--------------- QuickDiag | g3n-h@ckm@n | V3_22.06.17.1 ---------------
----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 23/06/2017 14:28:11
Updated 22/06/2017 | 22.30 (GMT) by g3n-h@ckm@n
Contact :
http://www.sosvirus.net/
Time Zone : (UTC-05:00) Eastern Time (US & Canada)
[hilton (Administrator)] - [HILTON-PC] (S-1-5-21-3292114827-816517840-1514174382-1000)
System: Microsoft Windows 7 Professional - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) -> ()
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Professional |C:\Windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: OptiPlex 755 - Dell Inc. - IdNumber: 6Q1PVG1 - UUID: 4C4C4544-0051-3110-8050-B6C04F564731
Processor : X64 - 1862 Mhz - Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Phoenix ROM BIOS PLUS Version 1.10 A22 - en|US|iso8859-1 - Dell Inc. - S/N: 6Q1PVG1 - A22 - DELL - 15
CoreTemp : ? Celsius
----------| Quick
---------- | SoundDevice
SoundMAX Integrated Digital HD Audio Device - Status: OK - Manufacturer: Analog Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1984&SUBSYS_10280211&REV_1004\4&851744B&0&0001
---------- | Video
Intel(R) Q35 Express Chipset Family - Resolution: 1440x900 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_29B2&SUBSYS_02111028&REV_02\3&172E68DD&1&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456
Intel(R) Q35 Express Chipset Family - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_29B3&SUBSYS_02111028&REV_02\3&172E68DD&1&11 - AdapterCompatibility: Intel Corporation - RAM:
Inegrated Video Chipset DeviceName: Intel(R) Q35 Express Chipset Family - DriverVersion: 8.14.10.1930 - SpecificationVersion: 1025
---------- | Codecs
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK
---------- | CPU
CPU #1 value:0 %
CPU #2 value:0 %
Total Overall CPU Usage value:0 %
---------- | Network
Intel[R] 82566DM-2 Gigabit Network Connection : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{B78AF187-32FB-4F20-86D2-C40DA41B6832} : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec
Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Intel(R) 82566DM-2 Gigabit Network Connection - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_10BD&SUBSYS_02111028&REV_02\3&172E68DD&1&C8
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000
RAS Async Adapter - Wide Area Network (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000
---------- | Memory
RAM = Total (MB) : 3396 | Free (MB) : 2163
Pagefile = Total (MB) : 6791 | Free (MB) : 5522
Virtual = Total (MB) : 2097 | Free (MB) : 1942
Physical Memory 0 : Capacity: 1073741824 - DIMM_1 - Posit.: 1 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863RZS-CE6 - S/N: 5532D4BF
Physical Memory 1 : Capacity: 1073741824 - DIMM_3 - Posit.: 1 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863DZS-CE6 - S/N: 851CA99B
Physical Memory 2 : Capacity: 1073741824 - DIMM_2 - Posit.: 2 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863QZS-CE6 - S/N: 87036A38
Physical Memory 3 : Capacity: 1073741824 - DIMM_4 - Posit.: 2 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863DZS-CE6 - S/N: 870F0EE8
---------- | SID Users
Administrator : [S-1-5-21-3292114827-816517840-1514174382-500]
Guest : [S-1-5-21-3292114827-816517840-1514174382-501]
hilton : [S-1-5-21-3292114827-816517840-1514174382-1000]
HomeGroupUser$ : [S-1-5-21-3292114827-816517840-1514174382-1002]
Administrators : [S-1-5-32-544]
Backup Operators : [S-1-5-32-551]
Cryptographic Operators : [S-1-5-32-569]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Network Configuration Operators : [S-1-5-32-556]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Power Users : [S-1-5-32-547]
Remote Desktop Users : [S-1-5-32-555]
Replicator : [S-1-5-32-552]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-3292114827-816517840-1514174382-1001]
---------- | SystemAccounts
Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK
---------- | Drives
C:\ -> [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1821.54 Go -> NTFS [ATA]
Disk Usage Information [1 total Physical Disks]
Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKHITACHI_HUA722020ALA331_________________JKAOA3NH\5&1590E63B&0&0.0.0
---------- | Windows updates
Last detection : 2017-06-23 11:05:55
Downloaded last ones : 2017-06-20 06:47:18
Installed last ones : 2017-06-20 06:48:18
Next search : 2017-06-24 07:07:35
Test 1 : Windows Is Activated
---------- | Browsers
IE : 11.0.9600.18698 (© Microsoft Corporation.)
FF : 52.0.0.6270 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 58.0.3029.110 (Copyright 2016 Google Inc.)
Default : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url ""
---------- | FlashPlayer
FlashPlayer ActiveX : 26.0.0.126
---------- | Security
AV : Malwarebytes Disabled
AS : Windows Defender Enabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running
---------- | Running processes
264 | [Owner : SYSTEM | Parent : 4(System) | 0.83 Mo] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.23807) = C:\Windows\System32\smss.exe [14/06/2017 07:49:42] CPU Usage:0 %
368 | [Owner : SYSTEM | Parent : 340() | 3.49 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 19:11:09] CPU Usage:0 %
420 | [Owner : SYSTEM | Parent : 340() | 3.36 Mo] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [13/07/2009 19:36:49] CPU Usage:0 %
428 | [Owner : SYSTEM | Parent : 412() | 11.69 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 19:11:09] CPU Usage:0 %
468 | [Owner : SYSTEM | Parent : 420(wininit.exe) | 7.24 Mo] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [01/07/2016 13:14:35] CPU Usage:0 %
492 | [Owner : SYSTEM | Parent : 420(wininit.exe) | 10.99 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23816) = C:\Windows\System32\lsass.exe [14/06/2017 07:49:41] CPU Usage:0 %
500 | [Owner : SYSTEM | Parent : 420(wininit.exe) | 3.13 Mo] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [20/11/2010 17:29:11] CPU Usage:0 %
548 | [Owner : SYSTEM | Parent : 412() | 5.47 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [01/07/2016 13:12:55] CPU Usage:0 %
648 | [Owner : SYSTEM | Parent : 468(services.exe) | 7.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
724 | [Owner : NETWORK SERVICE | Parent : 468(services.exe) | 6.04 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
796 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 16.51 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
828 | [Owner : SYSTEM | Parent : 468(services.exe) | 63.87 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
852 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 13.17 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
924 | [Owner : SYSTEM | Parent : 468(services.exe) | 29.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1040 | [Owner : LOCAL SERVICE | Parent : 796(svchost.exe) | ?????] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe [12/10/2016 06:10:31] CPU Usage:0 %
1204 | [Owner : NETWORK SERVICE | Parent : 468(services.exe) | 12.85 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1372 | [Owner : SYSTEM | Parent : 468(services.exe) | 10.2 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe [02/07/2016 14:33:16] CPU Usage:0 %
1412 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 12.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1488 | [Owner : SYSTEM | Parent : 468(services.exe) | 3.18 Mo] - (.Intel Corporation - Displays state of Intel® Active Management Technology..) - (3.0.0.6) = C:\Program Files\Intel\AMT\atchksrv.exe [23/07/2012 19:53:32] CPU Usage:0 %
1524 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 3.8 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1544 | [Owner : SYSTEM | Parent : 468(services.exe) | 5.09 Mo] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [01/04/2012 13:22:20] CPU Usage:0 %
1588 | [Owner : SYSTEM | Parent : 468(services.exe) | 8.26 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1636 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 11.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1664 | [Owner : SYSTEM | Parent : 468(services.exe) | 3.28 Mo] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (19.0.1629.3590) = C:\Program Files\Intel\Bluetooth\ibtsiva.exe [03/02/2016 14:28:54] CPU Usage:0 %
1696 | [Owner : SYSTEM | Parent : 468(services.exe) | 4.58 Mo] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (19.5.302.0) = C:\Windows\System32\IPROSetMonitor.exe [16/10/2014 14:38:56] CPU Usage:0 %
1804 | [Owner : SYSTEM | Parent : 468(services.exe) | 3.78 Mo] - (.Intel - Local Manageability Service.) - (3.0.10.1053) = C:\Program Files\Intel\AMT\LMS.exe [23/07/2012 19:53:32] CPU Usage:0 %
1916 | [Owner : SYSTEM | Parent : 468(services.exe) | 6.37 Mo] - (.Intel - User Notification Service.) - (3.2.0.1053) = C:\Program Files\Intel\AMT\UNS.exe [23/07/2012 19:53:32] CPU Usage:0 %
108 | [Owner : SYSTEM | Parent : 468(services.exe) | 163.12 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.479) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [21/06/2017 15:04:29] CPU Usage:0 %
3080 | [Owner : SYSTEM | Parent : 468(services.exe) | 6.38 Mo] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\devmonsrv.exe [18/07/2016 15:43:38] CPU Usage:0 %
3156 | [Owner : SYSTEM | Parent : 468(services.exe) | 6.47 Mo] - (.Motorola Solutions, Inc. - Bluetooth Media Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\mediasrv.exe [18/07/2016 15:43:44] CPU Usage:0 %
3204 | [Owner : SYSTEM | Parent : 468(services.exe) | 5.28 Mo] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\obexsrv.exe [18/07/2016 15:43:52] CPU Usage:0 %
3272 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 5.98 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
3340 | [Owner : SYSTEM | Parent : 468(services.exe) | 28.88 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
3388 | [Owner : NETWORK SERVICE | Parent : 468(services.exe) | 7.9 Mo] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe [20/11/2010 17:29:49] CPU Usage:0 %
3500 | [Owner : SYSTEM | Parent : 468(services.exe) | 15.31 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.23834) = C:\Windows\System32\SearchIndexer.exe [14/06/2017 07:49:43] CPU Usage:0 %
1220 | [Owner : hilton | Parent : 924(svchost.exe) | 4.36 Mo] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [20/11/2010 17:29:06] CPU Usage:0 %
1016 | [Owner : hilton | Parent : 468(services.exe) | 13.11 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [29/06/2016 16:50:18] CPU Usage:0 %
1516 | [Owner : hilton | Parent : 828(svchost.exe) | 5.42 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [13/07/2009 19:24:23] CPU Usage:0 %
2020 | [Owner : hilton | Parent : 788() | 73.21 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.23537) = C:\Windows\explorer.exe [16/10/2016 12:49:31] CPU Usage:0 %
732 | [Owner : SYSTEM | Parent : 2128() | 0.53 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe [27/04/2017 14:41:41] CPU Usage:0 %
3092 | [Owner : hilton | Parent : 2020(explorer.exe) | 16.78 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1068) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [21/06/2017 15:04:26] CPU Usage:0 %
3400 | [Owner : hilton | Parent : 2020(explorer.exe) | 29.14 Mo] - (.Siber Systems - RoboForm TaskBar Icon.) - (8.3.7.7) = C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe [12/08/2016 15:03:22] CPU Usage:0 %
3592 | [Owner : hilton | Parent : 2020(explorer.exe) | 1.21 Mo] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7601.23755) = C:\Windows\System32\rundll32.exe [14/06/2017 07:49:44] CPU Usage:0 %
3576 | [Owner : hilton | Parent : 1220(taskeng.exe) | 0.97 Mo] - (.Piriform Ltd - CCleaner.) - (5.30.0.6065) = C:\Program Files\CCleaner\CCleaner.exe [19/05/2017 15:17:50] CPU Usage:0 %
3028 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 10.8 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
944 | [Owner : hilton | Parent : 2020(explorer.exe) | 30.69 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.18698) = C:\Program Files\Internet Explorer\iexplore.exe [14/06/2017 07:49:44] CPU Usage:0 %
3604 | [Owner : hilton | Parent : 944(iexplore.exe) | 128.66 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.18698) = C:\Program Files\Internet Explorer\iexplore.exe [14/06/2017 07:49:44] CPU Usage:0 %
2032 | [Owner : hilton | Parent : 944(iexplore.exe) | 24.02 Mo] - (.SosVirus - QuickDiag.) - (22.6.17.1) = C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0U6W0Q04\QuickDiag.exe [23/06/2017 14:07:36] CPU Usage:0 %
2340 | [Owner : hilton | Parent : 2020(explorer.exe) | 28.36 Mo] - (.SosVirus - QuickDiag.) - (22.6.17.1) = C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0U6W0Q04\QuickDiag.exe [23/06/2017 14:07:36] CPU Usage:0 %
2656 | [Owner : hilton | Parent : 2020(explorer.exe) | 70.82 Mo] - (.Malwarebytes - Malwarebytes.) - (3.0.0.1068) = C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [21/06/2017 15:04:26] CPU Usage:0 %
3996 | [Owner : NETWORK SERVICE | Parent : 648(svchost.exe) | 9.32 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 17:29:20] CPU Usage:0 %
2704 | [Owner : SYSTEM | Parent : 648(svchost.exe) | 4.77 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 17:29:20] CPU Usage:0 %
2492 | [Owner : NETWORK SERVICE | Parent : 468(services.exe) | 10.78 Mo] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [20/11/2010 17:29:12] CPU Usage:0 %
---------- | MD5
[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [16/10/2016 12:49:31] - (.© Microsoft Corporation. - Windows Explorer.) - [2903 Ko] - (6.1.7601.23537) : C:\Windows\Explorer.exe
[MD5.AD7B9C14083B52BC532FBA5948342B98] - [20/11/2010 17:29:12] - (.© Microsoft Corporation. - Windows Command Processor.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.342271F6142E7C70805B8A81E1BA5F5C] - [13/07/2009 19:11:09] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [13/07/2009 19:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.470F085F2C23C4303532FF4A30D6686E] - [09/05/2017 16:19:37] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [852 Ko] - (6.1.7601.23775) : C:\Windows\System32\Kernel32.dll
[MD5.1F83BB829C2A02CD615B7A1378EC5E6B] - [14/06/2017 07:49:41] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.23816) : C:\Windows\System32\lsass.exe
[MD5.18E8C40C3C2AB0D315331677823555C0] - [09/05/2017 16:19:39] - (.© Microsoft Corporation. - Distributed COM Services.) - [368.5 Ko] - (6.1.7601.23775) : C:\Windows\System32\rpcss.dll
[MD5.C648901695E275C8F2AD04B687A68CE2] - [14/06/2017 07:49:44] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [44 Ko] - (6.1.7601.23755) : C:\Windows\System32\rundll32.exe
[MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [01/07/2016 13:14:35] - (.© Microsoft Corporation. - Services and Controller app.) - [253 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe
[MD5.54A47F6B5E09A77E61649109C6A08866] - [13/07/2009 19:19:28] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.91D4629DA1EBD286D8A7C24FBC5DC641] - [14/12/2016 00:57:02] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [792.5 Ko] - (6.1.7601.23594) : C:\Windows\System32\user32.dll
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [20/11/2010 17:29:06] - (.© Microsoft Corporation. - Userinit Logon Application.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [13/07/2009 19:36:49] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.52449FD429D6053B78AE564DEF303870] - [01/07/2016 13:12:55] - (.© Microsoft Corporation. - Windows Logon Application.) - [297 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.F582FC7976F1248AC5FBD6875C626B41] - [09/05/2017 16:19:39] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.23761) : C:\Windows\System32\Drivers\afd.sys
[MD5.338C86357871C167A96AB976519BF59E] - [13/07/2009 19:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.DDCE686D76C2B4DB435A3AF5BD0E691D] - [01/07/2016 13:13:16] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys
[MD5.77EA11B065E0A8AB902D78145CA51E10] - [13/07/2009 19:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - [12/10/2016 06:10:32] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [79.5 Ko] - (6.1.7601.23542) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [13/07/2009 19:11:24] - (.© Microsoft Corporation. - i8042 Port Driver.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [13/07/2009 19:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.D071B9246BFD1575D72BD88B66F6FB87] - [14/06/2017 07:49:42] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.23816) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.9804FB2E46077F2977552347DFCA7E05] - [01/07/2016 13:17:10] - (.© Microsoft Corporation. - NDIS 6.20 driver.) - [695.94 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys
[MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [01/07/2016 13:11:58] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys
[MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - [01/07/2016 13:10:21] - (.© Microsoft Corporation. - NT File System Driver.) - [1183.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [13/07/2009 19:45:35] - (.© Microsoft Corporation. - Parallel Port Driver.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [13/07/2009 19:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.B973FCFC50DC1434E1970A146F7E3885] - [20/11/2010 17:29:49] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [130.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - [13/07/2009 19:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.C7CF3C1D1EC800230E5FE658C77FC9CA] - [09/05/2017 16:19:40] - (.© Microsoft Corporation. - TCP/IP Driver.) - [1279.23 Ko] - (6.1.7601.23761) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.01743A8A62F2C0488F9C4F6D25C21B2C] - [14/06/2017 07:49:44] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.23806) : C:\Windows\System32\Drivers\tdx.sys
[MD5.F497F67932C6FA693D7DE2780631CFE7] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys
---------- | Locked Applications
---------- | Explorer.exe component call (Microsoft Files Whitelisted)
(.Stardock.-.Stardock Fences Shell Extension.) - (3.0.5.12) -- C:\Program Files\Stardock\Fences\FencesMenu.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\DesktopDock.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\SdCrashReporter.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\BugSplat.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\BugSplatRc.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\SdAppServices.dll
(.Broadcom Corporation..-.BTNCopy Module.) - (6.5.1.2700) -- C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.Intel Corporation.-.igfxres Module.) - (8.14.10.1930) -- C:\Windows\system32\igfxrENU.lrc
---------- | Svchost.exe component call (Microsoft Files Whitelisted)
---------- | ZeroAccess Check
[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
---------- | Startings up
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
Fences - (c:\program files\stardock\fences\Fences.exe /startup [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
RoboForm - ("C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
Fences - ("C:\Program Files\Stardock\Fences\Fences.exe" /startup [HKLM\SOFTWARE\...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Fences"=c:\program files\stardock\fences\Fences.exe /startup
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DebugOptions"=2048
"Documents"=
"DosPrint"=no
"Load"=
"NetMessage"=no
"NullPort"=None
"Programs"=com exe bat pif cmd
"Device"=Canon MG3200 series Printer,winspool,Ne00:
"UserSelectedDefault"=1
[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Fences"="C:\Program Files\Stardock\Fences\Fences.exe" /startup
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [21/06/2017 15:04:26]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"=FencesShellExt
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll [13/07/2009 19:25:10]
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"GDIProcessHandleQuota"=10000
"ShutdownWarningDialogTimeout"=4294967295
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
""=mnmsrvc
"DeviceNotSelectedTimeout"=15
"Spooler"=yes
"TransmissionRetryTimeout"=90
"AppInit_DLLs"=
"LoadAppInit_DLLs"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
---------- | Win.ini :
---------- | System.ini :
---------- | Config.sys :
FILES=40
---------- | Tasks List
Adobe Acrobat Update Task
Adobe Flash Player Updater
CCleanerSkipUAC
Driver Support
Driver Support-RTMRules
Driver Support-RTMScan
Driver Support-RTMUpdater
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Open URL by RoboForm
Run RoboForm TaskBar Icon
{AAE1FE94-9FE5-456A-85C2-E40455319DB4}
---------- | Startings up registry ¦ Folder
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] : "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM Client] : "C:\Program Files\eM Client\MailClient.exe" /startup
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Fences] : "C:\Program Files\Stardock\Fences\Fences.exe" /startup
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes TrayApp] : C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [21/06/2017 15:04:26]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoboForm] : "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center] : %windir%\WindowsMobile\wmdc.exe
---------- | Other keys
[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll [14/06/2017 07:49:41]
[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv
"NotificationTimeOut"=0
"SnapshotMonitors"=1
"ProductVersion"=5.1
"AllowRemoteRPC"=0
"DelayConMgrTimeout"=0
"fDenyTSConnections"=1
"StartRCM"=0
"TSAdvertise"=0
"DeleteTempDirsOnExit"=1
"fSingleSessionPerUser"=1
"PerSessionTempDir"=0
"TSUserEnabled"=0
"InstanceID"=2dc7b6bd-758c-48ec-b889-6f58db6
"fCredentialLessLogonSupported"=1
"fCredentialLessLogonSupportedTSS"=1
"fCredentialLessLogonSupportedKMRDP"=1
[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000
"GlobalFlag"=0
"HeapDeCommitFreeBlockThreshold"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapSegmentReserve"=0
"ProcessorControl"=2
"ResourceTimeoutCount"=648000
"BootExecute"=autocheck autochk *
"ExcludeFromKnownDlls"=
"ObjectDirectories"=\Windows
\RPC Control
"ProtectionMode"=1
"NumberOfInitialSessions"=2
"SetupExecute"=
[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller
"WaitToKillServiceTimeout"=200
"CurrentUser"=USERNAME
"BootDriverFlags"=0
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll
"SystemStartOptions"= NOEXECUTE=OPTIN
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)
[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0
"auditbasedirectories"=0
"crashonauditfail"=0
"fullprivilegeauditing"=0x00
"Bounds"=0x0030000000200000
"LimitBlankPasswordUse"=1
"NoLmHash"=1
"Notification Packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
"Authentication Packages"=msv1_0
"LsaPid"=492
"SecureBoot"=1
"ProductType"=6
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"restrictanonymous"=0
"restrictanonymoussam"=1
"SCENoApplyLegacyAuditPolicy"=1
---------- | .LNK with Arguments
---------- | AppCertDlls
---------- | Dnsapi.dll
C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
---------- | Policies | Registry
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Control Panel\Desktop]
"ScreenSaveActive"=1
"ActiveWndTrackTimeout"=0
"BlockSendInputResets"=0
"CaretWidth"=1
"ClickLockTime"=1200
"CoolSwitchColumns"=7
"CoolSwitchRows"=3
"CursorBlinkRate"=530
"DockMoving"=1
"DragFromMaximize"=1
"DragFullWindows"=1
"DragHeight"=4
"DragWidth"=4
"FocusBorderHeight"=1
"FocusBorderWidth"=1
"FontSmoothing"=2
"FontSmoothingGamma"=0
"FontSmoothingOrientation"=1
"FontSmoothingType"=2
"ForegroundFlashCount"=7
"ForegroundLockTimeout"=200000
"LeftOverlapChars"=3
"MenuShowDelay"=250
"PaintDesktopVersion"=0
"Pattern"=0
"RightOverlapChars"=3
"SnapSizing"=1
"TileWallpaper"=0
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"WallpaperStyle"=10
"WheelScrollChars"=3
"WheelScrollLines"=3
"WindowArrangementActive"=1
"UserPreferencesMask"=0x9E3E078012000000
"Wallpaper"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [29/06/2016 16:31:01]
"WaitToKillAppTimeout"=200
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=0x240000003828000000000000000000000000000001000000120000000000000022000000
"CleanShutdown"=0
"ExplorerStartupTraceRecorded"=1
"Browse For Folder Width"=318
"Browse For Folder Height"=288
"link"=0x18000000
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"ServerAdminUI"=0
"Hidden"=2
"ShowCompColor"=1
"HideFileExt"=1
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"SuperHidden"=0
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"Start_ShowMyGames"=0
"StartMenuInit"=4
""=0
"ThumbnailLivePreviewHoverTime"=250
"ExtendedUIHoverTime"=250
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"CheckedValue"=1
"ValueName"=Hidden
"DefaultValue"=2
"HKeyRoot"=2147483649
"HelpID"=shell.hlp#51105
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"IconUnderline"=2
"GlobalAssocChangedCounter"=72
""=
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=
http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s
---------- | Winlogon
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin
"BuildNumber"=7601
"FirstLogon"=0
"ParseAutoexec"=1
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1
"Shell"=explorer.exe
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit"=C:\Windows\system32\userinit.exe,
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"AutoRestartShell"=1
"Background"=0 0 0
"CachedLogonsCount"=10
"DebugServerCommand"=no
"ForceUnlockLogon"=0
"LegalNoticeCaption"=
"LegalNoticeText"=
"PasswordExpiryWarning"=5
"PowerdownAfterShutdown"=0
"ShutdownWithoutLogon"=0
"WinStationsDisabled"=0
"DisableCAD"=1
"scremoveoption"=0
"ShutdownFlags"=2147483687
"AutoAdminLogon"=0
"DefaultUserName"=hilton
---------- | Associations
[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload
[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*
[HKLM\Software\Classes\.com]
""=comfile
[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.reg]
""=regfile
[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"
[HKLM\Software\Classes\.scr]
""=scrfile
[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S
[HKLM\Software\Classes\.bat]
""=batfile
[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.cmd]
""=cmdfile
[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.pif]
""=piffile
[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.inf]
""=inffile
[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\Software\Classes\.url]
""=InternetShortcut
[HKLM\Software\Classes\.lnk]
""=lnkfile
[HKLM\Software\Classes\.hta]
"PerceivedType"=text
""=htafile
"Content Type"=application/hta
[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\System32\mshta.exe "%1" %*
[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"EditFlags"=2
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"FriendlyTypeName"=@C:\Windows\system32\ieframe.dll,-10046
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internet Shortcut
[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"EditFlags"=65536
"BrowserFlags"=4096
"FriendlyTypeName"=@dfshim.dll,-200
[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=
""=Application Reference
"IsShortcut"=
"EditFlags"=131072
"FriendlyTypeName"=@dfshim.dll,-201
[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeLayoutPatternForSearch"=alpha
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
""=Folder
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.ItemTypeText
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files\Google\Chrome\Application\chrome.exe"
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=iexplore.exe
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall
---------- | AppcompatFlags
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"c:\SWSetup\SP73091\Setup.exe"=1
"c:\SWSetup\SP73091\Win32\setup.exe"=1
"C:\DRIVERS\WIN\TPBTooth\Setup.exe"=1
"C:\DRIVERS\WIN\TPBTooth\Win32\setup.exe"=1
"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"=1
"C:\Users\hilton\Downloads\Stardock\ObjectDock_setup.exe"=1
"C:\Users\hilton\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe"=1
"C:\Users\hilton\Downloads\xp68-win-mg3200-5_60a-ejs.exe"=1
"C:\Users\hilton\Downloads\qm__-win-2_7_1-ea31_2.exe"=1
"C:\Users\hilton\Downloads\ccsetup526(2).exe"=1
"C:\Users\hilton\Downloads\ccsetup528(1).exe"=1
---------- | IFEO
---------- | Mountpoints2
---------- | Windows
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"SwapMouseButtons"=#USR:Control Panel\Mouse
"Beep"=#USR:Control Panel\Sound
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"CoolSwitch"=USR:Control Panel\Desktop
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
---------- | Security center
[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920209537502489
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=0
"ProductStatus"=0
"InstallTime"=0x49D898D4C7D0D101
[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1
[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1
[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1
---------- | Safeboot
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
---------- | Winsock (Whitelist)
---------- | Hosts
---------- | Ping
Pinging google.com [2607:f8b0:4002:80f::200e] with 32 bytes of data:
Reply from 2607:f8b0:4002:80f::200e: time=32ms
Reply from 2607:f8b0:4002:80f::200e: time=50ms
Reply from 2607:f8b0:4002:80f::200e: time=33ms
Reply from 2607:f8b0:4002:80f::200e: time=30ms
Ping statistics for 2607:f8b0:4002:80f::200e:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 50ms, Average = 36ms
---------- | @
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=
http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page Redirect Cache AcceptLangs"=en-US
"NotifyDownloadComplete"=yes
"DisableScriptDebuggerIE"=yes
"ImageStoreRandomFolder"=13euj9h
"DoNotTrack"=0
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x93C7F956736BD201
"IE10TourShown"=1
"IE10TourShownTime"=0xC73E542CDB69D201
"DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7C02000010010000FC040000F0020000
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
"DefSpellLang"=en-AU
en-US
"SuppressScriptDebuggerDialog"=0
"FormSuggest Passwords"=yes
"FormSuggest PW Ask"=no
"ScriptDebugger_EnableHiddenTabs"=0
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"StatusBarWeb"=1
"ForceGDIPlus"=0
"AlwaysShowMenus"=0
"ShutdownWaitForOnUnload"=0
"DNSPreresolution"=8
"SpellChecking"=1
"LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8}
"DisablePasswordReveal"=0
"Check_Associations"=yes
"DisableRequiresActiveXPrompt"=
"GotoIntranetSiteForSingleWordEntry"=0
"AutoSearch"=1
"PredictedViewExpansion"=100
"PredictedViewChangeThreshold"=10
"PredictedViewChangeThresholdPaint"=10
"ContentLayerCacheExpansion"=300
"RenderingLoopMaxTime"=250
"NscSingleExpand"=0
"Error Dlg Displayed On Every Error"=no
"Friendly http errors"=yes
"CSS_Compat"=doctype
"Expand Alt Text"=no
"Display Inline Videos"=1
"Print_Background"=no
"Use Stylesheets"=1
"SmoothScroll"=1
"Show image placeholders"=0
"Disable Diagnostics Mode"=no
"Move System Caret"=no
"Enable AutoImageResize"=yes
"UseThemes"=1
"UseHR"=0
"Q300829"=0
"Cleanup HTCs"=0
"XDomainRequest"=1
"DOMStorage"=1
"EnableAlternativeCodec"=yes
"JScriptProfileCacheEventDelay"=5000
"CrossfadeMinTimeoutInMS"=30000
"CrossfadeMaxTimeoutInMS"=30000
"CrossfadeCurrentTimeoutInMS"=30000
"ScrollTimeoutInMS"=6000
"IE10RunOnceLastShown"=1
"IE10TourNoShow"=0
"IE10RecommendedSettingsNo"=0
"FrameTabWindow"=1
"AdminTabProcs"=1
"SessionMerging"=1
"FrameMerging"=1
"HangRecovery"=1
"DesktopTransparentCoverWindowTime"=8
"TSEnable"=1
"Isolation"=PMIL
"Isolation64Bit"=0
"IsolationImmersive"=PMEM
"TabShutdownDelay"=60000
"FrameShutdownDelay"=0
"Search Bar"=Preserve
"MinIEEnabled"=1
"RefcountTracker"=0
"TabDragOnSingleProc"=0
"ForceBFCacheCandidacyPass"=0
"Fasterback"=1
"BackForwardInstrumentation"=0
"Start Page"=
http://www.google.com/
"Start Page_TIMESTAMP"=0x47B9817661E4D201
"OperationalData"=5
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000A005000034030000
"IE10RunOnceLastShown_TIMESTAMP"=0x9114367EA56AD201
"Start Page Redirect Cache_TIMESTAMP"=0x5FFF7580CCE2D201
"Use FormSuggest"=yes
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=IEUser@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0x31CCA11F50D2D101
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"EnableAutodial"=0
"NoNetAutodial"=0
"ProxyHttp1.1"=1
"EnableSPDY3_0"=0
"BackgroundConnections"=1
"EnableSSL3Fallback"=1
"EnablePunycode"=1
"ShowPunycode"=0
"CreateUriCacheSize"=80
"CoInternetCombineIUriCacheSize"=80
"SecurityIdIUriCacheSize"=30
"SpecialFoldersCacheSize"=8
"SyncMode5"=4
"DisableIDNPrompt"=0
"WarnonBadCertRecving"=1
"WarnOnPostRedirect"=1
"ProxyEnable"=0
[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=
http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=
http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=
www.google.com
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=
http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Check_Associations"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE
[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm
[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://
[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files
---------- | Proxy
[HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies]
---------- | reparsepoint
---------- | Detection of offsets
---------- | Notify
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll
---------- | Execution FileExts
---------- | SIOI | SEH | URLSH
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=
---------- | Toolbar
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}"=0xA0434D72850DD411990800400523E39A
"ITBar7Layout"=0x13000000000000000000000020000000100001001A00000001000000000700005E010000060000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A0434D72850DD411990800400523E39A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ITBar7Height"=21
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={91566AD5-071B-451D-9504-A58141841FA2}
"UpgradeTime"=0x79396929DB69D201
"DefaultPackCorrection"=1
"DefaultPackNTCorrection"=1
"TopResult"=1
"ShowSearchSuggestionsGlobal"=1
"ShowSearchSuggestionsInAddressGlobal"=1
"KnownProvidersUpgradeTime"=0xA8D48D28DB69D201
"Version"=4
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{724d43a0-0d85-11d4-9908-00400523e39a}"=0x00
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=0x00
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
---------- | Extensions
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}] : () - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}] : (@C:\Windows\WindowsMobile\INetRepl.dll,-223) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}] : (Fill Forms) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] : (Save Forms) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}] : (Show RoboForm Toolbar) - []
---------- | SearchScopes
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - () - :
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91566AD5-071B-451D-9504-A58141841FA2}] - (Google) -
https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (@ieframe.dll,-12512) -
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :
---------- | Browser Helper Objects
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}] -> (RoboForm Toolbar Helper) : C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [12/08/2016 15:03:22]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -> (Google Toolbar Helper) : C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [26/04/2017 13:09:45]
---------- | Chrome
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co -
https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ -
https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com -
https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co -
https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] -
http://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com -
https://clients2.google.com/service/update2/crx
[HKLM\Software\Google\Chrome\Extensions\okmhneofinpilciglijihehjpaegledb]
[HKLM\Software\Google\Chrome\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob]
---------- | Opera
---------- | Firefox
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\mozilla\Firefox\Extensions]
"
rf-firefox@siber.com"=C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
[HKLM\Software\mozilla\Firefox\Extensions]
"
rf-firefox@siber.com"=C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin] - () : C:\Users\hilton\AppData\Local\Citrix\Plugins\104\npappdetector.dll
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\Prefs.js
user_pref("browser.search.defaultenginename", "Yahoo! Powered");
user_pref("browser.search.selectedEngine", "Yahoo! Powered");
user_pref("browser.startup.homepage", "
www.google.com");
user_pref("browser.startup.homepage_override.buildID", "20170302120751");
user_pref("browser.startup.homepage_override.mstone", "52.0");
user_pref("extensions.adblockplus.currentVersion", "2.9.1");
user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1497367614431,\"softExpiration\":1497457196612,\"hardExpiration\":1497539906328,\"data\":{\"notifications\":[],\"version\":\"201706131518\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":16}");
user_pref("extensions.blocklist.pingCountTotal", 14);
user_pref("extensions.blocklist.pingCountVersion", 4);
user_pref("extensions.bootstrappedAddons", "{\"{22119944-ED35-4ab1-910B-E619EA06A115}\":{\"version\":\"8.2.9.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Siber Systems\\\\AI RoboForm\\\\Firefox\\\\roboform.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.9.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":true},\"
disable-cert-transparency@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\disable-cert-transparency@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"
disable-prefetch@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\disable-prefetch@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"
e10srollout@mozilla.org\":{\"version\":\"1.12\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}");
user_pref("extensions.databaseSchema", 19);
user_pref("extensions.diagnostics.v1.hasRun", true);
user_pref("extensions.e10s.rollout.blocklist", "{dc572301-7619-498c-a57d-39143191b318};firefox@mega.co.nzsupport@lastpass.com;");
user_pref("extensions.e10s.rollout.hasAddon", true);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2");
user_pref("extensions.getAddons.cache.lastUpdate", 1497367552);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20170302.01");
user_pref("extensions.lastAppVersion", "52.0");
user_pref("extensions.lastPlatformVersion", "52.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{4586968c-b104-4f8e-ba26-6d251e589a74}\",\"addons\":{\"
disable-cert-transparency@mozilla.org\":{\"version\":\"1.0\"},\"
disable-prefetch@mozilla.org\":{\"version\":\"1.0\"},\"
e10srollout@mozilla.org\":{\"version\":\"1.12\"}}}");
user_pref("extensions.webextensions.uuids", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"294a980d-6c81-4a15-a1f6-76b6cc1c6d13\"}");
user_pref("extensions.xpiState", "{\"app-profile\":{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.9.1\",\"st\":1497367553915}},\"winreg-app-user\":{\"{22119944-ED35-4ab1-910B-E619EA06A115}\":{\"d\":\"C:\\\\Program Files\\\\Siber Systems\\\\AI RoboForm\\\\Firefox\\\\roboform.xpi\",\"e\":true,\"v\":\"8.2.9.5\",\"st\":1496420940227}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"52.0.2\",\"st\":1490296975000}},\"winreg-app-global\":{\"{22119944-ED35-4ab1-910B-E619EA06A115}\":{\"d\":\"C:\\\\Program Files\\\\Siber Systems\\\\AI RoboForm\\\\Firefox\\\\roboform.xpi\",\"e\":false,\"v\":\"8.2.9.5\",\"st\":1496420940227}},\"app-system-addons\":{\"
disable-cert-transparency@mozilla.org\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\disable-cert-transparency@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1497367560955},\"
disable-prefetch@mozilla.org\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\disable-prefetch@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1497367561026},\"
e10srollout@mozilla.org\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.12\",\"st\":1497367561077}}}");
[Profile0] - Name=default-1485114558992 -> Profiles/pc153f57.default-1485114558992
---------- | DNS
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
"DhcpNameServer"=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
"DhcpNameServer"=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
"DhcpNameServer"=209.18.47.61 209.18.47.62
---------- | Applications
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
---------- | SvcHost (Whitelist)
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"regsvc"=RemoteRegistry
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"secsvcs"=WinDefend
"bthsvcs"=bthserv
"PeerDist"=PeerDistSvc
"WindowsMobile"=wcescomm
rapimgr
"LocalServiceRestricted"=WcesComm
RapiMgr
---------- | SvcHost - Netsvcs (Whitelist)
Term - :
---------- | Software
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Adobe]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Amazon]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Amazon Services LLC]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Analog Devices]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\AppDataLow]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\AVAST Software]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Canon]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Chromium]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Clients]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Dashlane_profiles]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\DriverSupport]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\eM Client]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Google]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Intel]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\jtosjykc]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Kodi]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Macromedia]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Malwarebytes]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Mozilla]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\MozillaPlugins]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Netscape]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\OpenOffice]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\ovbrx]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\PCPitstop]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Piriform]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Policies]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\QtProject]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Samsung]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Siber Systems]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\SnigelWeb]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Stardock]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Sysinternals]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Widcomm]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Adobe]
[HKLM\Software\Analog Devices]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Canon]
[HKLM\Software\CBSTEST]
[HKLM\Software\Citrix]
[HKLM\Software\Clients]
[HKLM\Software\DriverSupport]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\GEAR Software]
[HKLM\Software\Google]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice]
[HKLM\Software\PCPitstop]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Reason]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAMSUNG]
[HKLM\Software\Siber Systems]
[HKLM\Software\SlimWare.Utilities]
[HKLM\Software\Sonic]
[HKLM\Software\Stardock]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\Volatile]
[HKLM\Software\Widcomm]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WindowsMobile]
---------- | Drives
---------- | C:
[13/07/2009 22:36:15] - |SHD| - [1763] - C:\$RECYCLE.BIN
[10/08/2016 13:52:39] - |D| - [0] - C:\95fcae343f4f0cedab9b17240bf8
[02/04/2017 12:17:48] - |D| - [350103713] - C:\AdsFix
[MD5.44CB61866FB926A7A1988D23785F6093] - [02/04/2017 12:24:34] - |A| - (.-.) - [25188] - (0.0.0.0) - C:\AdsFix_02_04_2017_16_17_19.txt
[21/04/2017 14:15:28] - |D| - [709025478] - C:\AdwCleaner
[MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [13/07/2009 22:04:04] - |A| - (.-.) - [24] - (0.0.0.0) - C:\autoexec.bat
[12/04/2017 03:02:00] - |SHD| - [0] - C:\Config.Msi
[MD5.ED4FC5980BD8B1AD869FF725C7776338] - [13/07/2009 22:04:04] - |A| - (.-.) - [10] - (0.0.0.0) - C:\config.sys
[20/08/2016 14:06:16] - |D| - [49262943] - C:\Dell
[MD5.B819A5003CEFCA15B52A9EE823EC7620] - [23/07/2012 20:44:40] - |A| - (.-.) - [37] - (0.0.0.0) - C:\DevMgr.bat
[14/07/2009 00:53:55] - |SHD| - [0] - C:\Documents and Settings
[01/08/2016 14:18:40] - |D| - [189142349] - C:\DRIVERS
[11/04/2017 16:03:45] - |D| - [67617005] - C:\FRST
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/04/2017 16:17:20] - |ASH| - (.-.) - [2608287744] - (0.0.0.0) - C:\hiberfil.sys
[01/08/2016 14:35:27] - |D| - [1515578] - C:\Intel
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/06/2016 18:58:58] - |ASH| - (.-.) - [3477721088] - (0.0.0.0) - C:\pagefile.sys
[13/07/2009 22:37:05] - |D| - [0] - C:\PerfLogs
[13/07/2009 22:37:05] - |RD| - [2699254195] - C:\Program Files
[13/07/2009 22:37:05] - |HD| - [28822872288] - C:\ProgramData
[30/03/2017 12:06:11] - |D| - [508020] - C:\QuickDiag
[MD5.DE6292FB4A0AEFB8013C29F267B6C11E] - [23/06/2017 14:28:11] - |A| - (.-.) - [93723] - (0.0.0.0) - C:\QuickDiag.txt
[MD5.D1408E8436EC28BB9C779154839114FF] - [30/03/2017 12:29:51] - |RA| - (.-.) - [230674] - (0.0.0.0) - C:\QuickDiag_30_03_2017_12_29_51.txt
[29/06/2016 16:30:46] - |SHD| - [148457388] - C:\Recovery
[23/07/2012 20:44:40] - |AHD| - [1874344] - C:\RPKTools
[05/07/2016 14:05:37] - |D| - [329162094] - C:\SWSetup
[27/06/2016 18:58:58] - |SHD| - [0] - C:\System Volume Information
[23/07/2012 20:44:40] - |HD| - [281] - C:\Tools
[13/07/2009 22:37:05] - |RD| - [65275293612] - C:\Users
[13/07/2009 22:37:05] - |D| - [16690742614] - C:\Windows
---------- | C:\Windows
[14/07/2009 00:52:30] - |D| - [802] - C:\Windows\addins
[13/07/2009 22:37:05] - |D| - [11631477] - C:\Windows\AppCompat
[13/07/2009 22:37:05] - |D| - [9867762] - C:\Windows\AppPatch
[13/07/2009 22:37:05] - |RSD| - [1096041283] - C:\Windows\assembly
[MD5.12EBDA58437CD1EA7066FCB6455241D2] - [18/12/2016 22:20:33] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\Windows\avastSS.scr
[MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [20/11/2010 17:29:04] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[13/07/2009 22:37:06] - |D| - [18320168] - C:\Windows\Boot
[MD5.F8429A995002944DCE8F69D6FCDC15B6] - [14/07/2009 00:57:37] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[13/07/2009 22:37:06] - |D| - [2418176] - C:\Windows\Branding
[23/07/2012 20:44:34] - |D| - [144984548] - C:\Windows\ConfigSetRoot
[27/06/2016 18:59:20] - |D| - [0] - C:\Windows\CSC
[13/07/2009 22:37:06] - |D| - [2113488] - C:\Windows\Cursors
[14/07/2009 00:34:21] - |D| - [18090] - C:\Windows\debug
[14/07/2009 00:52:30] - |D| - [3001676] - C:\Windows\diagnostics
[20/11/2010 20:38:49] - |D| - [0] - C:\Windows\DigitalLocker
[14/07/2009 00:52:30] - |D| - [4340996] - C:\Windows\Downloaded Program Files
[20/11/2010 20:47:17] - |D| - [106176151] - C:\Windows\ehome
[20/11/2010 20:38:49] - |D| - [110080] - C:\Windows\en-US
[MD5.2A66E81AE941E54A237490FC35D387C8] - [29/06/2016 18:07:44] - |A| - (.-.) - [1945] - (0.0.0.0) - C:\Windows\epplauncher.mif
[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [16/10/2016 12:49:31] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [2972672] - (6.1.7601.23537) - C:\Windows\explorer.exe
[13/07/2009 22:37:06] - |RSD| - [370634595] - C:\Windows\Fonts
[MD5.F9202335BBA03A02F084FE588564BBF5] - [13/07/2009 19:12:58] - |A| - (.© Microsoft Corporation. - BitLocker Drive Encryption Servicing Utility.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[13/07/2009 22:37:06] - |D| - [32090797] - C:\Windows\Globalization
[13/07/2009 22:37:06] - |D| - [30365914] - C:\Windows\Help
[MD5.3B55B2000DEBDC210693530B669B9966] - [14/06/2017 07:49:45] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [497152] - (6.1.7601.23834) - C:\Windows\HelpPane.exe
[MD5.9B90B0C78671A4881D06C91941F6F379] - [13/07/2009 20:12:22] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe
[13/07/2009 22:37:06] - |D| - [143546732] - C:\Windows\IME
[13/07/2009 22:37:06] - |D| - [134278643] - C:\Windows\inf
[23/07/2012 19:49:39] - |SHD| - [1191466371] - C:\Windows\Installer
[13/07/2009 22:37:06] - |D| - [48371] - C:\Windows\L2Schemas
[13/07/2009 22:37:06] - |D| - [0] - C:\Windows\LiveKernelReports
[13/07/2009 22:37:06] - |D| - [102300069] - C:\Windows\Logs
[13/07/2009 22:37:06] - |RSD| - [13327133] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [13/07/2009 19:55:01] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[13/07/2009 22:37:07] - |D| - [562463103] - C:\Windows\Microsoft.NET
[02/07/2016 03:18:15] - |D| - [3634] - C:\Windows\Migration
[02/07/2016 13:55:15] - |D| - [109366] - C:\Windows\Minidump
[13/07/2009 22:37:07] - |D| - [0] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [13/07/2009 22:04:57] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[MD5.A4F6DF0E33E644E802C8798ED94D80EA] - [01/07/2016 13:19:59] - |A| - (.© Microsoft Corporation. - Notepad.) - [179712] - (6.1.7601.18917) - C:\Windows\notepad.exe
[23/07/2012 20:44:40] - |D| - [18052] - C:\Windows\OEM
[14/07/2009 00:52:30] - |D| - [65] - C:\Windows\Offline Web Pages
[23/07/2012 20:45:04] - |D| - [1243676] - C:\Windows\Panther
[14/07/2009 00:52:30] - |D| - [62693450] - C:\Windows\Performance
[13/07/2009 22:37:07] - |D| - [1109514] - C:\Windows\PLA
[13/07/2009 22:37:07] - |D| - [4880747] - C:\Windows\PolicyDefinitions
[23/07/2012 19:46:20] - |D| - [31633464] - C:\Windows\Prefetch
[MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [20/11/2010 20:47:53] - |A| - (.-.) - [53551] - (0.0.0.0) - C:\Windows\Professional.xml
[27/04/2017 14:51:59] - |D| - [834] - C:\Windows\pss
[MD5.8A4883F5E7AC37444F23279239553878] - [13/07/2009 19:17:08] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [398336] - (6.1.7600.16385) - C:\Windows\regedit.exe
[13/07/2009 22:37:07] - |D| - [21544] - C:\Windows\registration
[13/07/2009 22:37:07] - |D| - [8146639] - C:\Windows\rescache
[13/07/2009 22:37:07] - |D| - [1674534] - C:\Windows\Resources
[13/07/2009 22:37:07] - |D| - [0] - C:\Windows\SchCache
[13/07/2009 22:37:07] - |D| - [58021] - C:\Windows\schemas
[13/07/2009 22:37:07] - |D| - [5281068] - C:\Windows\security
[14/07/2009 00:34:13] - |D| - [72593615] - C:\Windows\ServiceProfiles
[13/07/2009 22:37:07] - |D| - [68513788] - C:\Windows\servicing
[14/07/2009 00:34:16] - |D| - [42] - C:\Windows\Setup
[MD5.9982DE5B241F4776F71698EB4D4FC7E9] - [21/06/2017 11:12:16] - |A| - (.-.) - [168] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/06/2017 11:12:16] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[27/06/2016 19:00:19] - |D| - [672424439] - C:\Windows\SoftwareDistribution
[13/07/2009 22:37:07] - |D| - [181021214] - C:\Windows\Speech
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 00:48:09] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[13/07/2009 22:37:07] - |D| - [700380] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [13/07/2009 22:04:23] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[13/07/2009 22:37:07] - |D| - [3288742898] - C:\Windows\System32
[13/07/2009 22:37:09] - |D| - [15] - C:\Windows\TAPI
[13/07/2009 22:37:09] - |D| - [46706] - C:\Windows\Tasks
[13/07/2009 22:37:09] - |D| - [26102] - C:\Windows\Temp
[13/07/2009 22:37:09] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 17:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 00:52:30] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [20/11/2010 17:29:41] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 18:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [13/07/2009 20:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[MD5.015B30309491A911E75748AD69C9E680] - [18/12/2016 22:20:37] - |A| - (.© Microsoft Corporation. - Microsoft® C Runtime Library.) - [921280] - (10.0.10586.212) - C:\Windows\ucrtbase.dll
[13/07/2009 22:37:09] - |D| - [12420] - C:\Windows\Vss
[13/07/2009 22:37:09] - |D| - [40681427] - C:\Windows\Web
[MD5.162904DAA5412143F5403233E77F787E] - [13/07/2009 22:04:23] - |A| - (.-.) - [403] - (0.0.0.0) - C:\Windows\win.ini
[12/02/2017 15:08:20] - |D| - [85838997] - C:\Windows\WindowsMobile
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 00:41:57] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.98703E202517E3C7F7F529425474C8ED] - [27/06/2016 19:00:19] - |A| - (.-.) - [1496283] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 16:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe
[MD5.1D420D66250BCAAAED05724FB34008CF] - [13/07/2009 20:12:29] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[13/07/2009 22:37:09] - |D| - [8176063808] - C:\Windows\winsxs
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 17:34:23] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.6E8EACC0B339365D79A2C06896865D3D] - [13/07/2009 19:41:00] - |A| - (.© Microsoft Corporation. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe
[MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 17:30:30] - |A| - (.-.) - [707] - (0.0.0.0) - C:\Windows\_default.pif
---------- | C:\Windows\System32\GroupPolicy
[30/06/2016 15:55:47] - |D| - [0] - C:\Windows\System32\GroupPolicy\User
---------- | Systemroot\System
[13/07/2009 19:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL)
[13/07/2009 19:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library)
[13/07/2009 17:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries)
[13/07/2009 17:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module)
[13/07/2009 16:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library)
[13/07/2009 19:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI)
[13/07/2009 19:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer)
[13/07/2009 19:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio)
[13/07/2009 17:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia)
[13/07/2009 17:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module)
[13/07/2009 17:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module)
[10/06/2009 17:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL)
[13/07/2009 16:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library)
[13/07/2009 17:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library)
[13/07/2009 17:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library)
[13/07/2009 17:41:23] - |A| - [1744] - C:\Windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module)
[13/07/2009 18:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library)
[13/07/2009 17:41:21] - |A| - [3360] - C:\Windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component)
[13/07/2009 17:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles)
[13/07/2009 16:29:46] - |A| - [9008] - C:\Windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries)
[13/07/2009 17:41:26] - |A| - [2176] - C:\Windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module)
[13/07/2009 17:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver)
---------- | Systemroot\Installer (Microsoft Files Whitelisted)
[13/05/2017 13:36:05] - C:\Windows\Installer\11a3f37b.msi : (eM Client - eM Client Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/05/2015 14:23:16] - C:\Windows\Installer\178720f.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/09/2016 12:21:44] - C:\Windows\Installer\19ae0f09.msi : (OpenOffice 4.1.3 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/07/2016 22:19:14] - C:\Windows\Installer\1c9d2e.msi : (Intel(R) Wireless Bluetooth(R) - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/09/2016 12:01:33] - C:\Windows\Installer\1e561dab.msi : (Looks for updates for your computer's software and drivers to improve performance. - Slimware Utilities Holdings, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2014 15:04:56] - C:\Windows\Installer\1ebc2c9f.msi : (Intel(R) Network Connections - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 04:42:22] - C:\Windows\Installer\1f3b9bd.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/04/2012 01:06:44] - C:\Windows\Installer\223b8e.msi : (WIDCOMM Bluetooth Profile Pack - Broadcom Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/05/2017 18:26:15] - C:\Windows\Installer\29f5d9f0.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/04/2017 13:09:46] - C:\Windows\Installer\2f1ac96.msi : (Google Toolbar for Internet Explorer - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 14:41:40] - C:\Windows\Installer\c3688c.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/11/2016 16:09:45] - C:\Windows\Installer\f249c6.msi : (Blank Project Template - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
---------- | %System%\*.in*
[14/07/2009 00:42:29] - [73] - C:\Windows\System32\desktop.ini
[29/06/2016 16:51:31] - [16303] - C:\Windows\System32\ieuinit.inf
[14/07/2009 00:42:26] - [535] - C:\Windows\System32\mapisvc.inf
[20/11/2010 17:01:02] - [781298] - C:\Windows\System32\PerfStringBackup.INI
[10/06/2009 17:39:59] - [60124] - C:\Windows\System32\tcpmon.ini
---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan
[MD5.7B5EC1DD6A8EC1FBD8DFEA1C696BF5A6] - |N| - [27/04/2017 14:51:59] - (.-.) - [0.81 Ko] - (0.0.0.0) - C:\Windows\PSS\Bluetooth.lnk.CommonStartup
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |N| - [15/06/2017 03:24:30] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\atchksrv.log
[MD5.EA1798F1AFDE24A6BC55CCDE109A8B00] - |A| - [18/06/2017 01:00:03] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\Temp\coinlog.log
[MD5.AFDE21CF9C259B26905286EC0B265278] - |A| - [18/06/2017 16:42:21] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\fwtsqmfile00.sqm
[MD5.00000000000000000000000000000000] - |D| - [21/06/2017 11:12:19] - [1.75 Ko] - C:\Windows\Temp\HP
[MD5.00B890E52C56F40CB4BC58D2B403FA72] - |A| - [19/06/2017 03:24:01] - (.-.) - [12.58 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log
[MD5.3DB0BF3AAB7CAE6CB0C670388E280447] - |A| - [20/06/2017 02:47:37] - (.-.) - [10.52 Ko] - (0.0.0.0) - C:\Windows\Temp\MpSigStub.log
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [0 Ko] - C:\Windows\System32\0409
[MD5.1F6967C2EAC39FA5A2335A4635E95904] - |AH| - [14/07/2009 00:34:15] - (.-.) - [21.19 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.1F6967C2EAC39FA5A2335A4635E95904] - |AH| - [14/07/2009 00:34:15] - (.-.) - [21.19 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.8AAD333C876590293F72B315E162BCC7] - |A| - [13/07/2009 17:40:41] - (.-.) - [8.82 Ko] - (0.0.0.0) - C:\Windows\System32\ANSI.SYS
[MD5.D753EEE17725526A67ACDDAA5D63EF68] - |A| - [13/07/2009 17:40:49] - (.-.) - [12.21 Ko] - (0.0.0.0) - C:\Windows\System32\append.exe
[MD5.00000000000000000000000000000000] - |D| - [27/02/2017 14:24:53] - [0 Ko] - C:\Windows\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [03/07/2016 03:49:28] - [9293.73 Ko] - C:\Windows\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [201.5 Ko] - C:\Windows\System32\ar-SA
[MD5.30475F091008E24550523515A023270D] - |A| - [13/07/2009 22:04:04] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\autoexec.nt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [173 Ko] - C:\Windows\System32\bg-BG
[MD5.84BDB1E378591D930482B896A1648C53] - |A| - [10/06/2009 17:42:54] - (.-.) - [27.75 Ko] - (0.0.0.0) - C:\Windows\System32\bios1.rom
[MD5.B44C4C9CA9D4BCC8430F3276576F562B] - |A| - [13/07/2009 17:30:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\bios4.rom
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [1043.2 Ko] - C:\Windows\System32\Boot
[MD5.278EE111CB021686C7BDB45C12EAC6E2] - |A| - [13/07/2009 20:59:14] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [17 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll
[MD5.D1E5E5826ECB8F87BDB0CF9E28B48465] - |A| - [13/07/2009 19:51:43] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [72 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |HD| - [28/01/2017 15:13:43] - [824.17 Ko] - C:\Windows\System32\CanonIJ Uninstaller Information
[MD5.40DF43CA1A8752CAA135E27DCC6645B3] - |A| - [13/07/2009 19:41:26] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [48336.13 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [20696.59 Ko] - C:\Windows\System32\catroot2
[MD5.6F6C16E5D711E35FABE3FCD8C49E7A69] - |A| - [05/07/2016 14:17:02] - (.-.) - [75.75 Ko] - (0.0.0.0) - C:\Windows\System32\CNC1762D.TBL
[MD5.E564016FA6663C04A97D754F522632EE] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - WIA Scanner Driver.) - [260.5 Ko] - (20.0.0.4) - C:\Windows\System32\CNC_B8C.dll
[MD5.90CF774CA09A5BF87854B63110D543FD] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - WIA Scanner Driver Image Enhancement dll.) - [94.5 Ko] - (20.0.0.4) - C:\Windows\System32\CNC_B8I.dll
[MD5.86802456CB4AD11942447D1112242CA0] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - LLD.) - [312.5 Ko] - (1.0.0.0) - C:\Windows\System32\CNC_B8L.dll
[MD5.D16CF34B17899F90A8FCF2A3F77B4A27] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [15.5 Ko] - (1.4.1.1) - C:\Windows\System32\CNHMCA.dll
[MD5.35096FFA4D72432B6795E310A991D757] - |A| - [05/07/2016 14:17:54] - (.Copyright CANON INC. 2000-2012 All Rights Reserved - IJ Language Monitor.) - [307.5 Ko] - (0.3.0.1) - C:\Windows\System32\CNMLMB8.DLL
[MD5.C37A74199944B29D736DFE59974A3A34] - |A| - [28/01/2017 15:13:38] - (.Copyright CANON INC. 2007-2012 All Rights Reserved - IJ Language Monitor.) - [309 Ko] - (0.3.0.1) - C:\Windows\System32\CNMXLMB8.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [5222.8 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [302.5 Ko] - C:\Windows\System32\com
[MD5.BA597F9A4BB90F038266CE1A3C3BE3FB] - |A| - [13/07/2009 17:40:48] - (.-.) - [49.46 Ko] - (0.0.0.0) - C:\Windows\System32\COMMAND.COM
[MD5.00000000000000000000000000000000] - |SD| - [03/07/2016 03:49:29] - [3421.69 Ko] - C:\Windows\System32\CompatTel
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [301373.17 Ko] - C:\Windows\System32\config
[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - |A| - [13/07/2009 22:04:04] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\Windows\System32\config.nt
[MD5.0FE9F16075C9ACB941C957B7C649176E] - |A| - [13/07/2009 17:40:44] - (.-.) - [26.46 Ko] - (0.0.0.0) - C:\Windows\System32\country.sys
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [432 Ko] - C:\Windows\System32\cs-CZ
[MD5.4B2E28731AC72530E58ED1F1EB0A93A1] - |A| - [01/08/2016 14:11:40] - (.Copyright 2011 - CSVer.) - [52 Ko] - (9.4.0.1027) - C:\Windows\System32\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [427.5 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [457.5 Ko] - C:\Windows\System32\de-DE
[MD5.C17AFA0AAD78C621F818DD6729572C48] - |A| - [13/07/2009 17:40:52] - (.-.) - [20.15 Ko] - (0.0.0.0) - C:\Windows\System32\debug.exe
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 00:42:29] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [4135 Ko] - C:\Windows\System32\Dism
[MD5.03783D0840B2C54D7665248425C74417] - |A| - [20/11/2010 17:29:20] - (.-.) - [52.34 Ko] - (0.0.0.0) - C:\Windows\System32\dosx.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [53103.08 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [1029066.4 Ko] - C:\Windows\System32\DriverStore
[MD5.F61E145D8A9AF7CDAB47CD810DE7DC56] - |A| - [01/08/2016 14:12:31] - (.-.) - [2.65 Ko] - (0.0.0.0) - C:\Windows\System32\e1e6232.din
[MD5.F6E368E10B600836DD349FF937B183A2] - |A| - [10/06/2009 17:42:32] - (.-.) - [68.25 Ko] - (0.0.0.0) - C:\Windows\System32\edit.com
[MD5.8AA8DCC96FA0492E3B5D415537FAB8FE] - |A| - [10/06/2009 17:42:32] - (.-.) - [10.54 Ko] - (0.0.0.0) - C:\Windows\System32\EDIT.HLP
[MD5.B7A0AA49CBB604B2C3A42A49C36D8A4F] - |A| - [13/07/2009 17:40:50] - (.-.) - [12.35 Ko] - (0.0.0.0) - C:\Windows\System32\edlin.exe
[MD5.52E91EAC2F3175B1A5B0150382B6D771] - |A| - [13/07/2009 16:31:17] - (.-.) - [124.23 Ko] - (0.0.0.0) - C:\Windows\System32\ega.cpi
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [457 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [1804 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [36267.52 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [448 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [160.5 Ko] - C:\Windows\System32\et-EE
[MD5.683626544E81387771ED55E1A0F2047B] - |A| - [13/07/2009 17:40:51] - (.-.) - [8.23 Ko] - (0.0.0.0) - C:\Windows\System32\exe2bin.exe
[MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 17:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\fastopen.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [430 Ko] - C:\Windows\System32\fi-FI
[MD5.EDEE92852DD95FC89C067FB117D83730] - |A| - [14/07/2009 00:33:53] - (.-.) - [283.45 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [454 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 17:19:05] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.D22208AEEE3F2DA495592D0E434A0145] - |A| - [03/07/2016 12:22:54] - (.-.) - [64.23 Ko] - (0.0.0.0) - C:\Windows\System32\GDIPFONTCACHEV1.DAT
[MD5.6E4E7884E6489AC4F5E6DAB176A73E52] - |A| - [13/07/2009 17:41:01] - (.-.) - [19.23 Ko] - (0.0.0.0) - C:\Windows\System32\GRAPHICS.COM
[MD5.BC33AA625D6B807F718627386DF78426] - |A| - [10/06/2009 17:42:32] - (.-.) - [20.73 Ko] - (0.0.0.0) - C:\Windows\System32\graphics.pro
[MD5.00000000000000000000000000000000] - |HD| - [13/07/2009 22:37:08] - [0 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - |A| - [13/07/2009 17:40:40] - (.-.) - [4.66 Ko] - (0.0.0.0) - C:\Windows\System32\HIMEM.SYS
[MD5.4B2BDDFB7C44498E9FF47C8F65918867] - |A| - [23/09/2009 19:27:44] - (.Copyright (C) 2009 - Intel® Graphics Media Accelerator Driver Coinstaller.) - [152 Ko] - (1.1.17.0) - C:\Windows\System32\igfxCoIn_v1930.dll
[MD5.99AF886F548DFA1AEC9868A8BF0F74FC] - |A| - [23/09/2009 18:45:12] - (.-.) - [1876.24 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa32.cpa
[MD5.7FEF5563D091D8A44B96DD4EBE0350AA] - |A| - [23/09/2009 18:45:12] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa32.vp
[MD5.A16E966DEBE65033E703CA9514753E11] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc32.vp
[MD5.251D22DE1DF611739E4D0C7BAB2E80D6] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg32.vp
[MD5.CB4DCAF11675F52D39035BCEE14ABA77] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo32.vp
[MD5.68B4E32B9D5AAC08DF18C288676E9B82] - |A| - [23/09/2009 19:45:20] - (.-.) - [38.52 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs32.vp
[MD5.1B24EC543ADEA0AFB520B4F104134CBB] - |A| - [02/07/2016 03:24:36] - (.Copyright © 2009 - Intel® Graphics Media Accelerator Driver installer.) - [978.52 Ko] - (1.1.33.0) - C:\Windows\System32\igxpun.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [34097.44 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.C24A7C74FE4219F9940FC77AB548FB34] - |A| - [20/11/2010 17:18:30] - (.-.) - [29.09 Ko] - (0.0.0.0) - C:\Windows\System32\InstallPackage_ETW.Log
[MD5.4D7E256377A5E934EA1820B2CEA79131] - |A| - [13/07/2009 17:40:59] - (.-.) - [14.37 Ko] - (0.0.0.0) - C:\Windows\System32\KB16.COM
[MD5.492090267B9608C62B956CD29BE3AFB7] - |A| - [13/07/2009 17:40:43] - (.-.) - [41.81 Ko] - (0.0.0.0) - C:\Windows\System32\KEY01.SYS
[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - |A| - [13/07/2009 17:40:43] - (.-.) - [41.54 Ko] - (0.0.0.0) - C:\Windows\System32\KEYBOARD.SYS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [360 Ko] - C:\Windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [13/07/2009 22:05:05] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [23/07/2012 19:52:49] - [108 Ko] - C:\Windows\System32\Lang
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/01/2017 12:16:53] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\last.dump
[MD5.536460507B20AE0F03D7BEE8111028CF] - |A| - [13/07/2009 17:40:57] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\LOADFIX.COM
[MD5.E89C001FB4D9E08CC7072CE774CDB999] - |A| - [20/11/2010 16:58:07] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\System32\LocalGroupAdminAdd.log
[MD5.9EB325EC6E6DC9418A391C852F96B623] - |A| - [20/11/2010 16:58:08] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\System32\Local_LLU.log
[MD5.CB630C50170F16E21D12A572E6F39ED0] - |A| - [23/07/2012 19:53:34] - (.-.) - [0.42 Ko] - (0.0.0.0) - C:\Windows\System32\log(27).txt
[MD5.C2F920849BA625DF37E9738393F76C8A] - |A| - [23/07/2012 19:53:34] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\log.txt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [2636.96 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [165 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [166 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [04/07/2016 15:23:51] - [22205.11 Ko] - C:\Windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 16:22:04] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [2029.01 Ko] - C:\Windows\System32\manifeststore
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 00:42:26] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\System32\mapisvc.inf
[MD5.4C7271F0C6F45C80453B7374F232B651] - |A| - [27/04/2016 18:41:38] - (.Copyright 2016 Motorola Solutions, Inc. - Bluetooth Low Energy SDK Implementation Dll.) - [317.98 Ko] - (19.0.1603.630) - C:\Windows\System32\mbtleapi.dll
[MD5.390762963E6B4C861E5E0CA5A3E56E40] - |A| - [13/07/2009 17:40:56] - (.-.) - [38.35 Ko] - (0.0.0.0) - C:\Windows\System32\mem.exe
[MD5.331854AA634AF7755185B97BF3494C43] - |A| - [23/07/2012 19:53:32] - (.Copyright © 2009 - Intel® Active Management Technology Device Software installer.) - [986.52 Ko] - (1.1.19.9) - C:\Windows\System32\mesoludlg.exe
[MD5.DB0D176B243020E189AE852C36A7D888] - |A| - [05/09/2016 14:16:30] - (.Copyright© 1995-2016 McAfee, Inc. - McAfee Process Validation Service.) - [310.52 Ko] - (15.5.0.4350) - C:\Windows\System32\mfevtps(26).exe
[MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 00:34:06] - [1109.78 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [3563.43 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [32737.45 Ko] - C:\Windows\System32\migwiz
[MD5.A311363F3C887D8C3A524A51B7F20D69] - |A| - [14/07/2009 00:42:29] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [03/07/2016 03:09:41] - [0 Ko] - C:\Windows\System32\MRT
[MD5.52C7505D68C3CE8496EC8DC17D8FF75A] - |A| - [13/07/2009 17:41:05] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\mscdexnt.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [4148.28 Ko] - C:\Windows\System32\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [11.33 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [422.5 Ko] - C:\Windows\System32\nb-NO
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 18:10:48] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [68 Ko] - C:\Windows\System32\NetworkList
[MD5.8E24A7BCAEF2045DA1FF29217622843E] - |A| - [20/11/2010 16:58:08] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\Network_LLU.log
[MD5.5E835121A3899CFA37E285E0CA2B4E7D] - |A| - [13/07/2009 17:40:57] - (.-.) - [6.89 Ko] - (0.0.0.0) - C:\Windows\System32\nlsfunc.exe
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [13/07/2009 22:05:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor
[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - |A| - [13/07/2009 17:40:23] - (.-.) - [27.21 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS.SYS
[MD5.CF9ED169FF86D935E47999E82359E898] - |A| - [13/07/2009 17:40:31] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS404.SYS
[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - |A| - [13/07/2009 17:40:35] - (.-.) - [28.68 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS411.SYS
[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - |A| - [13/07/2009 17:40:39] - (.-.) - [28.59 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS412.SYS
[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - |A| - [13/07/2009 17:40:27] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS804.SYS
[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - |A| - [13/07/2009 17:40:11] - (.-.) - [33.16 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO.SYS
[MD5.A98EBD4C2DF983665BF2D1AF49949974] - |A| - [13/07/2009 17:40:15] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO404.SYS
[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - |A| - [13/07/2009 17:40:17] - (.-.) - [34.94 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO411.SYS
[MD5.3E64D681B776CC57BDC38A46D881F85B] - |A| - [13/07/2009 17:40:19] - (.-.) - [34.7 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO412.SYS
[MD5.D86B6435729231C171432B4E77801BDB] - |A| - [13/07/2009 17:40:13] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO804.SYS
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 16:30:24] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [12211.77 Ko] - C:\Windows\System32\oobe
[MD5.B32FAB18A3E32F0F03B251798593FC0E] - |A| - [13/07/2009 22:05:48] - (.-.) - [118.68 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 17:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [13/07/2009 22:05:48] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.0F5D7A06EB1EB97640D4941908580CC2] - |A| - [13/07/2009 22:05:48] - (.-.) - [646.15 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.6C4420226BA6F3206E19024D237B3DCF] - |A| - [20/11/2010 17:01:02] - (.-.) - [762.99 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [439 Ko] - C:\Windows\System32\pl-PL
[MD5.64669AB349067A8A521F96ACF5B527CA] - |A| - [14/06/2017 07:49:43] - (.Copyright (C) 2001 - PrintBrm Application.) - [64.5 Ko] - (1.0.0.0) - C:\Windows\System32\PrintBrmUi.exe
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:48] - [413.88 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.BBB40CA86B88918864D16CFAC9D4ABA4] - |A| - [13/07/2009 17:41:04] - (.-.) - [2.78 Ko] - (0.0.0.0) - C:\Windows\System32\redir.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.1682110FF204D2185C5B8024C6A891E2] - |A| - [02/07/2016 15:56:45] - (.-.) - [32.06 Ko] - (0.0.0.0) - C:\Windows\System32\rnd_chunk.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [169 Ko] - C:\Windows\System32\ro-RO
[MD5.BB01B19CA1FB76C65F900B0CB47007F1] - |A| - [23/07/2012 19:50:11] - (.-.) - [19.7 Ko] - (0.0.0.0) - C:\Windows\System32\rpkdriverinst.log
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [434 Ko] - C:\Windows\System32\ru-RU
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [20/11/2010 17:29:06] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.7753FC56F9CAC4B5AFDA3196DB654F21] - |A| - [31/08/2016 14:54:34] - (.Copyright © 2004-2010 MAPILab Ltd. & Add-in Express Ltd. - Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard.) - [141.27 Ko] - (3.0.0.0) - C:\Windows\System32\secman.dll
[MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - |A| - [01/08/2016 14:15:28] - (.-.) - [1.86 Ko] - (0.0.0.0) - C:\Windows\System32\SetupBD.din
[MD5.AD7B906FC883959E56E210B2B077CA00] - |A| - [13/07/2009 17:40:54] - (.-.) - [11.48 Ko] - (0.0.0.0) - C:\Windows\System32\setver.exe
[MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 17:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\share.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [169.5 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [166 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [37.8 Ko] - C:\Windows\System32\slmgr
[MD5.7AF22B12467D4E3B3831E65E1D12179D] - |A| - [26/09/2016 12:42:46] - (.Copyright (C) Analog Devices, Inc. 2008 - SoundMAX coinstaller (32 bit).) - [33.5 Ko] - (7.0.1.1020) - C:\Windows\System32\SmaxCo.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [14978.02 Ko] - C:\Windows\System32\SMI
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 17:46:53] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [25835 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [123932.37 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [2168.98 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [30.19 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [170 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [426.5 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [274.53 Ko] - C:\Windows\System32\sysprep
[MD5.B8CBB46B42570D373C9933FBDF25EBCE] - |A| - [20/11/2010 17:29:24] - (.-.) - [143.41 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [316.63 Ko] - C:\Windows\System32\Tasks
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 17:39:59] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [157 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [424 Ko] - C:\Windows\System32\tr-TR
[MD5.579E54636405735FEB2BC37C1AE757FD] - |A| - [23/09/2009 19:30:50] - (.Copyright © 2006 - Intel(R) TVWizard.) - [8006.52 Ko] - (1.0.1.0) - C:\Windows\System32\TVWSetup.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [166.5 Ko] - C:\Windows\System32\uk-UA
[MD5.52BAA773D4A2CC3A7767598C21F532C8] - |A| - [14/07/2009 00:34:00] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl
[MD5.FDC9FB711442ADC6EDD34BE7F27F16CD] - |A| - [14/07/2009 00:34:00] - (.-.) - [45 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl
[MD5.86491AD7BC0964089CD4E703E65D45DB] - |A| - [13/07/2009 17:30:26] - (.-.) - [18.39 Ko] - (0.0.0.0) - C:\Windows\System32\v7vga.rom
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [13/07/2009 22:04:56] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\System32\vfpodbc.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [43664 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:48] - [60.46 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [13672.26 Ko] - C:\Windows\System32\wdi
[MD5.BDDF10F9D8E179323BC1B49603809EB0] - |A| - [13/07/2009 17:38:33] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [144 Ko] - C:\Windows\System32\wfp
[MD5.C980C971AD4FF3CA5CEFDEF40932D3A1] - |A| - [13/07/2009 16:29:46] - (.-.) - [13 Ko] - (0.0.0.0) - C:\Windows\System32\win87em.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [71 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [8620.44 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [95272 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [99.06 Ko] - C:\Windows\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [02/07/2016 03:24:36] - [0 Ko] - C:\Windows\System32\x64
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [336.5 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [258.5 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [337 Ko] - C:\Windows\System32\zh-TW
---------- | Shell Folders
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
"AppData"=C:\Users\hilton\AppData\Roaming [29/06/2016 16:31:01]
"Local AppData"=C:\Users\hilton\AppData\Local [29/06/2016 16:31:01]
"My Video"=C:\Users\hilton\Videos [29/06/2016 16:31:01]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Libraries [29/06/2016 16:31:01]
"My Pictures"=C:\Users\hilton\Pictures [29/06/2016 16:31:01]
"Desktop"=C:\Users\hilton\Desktop [29/06/2016 16:31:01]
"History"=C:\Users\hilton\AppData\Local\Microsoft\Windows\History [29/06/2016 16:31:01]
"NetHood"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Network Shortcuts [29/06/2016 16:31:01]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\hilton\Contacts [29/06/2016 16:31:01]
"Cookies"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Cookies [29/06/2016 16:31:01]
"Favorites"=C:\Users\hilton\Favorites [29/06/2016 16:31:01]
"SendTo"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\SendTo [29/06/2016 16:31:01]
"Start Menu"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu [29/06/2016 16:31:01]
"My Music"=C:\Users\hilton\Music [29/06/2016 16:31:01]
"Programs"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [29/06/2016 16:31:01]
"Recent"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Recent [29/06/2016 16:31:01]
"CD Burning"=C:\Users\hilton\AppData\Local\Microsoft\Windows\Burn\Burn [29/06/2016 16:31:01]
"PrintHood"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [29/06/2016 16:31:01]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\hilton\Searches [29/06/2016 16:31:01]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\hilton\Downloads [29/06/2016 16:31:01]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\hilton\AppData\LocalLow [29/06/2016 16:31:01]
"Startup"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [29/06/2016 16:31:01]
"Administrative Tools"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/06/2016 16:31:01]
"Personal"=C:\Users\hilton\Documents [29/06/2016 16:31:01]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\hilton\Links [29/06/2016 16:31:01]
"Cache"=C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files [29/06/2016 16:31:01]
"Templates"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Templates [29/06/2016 16:31:01]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\hilton\Saved Games [29/06/2016 16:31:01]
"Fonts"=C:\Windows\Fonts [13/07/2009 22:37:06]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files
"Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies
"Desktop"=%USERPROFILE%\Desktop
"Favorites"=%USERPROFILE%\Favorites
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History
"Local AppData"=%USERPROFILE%\AppData\Local
"My Music"=%USERPROFILE%\Music
"My Pictures"=%USERPROFILE%\Pictures
"My Video"=%USERPROFILE%\Videos
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
"Personal"=%USERPROFILE%\Documents
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop [13/07/2009 22:37:05]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [13/07/2009 22:37:05]
"CommonVideo"=C:\Users\Public\Videos [13/07/2009 22:37:05]
"CommonPictures"=C:\Users\Public\Pictures [13/07/2009 22:37:05]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [13/07/2009 22:37:05]
"CommonMusic"=C:\Users\Public\Music [13/07/2009 22:37:05]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 00:52:30]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [13/07/2009 22:37:05]
"Common Documents"=C:\Users\Public\Documents [13/07/2009 22:37:05]
"OEM Links"=C:\ProgramData\OEM Links
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [13/07/2009 22:37:05]
"Common AppData"=C:\ProgramData [13/07/2009 22:37:05]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"CommonPictures"=%PUBLIC%\Pictures
"CommonMusic"=%PUBLIC%\Music
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common AppData"=%ProgramData%
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates
---------- | [hilton]
[29/06/2016 16:31:01] - |D| - [15398058094] - C:\Users\hilton\AppData\Local
[29/06/2016 16:31:01] - |D| - [31307038] - C:\Users\hilton\AppData\LocalLow
[29/06/2016 16:31:01] - |D| - [509038698] - C:\Users\hilton\AppData\Roaming
[06/12/2016 18:45:00] - |D| - [393978732] - C:\Users\hilton\AppData\Local\76f7c66
[04/07/2016 15:23:24] - |D| - [32867125] - C:\Users\hilton\AppData\Local\Adobe
[05/07/2016 14:36:57] - |D| - [504441122] - C:\Users\hilton\AppData\Local\Amazon Music
[29/06/2016 16:31:07] - |SHD| - [14104107186] - C:\Users\hilton\AppData\Local\Application Data
[25/12/2016 17:06:55] - |D| - [7796256] - C:\Users\hilton\AppData\Local\Apps
[21/12/2016 15:03:54] - |D| - [24576] - C:\Users\hilton\AppData\Local\AVAST Software
[27/02/2017 15:10:05] - |D| - [0] - C:\Users\hilton\AppData\Local\Broadcom
[13/07/2016 12:30:23] - |D| - [443696] - C:\Users\hilton\AppData\Local\CEF
[13/06/2017 10:22:59] - |D| - [97152] - C:\Users\hilton\AppData\Local\Citrix
[16/08/2016 11:51:20] - |D| - [0] - C:\Users\hilton\AppData\Local\CrashDumps
[26/09/2016 12:01:51] - |D| - [23] - C:\Users\hilton\AppData\Local\CrashRpt
[25/12/2016 17:06:55] - |D| - [0] - C:\Users\hilton\AppData\Local\Deployment
[27/07/2016 14:28:02] - |D| - [63650] - C:\Users\hilton\AppData\Local\Diagnostics
[03/07/2016 13:23:38] - |D| - [0] - C:\Users\hilton\AppData\Local\ElevatedDiagnostics
[29/06/2016 16:40:17] - |A| - [65776] - C:\Users\hilton\AppData\Local\GDIPFONTCACHEV1.DAT
[25/12/2016 17:07:13] - |D| - [90290087] - C:\Users\hilton\AppData\Local\Google
[13/06/2017 10:23:01] - |D| - [3215880] - C:\Users\hilton\AppData\Local\GoToAssist Remote Support Customer
[03/07/2016 12:23:08] - |D| - [71] - C:\Users\hilton\AppData\Local\GWX
[29/06/2016 16:31:07] - |SHD| - [290] - C:\Users\hilton\AppData\Local\History
[20/03/2017 16:22:50] - |AH| - [1981961] - C:\Users\hilton\AppData\Local\IconCache.db
[05/09/2016 13:57:00] - |D| - [0] - C:\Users\hilton\AppData\Local\LogMeIn Rescue Applet
[05/09/2016 14:21:27] - |D| - [50] - C:\Users\hilton\AppData\Local\McAfee File Lock
[29/06/2016 16:31:01] - |D| - [161535166] - C:\Users\hilton\AppData\Local\Microsoft
[21/08/2016 14:27:13] - |D| - [163171] - C:\Users\hilton\AppData\Local\Microsoft Games
[30/12/2016 13:38:42] - |D| - [63536174] - C:\Users\hilton\AppData\Local\Mozilla
[12/08/2016 12:28:34] - |D| - [0] - C:\Users\hilton\AppData\Local\Packages
[02/07/2016 15:54:33] - |D| - [3587] - C:\Users\hilton\AppData\Local\PC_Drivers_Headquarters
[02/07/2016 15:09:05] - |D| - [0] - C:\Users\hilton\AppData\Local\Programs
[30/06/2016 18:39:31] - |D| - [170075] - C:\Users\hilton\AppData\Local\Stardock
[29/06/2016 16:31:01] - |D| - [474742] - C:\Users\hilton\AppData\Local\Temp
[29/06/2016 16:31:07] - |SHD| - [32736903] - C:\Users\hilton\AppData\Local\Temporary Internet Files
[29/06/2016 16:31:12] - |D| - [64643] - C:\Users\hilton\AppData\Local\VirtualStore
[02/07/2016 15:23:29] - |D| - [12097747] - C:\Users\hilton\AppData\LocalLow\Adblock Plus for IE
[13/07/2016 12:30:11] - |D| - [1878729] - C:\Users\hilton\AppData\LocalLow\Adobe
[29/06/2016 16:31:01] - |SD| - [16802178] - C:\Users\hilton\AppData\LocalLow\Microsoft
[30/12/2016 13:39:34] - |D| - [0] - C:\Users\hilton\AppData\LocalLow\Mozilla
[21/05/2017 14:31:56] - |D| - [528384] - C:\Users\hilton\AppData\LocalLow\PlayReady
[12/08/2016 12:34:18] - |A| - [0] - C:\Users\hilton\AppData\LocalLow\rightsCheck_1.txt
[29/06/2016 18:33:19] - |D| - [0] - C:\Users\hilton\AppData\LocalLow\Siber Systems
[29/06/2016 17:49:33] - |D| - [3106044] - C:\Users\hilton\AppData\Roaming\Adobe
[28/01/2017 15:24:36] - |D| - [675] - C:\Users\hilton\AppData\Roaming\Canon
[12/08/2016 12:28:34] - |D| - [690709] - C:\Users\hilton\AppData\Roaming\Dashlane
[03/02/2017 13:54:40] - |D| - [9032354] - C:\Users\hilton\AppData\Roaming\eM Client
[29/06/2016 16:31:01] - |D| - [0] - C:\Users\hilton\AppData\Roaming\Identities
[29/06/2016 16:31:01] - |D| - [0] - C:\Users\hilton\AppData\Roaming\InstallShield
[12/03/2017 14:18:29] - |D| - [122534078] - C:\Users\hilton\AppData\Roaming\Kodi
[04/07/2016 15:27:35] - |D| - [506] - C:\Users\hilton\AppData\Roaming\Macromedia
[05/09/2016 14:04:06] - |D| - [9383] - C:\Users\hilton\AppData\Roaming\McAfee
[29/06/2016 16:31:01] - |SD| - [1316639] - C:\Users\hilton\AppData\Roaming\Microsoft
[30/12/2016 13:38:42] - |D| - [60874351] - C:\Users\hilton\AppData\Roaming\Mozilla
[04/07/2016 15:13:28] - |D| - [52328952] - C:\Users\hilton\AppData\Roaming\OpenOffice
[10/04/2017 14:22:06] - |D| - [19908] - C:\Users\hilton\AppData\Roaming\Remo
[10/04/2017 14:21:57] - |D| - [0] - C:\Users\hilton\AppData\Roaming\Remo Speed Optimizer2.0
[01/07/2016 13:11:33] - |D| - [23054386] - C:\Users\hilton\AppData\Roaming\RoboForm
[31/08/2016 14:54:34] - |D| - [153955] - C:\Users\hilton\AppData\Roaming\Samsung
[30/06/2016 18:39:30] - |D| - [11529847] - C:\Users\hilton\AppData\Roaming\Stardock
[14/06/2017 13:23:25] - |D| - [224386911] - C:\Users\hilton\AppData\Roaming\TotalAV
[29/06/2016 16:31:01] - |ASH| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[29/06/2016 16:31:01] - |RD| - [24167] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[29/06/2016 16:31:01] - |RD| - [14360] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[29/06/2016 16:31:01] - |RD| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[05/07/2016 14:37:02] - |D| - [3422] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
[07/02/2017 16:29:05] - |D| - [0] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[29/06/2016 16:31:01] - |ASH| - [338] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[29/06/2016 16:33:48] - |A| - [1420] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[13/03/2017 15:54:19] - |D| - [3699] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
[29/06/2016 16:31:01] - |RD| - [580] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[29/06/2016 16:31:01] - |RD| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[29/06/2016 16:31:01] - |ASH| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
---------- | [hilton75]
[12/04/2017 10:14:10] - |D| - [0] - C:\Users\hilton75\AppData\Local
[12/04/2017 10:14:10] - |D| - [0] - C:\Users\hilton75\AppData\Roaming
[12/04/2017 10:14:10] - |D| - [0] - C:\Users\hilton75\AppData\Roaming\Microsoft
---------- | [PCPitstopSVC]
[02/07/2016 15:44:57] - |D| - [530795442] - C:\Users\PCPitstopSVC\AppData\Local
[02/07/2016 15:44:57] - |D| - [152130] - C:\Users\PCPitstopSVC\AppData\LocalLow
[02/07/2016 15:44:57] - |D| - [986725] - C:\Users\PCPitstopSVC\AppData\Roaming
[02/07/2016 15:44:59] - |SHD| - [486624710] - C:\Users\PCPitstopSVC\AppData\Local\Application Data
[02/07/2016 15:44:59] - |SHD| - [16674] - C:\Users\PCPitstopSVC\AppData\Local\History
[02/07/2016 15:44:58] - |AH| - [913134] - C:\Users\PCPitstopSVC\AppData\Local\IconCache.db
[02/07/2016 15:44:57] - |D| - [37154249] - C:\Users\PCPitstopSVC\AppData\Local\Microsoft
[02/07/2016 15:44:57] - |D| - [6086608] - C:\Users\PCPitstopSVC\AppData\Local\Temp
[02/07/2016 15:44:59] - |SHD| - [67] - C:\Users\PCPitstopSVC\AppData\Local\Temporary Internet Files
[02/07/2016 15:44:57] - |SD| - [152130] - C:\Users\PCPitstopSVC\AppData\LocalLow\Microsoft
[02/07/2016 15:44:57] - |D| - [0] - C:\Users\PCPitstopSVC\AppData\Roaming\Identities
[02/07/2016 15:44:57] - |D| - [0] - C:\Users\PCPitstopSVC\AppData\Roaming\InstallShield
[02/07/2016 15:44:57] - |SD| - [986725] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft
[02/07/2016 15:44:58] - |ASH| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[02/07/2016 15:44:57] - |RD| - [17306] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[02/07/2016 15:44:57] - |RD| - [14621] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[02/07/2016 15:44:57] - |RD| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[02/07/2016 15:44:57] - |ASH| - [338] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[02/07/2016 15:44:57] - |A| - [1419] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[02/07/2016 15:44:57] - |RD| - [580] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[02/07/2016 15:44:57] - |RD| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[02/07/2016 15:44:57] - |ASH| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
---------- | [Public]
---------- | [TEMP]
[12/04/2017 15:17:52] - |D| - [2047468] - C:\Users\TEMP\AppData\Roaming
[12/04/2017 15:18:43] - |D| - [2047468] - C:\Users\TEMP\AppData\Roaming\AVAST Software
---------- | [TEMP.hilton-PC]
[16/04/2017 11:47:35] - |D| - [0] - C:\Users\TEMP.hilton-PC\AppData\LocalLow
[16/04/2017 11:47:35] - |D| - [0] - C:\Users\TEMP.hilton-PC\AppData\LocalLow\Microsoft
---------- | C:\ProgramData
[13/07/2016 12:28:24] - |D| - [275321641] - C:\ProgramData\Adobe
[14/07/2009 00:53:55] - |SHD| - [25811609025] - C:\ProgramData\Application Data
[18/12/2016 22:19:18] - |D| - [7917582] - C:\ProgramData\AVAST Software
[05/07/2016 14:18:24] - |HD| - [38904009] - C:\ProgramData\CanonBJ
[28/01/2017 15:19:08] - |D| - [86797] - C:\ProgramData\CanonIJWSpt
[01/08/2016 14:10:46] - |D| - [1007684] - C:\ProgramData\Dell
[14/07/2009 00:53:55] - |SHD| - [11489] - C:\ProgramData\Desktop
[14/07/2009 00:53:55] - |SHD| - [49526545] - C:\ProgramData\Documents
[02/07/2016 15:54:32] - |D| - [1159758] - C:\ProgramData\Driver Support
[14/07/2009 00:53:55] - |SHD| - [0] - C:\ProgramData\Favorites
[26/04/2017 13:09:43] - |D| - [12722] - C:\ProgramData\Google
[21/06/2017 15:04:26] - |D| - [90775128] - C:\ProgramData\Malwarebytes
[13/07/2009 22:37:05] - |SD| - [2275975843] - C:\ProgramData\Microsoft
[16/05/2017 17:01:29] - |D| - [26756] - C:\ProgramData\Norton
[16/05/2017 17:01:26] - |D| - [212754418] - C:\ProgramData\NortonInstaller
[15/07/2016 13:39:48] - |RASH| - [8] - C:\ProgramData\ntuser.pol
[01/08/2016 21:31:34] - |D| - [16788843] - C:\ProgramData\Package Cache
[12/04/2017 15:18:10] - |D| - [1882] - C:\ProgramData\PC Drivers HeadQuarters
[02/07/2016 15:09:31] - |D| - [8639857] - C:\ProgramData\PCPitstop
[29/06/2016 18:33:19] - |D| - [232] - C:\ProgramData\RoboForm
[31/08/2016 14:12:17] - |D| - [0] - C:\ProgramData\Samsung
[16/04/2017 14:46:08] - |D| - [267130] - C:\ProgramData\SecuritySuite
[30/06/2016 18:39:31] - |D| - [34129554] - C:\ProgramData\Stardock
[14/07/2009 00:53:55] - |SHD| - [133331] - C:\ProgramData\Start Menu
[14/07/2009 00:53:55] - |SHD| - [31386] - C:\ProgramData\Templates
---------- | C:\ProgramData\Microsoft\Windows\Start Menu
[14/07/2009 00:46:35] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009 00:37:43] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[13/07/2009 22:37:05] - |RD| - [130341] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009 00:37:43] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[13/07/2009 22:37:05] - |RD| - [39894] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[13/07/2016 12:29:09] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[14/07/2009 00:52:30] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[28/01/2017 15:13:43] - |D| - [2500] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series
[28/01/2017 15:19:12] - |D| - [1998] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[02/07/2016 15:47:29] - |D| - [1072] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[14/07/2009 00:41:57] - |ASH| - [1278] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[03/02/2017 13:54:02] - |A| - [931] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
[14/07/2009 00:52:30] - |RD| - [6112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[25/12/2016 17:07:56] - |A| - [2148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[13/07/2009 22:37:05] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[21/06/2017 15:04:36] - |D| - [4114] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[23/07/2012 19:48:29] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[09/07/2016 17:12:10] - |D| - [2230] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[30/12/2016 13:38:30] - |A| - [1124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[20/01/2017 14:40:40] - |SD| - [6980] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
[12/08/2016 15:03:24] - |D| - [16069] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[14/07/2009 00:42:29] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[25/12/2016 13:38:04] - |D| - [4006] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[13/07/2009 22:37:05] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[14/07/2009 00:42:30] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[23/07/2012 19:48:25] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009 00:42:24] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[14/07/2009 00:46:36] - |A| - [1515] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[12/02/2017 15:09:57] - |A| - [2419] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[14/07/2009 00:42:30] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[14/07/2009 00:41:57] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
---------- | C:\Program Files
[13/07/2016 12:28:51] - |D| - [258643317] - C:\Program Files\Adobe
[23/07/2012 19:53:54] - |D| - [2116142] - C:\Program Files\Analog Devices
[28/01/2017 15:19:05] - |D| - [20206791] - C:\Program Files\Canon
[28/01/2017 15:13:35] - |HD| - [7533306] - C:\Program Files\CanonBJ
[02/07/2016 15:47:27] - |D| - [11482648] - C:\Program Files\CCleaner
[13/06/2017 10:23:10] - |D| - [0] - C:\Program Files\Citrix
[13/07/2009 22:37:05] - |D| - [100874169] - C:\Program Files\Common Files
[12/08/2016 12:28:34] - |D| - [0] - C:\Program Files\Dashlane
[14/07/2009 00:41:57] - |ASH| - [174] - C:\Program Files\desktop.ini
[02/07/2016 15:53:39] - |D| - [14156416] - C:\Program Files\Driver Support
[14/07/2009 00:52:30] - |D| - [83215892] - C:\Program Files\DVD Maker
[03/02/2017 13:52:54] - |D| - [162885944] - C:\Program Files\eM Client
[25/12/2016 17:07:20] - |D| - [374386233] - C:\Program Files\Google
[23/07/2012 19:53:54] - |HD| - [5204191] - C:\Program Files\InstallShield Installation Information
[23/07/2012 19:52:49] - |D| - [48783890] - C:\Program Files\Intel
[13/07/2009 22:37:05] - |D| - [26525216] - C:\Program Files\Internet Explorer
[13/03/2017 15:53:54] - |D| - [162290054] - C:\Program Files\Kodi
[21/06/2017 15:04:26] - |D| - [117050436] - C:\Program Files\Malwarebytes
[05/09/2016 14:03:52] - |D| - [3247555] - C:\Program Files\McAfee
[21/08/2016 14:25:24] - |D| - [147758130] - C:\Program Files\Microsoft Games
[09/07/2016 17:12:08] - |D| - [42892246] - C:\Program Files\Microsoft Silverlight
[02/07/2016 03:18:15] - |D| - [23935] - C:\Program Files\Microsoft.NET
[30/12/2016 13:38:18] - |D| - [292871598] - C:\Program Files\Mozilla Firefox
[30/12/2016 13:38:27] - |D| - [295258] - C:\Program Files\Mozilla Maintenance Service
[14/07/2009 00:52:30] - |D| - [25757] - C:\Program Files\MSBuild
[16/05/2017 17:01:30] - |D| - [2953936] - C:\Program Files\Norton Security
[16/05/2017 17:01:26] - |D| - [31640314] - C:\Program Files\NortonInstaller
[04/07/2016 15:01:22] - |D| - [330965881] - C:\Program Files\OpenOffice 4
[02/07/2016 15:09:30] - |D| - [190335] - C:\Program Files\PCPitstop
[14/07/2009 00:52:30] - |D| - [36945665] - C:\Program Files\Reference Assemblies
[31/08/2016 14:14:22] - |D| - [44561908] - C:\Program Files\SAMSUNG
[29/06/2016 18:32:48] - |D| - [59324750] - C:\Program Files\Siber Systems
[26/09/2016 12:01:44] - |D| - [3903822] - C:\Program Files\SlimWare Utilities
[30/06/2016 18:39:24] - |D| - [55899509] - C:\Program Files\Stardock
[26/09/2016 12:37:12] - |D| - [6086] - C:\Program Files\Synaptics
[14/07/2009 00:53:23] - |HD| - [0] - C:\Program Files\Uninstall Information
[27/02/2017 15:03:25] - |D| - [211341881] - C:\Program Files\WIDCOMM
[14/07/2009 00:52:30] - |D| - [3027456] - C:\Program Files\Windows Defender
[13/07/2009 22:37:05] - |D| - [6115840] - C:\Program Files\Windows Mail
[14/07/2009 00:52:30] - |D| - [6582018] - C:\Program Files\Windows Media Player
[13/07/2009 22:37:05] - |D| - [12061876] - C:\Program Files\Windows NT
[14/07/2009 00:52:30] - |D| - [4394248] - C:\Program Files\Windows Photo Viewer
[14/07/2009 00:52:30] - |D| - [189952] - C:\Program Files\Windows Portable Devices
[14/07/2009 00:52:30] - |D| - [6679420] - C:\Program Files\Windows Sidebar
---------- | C:\Program Files\Common Files
[13/07/2016 12:28:51] - |D| - [8929545] - C:\Program Files\Common Files\Adobe
[18/12/2016 22:21:00] - |D| - [0] - C:\Program Files\Common Files\AV
[05/09/2016 14:16:24] - |D| - [0] - C:\Program Files\Common Files\McAfee
[13/07/2009 22:37:05] - |D| - [40559121] - C:\Program Files\Common Files\microsoft shared
[23/07/2012 19:53:33] - |D| - [83063] - C:\Program Files\Common Files\postureAgent
[13/07/2009 22:37:05] - |D| - [2702] - C:\Program Files\Common Files\Services
[13/07/2009 22:37:05] - |D| - [41103783] - C:\Program Files\Common Files\SpeechEngines
[13/07/2009 22:37:05] - |D| - [10195955] - C:\Program Files\Common Files\System
---------- | Tasks
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 00:53:47] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.B8A7DC0AB7B56BD5295DDAFA7FF7041E] - [14/07/2009 00:53:46] - |A| - [14124] - C:\Windows\Tasks\SCHEDLGU(29).TXT
[MD5.F492DED3415678124D007D3BE4F53AC4] - [14/07/2009 00:53:46] - |A| - [32576] - C:\Windows\Tasks\SCHEDLGU.TXT
[MD5.0796CECF341D585B2E5CE14A7FE561D6] - [13/07/2016 12:29:37] - |A| - [4464] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.277C2B9AFE026B4D87142FDE67ABD683] - [04/07/2016 15:23:55] - |A| - [4312] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.DA39E94DFDA4EC471084FF2166930D35] - [02/07/2016 15:47:30] - |A| - [2794] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.35D0AA971E47D54E0673B0559AD9B5AF] - [02/07/2016 15:54:42] - |A| - [3298] - C:\Windows\System32\Tasks\Driver Support : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.D4C3D0F45A4A08A7E7E1E8D1437F959E] - [02/07/2016 15:54:41] - |A| - [3732] - C:\Windows\System32\Tasks\Driver Support-RTMRules : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.846A373169DB8E1D85FE26CBC8DF1517] - [02/07/2016 15:54:41] - |A| - [3618] - C:\Windows\System32\Tasks\Driver Support-RTMScan : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.3C5CA2588ECAF36FB11D58CB78DB9E4A] - [02/07/2016 15:54:41] - |A| - [3738] - C:\Windows\System32\Tasks\Driver Support-RTMUpdater : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.00000000000000000000000000000000] - [21/08/2016 14:17:11] - |D| - [4734] - C:\Windows\System32\Tasks\Games
[MD5.AD933303DF4F09B0134684684DCEF69B] - [25/12/2016 17:07:22] - |A| - [3190] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.6B2793EF7BF0BA8FB9FF6B950134B904] - [25/12/2016 17:07:23] - |A| - [3318] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [13/07/2009 22:37:09] - |D| - [271888] - C:\Windows\System32\Tasks\Microsoft
[MD5.3AF2843643976BBCA15DB415A74C5F4B] - [29/06/2016 18:48:35] - |A| - [4118] - C:\Windows\System32\Tasks\Open URL by RoboForm : C:\Windows\system32\rundll32.exe
[MD5.4DA2089E0B5952BB09FA0723DE53DD5D] - [29/06/2016 18:48:34] - |A| - [3572] - C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 00:54:35] - |D| - [4480] - C:\Windows\System32\Tasks\WPD
[MD5.26EE183A3F9D5E2D4D88CF81864C4A7A] - [16/04/2017 12:03:38] - |A| - [2968] - C:\Windows\System32\Tasks\{AAE1FE94-9FE5-456A-85C2-E40455319DB4} : C:\Program Files\AVAST Software\Avast\avastui.exe
---------- | Firewall
[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"{0DC8D093-6A4A-46DF-81F7-51A31BA38190}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2002|
"TCP Query User{AC689693-B971-449C-8EA9-AC51E5D70F9C}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\hilton\appdata\local\amazon music\amazon music helper.exe|Name=amazon music helper.exe|Desc=amazon music helper.exe|Defer=User|
"UDP Query User{25F20FE1-CB5D-4B09-9160-3C9094A6B8A8}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\hilton\appdata\local\amazon music\amazon music helper.exe|Name=amazon music helper.exe|Desc=amazon music helper.exe|Defer=User|
"{EAD2EC74-0D35-4D3D-900E-D48B9AB5AE26}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)|
"{E8207517-F4F1-4084-AD6C-988A4CDC999F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)|
"{4DD19BC0-8D56-41F2-BBA6-E1F63020D218}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{0D547D58-43B9-4B3F-90C2-C69E6800A5E3}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{3A500436-332F-43FF-B443-030332BD69A8}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LA4=127.0.0.1|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4002|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14002|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{EFC4B274-0D29-420D-BDBC-8C5FF0388D4A}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{6C178907-0A86-4A63-8767-E451EAB8901B}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{7B9C5F97-734A-489B-BE89-18424F78C403}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|
---------- | Control\Class
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{34446E8E-37B4-4B16-9DA6-BEA2DB33465A}] : (BluetoothAuxiliary) [] -> @oem91.inf,%BluetoothAuxiliary.NAME%;Bluetooth Auxiliary
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{502EB68B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{54505F9E-EE66-4F1D-A63B-B853A1759385}] : (SymNetS) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{56EBD688-B772-4181-9610-8633FCEE988D}] : (SymIRON) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7E0006EA-81A8-4780-B0C8-474E2DBF4D63}] : (IDSVix86) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A58D9A86-E5DE-4643-A697-AD5B7AFB810E}] : (IDSVix86) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C30ECEA0-11EF-4EF9-B02E-6AF81E6E65C0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C777C165-D422-426D-8EBF-6EAF3FB83ADF}] : (aswNetSec) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C7C038AD-1F2D-44D4-B2FE-D912BE20E6D5}] : (BluetoothVirtual) [] -> @oem7.inf,%BluetoothVirtualName%;Bluetooth Virtual Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
---------- | Loaded modules (whitelist)
[13/07/2009 19:45:33] - (6.1.7600.16385) - (Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM)) - C:\Windows\system32\DRIVERS\serial.sys
[26/09/2016 12:36:34] - (19.0.9.4) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
[26/09/2016 12:42:46] - (6.10.1.7280) - (Analog Devices, Inc. - High Definition Audio Function Driver) - C:\Windows\system32\drivers\ADIHdAud.sys
---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service
R0 - [Kernel Driver] - ACPI (Microsoft ACPI Driver) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (IDE Channel) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Disk Driver) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (PCI Bus Driver) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pciide () -> system32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Microsoft Virtual Drive Enumerator Driver) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Volume Manager Driver) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Storage volumes) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (CD-ROM Driver) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) -> system32\DRIVERS\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Serial (Serial port driver) -> system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Terminal Device Driver) -> system32\DRIVERS\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\system32\drivers\MBAMChameleon.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Parvdm () -> system32\DRIVERS\parvdm.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)
---------- | Uninstall
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\58d94f3ce2c27db0] : (Dell System Detect.-.Dell) -> "C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MPE\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\Uninstaller.exe" uninstall
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Amazon Amazon Music] : (Amazon Music.-.Amazon Services LLC) -> C:\Users\hilton\AppData\Local\Amazon Music\Uninstall.exe
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Kodi] : (Kodi.-.XBMC-Foundation) -> C:\Program Files\Kodi\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] : (Adobe Flash Player 26 ActiveX.-.Adobe Systems Incorporated) -> C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_126_ActiveX.exe -maintain activex
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AI RoboForm] : (RoboForm 8-3-7-7 (All Users).-.Siber Systems) -> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CanonQuickMenu] : (Canon Quick Menu.-.Canon Inc.) -> "C:\Program Files\Canon\Quick Menu\uninst.exe" /UninstallRemove C:\Program Files\Canon\Quick Menu\uninst.ini
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files\Google\Chrome\Application\58.0.3029.110\Installer\setup.exe" --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HDMI] : (Intel(R) Graphics Media Accelerator Driver.-.Intel Corporation) -> C:\Windows\system32\igxpun.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HECI] : (Intel(R) Management Engine Interface.-.Intel Corporation) -> C:\Windows\system32\heciudlg.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MESOL] : (Intel® Active Management Technology.-.Intel Corporation) -> C:\Windows\system32\mesoludlg.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 52.0 (x86 en-US)] : (Mozilla Firefox 52.0 (x86 en-US).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PROSetDX] : (Intel(R) Network Connections 19.5.303.0.-.Intel) -> MsiExec.exe /i{D8A3D01E-BCBB-491B-856F-61E3B8563E32} ARPREMOVE=1
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Stardock Fences 3] : (Stardock Fences 3.-.Stardock Software, Inc.) -> "C:\Program Files\Stardock\Fences\uninstall.exe" "/U:C:\Program Files\Stardock\Fences\Uninstall\uninstall.xml"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Stardock ObjectDock] : (Stardock ObjectDock.-.Stardock Software, Inc.) -> "C:\Program Files\Stardock\ObjectDock\uninstall.exe" "/U:C:\Program Files\Stardock\ObjectDock\Uninstall\uninstall.xml"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series] : (Canon MG3200 series MP Drivers.-.Canon Inc.) -> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series\DELDRV.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series /L0x0009
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] : (Google Toolbar for Internet Explorer.-.Google Inc.) -> MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{224024F1-88C6-4E06-9AF6-39FF47347338}] : (eM Client.-.eM Client Inc.) -> MsiExec.exe /X{224024F1-88C6-4E06-9AF6-39FF47347338}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] : (Google Toolbar for Internet Explorer.-.Google Inc.) -> "C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_8B0481A9A34D47CD.exe" /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{302600C1-6BDF-4FD1-1603-148929CC1385}] : (Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590).-.Intel Corporation) ->
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{34BF287B-24D9-4CFC-94A6-B1F4A92EC55D}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{34BF287B-24D9-4CFC-94A6-B1F4A92EC55D}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.1.2.1733.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}] : (Intel(R) Chipset Device Software.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}\SetupChipset.exe" /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}] : (WIDCOMM Bluetooth Software.-.Broadcom Corporation) -> MsiExec.exe /X{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824225037}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824225037}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}] : (Samsung USB Driver for Mobile Phones.-.Samsung Electronics Co., Ltd.) -> C:\Program Files\Samsung\USB Drivers\Uninstall.exe
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D8A3D01E-BCBB-491B-856F-61E3B8563E32}] : (Intel(R) Network Connections 19.5.303.0.-.Intel) -> MsiExec.exe /i{D8A3D01E-BCBB-491B-856F-61E3B8563E32} ARPREMOVE=1
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}] : (OpenOffice 4.1.3.-.Apache Software Foundation) -> MsiExec.exe /I{EEA30AEB-8BA7-465B-85D4-098BB99733E7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}] : (SoundMAX.-.Analog Devices) -> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
---------- | Ports
---------- | Installer
[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0] : Google Toolbar for Internet Explorer
[HKCR\Installer\Products\1C006203FDB61DF46130419892CC3158] : Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590) -> C:\Windows\Installer\{302600C1-6BDF-4FD1-1603-148929CC1385}\IntelBluetoothICO
[HKCR\Installer\Products\1F4204226C8860E4A96F93FF74433783] : eM Client -> C:\Windows\Installer\{224024F1-88C6-4E06-9AF6-39FF47347338}\MailClientIcon.exe
[HKCR\Installer\Products\245938095D5836842ABBE6F4FC9A27B6] :
[HKCR\Installer\Products\26FCC409D8185764CB673DE73B999F71] : Windows Mobile Device Center -> C:\Windows\Installer\{904CCF62-818D-4675-BC76-D37EB399F917}\wmdc.exe
[HKCR\Installer\Products\52E4407E830367A4094643A40C8340E3] : Windows Mobile Device Center Driver Update -> C:\Windows\Installer\{E7044E25-3038-4A76-9064-344AC038043E}\WindowsMobileDeviceCenter.ico
[HKCR\Installer\Products\68AB67CA408033019195008142220573] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824225037}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA73301B744CAF070E41400] : Adobe Acrobat Reader DC -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\AE08842601676B744B6A04DD38BDA14B] :
[HKCR\Installer\Products\B25CB27B8A56BB449AD45E9C1B6D446B] : DriverUpdate -> C:\Windows\Installer\{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6}\Icon.exe
[HKCR\Installer\Products\B782FB439D42CFC4496A1B4F9AE25CD5] : Intel(R) Chipset Device Software
[HKCR\Installer\Products\BEA03AEE7AB8B564584D90B89B79337E] : OpenOffice 4.1.3 -> C:\Windows\Installer\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}\soffice.ico
[HKCR\Installer\Products\E10D3A8DBBCBB19458F6163E8B65E323] : -> C:\Windows\Installer\{D8A3D01E-BCBB-491B-856F-61E3B8563E32}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F4D9341A64DF2F741A3DEF0E792CA990] : WIDCOMM Bluetooth Software -> C:\Windows\Installer\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F85AF62A6DA0C9F41A43EFC2BFE2EA79] :
---------- | ADS
---------- | Drives
Disk: 0 Size=19.1T
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 27-UNKNWN 3.1G Yes No 2,048 6,348,800
1 1 07-NTFS 19.0T No No 6,350,848 900,676,096
---------- | MBR
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: OptiPlex 755
Logical Drives Mask: 0x0000000c
Analysis of file "C:\QuickDiag\MBR.bin":
Windows 7 MBR code detected
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_HUA722020ALA331 rev.JKAOA3NH -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x82C44105] -> \Device\Harddisk0\DR0[0x863675F8]
3 CLASSPNP[0x8BDA659E] -> ntkrnlpa!IofCallDriver[0x82C44105] -> \Device\Ide\IdeDeviceP2T0L0-2[0x85EB6030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
---------- | 20 LastEventLog
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------
The program iexplore.exe version 11.0.9600.18698 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1374
Start Time: 01d2ec430c56d251
Termination Time: 0
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
------------
LMS Service lost connection to HECI driver
------------
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------
LMS Service lost connection to HECI driver
------------
LMS Service lost connection to HECI driver
------------
LMS Service lost connection to HECI driver
------------
LMS Service lost connection to HECI driver
------------
LMS Service lost connection to HECI driver
------------
LMS Service lost connection to HECI driver
------------
LMS Service lost connection to HECI driver
------------
LMS Service lost connection to HECI driver
------------
taskhost (2672) WebCacheLocal: Database recovery/restore failed with unexpected error -501.
------------
taskhost (2672) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\hilton\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 653 (0x0000028D). This logfile has been damaged and is unusable.
------------
taskhost (2672) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\hilton\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 653 (0x0000028D). This logfile has been damaged and is unusable.
------------
taskhost (2672) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\hilton\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 653 (0x0000028D). This logfile has been damaged and is unusable.
------------
LMS Service lost connection to HECI driver
------------
LMS Service lost connection to HECI driver
------------
----------( EOF)---------- - 2649 | 14:38:29
