 09:19:35] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile06.sqm
[MD5.52DBC3FFE257EC3B5F8BA5D1D1B00F2D] - |A| - [29/05/2017 21:39:24] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile07.sqm
[MD5.66EA077045775AD57E676B59EB533412] - |A| - [16/06/2017 11:52:30] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile08.sqm
[MD5.9CEC111855DFC75B92C2EF18537176F2] - |A| - [15/07/2017 05:50:32] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile09.sqm
[MD5.06550C33A19BE2C829B377D651D1B19A] - |A| - [15/07/2017 13:41:26] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile10.sqm
[MD5.74CB0FCF02116D286F9BFC6070038D03] - |A| - [25/07/2017 17:56:13] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile11.sqm
[MD5.8AF8E7A058970644ECBDCE30F83D9F50] - |A| - [25/08/2017 18:20:07] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile12.sqm
[MD5.AA5C10AB7272361A34C891479EE3E7E6] - |A| - [24/09/2017 20:31:04] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\windows\Temp\fwtsqmfile13.sqm
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 16:55:11] - (.-.) - [0 Ko] - (0.0.0.0) - C:\windows\Temp\GUR9C68.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 17:20:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\windows\Temp\GURD01A.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/10/2017 17:08:10] - (.-.) - [0 Ko] - (0.0.0.0) - C:\windows\Temp\GURD7E7.tmp
[MD5.58B2297376FFF8616A8409768FA2E461] - |A| - [11/05/2017 21:12:46] - (.-.) - [16737.5 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014511_20170511_211232611-Microsoft .NET Framework 4.6.1-MSP0.txt
[MD5.27178A34908ED492F3F7DDAB124FEC88] - |A| - [11/05/2017 21:12:31] - (.-.) - [78.46 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014511_20170511_211232611.html
[MD5.293D9076C25763ABDD53156CA6EAFF66] - |A| - [20/04/2017 17:43:56] - (.-.) - [16043.53 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014553_20170420_174345103-Microsoft .NET Framework 4.6.1-MSP0.txt
[MD5.4F42918F366882F94D5ED265E9224307] - |A| - [20/04/2017 17:43:40] - (.-.) - [77.07 Ko] - (0.0.0.0) - C:\windows\Temp\KB4014553_20170420_174345103.html
[MD5.3BFF186D1C6D775D3F5245B48F199441] - |A| - [16/09/2017 07:58:22] - (.-.) - [8386.28 Ko] - (0.0.0.0) - C:\windows\Temp\KB4040973_20170916_075818822-Microsoft .NET Framework 4.7-MSP0.txt
[MD5.277486BAE87CD544916009CB16DB1119] - |A| - [16/09/2017 07:58:18] - (.-.) - [97.14 Ko] - (0.0.0.0) - C:\windows\Temp\KB4040973_20170916_075818822.html
[MD5.B147C6BAA0DD641BF45D9F45273E1B88] - |A| - [16/08/2017 19:14:26] - (.-.) - [20273.38 Ko] - (0.0.0.0) - C:\windows\Temp\Microsoft .NET Framework 4.7 Setup_20170816_191418963-MSI_netfx_Full_x64.msi.txt
[MD5.CA18E82FAA86AE12DD4EA1DA5B0D091B] - |A| - [16/08/2017 19:14:16] - (.-.) - [629.24 Ko] - (0.0.0.0) - C:\windows\Temp\Microsoft .NET Framework 4.7 Setup_20170816_191418963.html
[MD5.489FAFE1FE704CC2CA4C007E200F347A] - |A| - [24/02/2017 15:05:11] - (.-.) - [669.53 Ko] - (0.0.0.0) - C:\windows\Temp\MpCmdRun.log
[MD5.18ABBA0D6A7464BA61597855BDF77AEE] - |A| - [25/02/2017 15:05:54] - (.-.) - [750.32 Ko] - (0.0.0.0) - C:\windows\Temp\MpSigStub.log
[MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [16/08/2017 19:16:29] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI5BDB.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [16/08/2017 19:16:29] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI5BDB.tmp-tmp
[MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [16/09/2017 07:59:52] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI7258.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [16/09/2017 07:59:52] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI7258.tmp-tmp
[MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [11/05/2017 21:14:46] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI8A8C.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [11/05/2017 21:14:46] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI8A8C.tmp-tmp
[MD5.1C7EFB00BEDB350EE9CC87350B65D3AE] - |A| - [20/04/2017 17:45:31] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\windows\Temp\RGI930D.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [20/04/2017 17:45:31] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\windows\Temp\RGI930D.tmp-tmp
[MD5.0EFB76D2BBBD8BDDE4CE34A95CC23128] - |A| - [20/08/2017 19:05:45] - (.� McAfee, Inc. - McAfee Security Scan Plus Installer.) - [10770.2 Ko] - (3.11.599.11) - C:\windows\Temp\SecurityScan_Release.exe
[MD5.BDC04751F38DCEF295D41D302BEC95BD] - |A| - [15/03/2017 20:48:49] - (.-.) - [2.44 Ko] - (0.0.0.0) - C:\windows\Temp\Silverlight0.log
[MD5.FBDCC249F1DCA09C7B842435A10DD889] - |A| - [15/03/2017 20:48:50] - (.-.) - [6530.87 Ko] - (0.0.0.0) - C:\windows\Temp\SilverlightMSI.log
[MD5.9D70F869D2ACAF37620074A2A3A72B85] - |A| - [11/05/2017 21:18:58] - (.-.) - [1.71 Ko] - (0.0.0.0) - C:\windows\Temp\TFR65C2.tmp
[MD5.59071590099D21DD439896592338BF95] - |AT| - [01/10/2017 17:20:14] - (.-.) - [512 Ko] - (0.0.0.0) - C:\windows\Temp\TMPAEB0815EAF4C0FAE
[MD5.3E2268E5841EA0B41B6867A8D767592F] - |A| - [25/09/2017 21:34:37] - (.-.) - [12 Ko] - (0.0.0.0) - C:\windows\Temp\WFV1FE8.tmp
[MD5.00000000000000000000000000000000] - |D| - [12/09/2017 22:00:21] - [98.44 Ko] - C:\windows\Temp\{B63B41E2-D092-4D68-B86E-1388601C43B0}
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [0 Ko] - C:\windows\System32\0409
[MD5.6581B78CE6B5107CE071146097A874FD] - |AH| - [13/07/2009 23:45:49] - (.-.) - [28.17 Ko] - (0.0.0.0) - C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.6581B78CE6B5107CE071146097A874FD] - |AH| - [13/07/2009 23:45:49] - (.-.) - [28.17 Ko] - (0.0.0.0) - C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [4987.5 Ko] - C:\windows\System32\AdvancedInstallers
[MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [13/07/2009 20:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\windows\System32\brcoinst.dll
[MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [13/07/2009 19:07:04] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |HD| - [25/10/2013 22:07:01] - [3229.78 Ko] - C:\windows\System32\CanonIJ Uninstaller Information
[MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [13/07/2009 18:56:54] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\windows\System32\CardGames.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [134675.91 Ko] - C:\windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [27623.76 Ko] - C:\windows\System32\catroot2
[MD5.EA88F93CA71EDEB959BB483998E84730] - |A| - [20/06/2014 19:43:56] - (.-.) - [12.5 Ko] - (0.0.0.0) - C:\windows\System32\CNC1747D.TBL
[MD5.022E082550DB4ABA33AAF06DD1C9048D] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - WIA Scanner Driver 64-bit Edition.) - [1322.5 Ko] - (1.0.0.0) - C:\windows\System32\CNC495C.dll
[MD5.8E29A4B8746BB7146F420DDB3192F20C] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - WIA Scanner Driver Image Enhancement dll 64-bit Edition.) - [109.5 Ko] - (1.0.0.0) - C:\windows\System32\CNC495I.dll
[MD5.2DC005681DEA0EB6E710940035DE9DE7] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - LLD.) - [340.5 Ko] - (1.0.0.0) - C:\windows\System32\CNC495L.dll
[MD5.832AC9632BC028DE0FC6F405D991E406] - |A| - [03/06/2010 06:12:14] - (.Copyright CANON INC. 2010 All Rights Reserved - Canon WIA scanner co-installer 64bit Edition.) - [101 Ko] - (3.1.2.60) - C:\windows\System32\CNC495O.dll
[MD5.493574E218AA18161D14EECFD572A0E8] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [17.5 Ko] - (1.4.1.1) - C:\windows\System32\CNHMCA6.dll
[MD5.09F6C9BF8B22D230CA73CBF17C5F9700] - |A| - [25/10/2013 22:06:13] - (.Copyright CANON INC. 2006-2010 All Rights Reserved - Canon IJ Driver Installer.) - [242.5 Ko] - (1.8.0.70) - C:\windows\System32\CNMIUA9.DLL
[MD5.93B9E4D0B7BD601372C5B50FE0381533] - |A| - [20/06/2014 19:44:13] - (.Copyright CANON INC. 2000-2011 All Rights Reserved - IJ Language Monitor.) - [376 Ko] - (0.3.0.1) - C:\windows\System32\CNMLMA9.DLL
[MD5.A14F896D4E5314E4E8732F894661F03B] - |A| - [25/10/2013 22:05:46] - (.Copyright CANON INC. 2003-2010 All Rights Reserved - Canon IJ Network 64bit comm Module.) - [320 Ko] - (2.7.0.60) - C:\windows\System32\CNMN6PPM.DLL
[MD5.45D92AA41553C4F6E6D8518EB1C291F6] - |A| - [25/10/2013 22:05:47] - (.Copyright CANON INC. 2003-2010 All Rights Reserved - Canon IJ Network 64bit UI Module.) - [36.5 Ko] - (2.7.0.60) - C:\windows\System32\CNMN6UI.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [10610.8 Ko] - C:\windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [357 Ko] - C:\windows\System32\com
[MD5.00000000000000000000000000000000] - |SD| - [07/05/2014 21:11:10] - [4945.69 Ko] - C:\windows\System32\CompatTel
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [471497.87 Ko] - C:\windows\System32\config
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [432 Ko] - C:\windows\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [427.5 Ko] - C:\windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [457.5 Ko] - C:\windows\System32\de-DE
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [13/07/2009 23:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\windows\System32\desktop.ini
[MD5.3550D4BCB4796300EF119605FA68D9A0] - |A| - [01/02/2012 20:17:27] - (.-.) - [175.52 Ko] - (0.0.0.0) - C:\windows\System32\difx64.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [5314 Ko] - C:\windows\System32\Dism
[MD5.5F06A5E87DD2A416045E08A80AD5D03F] - |A| - [13/06/2011 20:38:10] - (.Copyright (C) 2007 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [621 Ko] - (6.5.1037.1) - C:\windows\System32\DMWrapper.dll
[MD5.B6EE79D3648E51767FADFA593F91D92C] - |A| - [13/06/2011 20:29:54] - (.Copyright (C) 2007 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [443.5 Ko] - (6.5.1037.1) - C:\windows\System32\DnDWrapper.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:10] - [72795.62 Ko] - C:\windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [1269733.38 Ko] - C:\windows\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [15/09/2014 20:49:56] - [0 Ko] - C:\windows\System32\DRVSTORE
[MD5.355AF0E5CD3E8F52C5BFFDE2BA6788AB] - |A| - [01/02/2012 20:20:43] - (.Copyright (C) 2010 - Samsung Universal Print Driver I/O Manager.) - [351 Ko] - (2.1.0.2) - C:\windows\System32\DscPnt.dll
[MD5.8B5A737AD11EF45D9B1AEB4ED6884968] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [711.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSBassEnhancementDLL64.dll
[MD5.21B38D4D86A87909491F690883AE6D1E] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Boost COM DLL.) - [1452.1 Ko] - (1.0.0.1) - C:\windows\System32\DTSBoostDLL64.dll
[MD5.FF31A2F57AAAB58DB78FCC961A58B206] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [418.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSGainCompensatorDLL64.dll
[MD5.BC0474E5476E5EA0D0E1AA5AC41E2061] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS GFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\windows\System32\DTSGFXAPO64.dll
[MD5.3B8FB5376F5431C0101747D5138BCB9B] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS GFX APO.) - [236.1 Ko] - (1.0.0.3) - C:\windows\System32\DTSGFXAPONS64.dll
[MD5.B3977C8BA77559F4F8752AE8EB724C87] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS LFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\windows\System32\DTSLFXAPO64.dll
[MD5.192A03A21636D3775CEE4C049C3BEB2A] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Limiter COM DLL.) - [422.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSLimiterDLL64.dll
[MD5.2EF5442E8E7ED20F7634EEFB09640C8F] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS NEO
C COM DLL.) - [479.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSNeoPCDLL64.dll
[MD5.F7C357462077156DC211AC2112FC8C53] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1531.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSS2HeadphoneDLL64.dll
[MD5.F132C08BD8C58579B400DFAA71F34CFB] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1715.1 Ko] - (1.0.0.1) - C:\windows\System32\DTSS2SpeakerDLL64.dll
[MD5.9948969B2C1987B1D64789EFEB284A84] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Symmetry COM DLL.) - [695.6 Ko] - (1.0.0.1) - C:\windows\System32\DTSSymmetryDLL64.dll
[MD5.DE32448E6B40141C80DAABFF6FBE1744] - |A| - [01/02/2012 17:33:31] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [677.1 Ko] - (1.0.0.1) - C:\windows\System32\DTSVoiceClarityDLL64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [457 Ko] - C:\windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [1804 Ko] - C:\windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [35007.27 Ko] - C:\windows\System32\en-US
[MD5.46B8E04B3C35CB93F89EF27746D7A908] - |A| - [13/07/2009 20:20:15] - (.Copyright (C) SEIKO EPSON CORPORATION 2008. - Epson Printer Driver.) - [76 Ko] - (1.0.0.0) - C:\windows\System32\EP0SLM01.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [448 Ko] - C:\windows\System32\es-ES
[MD5.5FFF863DB5BC54685FEF62886C51E899] - |A| - [05/06/2012 18:31:40] - (.Copyright (C) SEIKO EPSON CORP. 2006 - EPSON WIA Module.) - [82 Ko] - (1.7.3.1) - C:\windows\System32\esxcwiad.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [160.5 Ko] - C:\windows\System32\et-EE
[MD5.36883ACDE963E75C32BBCBD94838A10A] - |A| - [13/06/2011 20:24:56] - (.-.) - [2 Ko] - (0.0.0.0) - C:\windows\System32\EventLogMessages.dll
[MD5.9891511E620B74DAC5FC6376667F10BE] - |A| - [05/06/2012 18:58:51] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2007. - ECBTEGB AMD64.) - [79.5 Ko] - (2.1.0.0) - C:\windows\System32\E_IBCBEDA.DLL
[MD5.2A07D47A4E19ABA5857CF159E4B83C1E] - |A| - [11/11/2013 19:55:17] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\windows\System32\E_IBCBIBA.DLL
[MD5.5119CA537F22E38019C811C0BE314EC2] - |A| - [05/06/2012 18:58:52] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2007. - EPSON Bi-directional Monitor AMD64.) - [105.5 Ko] - (2.8.0.0) - C:\windows\System32\E_ILMEDA.DLL
[MD5.EC03B2D63A9A3AB25A7062CC9036F453] - |A| - [11/11/2013 19:55:22] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2011. - EPSON Bi-directional Monitor AMD64.) - [117.5 Ko] - (3.3.0.0) - C:\windows\System32\E_ILMIBA.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [430 Ko] - C:\windows\System32\fi-FI
[MD5.FEEF1EF699CC02B998F3B3DAEAE6FEA5] - |A| - [24/02/2017 14:53:08] - (.-.) - [408.52 Ko] - (0.0.0.0) - C:\windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [454 Ko] - C:\windows\System32\fr-FR
[MD5.653CDCA6BE222085FEFEE8B2B94D42F2] - |A| - [31/01/2014 16:22:14] - (.Copyright © 2006-2014 FTDI Ltd. - FTDI USB Serial Converter Property Page Provider.) - [108.86 Ko] - (1.3.0.1) - C:\windows\System32\ftbusui.dll
[MD5.1349D33B23E6A218D57BB507CE9D2B16] - |A| - [31/01/2014 16:22:16] - (.Copyright © 2001-2014 FTDI Ltd. - FTD2XX Dynamic Link Library.) - [252.36 Ko] - (3.2.8.0) - C:\windows\System32\ftd2xx.dll
[MD5.F4446E14847F77B78093E5565D9FEC96] - |A| - [31/01/2014 16:22:16] - (.Copyright © 2001-2013 FTDI Ltd. - FTDI Multi-Lingual Property Page Text Library.) - [210.86 Ko] - (1.5.2.1) - C:\windows\System32\FTLang.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\System32\FxsTmp
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 15:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\windows\System32\gatherNetworkInfo.vbs
[MD5.C3AB41E0AC1FD0A76F6B2ACFF2D026F6] - |A| - [01/02/2012 20:17:27] - (.-.) - [150.75 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ar-SA.resources
[MD5.95010458D8FE989A9701A73A6A3C9CCB] - |A| - [01/02/2012 20:17:27] - (.-.) - [128.81 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.cs-CZ.resources
[MD5.4807D80B51F138D68137C5CCF6666588] - |A| - [01/02/2012 20:17:27] - (.-.) - [124.13 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.da-DK.resources
[MD5.996D188997F062A4B7A6D36D0CADD0DB] - |A| - [01/02/2012 20:17:27] - (.-.) - [133.03 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.de-DE.resources
[MD5.00B110E8451CC833832B4BDE2A9C2DC5] - |A| - [01/02/2012 20:17:27] - (.-.) - [191.09 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.el-GR.resources
[MD5.60E1F44D2BB3243CF57F20555F4BF1D7] - |A| - [01/02/2012 20:17:27] - (.-.) - [119.77 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.en-US.resources
[MD5.E4E57FAFF34A606205B80C400D159A81] - |A| - [01/02/2012 20:17:27] - (.-.) - [132.98 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.es-ES.resources
[MD5.75E69F3FC2A7AE68B2C70CE781C15260] - |A| - [01/02/2012 20:17:27] - (.-.) - [128.38 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.fi-FI.resources
[MD5.B62B5B76EBE28F69F0F9DBA283552AE1] - |A| - [01/02/2012 20:17:27] - (.-.) - [130.94 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.fr-FR.resources
[MD5.B76B7FF4396BC54589ABE49D94992FC5] - |A| - [01/02/2012 20:17:27] - (.-.) - [143.94 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.he-IL.resources
[MD5.247F5387208FA65E58A40DF8D7871A67] - |A| - [01/02/2012 20:17:27] - (.-.) - [127.36 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.hr-HR.resources
[MD5.17621A4FC0896CEA65926548FB30895A] - |A| - [01/02/2012 20:17:27] - (.-.) - [129.75 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.hu-HU.resources
[MD5.323F5D8F5623EA1B95F192E6A24C3E6B] - |A| - [01/02/2012 20:17:27] - (.-.) - [135.39 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.it-IT.resources
[MD5.32967A254EFFE93213A9463C61520BB8] - |A| - [01/02/2012 20:17:27] - (.-.) - [147.8 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ja-JP.resources
[MD5.AB29B5A1E56A2177E009B766EA01239F] - |A| - [01/02/2012 20:17:27] - (.-.) - [133.79 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ko-KR.resources
[MD5.15C92E815FC7FE5933BC538EC864ED2D] - |A| - [01/02/2012 20:17:27] - (.-.) - [124.38 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.nb-NO.resources
[MD5.97DF38E931E5152EB5FD650DF4B85D4F] - |A| - [01/02/2012 20:17:27] - (.-.) - [129.76 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.nl-NL.resources
[MD5.E9DB6BD9A68E934383F6C17EFF0ECD34] - |A| - [01/02/2012 20:17:27] - (.-.) - [128.62 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.pl-PL.resources
[MD5.B0561C3DB5AD76416C0ED2CF1925D1A0] - |A| - [01/02/2012 20:17:27] - (.-.) - [130.2 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.pt-BR.resources
[MD5.635C4388BA353BAAF2D720ACE65D8CA0] - |A| - [01/02/2012 20:17:27] - (.-.) - [129.2 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.pt-PT.resources
[MD5.6BDD8BA6EB2BB04C8CACBADD8DFCD6A3] - |A| - [01/02/2012 20:17:28] - (.-.) - [131.95 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ro-RO.resources
[MD5.F4349F0D97EDF72A70D9BAB8B6B3B6D7] - |A| - [01/02/2012 20:17:28] - (.-.) - [176.02 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.ru-RU.resources
[MD5.EFEBE343C2C47474D87F10734538A3AC] - |A| - [01/02/2012 20:17:28] - (.-.) - [128.21 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.sk-SK.resources
[MD5.DFD46E1831E1656BFDE0EF7DB8056AC9] - |A| - [01/02/2012 20:17:28] - (.-.) - [124.61 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.sl-SI.resources
[MD5.BD522E7DC9836177C0B730BF36CC7C85] - |A| - [01/02/2012 20:17:28] - (.-.) - [129.32 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.sv-SE.resources
[MD5.D62F6ED4661EB4B4977F8BBC4C6E43D1] - |A| - [01/02/2012 20:17:28] - (.-.) - [203.45 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.th-TH.resources
[MD5.391439BB43EB98A96AF10F7EC18584BF] - |A| - [01/02/2012 20:17:28] - (.-.) - [130.73 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.tr-TR.resources
[MD5.BF60311546618E46D9F8163B21197F77] - |A| - [01/02/2012 20:17:28] - (.-.) - [112.5 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.zh-CN.resources
[MD5.2B78ED3326A225296FD7E23B2CF15A4A] - |A| - [01/02/2012 20:17:28] - (.-.) - [113.68 Ko] - (0.0.0.0) - C:\windows\System32\Gfxres.zh-TW.resources
[MD5.FFB49EE58EF3E271AA25F847D3299047] - |A| - [01/02/2012 20:17:28] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\windows\System32\GfxUI.exe.config
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [0 Ko] - C:\windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [0 Ko] - C:\windows\System32\GroupPolicyUsers
[MD5.105CFE016CCB20175BEACEC146F175AB] - |A| - [01/02/2012 20:17:28] - (.-.) - [92 Ko] - (0.0.0.0) - C:\windows\System32\IccLibDll_x64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [36.27 Ko] - C:\windows\System32\icsxml
[MD5.093C86CD529A3932C9E58C3387DA4AAC] - |A| - [13/07/2009 16:59:35] - (.-.) - [407.56 Ko] - (0.0.0.0) - C:\windows\System32\igcompkrng500.bin
[MD5.481F6E1CD63E09F0516B5E78B35D333E] - |A| - [01/02/2012 20:17:29] - (.-.) - [142.39 Ko] - (0.0.0.0) - C:\windows\System32\igcompkrng600.bin
[MD5.87031985145FE4FC13E8DABF387E78A4] - |A| - [13/07/2009 16:59:36] - (.-.) - [136.55 Ko] - (0.0.0.0) - C:\windows\System32\igfcg500.bin
[MD5.44E5EA6A6AB4D6343B8FBC1DE19B5005] - |A| - [13/07/2009 16:59:36] - (.-.) - [95.16 Ko] - (0.0.0.0) - C:\windows\System32\igfcg500m.bin
[MD5.C079421BCDD8C152F7A1AA013C8B5A98] - |A| - [01/02/2012 20:17:29] - (.-.) - [202.52 Ko] - (0.0.0.0) - C:\windows\System32\igfcg600m.bin
[MD5.6AFDFEE5C401303211ACCCDFD300D721] - |A| - [01/02/2012 20:17:29] - (.Copyright (C) 2010 - CM Runtime Dynamic Link Library.) - [104 Ko] - (1.0.0.2) - C:\windows\System32\igfxcmrt64.dll
[MD5.D4E9ECDDC271B76E8C7C6DCA0AEC9556] - |A| - [01/02/2012 20:17:30] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [90.5 Ko] - (1.2.30.0) - C:\windows\System32\igfxCoIn_v2266.dll
[MD5.1404000553F9B10B275114B64099C5CD] - |A| - [01/02/2012 20:17:29] - (.-.) - [4 Ko] - (1.0.0.0) - C:\windows\System32\IGFXDEVLib.dll
[MD5.71E96C791D10CAACF4867C5AD65FA19B] - |A| - [13/07/2009 16:59:36] - (.-.) - [959.18 Ko] - (0.0.0.0) - C:\windows\System32\igkrng500.bin
[MD5.7764AEA3A2C15976CDF43E7F5BD6E53C] - |A| - [01/02/2012 20:17:30] - (.-.) - [938.42 Ko] - (0.0.0.0) - C:\windows\System32\igkrng600.bin
[MD5.9A014CE65642722D72588D5196F147CE] - |A| - [01/02/2012 20:17:30] - (.-.) - [1945.25 Ko] - (0.0.0.0) - C:\windows\System32\iglhxa64.cpa
[MD5.DB945DDE9D7825BB4A173CD108193C49] - |A| - [01/02/2012 20:17:30] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\windows\System32\iglhxa64.vp
[MD5.A980B0ED5543E3DFD1C21058B06C5A65] - |A| - [01/02/2012 20:17:30] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\windows\System32\iglhxc64.vp
[MD5.82001B2CC6728CE282EF036ABC2BC975] - |A| - [01/02/2012 20:17:30] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\windows\System32\iglhxg64.vp
[MD5.3B6C78580EC3B9A0346D2AD63EC7906A] - |A| - [01/02/2012 20:17:30] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\windows\System32\iglhxo64.vp
[MD5.E6CC8FD97AE9FD7B3A2DA169E7C0EDE2] - |A| - [01/02/2012 20:17:30] - (.-.) - [13.2 Ko] - (0.0.0.0) - C:\windows\System32\iglhxs64.vp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [36875.94 Ko] - C:\windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [0 Ko] - C:\windows\System32\inetsrv
[MD5.B2E8FACE9CD0BD906CBBEACE9C1160C1] - |A| - [01/06/2015 15:05:03] - (.-.) - [24.19 Ko] - (0.0.0.0) - C:\windows\System32\iPod Software License.rtf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [452 Ko] - C:\windows\System32\it-IT
[MD5.8672D1FBB5420FB0A4366FB9186CF592] - |A| - [13/06/2011 20:29:24] - (.Copyright (C) 2007 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [557 Ko] - (6.5.1037.1) - C:\windows\System32\iWmxSDK.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [365 Ko] - C:\windows\System32\ja-JP
[MD5.8E50E3BA76CCD8868EF0415F2C388129] - |A| - [01/02/2012 17:33:32] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [589.33 Ko] - (4.1104.6000.51) - C:\windows\System32\KAAPORT64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [360 Ko] - C:\windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [13/07/2009 21:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [2704.67 Ko] - C:\windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [165 Ko] - C:\windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [166 Ko] - C:\windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [02/06/2012 03:21:06] - [90235.54 Ko] - C:\windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 15:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [1981.88 Ko] - C:\windows\System32\manifeststore
[MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [01/02/2012 17:33:32] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\windows\System32\MaxxAudioAPO20.dll
[MD5.03E0955A7D8E5E74E7F6986A56A66196] - |A| - [01/02/2012 17:33:32] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [333.34 Ko] - (3.2.1.1) - C:\windows\System32\MaxxAudioAPO30.dll
[MD5.87B5AB256A5A068EDDA0F4B4FAC728CC] - |A| - [01/02/2012 17:33:32] - (.Copyright © 1996-2007 -.) - [2145.77 Ko] - (5.9.7.0) - C:\windows\System32\MaxxAudioEQ.dll
[MD5.F5960A7D7DD19FD17F0F5640D7BAFA2A] - |A| - [01/02/2012 17:33:32] - (.Copyright © 1996-2008 -.) - [2185.84 Ko] - (1.2.0.0) - C:\windows\System32\MaxxAudioRealtek.dll
[MD5.CF171618F3999FEB4F95C77A8C376C92] - |A| - [01/02/2012 17:33:32] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [326.84 Ko] - (3.1.0.0) - C:\windows\System32\MaxxVolumeSDAPO.dll
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2009 23:45:42] - [1134.89 Ko] - C:\windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [3464.93 Ko] - C:\windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [37830.93 Ko] - C:\windows\System32\migwiz
[MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [13/07/2009 23:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [22/07/2013 18:21:50] - [0 Ko] - C:\windows\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [4148.28 Ko] - C:\windows\System32\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [11.33 Ko] - C:\windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [422.5 Ko] - C:\windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [512 Ko] - C:\windows\System32\NDF
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 17:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.8194259C88214B45D094239098EE5AE4] - |A| - [03/06/2012 18:33:09] - (.Copyright (C) 2000-2011 Nitro PDF Software - Windows NT Nitro Print PDF Interface Driver.) - [29.02 Ko] - (7.0.0.1) - C:\windows\System32\nitrolocalmon2.dll
[MD5.39170876ED0CF5E35A79A68CE80531A9] - |A| - [03/06/2012 18:33:09] - (.Copyright (C) 2000-2011 Nitro PDF Software - Windows NT Nitro Print PDF Interface Driver.) - [17.52 Ko] - (7.0.0.1) - C:\windows\System32\nitrolocalui2.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [443.5 Ko] - C:\windows\System32\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [13/07/2009 21:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\windows\System32\noise.kor
[MD5.00000000000000000000000000000000] - |D| - [11/02/2011 14:56:44] - [2.67 Ko] - C:\windows\System32\OEM
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 15:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [14327.36 Ko] - C:\windows\System32\oobe
[MD5.02DD9F55F1EE107C41C456DD26529B59] - |A| - [13/07/2009 21:36:59] - (.-.) - [120.44 Ko] - (0.0.0.0) - C:\windows\System32\perfc009.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 15:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [13/07/2009 21:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\windows\System32\perfd009.dat
[MD5.46D04DA6BC0F62B24CFEF596F6B5422B] - |A| - [13/07/2009 21:36:59] - (.-.) - [649.96 Ko] - (0.0.0.0) - C:\windows\System32\perfh009.dat
[MD5.2957533384947F69137557EAF34B08F5] - |A| - [14/07/2009 00:13:15] - (.-.) - [768.08 Ko] - (0.0.0.0) - C:\windows\System32\PerfStringBackup.INI
[MD5.DE230CD4F6B0832084DFB39424F7AB74] - |A| - [13/06/2011 20:25:10] - (.Copyright (C) 2006 - WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software.) - [232 Ko] - (6.5.1037.1) - C:\windows\System32\PipeHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [439 Ko] - C:\windows\System32\pl-PL
[MD5.962874341190719614FC9B37D5DE71F8] - |A| - [03/06/2012 18:31:18] - (.-.) - [92.78 Ko] - (0.0.0.0) - C:\windows\System32\Primomonnt.dll
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:50] - [413.88 Ko] - C:\windows\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [436 Ko] - C:\windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [438.5 Ko] - C:\windows\System32\pt-PT
[MD5.8B211FFCCC2C08DDC0FD023E70A13DD8] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [115.34 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEA64A.dll
[MD5.B90443404596E62B2E60A9EEA5FAF5CA] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [416.34 Ko] - (7.2.7000.6) - C:\windows\System32\R4EED64A.dll
[MD5.E05E98B73A089BC6DDADE5577B64D1E6] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [72.34 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEG64A.dll
[MD5.E0B4052B55114ACD0BFE627AE050E751] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [132.84 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEL64A.dll
[MD5.8D2AF770C4781E11A2AEC2089D5154C5] - |A| - [01/02/2012 17:33:32] - (.©2010 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [3230.84 Ko] - (7.2.7000.6) - C:\windows\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [23.75 Ko] - C:\windows\System32\ras
[MD5.91F5D442F081FC900953F45ED1EE9C17] - |A| - [27/04/2015 10:10:54] - (.Copyright © 2014 Razer Inc. All rights reserved - RazerCoinstaller.) - [78.5 Ko] - (0.0.0.5) - C:\windows\System32\RazerCoinstaller.dll
[MD5.AFB17CFACCCA8C722B92C83DF7C04022] - |A| - [01/02/2012 18:13:37] - (.-.) - [15.61 Ko] - (0.0.0.0) - C:\windows\System32\results.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:11] - [169 Ko] - C:\windows\System32\ro-RO
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [01/02/2012 17:33:33] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\windows\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [01/02/2012 17:33:33] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\windows\System32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\windows\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\windows\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\windows\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [01/02/2012 17:33:33] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\windows\System32\RTEEP64A.dll
[MD5.92C704590FCEDDA971B7A77945DCCDA4] - |A| - [01/02/2012 17:34:23] - (.- About Page.) - [72.53 Ko] - (1.2.0.3) - C:\windows\System32\RtNicProp64.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [20/11/2010 22:24:25] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\windows\System32\ScavengeSpace.xml
[MD5.9C4CF2E875035DBA252A736E424BF37D] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [76.34 Ko] - (3.0.0.14) - C:\windows\System32\SFAPO64.dll
[MD5.ED27D943336C2956DCE43A7B777FAEFE] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [79.34 Ko] - (3.0.0.14) - C:\windows\System32\SFCOM64.dll
[MD5.D95A37963E504EBE32693F3C2946C4C9] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [215.34 Ko] - (3.0.0.14) - C:\windows\System32\SFNHK64.dll
[MD5.9AC714C16412F3EA11E8CE13B0E5BF8A] - |A| - [01/02/2012 20:07:53] - (.-.) - [239.43 Ko] - (0.0.0.0) - C:\windows\System32\SingleBom.xml
[MD5.22DD1EAC3C61AE4D66E972E2AEB9AE45] - |A| - [01/02/2012 20:20:44] - (.SEC. - Samsung Smart Printer Driver Utility.) - [250 Ko] - (1.0.0.3) - C:\windows\System32\SIPDUtil.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [169.5 Ko] - C:\windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [166 Ko] - C:\windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [37.8 Ko] - C:\windows\System32\slmgr
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [43713.02 Ko] - C:\windows\System32\SMI
[MD5.9AC714C16412F3EA11E8CE13B0E5BF8A] - |A| - [01/02/2012 20:07:53] - (.-.) - [239.43 Ko] - (0.0.0.0) - C:\windows\System32\SNE8-03-9A-11-E1-16.xml
[MD5.BAEFF14E578F81F36DDF525B0865A8CB] - |A| - [01/02/2012 20:20:36] - (.-.) - [101 Ko] - (2.1.10.0) - C:\windows\System32\SnErHdlr.dll
[MD5.C40A1E11BB8C142F6C03D338067918FD] - |A| - [01/02/2012 20:20:36] - (.-.) - [160 Ko] - (2.1.10.0) - C:\windows\System32\SnImgFlt.dll
[MD5.D4BFA432474B85D60D87E78DDD62E044] - |A| - [01/02/2012 20:20:36] - (.-.) - [693 Ko] - (2.1.10.0) - C:\windows\System32\SnMinDrv.dll
[MD5.E817892623C6F1E1E246945DE82C306A] - |A| - [01/02/2012 17:58:00] - (.Samsung - Samsung MUI DLL.) - [273.5 Ko] - (1.1.0.0) - C:\windows\System32\snWIAMUI.dll
[MD5.53FD32411162922DDF4EE8A3D5479687] - |A| - [01/02/2012 20:20:36] - (.-.) - [203 Ko] - (2.1.10.0) - C:\windows\System32\SNWIAUI.dll
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 16:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\windows\System32\spcinstrumentation.man
[MD5.FC21BF5A1667FC745FE53D05DA4CB8A2] - |A| - [01/02/2012 20:20:43] - (.Copyright (C) 2004 Co., Ltd. - SSCoInst.) - [87.5 Ko] - (1.0.0.4) - C:\windows\System32\spd__ci.dll
[MD5.7E8730A98ACA451163A87CACF4A8E549] - |A| - [01/02/2012 20:20:44] - (.- UPD Co-Installer.) - [148 Ko] - (2.0.0.4) - C:\windows\System32\spd__ci.exe
[MD5.6490E8960C28412EDE6A3A8D7A030946] - |A| - [01/02/2012 20:20:43] - (.- Language Monitor for Status Monitor.) - [27 Ko] - (1.4.6.71) - C:\windows\System32\spd__l.dll
[MD5.4941CF4F5D206512E32FC60699C5691F] - |A| - [01/02/2012 20:20:43] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\windows\System32\spd__l.smt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [26875.5 Ko] - C:\windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [319827.5 Ko] - C:\windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [1959.75 Ko] - C:\windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [30.19 Ko] - C:\windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [170 Ko] - C:\windows\System32\sr-Latn-CS
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [01/02/2012 17:33:34] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\windows\System32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |A| - [01/02/2012 17:33:34] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\windows\System32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [01/02/2012 17:33:34] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\windows\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [01/02/2012 17:33:34] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\windows\System32\SRSWOW64.dll
[MD5.FFAC652120F6914916ED1B767BE7CE67] - |A| - [01/02/2012 20:20:36] - (.Copyright Samsung Electronics 2001 - Device Monitor.) - [65.5 Ko] - (1.5.8.0) - C:\windows\System32\Ssdevm64.dll
[MD5.4B16688EDD7FF1E5B7EAC811E95438DC] - |A| - [01/02/2012 20:20:37] - (.Copyright Samsung Electronics 2001 - USB Device.) - [42.5 Ko] - (1.0.0.0) - C:\windows\System32\Ssusbp64.dll
[MD5.00000000000000000000000000000000] - |D| - [25/10/2013 22:05:47] - [14 Ko] - C:\windows\System32\STRING
[MD5.D641337B75B9A9D5AE10687AA1097755] - |A| - [01/02/2012 20:20:44] - (.(c) Samsung Electronics CO., LTD. - Samsung UPD Service.) - [162.8 Ko] - (2.1.0.2) - C:\windows\System32\SUPDSvc.exe
[MD5.4967FD3B3134DBE0B49F047F3DE25E7A] - |A| - [01/02/2012 20:20:44] - (.(c) Samsung Electronics CO., LTD. - Samsung UPD Service Agent.) - [158.3 Ko] - (2.1.0.2) - C:\windows\System32\SUPDSvcA.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [426.5 Ko] - C:\windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [204.76 Ko] - C:\windows\System32\sysprep
[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [20/11/2010 22:24:36] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [281.46 Ko] - C:\windows\System32\Tasks
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 16:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\windows\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [157 Ko] - C:\windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [424 Ko] - C:\windows\System32\tr-TR
[MD5.00318FE42A997AB68FE4BDAE6FCE1989] - |A| - [01/02/2012 20:20:37] - (.(C) 1993-2009 TWAIN Working Group. - TWAIN 64 Source Manager (Image Acquisition Interface).) - [156.52 Ko] - (2.1.1.0) - C:\windows\System32\TWAINDSM.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:13] - [166.5 Ko] - C:\windows\System32\uk-UA
[MD5.05F9840831C29F5BE93AD8BE810D5614] - |A| - [13/07/2009 23:45:37] - (.-.) - [18 Ko] - (0.0.0.0) - C:\windows\System32\umstartup.etl
[MD5.F736AA948D0C3CBCE212B7B2CB0EF115] - |A| - [13/07/2009 23:45:37] - (.-.) - [45 Ko] - (0.0.0.0) - C:\windows\System32\umstartup000.etl
[MD5.71A48CA6300620F06753F4CA44D01AF6] - |A| - [01/02/2012 17:33:35] - (.Copyright © 1996-2007 - General Library for Plug-Ins.) - [2540.84 Ko] - (1.2.0.0) - C:\windows\System32\WavesGUILib.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [45636.67 Ko] - C:\windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:50] - [60.46 Ko] - C:\windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [75032.38 Ko] - C:\windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 16:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\System32\wfp
[MD5.989890289984AA7CCA8FEB2A4B7510C8] - |A| - [01/02/2012 20:20:37] - (.-.) - [82.61 Ko] - (0.0.0.0) - C:\windows\System32\WIAEXSTR.loc
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [73.5 Ko] - C:\windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [8584.71 Ko] - C:\windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [105684 Ko] - C:\windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [99.06 Ko] - C:\windows\System32\winrm
[MD5.EA88F93CA71EDEB959BB483998E84730] - |A| - [20/06/2014 19:43:56] - (.-.) - [12.5 Ko] - (0.0.0.0) - C:\windows\SysWOW64\CNC1747D.TBL
[MD5.0A294F1A46F4BCB5C4323FFEB276393D] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - LLD.) - [300 Ko] - (1.0.0.0) - C:\windows\SysWOW64\CNC495L.dll
[MD5.7B0B9146146B111E2F3EA58C0F3B5756] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2010 All Rights Reserved - Scanner Driver.) - [104 Ko] - (1.0.0.0) - C:\windows\SysWOW64\CNC495U.dll
[MD5.D16CF34B17899F90A8FCF2A3F77B4A27] - |A| - [20/06/2014 19:43:56] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [15.5 Ko] - (1.4.1.1) - C:\windows\SysWOW64\CNHMCA.dll
[MD5.B3B13025E236417E8B6BC8E96D7773EF] - |A| - [05/02/2010 04:37:33] - (.Copyright CANON INC. 2003-2010 All Rights Reserved - Canon IJ Network 32bit comm Module.) - [333 Ko] - (2.7.0.60) - C:\windows\SysWOW64\CNMNPPM.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [302.5 Ko] - C:\windows\SysWOW64\com
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1523.77 Ko] - C:\windows\SysWOW64\config
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [427.5 Ko] - C:\windows\SysWOW64\cs-CZ
[MD5.846B03F22587A13AAF419096F9684F6E] - |A| - [01/02/2012 17:32:06] - (.Copyright 2008 - CSVer.) - [52 Ko] - (9.2.0.1019) - C:\windows\SysWOW64\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [422.5 Ko] - C:\windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [452 Ko] - C:\windows\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [4135 Ko] - C:\windows\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [3495.5 Ko] - C:\windows\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1.05 Ko] - C:\windows\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [451.5 Ko] - C:\windows\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [1648 Ko] - C:\windows\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [31830.02 Ko] - C:\windows\SysWOW64\en-US
[MD5.861CCF1A77792AD4E7A39D9106B58E73] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.33 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_BP.cfg
[MD5.CC553A14E5E33464E53717953E9C7E79] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.22 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_CF.cfg
[MD5.28D6D18D2D51AFF6BFD3D6545AEDE2B6] - |A| - [05/06/2012 18:32:05] - (.-.) - [12.37 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_EN.cfg
[MD5.788091375D05FE6FEDDC3031B5EC9638] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_ES.cfg
[MD5.CC553A14E5E33464E53717953E9C7E79] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.22 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_FR.cfg
[MD5.861CCF1A77792AD4E7A39D9106B58E73] - |A| - [05/06/2012 18:32:05] - (.-.) - [6.33 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICLocal_PT.cfg
[MD5.29E93E8EEAF957BDC03182A5B383FF4F] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 1.10.) - [50.16 Ko] - (1.1.0.1) - C:\windows\SysWOW64\EpPicMgr.dll
[MD5.6F8256E5C21DCA0B71E2960BD1574A4F] - |A| - [05/06/2012 18:32:05] - (.-.) - [28.43 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern1.dat
[MD5.99B39A991604A09125A63D1F83A1668F] - |A| - [05/06/2012 18:32:05] - (.-.) - [26.77 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern121.dat
[MD5.C35D83EF6773F875E85A37CD389FC98A] - |A| - [05/06/2012 18:32:05] - (.-.) - [30.33 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern131.dat
[MD5.1330F7E87620F5A3B2B2F769C73749AE] - |A| - [05/06/2012 18:32:05] - (.-.) - [12.97 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern2.dat
[MD5.74096ECE9DCA5340883D2871E92B0E13] - |A| - [05/06/2012 18:32:05] - (.-.) - [20.53 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern3.dat
[MD5.0D2E4219C97CDCC3CFAA5E3077CB6280] - |A| - [05/06/2012 18:32:05] - (.-.) - [10.42 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern4.dat
[MD5.D67E0E406C42FB5192865073D96B3B4A] - |A| - [05/06/2012 18:32:05] - (.-.) - [15.3 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern5.dat
[MD5.E000BC718432CBB8F8AF9A2DD4EBCC59] - |A| - [05/06/2012 18:32:05] - (.-.) - [4.83 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPattern6.dat
[MD5.5A84A0F8D547CCEAFA5F94BB96D05A7E] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_BP.dat
[MD5.DF1FC390514F29307D1AB8DC62E2CBF7] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_CF.dat
[MD5.DD3199930A3D8F9BED7B29280B4CF30B] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.08 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_EN.dat
[MD5.11F898E51C743BECDFD9E8386C908F7D] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_ES.dat
[MD5.DF1FC390514F29307D1AB8DC62E2CBF7] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_FR.dat
[MD5.5A84A0F8D547CCEAFA5F94BB96D05A7E] - |A| - [05/06/2012 18:32:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPresetData_PT.dat
[MD5.C22208277045909CEAC3D1A8050DEB1A] - |A| - [05/06/2012 18:32:05] - (.-.) - [71.5 Ko] - (0.0.0.0) - C:\windows\SysWOW64\EPPICPrinterDB.dat
[MD5.2259687A780CDD3895649A9F632983D5] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 1.10.) - [50.16 Ko] - (1.1.0.1) - C:\windows\SysWOW64\EpPicPrt.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [443 Ko] - C:\windows\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [160.5 Ko] - C:\windows\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [425 Ko] - C:\windows\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [449 Ko] - C:\windows\SysWOW64\fr-FR
[MD5.E326988DEAE82D6106CAC4DF79EDAF21] - |A| - [31/01/2014 16:22:16] - (.Copyright © 2001-2014 FTDI Ltd. - FTD2XX Dynamic Link Library.) - [214.86 Ko] - (3.2.8.0) - C:\windows\SysWOW64\ftd2xx.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [191.5 Ko] - C:\windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [168 Ko] - C:\windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [429 Ko] - C:\windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [36.27 Ko] - C:\windows\SysWOW64\icsxml
[MD5.093C86CD529A3932C9E58C3387DA4AAC] - |A| - [13/07/2009 16:59:35] - (.-.) - [407.56 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igcompkrng500.bin
[MD5.481F6E1CD63E09F0516B5E78B35D333E] - |A| - [01/02/2012 20:17:29] - (.-.) - [142.39 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igcompkrng600.bin
[MD5.87031985145FE4FC13E8DABF387E78A4] - |A| - [13/07/2009 16:59:36] - (.-.) - [136.55 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igfcg500.bin
[MD5.44E5EA6A6AB4D6343B8FBC1DE19B5005] - |A| - [13/07/2009 16:59:36] - (.-.) - [95.16 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igfcg500m.bin
[MD5.C079421BCDD8C152F7A1AA013C8B5A98] - |A| - [01/02/2012 20:17:29] - (.-.) - [202.52 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igfcg600m.bin
[MD5.71E96C791D10CAACF4867C5AD65FA19B] - |A| - [13/07/2009 16:59:36] - (.-.) - [959.18 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igkrng500.bin
[MD5.7764AEA3A2C15976CDF43E7F5BD6E53C] - |A| - [01/02/2012 20:17:30] - (.-.) - [938.42 Ko] - (0.0.0.0) - C:\windows\SysWOW64\igkrng600.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [34096.94 Ko] - C:\windows\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1160 Ko] - C:\windows\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [447 Ko] - C:\windows\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [361 Ko] - C:\windows\SysWOW64\ja-JP
[MD5.F8211DB97BF852C3292C3E9C710C19D9] - |A| - [18/11/2013 23:18:23] - (.Copyright © 2016 - Java(TM) Web Start Launcher.) - [263.56 Ko] - (11.101.2.13) - C:\windows\SysWOW64\javaws.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [356.5 Ko] - C:\windows\SysWOW64\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [13/07/2009 21:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\windows\SysWOW64\korwbrkr.lex
[MD5.0D3D161D2364A7830CE231103365233F] - |A| - [01/02/2012 17:32:39] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\windows\SysWOW64\log.txt
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [0 Ko] - C:\windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [165 Ko] - C:\windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [166 Ko] - C:\windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [01/02/2012 17:40:47] - [66333.24 Ko] - C:\windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1968.26 Ko] - C:\windows\SysWOW64\manifeststore
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [13/07/2009 23:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\windows\SysWOW64\mapisvc.inf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [3178.93 Ko] - C:\windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [32737.45 Ko] - C:\windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [52.28 Ko] - C:\windows\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [11.33 Ko] - C:\windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [418 Ko] - C:\windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [51 Ko] - C:\windows\SysWOW64\NetworkList
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [438.5 Ko] - C:\windows\SysWOW64\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [13/07/2009 21:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\windows\SysWOW64\noise.kor
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [2566.05 Ko] - C:\windows\SysWOW64\oobe
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 16:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\windows\SysWOW64\PerfCenterCpl.ico
[MD5.B30946193228EE8BB8ECACF8EFF5ED2D] - |A| - [31/05/2012 08:15:27] - (.-.) - [760.87 Ko] - (0.0.0.0) - C:\windows\SysWOW64\PerfStringBackup.INI
[MD5.68D2DE06776BEC0409AF80D26C2FD42E] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 3.0.) - [106.16 Ko] - (3.0.0.2) - C:\windows\SysWOW64\PICEntry.dll
[MD5.93C3E9EE30280A8ED2D56DCEDA0FAF3F] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 3.0.) - [78.15 Ko] - (3.0.0.1) - C:\windows\SysWOW64\PICSDK.dll
[MD5.7F0934D17E976BC53BB0D226D6E9E781] - |A| - [05/06/2012 18:32:05] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\windows\SysWOW64\PICSDK.ini
[MD5.17152A7F21C9802E7826DE63D2DF184C] - |A| - [05/06/2012 18:32:05] - (.Copyright (C) SEIKO EPSON CORPORATION 2001-2006, - EPSON PIC SDK 3.0.) - [490.15 Ko] - (3.0.1.3) - C:\windows\SysWOW64\PICSDK2.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [434 Ko] - C:\windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [413.88 Ko] - C:\windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [431 Ko] - C:\windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [433 Ko] - C:\windows\SysWOW64\pt-PT
[MD5.977CD878C93F15CBEA0DC92EDF17FB57] - |A| - [13/10/2014 22:14:54] - (.Copyright © 2014 Razer Inc. All rights reserved - Razer RzDeviceDLL Manager.) - [87 Ko] - (1.0.29.5) - C:\windows\SysWOW64\rzdevinfo.dll
[MD5.9AC714C16412F3EA11E8CE13B0E5BF8A] - |A| - [01/02/2012 20:07:53] - (.-.) - [239.43 Ko] - (0.0.0.0) - C:\windows\SysWOW64\SingleBom.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [169.5 Ko] - C:\windows\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [166 Ko] - C:\windows\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [37.8 Ko] - C:\windows\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [2800 Ko] - C:\windows\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [1142.37 Ko] - C:\windows\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [30.19 Ko] - C:\windows\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [170 Ko] - C:\windows\SysWOW64\sr-Latn-CS
[MD5.BF3F5010F4F005A96A07FD7D10318767] - |A| - [01/02/2012 20:20:36] - (.Copyright Samsung Electronics 2001 - Device Monitor.) - [66 Ko] - (1.5.8.0) - C:\windows\SysWOW64\Ssdevm.dll
[MD5.D7F4BAF51DBEE3DC9EAF51BEE5B8F94B] - |A| - [01/02/2012 20:20:37] - (.Copyright Samsung Electronics 2001 - USB Device.) - [48 Ko] - (0.6.0.0) - C:\windows\SysWOW64\Ssusbpn.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [421.5 Ko] - C:\windows\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [27/11/2014 03:28:35] - [0 Ko] - C:\windows\SysWOW64\SysInfo
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [0 Ko] - C:\windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [0 Ko] - C:\windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [157 Ko] - C:\windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [419 Ko] - C:\windows\SysWOW64\tr-TR
[MD5.FF1FB7E7B0372138C14F43EDF54D424D] - |A| - [01/02/2012 20:20:37] - (.(C) 1993-2009 TWAIN Working Group. - TWAIN 32 Source Manager (Image Acquisition Interface).) - [140.52 Ko] - (2.1.1.0) - C:\windows\SysWOW64\TWAINDSM.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [166.5 Ko] - C:\windows\SysWOW64\uk-UA
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [13/07/2009 21:35:41] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\windows\SysWOW64\vfpodbc.dll
[MD5.00000000000000000000000000000000] - |D| - [02/06/2012 03:26:15] - [237.33 Ko] - C:\windows\SysWOW64\Wat
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [8883.12 Ko] - C:\windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [60.46 Ko] - C:\windows\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [101.23 Ko] - C:\windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:32:38] - [8539.71 Ko] - C:\windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 02:06:51] - [99.06 Ko] - C:\windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [333.5 Ko] - C:\windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [255.5 Ko] - C:\windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:20:14] - [334 Ko] - C:\windows\SysWOW64\zh-TW
---------- | Shell Folders
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
"AppData"=C:\Users\Tonya\AppData\Roaming [01/06/2012 04:28:39]
"Local AppData"=C:\Users\Tonya\AppData\Local [01/06/2012 04:28:39]
"My Video"=C:\Users\Tonya\Videos [01/06/2012 04:28:39]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Libraries [01/06/2012 04:41:49]
"My Pictures"=C:\Users\Tonya\Pictures [01/06/2012 04:28:39]
"Desktop"=C:\Users\Tonya\Desktop [01/06/2012 04:28:39]
"History"=C:\Users\Tonya\AppData\Local\Microsoft\Windows\History [01/06/2012 04:28:39]
"NetHood"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Network Shortcuts [01/06/2012 04:28:39]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Tonya\Contacts [01/06/2012 04:41:40]
"Cookies"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Cookies [01/06/2012 04:28:39]
"Favorites"=C:\Users\Tonya\Favorites [01/06/2012 04:28:39]
"SendTo"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\SendTo [01/06/2012 04:28:39]
"Start Menu"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu [01/06/2012 04:28:39]
"My Music"=C:\Users\Tonya\Music [01/06/2012 04:28:39]
"Programs"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [01/06/2012 04:28:39]
"Recent"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Recent [01/06/2012 04:28:39]
"CD Burning"=C:\Users\Tonya\AppData\Local\Microsoft\Windows\Burn\Burn [24/02/2017 15:06:26]
"PrintHood"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [01/06/2012 04:28:39]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Tonya\Searches [01/06/2012 04:41:49]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Tonya\Downloads [01/06/2012 04:28:39]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Tonya\AppData\LocalLow [01/06/2012 04:28:40]
"Startup"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [01/06/2012 04:28:39]
"Administrative Tools"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [01/06/2012 04:41:49]
"Personal"=C:\Users\Tonya\Documents [01/06/2012 04:28:39]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Tonya\Links [01/06/2012 04:28:39]
"Cache"=C:\Users\Tonya\AppData\Local\Microsoft\Windows\Temporary Internet Files [01/06/2012 04:28:39]
"Templates"=C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Templates [01/06/2012 04:28:39]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Tonya\Saved Games [01/06/2012 04:28:39]
"Fonts"=C:\windows\Fonts [13/07/2009 22:20:09]
[HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files
"Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies
"Desktop"=%USERPROFILE%\Desktop
"Favorites"=%USERPROFILE%\Favorites
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History
"Local AppData"=%USERPROFILE%\AppData\Local
"My Music"=%USERPROFILE%\Music
"My Pictures"=%USERPROFILE%\Pictures
"My Video"=%USERPROFILE%\Videos
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
"Personal"=%USERPROFILE%\Documents
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop [13/07/2009 22:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [13/07/2009 22:20:08]
"CommonVideo"=C:\Users\Public\Videos [13/07/2009 22:20:08]
"CommonPictures"=C:\Users\Public\Pictures [13/07/2009 22:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [13/07/2009 22:20:08]
"CommonMusic"=C:\Users\Public\Music [13/07/2009 22:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 00:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [13/07/2009 22:20:08]
"Common Documents"=C:\Users\Public\Documents [13/07/2009 22:20:08]
"OEM Links"=C:\ProgramData\OEM Links
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [13/07/2009 22:20:08]
"Common AppData"=C:\ProgramData [13/07/2009 22:20:08]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"CommonPictures"=%PUBLIC%\Pictures
"CommonMusic"=%PUBLIC%\Music
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common AppData"=%ProgramData%
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop [13/07/2009 22:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [13/07/2009 22:20:08]
"CommonVideo"=C:\Users\Public\Videos [13/07/2009 22:20:08]
"CommonPictures"=C:\Users\Public\Pictures [13/07/2009 22:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [13/07/2009 22:20:08]
"CommonMusic"=C:\Users\Public\Music [13/07/2009 22:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 00:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [13/07/2009 22:20:08]
"Common Documents"=C:\Users\Public\Documents [13/07/2009 22:20:08]
"OEM Links"=C:\ProgramData\OEM Links
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [13/07/2009 22:20:08]
"Common AppData"=C:\ProgramData [13/07/2009 22:20:08]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"CommonPictures"=%PUBLIC%\Pictures
"CommonMusic"=%PUBLIC%\Music
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common AppData"=%ProgramData%
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates
---------- | [Public]
---------- | [Tonya]
[01/06/2012 04:28:39] - |D| - [1635643120] - C:\Users\Tonya\AppData\Local
[01/06/2012 04:28:40] - |D| - [2648558] - C:\Users\Tonya\AppData\LocalLow
[01/06/2012 04:28:39] - |D| - [152996103] - C:\Users\Tonya\AppData\Roaming
[01/06/2012 08:45:34] - |D| - [2745913] - C:\Users\Tonya\AppData\Local\Adobe
[15/09/2014 20:47:45] - |D| - [0] - C:\Users\Tonya\AppData\Local\Apple
[15/09/2014 20:50:18] - |D| - [76422393] - C:\Users\Tonya\AppData\Local\Apple Computer
[01/06/2012 04:28:40] - |SHD| - [16962042232] - C:\Users\Tonya\AppData\Local\Application Data
[01/06/2012 04:42:23] - |D| - [0] - C:\Users\Tonya\AppData\Local\Apps
[21/02/2017 11:18:01] - |D| - [0] - C:\Users\Tonya\AppData\Local\CEF
[01/06/2012 08:55:05] - |D| - [6427] - C:\Users\Tonya\AppData\Local\CyberLink
[01/06/2012 04:42:22] - |D| - [0] - C:\Users\Tonya\AppData\Local\Deployment
[05/06/2012 18:23:34] - |D| - [439051] - C:\Users\Tonya\AppData\Local\ElevatedDiagnostics
[01/06/2012 04:39:11] - |D| - [295606] - C:\Users\Tonya\AppData\Local\eMusic
[03/06/2017 11:18:42] - |A| - [113992] - C:\Users\Tonya\AppData\Local\GDIPFONTCACHEV1.DAT
[20/02/2013 18:28:34] - |D| - [533149838] - C:\Users\Tonya\AppData\Local\Google
[01/06/2015 14:52:10] - |D| - [71] - C:\Users\Tonya\AppData\Local\GWX
[01/06/2012 04:28:40] - |SHD| - [130] - C:\Users\Tonya\AppData\Local\History
[03/01/2013 20:28:23] - |D| - [55690729] - C:\Users\Tonya\AppData\Local\HorizonWimba
[23/02/2017 15:23:13] - |AH| - [2844732] - C:\Users\Tonya\AppData\Local\IconCache.db
[24/06/2012 12:38:17] - |D| - [0] - C:\Users\Tonya\AppData\Local\Macromedia
[01/06/2012 04:28:39] - |D| - [464597354] - C:\Users\Tonya\AppData\Local\Microsoft
[01/06/2012 06:45:46] - |D| - [0] - C:\Users\Tonya\AppData\Local\Microsoft Help
[01/06/2012 05:56:37] - |D| - [1373504] - C:\Users\Tonya\AppData\Local\MicrosoftStore
[01/06/2012 23:30:47] - |D| - [384085062] - C:\Users\Tonya\AppData\Local\Mozilla
[01/06/2012 04:42:23] - |D| - [40960] - C:\Users\Tonya\AppData\Local\Power2Go
[24/02/2017 07:49:48] - |D| - [1132211] - C:\Users\Tonya\AppData\Local\PrivaZer
[06/02/2013 22:41:57] - |D| - [0] - C:\Users\Tonya\AppData\Local\Programs
[02/07/2015 22:31:59] - |D| - [864] - C:\Users\Tonya\AppData\Local\Razer_Inc
[12/05/2015 13:07:35] - |D| - [0] - C:\Users\Tonya\AppData\Local\Steam
[01/06/2012 04:28:39] - |D| - [112633245] - C:\Users\Tonya\AppData\Local\Temp
[01/06/2012 04:28:40] - |SHD| - [148644216] - C:\Users\Tonya\AppData\Local\Temporary Internet Files
[07/04/2014 01:18:18] - |D| - [69632] - C:\Users\Tonya\AppData\Local\Windows Live
[01/03/2017 20:51:35] - |D| - [0] - C:\Users\Tonya\AppData\Local\YSearchUtil
[23/02/2017 15:40:37] - |D| - [1536] - C:\Users\Tonya\AppData\Local\Zemana
[01/10/2017 17:09:40] - |A| - [0] - C:\Users\Tonya\AppData\Local\{347A7B5A-EBBF-40ED-8CF5-576ACC06E515}
[17/11/2013 23:21:14] - |D| - [125558] - C:\Users\Tonya\AppData\LocalLow\Adobe
[23/06/2015 00:29:48] - |D| - [8770] - C:\Users\Tonya\AppData\LocalLow\Apple Computer
[25/10/2013 22:11:43] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Canon Easy-WebPrint EX
[25/10/2013 22:11:43] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Canon Easy-WebPrint EX2
[30/11/2014 12:45:44] - |SHD| - [0] - C:\Users\Tonya\AppData\LocalLow\EmieBrowserModeList
[21/06/2014 11:18:29] - |SHD| - [0] - C:\Users\Tonya\AppData\LocalLow\EmieSiteList
[21/06/2014 11:18:29] - |SHD| - [0] - C:\Users\Tonya\AppData\LocalLow\EmieUserList
[01/06/2012 04:45:48] - |SD| - [1441717] - C:\Users\Tonya\AppData\LocalLow\Microsoft
[19/12/2016 07:47:12] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Mozilla
[23/12/2012 10:31:14] - |D| - [1072513] - C:\Users\Tonya\AppData\LocalLow\Sun
[20/06/2014 19:42:30] - |D| - [0] - C:\Users\Tonya\AppData\LocalLow\Temp
[01/06/2012 04:45:34] - |D| - [360982] - C:\Users\Tonya\AppData\Roaming\Adobe
[15/09/2014 20:50:18] - |D| - [208301] - C:\Users\Tonya\AppData\Roaming\Apple Computer
[01/06/2012 08:55:05] - |D| - [2418] - C:\Users\Tonya\AppData\Roaming\CyberLink
[05/06/2012 18:55:18] - |D| - [262] - C:\Users\Tonya\AppData\Roaming\EPSON
[23/02/2017 16:41:53] - |D| - [7266061] - C:\Users\Tonya\AppData\Roaming\Everything
[22/02/2017 17:50:39] - |D| - [10085] - C:\Users\Tonya\AppData\Roaming\Geek Uninstaller
[23/06/2015 00:27:18] - |D| - [72049661] - C:\Users\Tonya\AppData\Roaming\GoPro
[01/06/2012 04:41:41] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\Identities
[01/06/2012 05:48:51] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\InstallShield
[01/06/2012 04:28:41] - |D| - [1272] - C:\Users\Tonya\AppData\Roaming\Intel
[05/06/2012 18:35:59] - |D| - [543] - C:\Users\Tonya\AppData\Roaming\Leadertech
[01/06/2012 04:45:34] - |D| - [41555] - C:\Users\Tonya\AppData\Roaming\Macromedia
[13/10/2013 23:42:46] - |A| - [36] - C:\Users\Tonya\AppData\Roaming\mbam.context.scan
[01/06/2012 04:28:39] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\Media Center Programs
[01/06/2012 04:28:39] - |SD| - [18002876] - C:\Users\Tonya\AppData\Roaming\Microsoft
[01/06/2012 23:30:47] - |D| - [47280289] - C:\Users\Tonya\AppData\Roaming\Mozilla
[03/06/2012 18:33:31] - |D| - [241] - C:\Users\Tonya\AppData\Roaming\Nitro PDF
[06/06/2015 13:55:57] - |D| - [400] - C:\Users\Tonya\AppData\Roaming\puush
[13/09/2012 06:52:55] - |D| - [4836424] - C:\Users\Tonya\AppData\Roaming\Skype
[12/10/2016 20:06:20] - |D| - [0] - C:\Users\Tonya\AppData\Roaming\Sun
[12/03/2015 20:49:08] - |D| - [85758] - C:\Users\Tonya\AppData\Roaming\vlc
[20/11/2012 22:44:35] - |D| - [27] - C:\Users\Tonya\AppData\Roaming\WebApp
[01/03/2017 20:52:18] - |D| - [370] - C:\Users\Tonya\AppData\Roaming\Yahoo
[23/02/2017 16:55:46] - |D| - [2848542] - C:\Users\Tonya\AppData\Roaming\ZHP
[01/06/2012 04:41:49] - |ASH| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[01/06/2012 04:28:39] - |RD| - [25489] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[01/06/2012 04:28:39] - |RD| - [14619] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[01/06/2012 04:41:49] - |RD| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[01/06/2012 04:41:49] - |ASH| - [476] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[26/02/2017 09:40:41] - |D| - [2053] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[01/06/2012 04:42:07] - |A| - [1417] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[01/06/2012 04:28:39] - |RD| - [580] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[18/07/2014 15:01:23] - |D| - [2170] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mission Planner
[24/02/2017 07:49:48] - |D| - [3826] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
[01/06/2012 04:28:39] - |RD| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[01/06/2012 04:41:49] - |ASH| - [174] - C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
---------- | C:\ProgramData
[15/09/2014 20:48:38] - |D| - [4772] - C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[01/02/2012 17:44:09] - |D| - [503041403] - C:\ProgramData\Adobe
[29/01/2013 22:07:53] - |D| - [8336] - C:\ProgramData\Amazon
[15/09/2014 20:46:24] - |D| - [44791248] - C:\ProgramData\Apple
[15/09/2014 20:48:38] - |D| - [28567064] - C:\ProgramData\Apple Computer
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Application Data
[25/10/2013 22:07:11] - |HD| - [24945081] - C:\ProgramData\CanonBJ
[05/01/2014 17:18:38] - |HD| - [114] - C:\ProgramData\CanonIJEGV
[25/10/2013 22:11:49] - |D| - [2675] - C:\ProgramData\CanonIJMSetup
[27/10/2013 19:05:43] - |HD| - [116] - C:\ProgramData\CanonIJMyPrinter
[14/11/2013 18:32:48] - |D| - [65690] - C:\ProgramData\CanonIJPLM
[27/10/2013 19:06:10] - |HD| - [1652] - C:\ProgramData\CanonIJSolutionMenuEX
[25/10/2013 22:10:52] - |D| - [67887] - C:\ProgramData\CanonIJWSpt
[21/02/2017 11:16:22] - |HD| - [96] - C:\ProgramData\Common Files
[01/02/2012 17:44:34] - |D| - [106689] - C:\ProgramData\CyberLink
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Desktop
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Documents
[05/06/2012 18:31:50] - |D| - [2034968] - C:\ProgramData\EPSON
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Favorites
[05/06/2012 08:06:24] - |D| - [692223] - C:\ProgramData\Hewlett-Packard
[01/02/2012 17:35:38] - |D| - [13060] - C:\ProgramData\Intel
[06/02/2013 22:42:13] - |D| - [159185594] - C:\ProgramData\Malwarebytes
[20/08/2017 13:35:35] - |D| - [186064] - C:\ProgramData\McAfee
[02/10/2017 20:16:00] - |D| - [1432] - C:\ProgramData\McAfee Security Scan
[13/07/2009 22:20:08] - |SD| - [1857255688] - C:\ProgramData\Microsoft
[01/06/2012 06:45:44] - |D| - [366320] - C:\ProgramData\Microsoft Help
[03/06/2012 18:33:05] - |D| - [241] - C:\ProgramData\Nitro PDF
[18/11/2013 23:18:30] - |D| - [72304784] - C:\ProgramData\Oracle
[24/02/2017 07:49:48] - |D| - [71] - C:\ProgramData\privazer
[02/07/2015 17:32:57] - |D| - [2283] - C:\ProgramData\Razer
[01/02/2012 17:36:28] - |D| - [0] - C:\ProgramData\Roaming
[01/03/2017 20:45:38] - |D| - [1607] - C:\ProgramData\salesforce.com
[01/02/2012 17:38:30] - |D| - [537310] - C:\ProgramData\SAMSUNG
[01/02/2012 17:53:38] - |D| - [148035224] - C:\ProgramData\Skype
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Start Menu
[01/02/2012 17:53:13] - |D| - [44732] - C:\ProgramData\Symantec
[01/02/2012 17:44:34] - |D| - [677670] - C:\ProgramData\Temp
[14/07/2009 00:08:56] - |SHD| - [0] - C:\ProgramData\Templates
[05/06/2012 18:35:00] - |D| - [2251] - C:\ProgramData\UDL
[01/02/2012 17:54:14] - |D| - [17253664] - C:\ProgramData\WinClon
---------- | C:\ProgramData\Microsoft\Windows\Start Menu
[14/07/2009 00:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[13/07/2009 23:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[13/07/2009 22:20:08] - |RD| - [311312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[13/07/2009 23:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[13/07/2009 22:20:08] - |RD| - [41931] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[21/02/2017 08:55:49] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[14/07/2009 00:32:38] - |RD| - [18363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[29/01/2013 22:07:34] - |D| - [2000] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[01/02/2012 17:37:00] - |D| - [1890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[25/10/2013 22:07:01] - |D| - [2828] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series
[25/10/2013 22:07:30] - |D| - [3590] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series Manual
[25/10/2013 22:11:48] - |D| - [4152] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series User Registration
[25/10/2013 22:08:15] - |D| - [24712] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[23/02/2017 16:46:54] - |D| - [922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[01/02/2012 17:45:07] - |RD| - [9525] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[01/06/2012 04:40:59] - |RD| - [3643] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[01/03/2017 20:45:38] - |A| - [1134] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Loader.lnk
[13/07/2009 23:54:23] - |SH| - [1748] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[05/06/2012 18:31:40] - |D| - [12789] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[05/06/2012 18:35:00] - |D| - [4384] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[14/07/2009 00:32:38] - |RD| - [5742] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[20/02/2013 18:33:06] - |A| - [2155] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[01/02/2012 17:33:14] - |RD| - [2593] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[01/02/2012 17:42:09] - |D| - [2124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
[01/02/2012 17:35:40] - |D| - [2108] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[01/02/2012 17:42:09] - |A| - [2112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Wireless Display.lnk
[01/03/2017 20:48:45] - |D| - [6407] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[13/07/2009 22:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[21/02/2017 10:37:18] - |D| - [3794] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[02/10/2017 20:16:38] - |D| - [3035] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[02/02/2012 10:30:20] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[31/07/2012 23:33:32] - |D| - [28673] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[01/02/2012 18:15:01] - |A| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[31/05/2012 08:15:29] - |A| - [2117] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[13/03/2013 19:39:33] - |D| - [2225] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[01/06/2012 23:30:44] - |A| - [1123] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[03/06/2012 18:33:08] - |A| - [2507] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[01/02/2012 17:53:13] - |D| - [2451] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
[03/06/2012 18:31:19] - |D| - [3607] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
[24/02/2017 07:49:48] - |A| - [1861] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[06/06/2015 13:55:29] - |D| - [943] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
[23/06/2015 00:31:52] - |D| - [6698] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[01/02/2012 17:37:30] - |D| - [2557] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[01/02/2012 17:37:52] - |D| - [33606] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[01/02/2012 17:57:19] - |D| - [17608] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
[13/07/2009 23:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[23/02/2017 08:09:38] - |D| - [2097] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[13/07/2009 22:20:08] - |RD| - [2138] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[24/02/2017 10:05:45] - |D| - [2035] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE
[12/03/2015 20:47:46] - |D| - [5580] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[13/07/2009 23:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[02/02/2012 10:30:15] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[13/07/2009 23:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[01/02/2012 18:25:07] - |RD| - [4580] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[01/02/2012 18:22:22] - |A| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[01/02/2012 18:20:33] - |A| - [2486] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[01/02/2012 18:23:59] - |A| - [1305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[01/02/2012 18:23:53] - |A| - [1374] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[13/07/2009 23:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[13/07/2009 23:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[13/07/2009 23:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[20/08/2017 13:35:37] - |A| - [1964] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
---------- | C:\Program Files (x86)
[17/05/2013 21:47:32] - |D| - [325577527] - C:\Program Files (x86)\Adobe
[29/01/2013 22:07:39] - |D| - [2589753] - C:\Program Files (x86)\Amazon
[01/02/2012 17:36:58] - |D| - [2299140] - C:\Program Files (x86)\ASM104xUSB3
[25/10/2013 22:05:02] - |D| - [354992024] - C:\Program Files (x86)\Canon
[01/02/2012 17:35:38] - |D| - [6695110] - C:\Program Files (x86)\Cisco
[13/07/2009 22:20:08] - |D| - [1670785561] - C:\Program Files (x86)\Common Files
[01/02/2012 17:44:37] - |D| - [1201139406] - C:\Program Files (x86)\CyberLink
[13/07/2009 23:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[05/06/2012 18:31:39] - |D| - [22534276] - C:\Program Files (x86)\epson
[05/06/2012 18:34:21] - |D| - [83559974] - C:\Program Files (x86)\Epson Software
[20/02/2013 18:28:34] - |D| - [426251069] - C:\Program Files (x86)\Google
[01/02/2012 17:32:27] - |HD| - [200825512] - C:\Program Files (x86)\InstallShield Installation Information
[01/02/2012 17:32:06] - |D| - [19696565] - C:\Program Files (x86)\Intel
[01/02/2012 17:42:07] - |D| - [54613438] - C:\Program Files (x86)\Intel Corporation
[13/07/2009 22:20:08] - |D| - [10537025] - C:\Program Files (x86)\Internet Explorer
[01/03/2017 20:48:23] - |D| - [167658430] - C:\Program Files (x86)\Java
[31/07/2012 23:30:19] - |D| - [39769547] - C:\Program Files (x86)\Microsoft Analysis Services
[01/02/2012 18:15:00] - |D| - [560680348] - C:\Program Files (x86)\Microsoft Office
[31/05/2012 08:15:26] - |D| - [1527760] - C:\Program Files (x86)\Microsoft Security Client
[13/03/2013 19:38:41] - |D| - [42892246] - C:\Program Files (x86)\Microsoft Silverlight
[01/02/2012 18:23:47] - |D| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[01/06/2012 06:48:16] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[18/07/2014 15:00:44] - |D| - [105250150] - C:\Program Files (x86)\Mission Planner
[15/07/2017 13:23:02] - |D| - [125167785] - C:\Program Files (x86)\Mozilla Firefox
[23/02/2017 08:03:45] - |D| - [90079] - C:\Program Files (x86)\Mozilla Maintenance Service
[14/07/2009 00:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[03/06/2012 18:31:16] - |D| - [85563774] - C:\Program Files (x86)\Nitro PDF
[24/02/2017 07:49:48] - |D| - [20526943] - C:\Program Files (x86)\PrivaZer
[06/06/2015 13:55:28] - |D| - [568904] - C:\Program Files (x86)\puush
[23/06/2015 00:30:49] - |D| - [73605940] - C:\Program Files (x86)\QuickTime
[01/02/2012 17:33:30] - |D| - [5836757] - C:\Program Files (x86)\Realtek
[14/07/2009 00:32:38] - |D| - [36945665] - C:\Program Files (x86)\Reference Assemblies
[01/02/2012 17:37:29] - |D| - [719987] - C:\Program Files (x86)\Renesas Electronics
[01/03/2017 20:45:38] - |D| - [14206812] - C:\Program Files (x86)\salesforce.com
[01/02/2012 17:37:49] - |D| - [440232243] - C:\Program Files (x86)\Samsung
[01/02/2012 17:58:28] - |D| - [1953792] - C:\Program Files (x86)\SamsungPrinterLiveUpdate
[23/02/2017 08:09:37] - |RD| - [85321101] - C:\Program Files (x86)\Skype
[01/02/2012 17:53:13] - |D| - [6446523] - C:\Program Files (x86)\Symantec
[24/02/2017 10:05:45] - |D| - [2003623] - C:\Program Files (x86)\Toolwiz Smart Defrag FREE
[12/03/2015 20:46:47] - |D| - [117120538] - C:\Program Files (x86)\VideoLAN
[14/07/2009 00:32:38] - |D| - [512000] - C:\Program Files (x86)\Windows Defender
[01/02/2012 18:20:05] - |D| - [569962652] - C:\Program Files (x86)\Windows Live
[13/07/2009 22:20:08] - |D| - [6115840] - C:\Program Files (x86)\Windows Mail
[14/07/2009 00:32:38] - |D| - [5008657] - C:\Program Files (x86)\Windows Media Player
[13/07/2009 22:20:08] - |D| - [12061876] - C:\Program Files (x86)\Windows NT
[14/07/2009 00:32:38] - |D| - [4394248] - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 00:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 00:32:38] - |D| - [5990148] - C:\Program Files (x86)\Windows Sidebar
[01/03/2017 20:51:35] - |D| - [829136] - C:\Program Files (x86)\Yahoo!
---------- | C:\Program Files
[25/10/2013 22:08:09] - |D| - [6157320] - C:\Program Files\Canon
[25/10/2013 22:06:01] - |HD| - [10728478] - C:\Program Files\CanonBJ
[23/02/2017 16:46:49] - |D| - [20447168] - C:\Program Files\CCleaner
[13/07/2009 22:20:08] - |D| - [140634357] - C:\Program Files\Common Files
[13/07/2009 23:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini
[18/07/2014 15:01:57] - |D| - [1047632] - C:\Program Files\DIFX
[14/07/2009 00:32:38] - |D| - [90245652] - C:\Program Files\DVD Maker
[01/06/2012 04:38:48] - |D| - [47860976] - C:\Program Files\Elantech
[23/02/2017 16:41:52] - |D| - [1969104] - C:\Program Files\Everything
[01/02/2012 17:35:12] - |D| - [129583140] - C:\Program Files\Intel
[13/07/2009 22:20:08] - |D| - [31061348] - C:\Program Files\Internet Explorer
[21/02/2017 10:36:51] - |D| - [134080922] - C:\Program Files\Malwarebytes
[20/08/2017 19:05:59] - |D| - [20662876] - C:\Program Files\McAfee Security Scan
[14/07/2009 00:32:38] - |D| - [149182514] - C:\Program Files\Microsoft Games
[31/07/2012 23:30:25] - |D| - [6718465] - C:\Program Files\Microsoft Office
[31/05/2012 08:15:24] - |D| - [33437421] - C:\Program Files\Microsoft Security Client
[13/03/2013 19:38:42] - |D| - [55725526] - C:\Program Files\Microsoft Silverlight
[14/07/2009 00:32:38] - |D| - [25757] - C:\Program Files\MSBuild
[01/02/2012 17:33:43] - |D| - [18754584] - C:\Program Files\Realtek
[14/07/2009 00:32:38] - |D| - [34604713] - C:\Program Files\Reference Assemblies
[01/02/2012 17:40:34] - |D| - [624286233] - C:\Program Files\SAMSUNG
[01/02/2012 17:57:19] - |D| - [14723171] - C:\Program Files\Samsung AnyWeb Print
[23/02/2017 08:04:25] - |D| - [134539102] - C:\Program Files\VideoLAN
[14/07/2009 00:32:38] - |D| - [4016640] - C:\Program Files\Windows Defender
[01/02/2012 18:18:33] - |D| - [12748927] - C:\Program Files\Windows Live
[13/07/2009 22:20:08] - |D| - [6602240] - C:\Program Files\Windows Mail
[14/07/2009 00:32:38] - |D| - [7665069] - C:\Program Files\Windows Media Player
[13/07/2009 22:20:08] - |D| - [12491956] - C:\Program Files\Windows NT
[14/07/2009 00:32:38] - |D| - [5492504] - C:\Program Files\Windows Photo Viewer
[14/07/2009 00:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices
[14/07/2009 00:32:38] - |D| - [11370192] - C:\Program Files\Windows Sidebar
---------- | C:\Program Files (x86)\Common Files
[01/02/2012 17:44:06] - |D| - [10544601] - C:\Program Files (x86)\Common Files\Adobe
[01/06/2012 04:39:52] - |D| - [28502386] - C:\Program Files (x86)\Common Files\Adobe AIR
[15/09/2014 20:46:24] - |D| - [0] - C:\Program Files (x86)\Common Files\Apple
[01/02/2012 17:45:05] - |D| - [0] - C:\Program Files (x86)\Common Files\CyberLink
[17/05/2014 09:58:24] - |D| - [99992] - C:\Program Files (x86)\Common Files\DESIGNER
[01/02/2012 17:33:28] - |D| - [3692915] - C:\Program Files (x86)\Common Files\InstallShield
[01/02/2012 17:33:11] - |D| - [13811953] - C:\Program Files (x86)\Common Files\Intel
[01/02/2012 17:42:07] - |D| - [70684086] - C:\Program Files (x86)\Common Files\Intel Corporation
[24/07/2017 22:39:58] - |D| - [1941064] - C:\Program Files (x86)\Common Files\Java
[13/07/2009 22:20:08] - |D| - [205749452] - C:\Program Files (x86)\Common Files\microsoft shared
[03/06/2012 18:33:03] - |D| - [16035234] - C:\Program Files (x86)\Common Files\Nitro PDF
[01/02/2012 17:32:36] - |D| - [161212] - C:\Program Files (x86)\Common Files\postureAgent
[01/02/2012 17:40:03] - |D| - [4617163] - C:\Program Files (x86)\Common Files\Samsung
[13/07/2009 22:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[23/02/2017 08:09:37] - |D| - [2574296] - C:\Program Files (x86)\Common Files\Skype
[13/07/2009 22:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines
[12/05/2015 13:03:42] - |D| - [569024] - C:\Program Files (x86)\Common Files\Steam
[13/07/2009 22:20:08] - |D| - [10488867] - C:\Program Files (x86)\Common Files\System
[01/02/2012 18:17:02] - |D| - [1260206831] - C:\Program Files (x86)\Common Files\Windows Live
---------- | C:\Program Files\Common files
[25/10/2013 22:11:00] - |D| - [560] - C:\Program Files\Common files\CANON
[11/11/2013 19:55:52] - |D| - [330944] - C:\Program Files\Common files\EPSON
[01/02/2012 17:33:12] - |D| - [30853630] - C:\Program Files\Common files\Intel
[13/07/2009 22:20:08] - |D| - [83295708] - C:\Program Files\Common files\Microsoft Shared
[03/06/2012 18:33:04] - |D| - [13396394] - C:\Program Files\Common files\Nitro PDF
[13/07/2009 22:20:08] - |D| - [2702] - C:\Program Files\Common files\Services
[13/07/2009 22:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines
[13/07/2009 22:20:08] - |D| - [12145651] - C:\Program Files\Common files\System
---------- | Tasks
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 00:08:49] - |AH| - [6] - C:\windows\Tasks\SA.DAT
[MD5.BDA50892CA0F022DC0BC688BEA595699] - [14/07/2009 00:08:49] - |A| - [32548] - C:\windows\Tasks\SCHEDLGU.TXT
[MD5.95D2F4DD5F0970D49CCABFE8B0D3156C] - [26/04/2017 19:58:41] - |A| - [4476] - C:\windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.855FD8364D820E4F612D145F38ADC52C] - [20/08/2017 13:35:32] - |A| - [4474] - C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe
[MD5.B1E95243608B6B622202A2EA4B0F9216] - [20/08/2017 13:35:32] - |A| - [4324] - C:\windows\System32\Tasks\Adobe Flash Player Updater : C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.086987E8DF4B930CB9690FBECF155D99] - [23/02/2017 16:46:58] - |A| - [2792] - C:\windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.EF3A66D2E608C3C017B2168A7C8C192F] - [05/04/2017 21:14:24] - |A| - [3202] - C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.4158805613FF9EC6EBD6AB1A112995D3] - [05/04/2017 21:14:25] - |A| - [3330] - C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [13/07/2009 22:20:13] - |D| - [247776] - C:\windows\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [01/06/2012 06:49:03] - |D| - [4392] - C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
[MD5.E19FBA42DAB689DEBABDEF29B8EB5E74] - [01/02/2012 17:38:29] - |A| - [2994] - C:\windows\System32\Tasks\WifiManager : "%programfiles(x86)%\Samsung\Easy Display Manager\WifiManager.exe"
[MD5.00000000000000000000000000000000] - [14/07/2009 00:09:57] - |D| - [4478] - C:\windows\System32\Tasks\WPD
[MD5.501871642E0A31B6193596B2E053EBE6] - [18/07/2013 20:59:39] - |A| - [2988] - C:\windows\System32\Tasks\{64A7C46F-B7BD-458F-BCF2-57372439E14B} : C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
[MD5.501871642E0A31B6193596B2E053EBE6] - [18/07/2013 20:59:40] - |A| - [2988] - C:\windows\System32\Tasks\{C30423AA-F180-40E1-8A14-3F221956945A} : C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
[MD5.00000000000000000000000000000000] - [13/07/2009 22:20:14] - |D| - [0] - C:\windows\Syswow64\Tasks\Microsoft
---------- | Firewall
[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"TCP Query User{AAF3E441-D6E6-4BA2-8F3E-F4F2EA6D5309}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|Defer=User|
"UDP Query User{988FD355-F579-4EBB-BD1B-A08E7B81AC89}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|Defer=User|
"TCP Query User{E6604BE6-A7FF-4817-A9B3-E1232A13A16F}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|
"UDP Query User{C2EFEC6D-1483-471C-AFD7-9772728B61FB}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|
"{FCCA4305-A5D9-45CA-BC8A-D0C161C362D9}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|
---------- | Control\Class
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{027A838E-7356-4A2F-A5BF-25A2A2C33FCC}] : (WiMAX) [] -> @oem12.inf,%ClassName%;Intel(R) Centrino(R) WiMAX adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{034F6FB2-1BCC-41C9-9FD2-DBB357DE0838}] : (WIDI) [] -> @oem21.inf,%ClassName%;Intel(R) Wireless Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}] : (GEARAspiWDM) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C30ECEA0-11EF-4EF9-B02E-6AF81E6E65C0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
---------- | Loaded modules (whitelist)
[02/12/2010 23:55:32] - (2.0.30.0) - (Renesas Electronics Corporation - USB 3.0 Host Controller Driver) - C:\windows\system32\DRIVERS\nusb3xhc.sys
[01/02/2012 20:24:23] - (10.0.0.9) - (ELAN Microelectronics Corp. - ETD Kernel Center) - C:\windows\system32\DRIVERS\ETD.sys
[02/12/2010 23:55:32] - (2.0.30.0) - (Renesas Electronics Corporation - USB 3.0 Hub Driver) - C:\windows\system32\DRIVERS\nusb3hub.sys
---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service
R0 - [Kernel Driver] - ACPI (Microsoft ACPI Driver) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (IDE Channel) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Compbatt (Microsoft Composite Battery Driver) -> system32\DRIVERS\compbatt.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Disk Driver) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iaStor (Intel AHCI Controller) -> system32\DRIVERS\iaStor.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
S0 - [File System Driver] - MpFilter (Microsoft Malware Protection Driver) -> system32\DRIVERS\MpFilter.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (PCI Bus Driver) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Microsoft Virtual Drive Enumerator Driver) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Volume Manager Driver) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Storage volumes) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (CD-ROM Driver) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) -> system32\DRIVERS\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - SABI (SAMSUNG Kernel Driver For Windows 7) -> \??\C:\windows\system32\Drivers\SABI.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Terminal Device Driver) -> system32\DRIVERS\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VWiFiFlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
S2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - TurboB (Turbo Boost UI Monitor driver) -> system32\DRIVERS\TurboB.sys - AcceptPause: False - AcceptStop: False
---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)
---------- | Uninstall (Whitelist)
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}] : (Intel(R) PROSet/Wireless WiFi Software.-.Intel Corporation) -> MsiExec /I{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}] : (Intel(R) Wireless Display.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5C1DA3D9-F590-4317-A4FB-274F658E504B}] : (Intel® PROSet/Wireless WiMAX Software.-.Intel Corporation) -> MsiExec.exe /X{5C1DA3D9-F590-4317-A4FB-274F658E504B}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7B72A3FB-2563-4A83-B054-98C57415DFFA}] : (Nitro Reader 2.-.Nitro PDF Software) -> MsiExec.exe /X{7B72A3FB-2563-4A83-B054-98C57415DFFA}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}] : (Visual Studio 2012 x64 Redistributables.-.AVG Technologies) -> MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}] : (Intel(R) Turbo Boost Technology Monitor 2.0.-.Intel) -> MsiExec.exe /X{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}] : (Best Buy pc app.-.Best Buy) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] : (Adobe Flash Player 27 ActiveX.-.Adobe Systems Incorporated) -> C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_ActiveX.exe -maintain activex
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 27 NPAPI.-.Adobe Systems Incorporated) -> C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_Plugin.exe -maintain plugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI] : (Adobe Flash Player 27 PPAPI.-.Adobe Systems Incorporated) -> C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe -maintain pepperplugin
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Data Loader] : (Data Loader.-.salesforce.com) -> C:\Program Files (x86)\salesforce.com\Data Loader\Uninstaller.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\McAfee Security Scan] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Toolwiz Smart Defrag FREE_is1] : (Toolwiz Smart Defrag 2011.-.Toolwiz.com.) -> "C:\Program Files (x86)\Toolwiz Smart Defrag FREE\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BB8304A-BAFD-4339-B8D7-2BB31F85DADA}] : (Mission Planner.-.Michael Oborne) -> MsiExec.exe /X{1BB8304A-BAFD-4339-B8D7-2BB31F85DADA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180141F0}] : (Java 8 Update 141.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180141F0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2DDC70C1-C77A-4D08-89D2-9AB648504533}] : (Easy Content Share.-.Samsung Electronics Co., LTD) -> MsiExec.exe /I{2DDC70C1-C77A-4D08-89D2-9AB648504533}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}] : (QuickTime 7.-.Apple Inc.) -> MsiExec.exe /I{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}] : (Norton Online Backup.-.Symantec Corporation) -> MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5442DAB8-7177-49E1-8B22-09A049EA5996}] : (Renesas Electronics USB 3.0 Host Controller Driver.-.Renesas Electronics Corporation) -> MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{54A4839E-87F8-4BD1-9682-A349E9943F0A}] : (Amazon Unbox Video.-.Amazon.com) ->
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{63B5DA5A-477B-438D-A6A0-118787A4C71B}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{63B5DA5A-477B-438D-A6A0-118787A4C71B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8732818E-CA78-4ACB-B077-22311BF4C0E4}] : (Easy Network Manager.-.Samsung) -> MsiExec.exe /I{8732818E-CA78-4ACB-B077-22311BF4C0E4}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}] : (Visual Studio 2012 x86 Redistributables.-.AVG Technologies CZ, s.r.o.) -> MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824237067}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-5464-3428-900000000004}] : (Spelling Dictionaries Support For Adobe Reader 9.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}] : (Почта Windows Live.-.Корпорация Майкрософт) -> MsiExec.exe /I{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3592426-531E-4110-911D-BFECE2CE284B}] : (puush.-.Dean Herbert) -> MsiExec.exe /X{C3592426-531E-4110-911D-BFECE2CE284B}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CBFD061C-4B27-4A89-ADD8-210316EEFA11}] : (Windows Live Messenger.-.Корпорация Майкрософт) -> MsiExec.exe /X{CBFD061C-4B27-4A89-ADD8-210316EEFA11}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}] : (Asmedia ASM104x USB 3.0 Host Controller Driver.-.Asmedia Technology) -> MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F687E657-F636-44DF-8125-9FEEA2C362F5}] : (Samsung Support Center 1.0.-.Samsung) -> MsiExec.exe /I{F687E657-F636-44DF-8125-9FEEA2C362F5}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F84906ED-BB54-4889-B131-FED9C9056FC8}] : (Intel(R) Wireless Display.-.Intel Corporation) -> MsiExec.exe /X{F84906ED-BB54-4889-B131-FED9C9056FC8}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.32.-.Skype Technologies S.A.) -> MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FFD0E594-823B-4E2B-B680-720B3C852588}] : (BatteryLifeExtender.-.Samsung) -> MsiExec.exe /I{FFD0E594-823B-4E2B-B680-720B3C852588}
---------- | Ports
---------- | Installer
[HKCR\Installer\Products\046E72916C2A7AB4F834FF2DEAD3CF3F] : Intel(R) PROSet/Wireless WiFi Software -> C:\windows\Installer\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\07E577C8197A8AD4CB3CA67B31F64448] : Visual Studio 2012 x64 Redistributables
[HKCR\Installer\Products\098990BCF5D15D11E99A0005AB3E711E] : PowerDirector -> C:\windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1C07CDD2A77C80D4982DA96B84055433] : Easy Content Share -> C:\windows\Installer\{2DDC70C1-C77A-4D08-89D2-9AB648504533}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\38E1FB04BE028D11795C00905C206085] : Power2Go -> C:\windows\Installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42C6FBF1DF1C10144AB2C065F4E9E897] : PowerStarter -> C:\windows\Installer\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\495E0DFFB328B2E46B0827B0C3585288] : BatteryLifeExtender -> C:\windows\Installer\{FFD0E594-823B-4E2B-B680-720B3C852588}\_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110140F] : Java 8 Update 141 -> C:\Program Files (x86)\Java\jre1.8.0_141\\bin\javaws.exe
[HKCR\Installer\Products\52744B0D6663D294EB6F85A741DBB99D] : MSVCRT_amd64
[HKCR\Installer\Products\6116D6C8427B0184F8D20D746E7B6DE8] : Mesh Runtime
[HKCR\Installer\Products\6242953CE135011419D1FBCE2EEC82B4] : puush -> C:\windows\Installer\{C3592426-531E-4110-911D-BFECE2CE284B}\osunew_0001.ico
[HKCR\Installer\Products\68AB67CA408033019195008142320776] : Adobe Refresh Manager -> C:\windows\Installer\{AC76BA86-0804-1033-1959-001824237067}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA73301B744CAF070E41400] : Adobe Acrobat Reader DC -> C:\windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\68AB67CA7DA746454382090000000040] : Spelling Dictionaries Support For Adobe Reader 9 -> C:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6FD66A043D225B447A3D381B812A0CCD] : Norton Online Backup -> C:\windows\Installer\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}\MainIcon.ico
[HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.32 -> C:\windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
[HKCR\Installer\Products\756E786F636FFD441852F9EE2A3C265F] : Samsung Support Center 1.0 -> C:\windows\Installer\{F687E657-F636-44DF-8125-9FEEA2C362F5}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\7664CBBF125287E41BDB78607F4745B9] : Best Buy pc app
[HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10
[HKCR\Installer\Products\7E0BA6F1DDC839B4A832AAE92BEFCF4E] : Junk Mail filter update
[HKCR\Installer\Products\8994BF104C33134458DE70E9E3FE7ED5] : YouCam -> C:\windows\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8BAD244577171E94B822900A94AE9569] : Renesas Electronics USB 3.0 Host Controller Driver -> C:\windows\Installer\{5442DAB8-7177-49E1-8B22-09A049EA5996}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93B0BF4E199C7EE459DDA1A187753DD3] : Asmedia ASM104x USB 3.0 Host Controller Driver -> C:\windows\Installer\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
[HKCR\Installer\Products\9D3AD1C5095F71344ABF72F456E805B4] : Intel® PROSet/Wireless WiMAX Software -> C:\windows\Installer\{5C1DA3D9-F590-4317-A4FB-274F658E504B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A5AD5B36B774D8346A0A1178784A7CB1] : Adobe AIR
[HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT
[HKCR\Installer\Products\A91FFE89BA03B4E49B340FB6C136BE8F] : Visual Studio 2012 x86 Redistributables
[HKCR\Installer\Products\AE851E081817EF047A1003C16EEB46BA] : MediaShow -> C:\windows\Installer\{80E158EA-7181-40FE-A701-301CE6BE64AB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\B0AFE77B3DB92214F9A9519A365BAE42] : Intel(R) Turbo Boost Technology Monitor 2.0 -> C:\windows\Installer\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\BF3A27B7365238A40B45895C4751FDAF] : Nitro Reader 2 -> C:\windows\Installer\{7B72A3FB-2563-4A83-B054-98C57415DFFA}\Reader.ico
[HKCR\Installer\Products\C2CBC2D34D56364478BABBC258C9F1E3] : QuickTime 7 -> C:\windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\Installer.ico
[HKCR\Installer\Products\DE532CED4A8571542A874CE1D8EABAB3] : PowerDVD -> C:\windows\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DE60948F45BB98841B13EF9D9C50F68C] : Intel(R) Wireless Display -> C:\windows\Installer\{F84906ED-BB54-4889-B131-FED9C9056FC8}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E818237887ACBCA40B772213B14F0C4E] : Easy Network Manager -> C:\windows\Installer\{8732818E-CA78-4ACB-B077-22311BF4C0E4}\_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\E9384A458F781DB469283A949E49F3A0] : Amazon Unbox Video -> C:\windows\Installer\{54A4839E-87F8-4BD1-9682-A349E9943F0A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater
---------- | ADS
---------- | Drives
Disk: 0 Size=954G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 07-NTFS 100M Yes No 2,048 204,800
1 1 07-NTFS 374G No No 206,848 765,460,480
2 2 0F-EXTEND 561G No No 765,667,328 147,936,768
3 3 27-UNKNWN 19G No No 913,604,096 39,919,616
---------- | MBR
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: QX311/QX411/QX412/QX511
Logical Drives Mask: 0x0000001c
Analysis of file "C:\QuickDiag\MBR.bin":
Unknown MBR code
64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin
---------- | 20 LastEventLog
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 121 (0x79) : The semaphore timeout period has expired.
.
------------
----------( EOF)---------- - 3383 | 21:30:42