• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Suspected Matrix Ransomware. Need help in removing it.

Status
Not open for further replies.
#41
Shrey Aryan said:
or is there something that would confirm that the malware has left my computer?
Click to expand...


Should be gone, but lets double check to make sure...


Make sure and update the programs as suggested.

WinRAR 5.10 (64-bit) v.5.10.0 Warning! Download Update
Picasa 3 v.3.9.141.259 Warning! This software is no longer supported.
Skype™ 7.30 v.7.30.105 Warning! Download Update
Java 8 Update 25 (64-bit) v.8.0.250 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-x64.exe).
Adobe Shockwave Player 12.0 v.12.0.4.144 Warning! Download Update
Google Chrome v.57.0.2987.98 Warning! Download Update
Mozilla Firefox (3.5.7) v.3.5.7 (en-US) Warning! Download Update


Quick Diag Scan.


Download Quick Diag to your desktop.
Very Important Disable your Antivirus/Antispyware prior to scanning. Make sure program is on your desktop.
Right Click Run as Administrator.
Select the Quick Scan.
upload_2017-2-23_9-27-51-png.1654


Post the log that is generated in your next post.
 
#42
--------------- QuickDiag | g3n-h@ckm@n | V3_31.01.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 20/03/2017 16:00:52

Updated 31/01/2017 | 13.00 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi
[183-k (Administrator)] - [HP] (S-1-5-21-1605944295-1278072363-3366277582-1005)

System: Microsoft Windows 8.1 Single Language - - (6.3.9600) - BuildType: Multiprocessor Free - OSLanguage: 1033 (4009)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 8.1 Single Language|C:\Windows|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: HP Pavilion 15 Notebook PC - Hewlett-Packard - IdNumber: 5CD42147XD - UUID: 34444335-3132-3734-5844-A02BB859A5C2
Processor : X64 - 1896 Mhz - Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
F.02 - en|US|iso8859-1 - Insyde - S/N: 5CD42147XD - F.02 - HPQOEM - 1
CoreTemp : 51 Celsius

----------| Quick


---------- | SoundDevice

Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0290&SUBSYS_103C227E&REV_1000\4&34C4037&0&0001

---------- | Video

Intel(R) HD Graphics Family - Resolution: 1366x768 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igdumdim32,igd10iumd32,igd10iumd32 - PNPDeviceID: PCI\VEN_8086&DEV_0A16&SUBSYS_227E103C&REV_0B\3&11583659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 2144415744
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics Family - DriverVersion: 10.18.10.3496 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25312 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82432 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 52736 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 41880 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26624 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35664 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34088 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37888 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 15872 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:20 %
CPU #2 value:20 %
CPU #3 value:8 %
CPU #4 value:14 %
Total Overall CPU Usage value:16 %

---------- | Network

Realtek PCIe FE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
Broadcom BCM43142 802.11 bgn Wi-Fi Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:16 bytes/sec, / RECEIVE Maximum:0 bytes/sec

Broadcom BCM43142 802.11 bgn Wi-Fi Adapter - Ethernet 802.3 - Broadcom - Status: - PnPID : PCI\VEN_14E4&DEV_4365&SUBSYS_2230103C&REV_01\4&1477ABB7&0&00E2
Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek PCIe FE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_227E103C&REV_08\4&4E04B57&0&00E3
Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&3006D1A2&0&01
Microsoft Hosted Network Virtual Adapter - - - Status: - PnPID :
Kaspersky Security Data Escort Adapter - Ethernet 802.3 - Kaspersky Security Data Escort Provider - Status: - PnPID : ROOT\NET\0000
BlackBerry Virtual Private Network - Ethernet 802.3 - Research In Motion - Status: - PnPID : ROOT\NET\0001
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT
WAN Miniport (IP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH

---------- | Memory

RAM = Total (MB) : 4123 | Free (MB) : 1756
Pagefile = Total (MB) : 7662 | Free (MB) : 4655
Virtual = Total (MB) : 4194 | Free (MB) : 3972

Physical Memory 0 : Capacity: 4294967296 - Bottom-Slot 1(left) - Posit.: 1 - Manufacturer: A-DATA Technology - PartNumber: AM1L16BC4R1-B1PS - S/N: 000005E7

---------- | SID Users

183-k : [S-1-5-21-1605944295-1278072363-3366277582-1005]
Administrator : [S-1-5-21-1605944295-1278072363-3366277582-500]
Guest : [S-1-5-21-1605944295-1278072363-3366277582-501]
HomeGroupUser$ : [S-1-5-21-1605944295-1278072363-3366277582-1003]
HP-PC : [S-1-5-21-1605944295-1278072363-3366277582-1001]
shrey : [S-1-5-21-1605944295-1278072363-3366277582-1004]
Administrators : [S-1-5-32-544]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Remote Management Users : [S-1-5-32-580]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-1605944295-1278072363-3366277582-1002]
WinRMRemoteWMIUsers__ : [S-1-5-21-1605944295-1278072363-3366277582-1000]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [Windows] | Total : 455.69 Go | Free : 335.96 Go -> NTFS [SATA]
D:\ -> [Fixed] | [RECOVERY] | Total : 20.21 Go | Free : 2 Go -> NTFS [SATA]
F:\ -> [Fixed] | [New Volume] | Total : 454.59 Go | Free : 452.6 Go -> NTFS [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:, F:, D:] : Read:0 bytes/sec, Written:886,466 bytes/sec Max Read:0 bytes/sec, Max Write:886,466 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:886,466 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 5 Part. - PnPID : SCSI\DISK&VEN_HGST&PROD_HTS541010A9E6800\4&762C4CC&0&000000

---------- | Windows updates

Last detection : 2017-03-19 23:34:44
Downloaded last ones : 2017-03-19 09:08:07
Installed last ones : 2017-03-17 05:26:28
Next search : 2017-03-20 18:36:12

Windows Is Activated

---------- | Browsers

IE : 11.0.9600.18124 (© Microsoft Corporation.)
FF : 1.9.1.3642 (©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.)
GC : 57.0.2987.98 (Copyright 2016 Google Inc.)

Default : "C:\Program Files\Internet Explorer\iexplore.exe" %1

---------- | FlashPlayer

FlashPlayer ActiveX : 25.0.0.127

---------- | Security

AV : Malwarebytes Disabled
AS : Windows Defender Disabled
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

492 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (6.3.9600.17031) = C:\Windows\System32\smss.exe [18/03/2014 15:24:39] CPU Usage:0 %
728 | [Owner : | Parent : 664() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.3.9600.18577) = C:\Windows\System32\wininit.exe [16/03/2017 00:28:53] CPU Usage:0 %
800 | [Owner : | Parent : 740() | ?????] - (.Microsoft Corporation - Windows Logon Application.) - (6.3.9600.18188) = C:\Windows\System32\winlogon.exe [27/03/2016 10:18:13] CPU Usage:0 %
840 | [Owner : | Parent : 728(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (6.3.9600.17793) = C:\Windows\System32\services.exe [17/05/2015 14:58:03] CPU Usage:0 %
848 | [Owner : | Parent : 728(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.3.9600.17415) = C:\Windows\System32\lsass.exe [07/03/2015 17:35:17] CPU Usage:0 %
928 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
972 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
376 | [Owner : | Parent : 840(services.exe) | ?????] - (.Softex Inc. - HP SimplePass Service.) - (8.0.1.11) = C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [29/03/2014 02:09:10] CPU Usage:0 %
760 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
888 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1004 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1068 | [Owner : | Parent : 840(services.exe) | ?????] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.3496) = C:\Windows\System32\igfxCUIService.exe [18/03/2014 22:59:30] CPU Usage:0 %
1096 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1224 | [Owner : | Parent : 840(services.exe) | ?????] - (.Hewlett-Packard Company - HpService.) - (6.0.5.1) = C:\Windows\System32\hpservice.exe [23/07/2013 22:58:56] CPU Usage:0 %
1272 | [Owner : | Parent : 840(services.exe) | ?????] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.55) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [13/05/2014 08:53:53] CPU Usage:0 %
1292 | [Owner : | Parent : 1272(RtkAudioService64.exe) | ?????] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.192) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [13/05/2014 08:53:49] CPU Usage:0 %
1300 | [Owner : | Parent : 1272(RtkAudioService64.exe) | ?????] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.192) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [13/05/2014 08:53:49] CPU Usage:0 %
1400 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1432 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1516 | [Owner : | Parent : 1096(svchost.exe) | ?????] - (.Microsoft Corporation - Windows Wireless LAN 802.11 Extensibility Framework.) - (6.3.9600.17415) = C:\Windows\System32\wlanext.exe [07/03/2015 17:26:50] CPU Usage:0 %
1524 | [Owner : | Parent : 1516(wlanext.exe) | ?????] - (.Microsoft Corporation - Console Window Host.) - (6.3.9600.17415) = C:\Windows\System32\conhost.exe [07/03/2015 17:29:57] CPU Usage:0 %
1652 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.3.9600.17415) = C:\Windows\System32\spoolsv.exe [07/03/2015 17:25:26] CPU Usage:0 %
1752 | [Owner : | Parent : 840(services.exe) | ?????] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.1354) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [19/12/2016 22:38:14] CPU Usage:0 %
1768 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1920 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
1992 | [Owner : | Parent : 840(services.exe) | ?????] - (.Shanghai DS-Mobile Technology Co., Ltd. - Driver Service for EDGE MODEM Data Card.) - (0.2009.9.19) = C:\Program Files\Micromax 200G USB Modem\EdgeModem-DrvSrv.exe [30/07/2014 00:11:32] CPU Usage:0 %
2028 | [Owner : | Parent : 840(services.exe) | ?????] - (.- Everything.) - (1.3.4.686) = C:\Program Files\Everything\Everything.exe [19/03/2017 23:48:10] CPU Usage:0 %
940 | [Owner : | Parent : 840(services.exe) | ?????] - (.Hewlett-Packard Development Company, L.P. - HP WMI Service.) - (1.1.1.0) = C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [27/03/2014 04:05:26] CPU Usage:0 %
1740 | [Owner : | Parent : 840(services.exe) | ?????] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe [28/08/2013 03:02:14] CPU Usage:0 %
1792 | [Owner : | Parent : 840(services.exe) | ?????] - (.- ISCT Agent Application.) - (4.2.41.2710) = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [04/12/2013 21:14:08] CPU Usage:0 %
2100 | [Owner : | Parent : 840(services.exe) | ?????] - (.Apple Inc. - RIM MDNS Service.) - (3.0.0.17) = C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [19/03/2015 12:37:42] CPU Usage:0 %
2168 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
2184 | [Owner : | Parent : 840(services.exe) | ?????] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (18.1.5.2) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [13/03/2014 22:20:02] CPU Usage:0 %
2272 | [Owner : | Parent : 840(services.exe) | ?????] - (.Copyright 2017. - ZAM.) - (2.72.0.176) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [20/03/2017 00:10:48] CPU Usage:0 %
2556 | [Owner : | Parent : 840(services.exe) | ?????] - (.BlackBerry Limited - BlackBerry Link Communication Manager.) - (2.0.0.100) = C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [19/03/2015 12:37:46] CPU Usage:0 %
3956 | [Owner : | Parent : 840(services.exe) | ?????] - (.BlackBerry Limited - BlackBerry Device Manager.) - (4.2.0.52) = C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [31/10/2014 15:56:04] CPU Usage:0 %
1776 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
4932 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.7903) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [02/04/2014 15:20:06] CPU Usage:0 %
4952 | [Owner : HP-PC | Parent : 2184(SynTPEnhService.exe) | 13.66 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (18.1.5.2) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [13/03/2014 22:20:02] CPU Usage:0 %
5040 | [Owner : HP-PC | Parent : 888(svchost.exe) | 9.68 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.3.9600.17415) = C:\Windows\System32\taskhostex.exe [07/03/2015 17:32:26] CPU Usage:0 %
1908 | [Owner : HP-PC | Parent : 4176() | 9.24 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.3496) = C:\Windows\System32\igfxEM.exe [18/03/2014 22:59:32] CPU Usage:0 %
5056 | [Owner : HP-PC | Parent : 4176() | 6.53 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.3496) = C:\Windows\System32\igfxHK.exe [18/03/2014 22:59:32] CPU Usage:0 %
5172 | [Owner : HP-PC | Parent : 4176() | 8.92 Mo] - (.Intel Corporation - igfxTray Module.) - (6.15.10.3496) = C:\Windows\System32\igfxTray.exe [18/03/2014 22:59:34] CPU Usage:0 %
5404 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %
5452 | [Owner : HP-PC | Parent : 1804() | 2.79 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (18.1.5.2) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [13/03/2014 22:20:04] CPU Usage:0 %
5744 | [Owner : | Parent : 528() | ?????] - (.-.) - (0.0.0.0) = C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe [29/03/2014 02:06:30] CPU Usage:0 %
5852 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.9600.17787) = C:\Windows\System32\SearchIndexer.exe [13/06/2015 19:42:54] CPU Usage:0 %
1204 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 3.76 Mo] - (.Shanghai DS-Mobile Technology Co., Ltd. - AutoRun for EDGE MODEM Data Card.) - (0.2009.9.19) = C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe [30/07/2014 00:11:32] CPU Usage:0 %
828 | [Owner : HP-PC | Parent : 888(svchost.exe) | 0.72 Mo] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) - (2.2.0.31) = C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [02/11/2013 02:38:50] CPU Usage:0 %
6240 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 12.51 Mo] - (.RescueTime, Inc. - RescueTime.) - (2.12.5.1490) = C:\Users\HP-PC\AppData\Local\RescueTime\RescueTime.exe [28/01/2017 04:27:17] CPU Usage:0 %
6428 | [Owner : | Parent : 840(services.exe) | ?????] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) - (6.1.16.1) = C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [02/11/2013 02:38:52] CPU Usage:0 %
6712 | [Owner : HP-PC | Parent : 5816() | 1.64 Mo] - (.Hewlett-Packard Company - Hp Accelerometer System Tray.) - (6.0.18.1) = C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe [14/02/2014 04:36:06] CPU Usage:0 %
1888 | [Owner : | Parent : 840(services.exe) | ?????] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.5.2.18) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [13/01/2014 20:32:24] CPU Usage:0 %
6508 | [Owner : | Parent : 3948() | ?????] - (.Google Inc. - Google Installer.) - (1.3.32.7) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/03/2017 01:23:09] CPU Usage:0 %
5324 | [Owner : | Parent : 840(services.exe) | ?????] - (.Intel Corporation - IAStorDataSvc.) - (12.8.9.1000) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [08/11/2013 23:52:20] CPU Usage:0 %
4612 | [Owner : | Parent : 840(services.exe) | ?????] - (.Intel Corporation - Intel(R) ME Service.) - (9.5.10.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [13/05/2014 08:49:43] CPU Usage:0 %
4628 | [Owner : | Parent : 840(services.exe) | ?????] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (9.5.12.1682) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [13/05/2014 08:49:42] CPU Usage:0 %
1876 | [Owner : | Parent : 840(services.exe) | ?????] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.611) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [28/06/2016 01:54:28] CPU Usage:0 %
5132 | [Owner : | Parent : 840(services.exe) | ?????] - (.Intel Corporation - Intel(R) Local Management Service.) - (9.5.10.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [13/05/2014 08:48:36] CPU Usage:0 %
4824 | [Owner : HP-PC | Parent : 1876(ksde.exe) | 2.81 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.643) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe [28/06/2016 01:51:00] CPU Usage:0 %
5428 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.9600.17415) = C:\Program Files\Windows Media Player\wmpnetwk.exe [07/03/2015 17:23:02] CPU Usage:0 %
5608 | [Owner : | Parent : 760(svchost.exe) | ?????] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (6.3.9600.17415) = C:\Windows\System32\audiodg.exe [14/01/2015 21:36:46] CPU Usage:2 %
4940 | [Owner : HP-PC | Parent : 5752() | 162.98 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.98) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [14/03/2017 01:25:49] CPU Usage:0 %
4948 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 4.95 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.98) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [14/03/2017 01:25:49] CPU Usage:0 %
6724 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 5.87 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.98) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [14/03/2017 01:25:49] CPU Usage:0 %
6632 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 41.11 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.98) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [14/03/2017 01:25:49] CPU Usage:0 %
4276 | [Owner : HP-PC | Parent : 4940(chrome.exe) | 73.19 Mo] - (.Microsoft Corporation - Microsoft Office Word.) - (12.0.4518.1014) = C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [27/10/2006 15:23:04] CPU Usage:0 %
3028 | [Owner : HP-PC | Parent : 4276(WINWORD.EXE) | 7.9 Mo] - (.Microsoft Corporation - Print driver host for applications.) - (6.3.9600.17415) = C:\Windows\splwow64.exe [07/03/2015 17:34:48] CPU Usage:0 %
3216 | [Owner : HP-PC | Parent : 800(winlogon.exe) | 118.54 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.3.9600.18460) = C:\Windows\explorer.exe [12/10/2016 11:53:29] CPU Usage:0 %
3204 | [Owner : 183-k | Parent : 3216(explorer.exe) | 25.99 Mo] - (.SosVirus - QuickDiag.) - (31.1.17.1) = C:\Users\HP-PC\Downloads\quickdiag_3_31.01.17.1.exe [20/03/2017 15:57:01] CPU Usage:0 %
5528 | [Owner : | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe [07/03/2015 17:36:57] CPU Usage:0 %

---------- | MD5

[MD5.ED6B4C95E2A6D67480B9DBB8A8E7D9B4] - [12/10/2016 11:53:29] - (.© Microsoft Corporation. - Windows Explorer.) - [2690.92 Ko] - (6.3.9600.18460) : C:\Windows\Explorer.exe
[MD5.F5AE03DE0AD60F5B17B82F2CD68402FE] - [07/03/2015 17:29:57] - (.© Microsoft Corporation. - Windows Command Processor.) - [349 Ko] - (6.3.9600.17415) : C:\Windows\System32\cmd.exe
[MD5.B2D3F07F5E8A13AF988A8B3C0A800880] - [22/08/2013 18:55:40] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [16.72 Ko] - (6.3.9600.16384) : C:\Windows\System32\csrss.exe
[MD5.9361355721F51E3A25DF53702D10E9DE] - [07/03/2015 17:36:43] - (.© Microsoft Corporation. - COM Surrogate.) - [18.81 Ko] - (6.3.9600.17415) : C:\Windows\System32\dllhost.exe
[MD5.4F455778B6CDA2FD61D4F8B0A3E0543C] - [07/03/2015 17:30:31] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [1279.05 Ko] - (6.3.9600.17415) : C:\Windows\System32\Kernel32.dll
[MD5.382100E75B6F4668AEAEF228C6CEFFAD] - [07/03/2015 17:35:17] - (.© Microsoft Corporation. - Local Security Authority Process.) - [45.92 Ko] - (6.3.9600.17415) : C:\Windows\System32\lsass.exe
[MD5.7830CEA509693DE0817DF2F3F2D80E89] - [11/08/2016 11:40:51] - (.© Microsoft Corporation. - Distributed COM Services.) - [797 Ko] - (6.3.9600.18302) : C:\Windows\System32\rpcss.dll
[MD5.6C308D32AFA41D26CE2A0EA8F7B79565] - [07/03/2015 17:36:23] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [53.5 Ko] - (6.3.9600.17415) : C:\Windows\System32\rundll32.exe
[MD5.E0C7813A97CA7947FF5C18A8F3B61A45] - [17/05/2015 14:58:03] - (.© Microsoft Corporation. - Services and Controller app.) - [400.52 Ko] - (6.3.9600.17793) : C:\Windows\System32\services.exe
[MD5.E3A2AD05E24105B35E986CF9CB38EC47] - [07/03/2015 17:36:57] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [37.88 Ko] - (6.3.9600.17415) : C:\Windows\System32\svchost.exe
[MD5.421B695412FE0D5B0C0DB00C51EABA1B] - [14/12/2016 13:54:02] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1505.12 Ko] - (6.3.9600.18535) : C:\Windows\System32\user32.dll
[MD5.5C131534A3EA4A461A793FB507A8004F] - [07/03/2015 17:31:23] - (.© Microsoft Corporation. - Userinit Logon Application.) - [25.5 Ko] - (6.3.9600.17415) : C:\Windows\System32\userinit.exe
[MD5.D9516405E05F24EDCD90B1988FAF3948] - [16/03/2017 00:28:53] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [143.5 Ko] - (6.3.9600.18577) : C:\Windows\System32\Wininit.exe
[MD5.B1102BBDDD9C87B3D609D6C08F7A3DBD] - [27/03/2016 10:18:13] - (.© Microsoft Corporation. - Windows Logon Application.) - [557.5 Ko] - (6.3.9600.18188) : C:\Windows\System32\Winlogon.exe
[MD5.A460C3AF3755A2A79A3C8EFE72E147B5] - [15/11/2015 22:40:08] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [546.5 Ko] - (6.3.9600.18089) : C:\Windows\System32\Drivers\afd.sys
[MD5.74B14192CF79A72F7536B27CB8814FBD] - [22/08/2013 17:52:57] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [25.84 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\atapi.sys
[MD5.38E1F4E0148A24C65D215F14D57B0711] - [22/08/2013 17:52:57] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [194.84 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\ataport.sys
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - [22/08/2013 17:10:20] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [86.5 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - [22/08/2013 14:16:35] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [160.5 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.FBFF94FC1FE0699A6BC5ACE270AB9EA1] - [12/10/2016 12:47:05] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [135 Ko] - (6.3.9600.18469) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - [29/09/2014 22:03:12] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [75 Ko] - (6.3.9600.17238) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - [16/07/2015 17:10:23] - (.© Microsoft Corporation. - i8042 Port Driver.) - [106 Ko] - (6.3.9600.17480) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - [18/03/2014 15:24:55] - (.© Microsoft Corporation. - IP Network Address Translator.) - [139.5 Ko] - (6.3.9600.16477) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.708F7D4C1EDCC5891A5F63AA48277132] - [16/03/2017 00:28:56] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [392.5 Ko] - (6.3.9600.18581) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.97DC5967F65503213FD1F1B3E4A6F983] - [03/09/2015 16:27:50] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1087.84 Ko] - (6.3.9600.17931) : C:\Windows\System32\Drivers\ndis.sys
[MD5.9DC17B7D9D84C37C102D379FCC7D4942] - [15/06/2016 23:03:24] - (.© Microsoft Corporation. - MBT Transport driver.) - [274.5 Ko] - (6.3.9600.18340) : C:\Windows\System32\Drivers\netbt.sys
[MD5.9980B262DBE439AE6BDC91AA985F19EE] - [27/03/2016 10:20:11] - (.© Microsoft Corporation. - NT File System Driver.) - [1970.34 Ko] - (6.3.9600.18183) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.57DCE4FB0467986AE78E1C6FC5240D32] - [12/10/2016 12:47:01] - (.© Microsoft Corporation. - Parallel Port Driver.) - [94 Ko] - (6.3.9600.18437) : C:\Windows\System32\Drivers\parport.sys
[MD5.235624C147E3CB4C288D5D3D8E8D64A2] - [13/04/2016 11:54:24] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [110 Ko] - (6.3.9600.18226) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - [18/03/2014 15:07:57] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [191 Ko] - (6.3.9600.16384) : C:\Windows\System32\Drivers\rdpdr.sys
[MD5.2F10C145F517419E17203632FCDA0A13] - [14/12/2016 13:54:11] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2404.34 Ko] - (6.3.9600.18478) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.E0BD2D83875464FEEEB242CBA8B7E073] - [15/11/2015 22:40:08] - (.© Microsoft Corporation. - TDI Translation Driver.) - [105.5 Ko] - (6.3.9600.18089) : C:\Windows\System32\Drivers\tdx.sys
[MD5.17F7B0F2298D97F4B6C7A69511033D3D] - [21/05/2016 17:14:02] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [309.34 Ko] - (6.3.9600.18265) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)


---------- | Svchost.exe component call (Microsoft Files Whitelisted)


---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneNote 2007 Screen Clipper and Launcher - (OneNote 2007 Screen Clipper and Launcher.lnk [Startup]) - User: HP\HP-PC
RescueTime - (RescueTime.lnk [Startup]) - User: HP\HP-PC
RIMDeviceManager - (C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\...\Run]) - User: HP\HP-PC
ApowersoftScreenRecorder - (C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe /autoStart [HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\...\Run]) - User: HP\183-k
Skype - ("C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\...\Run]) - User: HP\183-k
CCleaner - ("C:\Program Files\CCleaner\CCleaner64.exe" /AUTO [HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\...\Run]) - User: HP\183-k
ISCTSystray - (C:\PROGRA~1\Intel\INTEL(~2\ISCTSY~1.EXE [Common Startup]) - User: Public
RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public
SimplePass - (C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui [HKLM\SOFTWARE\...\Run]) - User: Public
OPBHOBroker - (C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [HKLM\SOFTWARE\...\Run]) - User: Public
OPBHOBrokerDesktop - (C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [HKLM\SOFTWARE\...\Run]) - User: Public
SynTPEnh - (%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [HKLM\SOFTWARE\...\Run]) - User: Public
EdgeModem-AutoRun - (C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe -start [HKLM\SOFTWARE\...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public
Everything - ("C:\Program Files\Everything\Everything.exe" -startup [HKLM\SOFTWARE\...\Run]) - User: Public
ZAM - ("C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Command Processor]
"PathCompletionChar"=9
"EnableExtensions"=1
"CompletionChar"=9
"DefaultColor"=0

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"RIMDeviceManager"=C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"Google Update"=0x020000000000000000000000
"Skype"=0x020000000000000000000000
"RESTART_STICKY_NOTES"=0x020000000000000000000000
"Jing"=0x020000000000000000000000
"RIMDeviceManager"=0x020000000000000000000000
"AZ3Tq5k16l3MBynp"=0x020000000000000000000000
"GoogleChromeAutoLaunch_7F0416C691E452253BB89BC2BE6D7727"=0x020000000000000000000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=notepad\1
"MRUList"=jihabgfedc
"b"=cmd\1
"c"=winword\1
"d"=temp\1
"e"=%temp%\1
"f"=\\192.168.0.16\1
"g"=mstsc\1
"h"=ping 10.30.64.1 -t\1
"i"=devmgmt.msc\1
"j"=explorer.exe\1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
"AppData"=C:\Users\HP-PC\AppData\Roaming [28/07/2014 21:17:26]
"Local AppData"=C:\Users\HP-PC\AppData\Local [28/07/2014 21:17:26]
"My Video"=C:\Users\HP-PC\Videos [28/07/2014 21:17:26]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Libraries [28/07/2014 21:18:27]
"My Pictures"=C:\Users\HP-PC\Pictures [28/07/2014 21:17:26]
"Desktop"=C:\Users\HP-PC\Desktop [28/07/2014 21:17:26]
"History"=C:\Users\HP-PC\AppData\Local\Microsoft\Windows\History [28/07/2014 21:17:26]
"NetHood"=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts [28/07/2014 21:17:26]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\HP-PC\Contacts [28/07/2014 21:18:27]
"{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\HP-PC\AppData\Local\Microsoft\Windows\RoamingTiles [28/07/2014 21:18:01]
"Cookies"=C:\Users\HP-PC\AppData\Local\Microsoft\Windows\INetCookies [28/07/2014 21:17:26]
"Favorites"=C:\Users\HP-PC\Favorites [28/07/2014 21:17:26]
"SendTo"=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\SendTo [28/07/2014 21:17:26]
"Start Menu"=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu [28/07/2014 21:17:26]
"My Music"=C:\Users\HP-PC\Music [28/07/2014 21:17:26]
"Programs"=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [28/07/2014 21:17:26]
"Recent"=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Recent [28/07/2014 21:17:26]
"CD Burning"=C:\Users\HP-PC\AppData\Local\Microsoft\Windows\Burn\Burn [28/07/2014 21:18:40]
"PrintHood"=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [28/07/2014 21:17:26]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\HP-PC\Searches [28/07/2014 21:18:28]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\HP-PC\Downloads [28/07/2014 21:17:26]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\HP-PC\AppData\LocalLow [28/07/2014 21:17:57]
"Startup"=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [28/07/2014 21:18:28]
"Administrative Tools"=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [28/07/2014 21:18:28]
"Personal"=C:\Users\HP-PC\Documents [28/07/2014 21:17:26]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\HP-PC\Links [28/07/2014 21:17:26]
"Cache"=C:\Users\HP-PC\AppData\Local\Microsoft\Windows\INetCache [28/07/2014 21:17:26]
"Templates"=C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Templates [28/07/2014 21:17:26]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\HP-PC\Saved Games [28/07/2014 21:17:26]
"Fonts"=C:\Windows\Fonts [22/08/2013 19:06:15]

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Desktop"=%USERPROFILE%\Desktop
"Local AppData"=%USERPROFILE%\AppData\Local
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
"Personal"=%USERPROFILE%\Documents
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
"Favorites"=%USERPROFILE%\Favorites
"My Pictures"=%USERPROFILE%\Pictures
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
"My Music"=%USERPROFILE%\Music
"My Video"=%USERPROFILE%\Videos
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
"AppData"=%USERPROFILE%\AppData\Roaming
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
"{B7BEDE81-DF94-4682-A7D8-57A52620B86F}"=%USERPROFILE%\Pictures\Screenshots

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"UserSelectedDefault"=1
"Device"=HP LaserJet M1319f MFP Class Driver,winspool,Ne02:

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Command Processor]
"PathCompletionChar"=9
"EnableExtensions"=1
"CompletionChar"=9
"DefaultColor"=0

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"ApowersoftScreenRecorder"=C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe /autoStart
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"CCleaner"="C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=\AdwCleaner\AdwCleaner[C0].txt [19/03/2017 15:04:17]

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"ApowersoftScreenRecorder"=0x0300000000D0FCA581A0D201
"Skype"=0x03000000D07E61A981A0D201
"CCleaner"=0x020000000000000000000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
"AppData"=C:\Users\183-k\AppData\Roaming [02/08/2014 09:06:00]
"Local AppData"=C:\Users\183-k\AppData\Local [02/08/2014 09:06:00]
"My Video"=C:\Users\183-k\Videos [02/08/2014 09:06:00]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Libraries [30/08/2014 11:44:38]
"My Pictures"=C:\Users\183-k\Pictures [02/08/2014 09:06:00]
"Desktop"=C:\Users\183-k\Desktop [02/08/2014 09:06:00]
"History"=C:\Users\183-k\AppData\Local\Microsoft\Windows\History [02/08/2014 09:06:00]
"NetHood"=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Network Shortcuts [02/08/2014 09:06:00]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\183-k\Contacts [30/08/2014 11:44:38]
"{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\183-k\AppData\Local\Microsoft\Windows\RoamingTiles [13/08/2014 17:15:09]
"Cookies"=C:\Users\183-k\AppData\Local\Microsoft\Windows\INetCookies [02/08/2014 09:06:00]
"Favorites"=C:\Users\183-k\Favorites [02/08/2014 09:06:00]
"SendTo"=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\SendTo [02/08/2014 09:06:00]
"Start Menu"=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu [02/08/2014 09:06:00]
"My Music"=C:\Users\183-k\Music [02/08/2014 09:06:00]
"Programs"=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [02/08/2014 09:06:00]
"Recent"=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Recent [02/08/2014 09:06:00]
"CD Burning"=C:\Users\183-k\AppData\Local\Microsoft\Windows\Burn\Burn [30/08/2014 11:45:08]
"PrintHood"=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [02/08/2014 09:06:00]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\183-k\Searches [30/08/2014 11:44:38]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\183-k\Downloads [02/08/2014 09:06:00]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\183-k\AppData\LocalLow [02/08/2014 09:06:28]
"Startup"=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [30/08/2014 11:44:38]
"Administrative Tools"=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/08/2014 11:44:38]
"Personal"=C:\Users\183-k\Documents [02/08/2014 09:06:00]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\183-k\Links [02/08/2014 09:06:00]
"Cache"=C:\Users\183-k\AppData\Local\Microsoft\Windows\INetCache [02/08/2014 09:06:00]
"Templates"=C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Templates [02/08/2014 09:06:00]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\183-k\Saved Games [02/08/2014 09:06:00]
"Fonts"=C:\Windows\Fonts [22/08/2013 19:06:15]

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Desktop"=%USERPROFILE%\Desktop
"Local AppData"=%USERPROFILE%\AppData\Local
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
"Personal"=%USERPROFILE%\Documents
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
"Favorites"=%USERPROFILE%\Favorites
"My Pictures"=%USERPROFILE%\Pictures
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
"My Music"=%USERPROFILE%\Music
"My Video"=%USERPROFILE%\Videos
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
"AppData"=%USERPROFILE%\AppData\Roaming
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=HP ePrint,winspool,LPT1:
"UserSelectedDefault"=0

[HKLM\Software\Microsoft\Command Processor]
"PathCompletionChar"=64
"EnableExtensions"=1
"CompletionChar"=64
"DefaultColor"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"SimplePass"=C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui
"OPBHOBroker"=C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [29/03/2014 02:18:38]
"OPBHOBrokerDesktop"=C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [29/03/2014 02:18:40]
"SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
"EdgeModem-AutoRun"=C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe -start
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [13/03/2017 23:41:22]
"Everything"="C:\Program Files\Everything\Everything.exe" -startup
"ZAM"="C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized

[HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*EmptyTemp"=cmd /c rd /q/s C:\FRST\Temp

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"!DiskInfo"=0x040000000000000000000000
"RUNFBI"=0x040000000000000000000000
"DisableStartScreen"=0x040000000000000000000000
"RTHDVCPL"=0x03000000303C66B481A0D201
"SimplePass"=0x03000000D0DBCBB481A0D201
"OPBHOBroker"=0x03000000E0FD52B081A0D201
"OPBHOBrokerDesktop"=0x03000000D08F3DB281A0D201
"SynTPEnh"=0x060000000000000000000000
"EdgeModem-AutoRun"=0x020000000000000000000000
"Connectify Hotspot"=0x020000000000000000000000
"AccelerometerSysTrayApplet"=0x03000000E05169AA81A0D201

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"AccelerometerSysTrayApplet"=0x060000000000000000000000
"mcpltui_exe"=0x040000000000000000000000
"HPMessageService"=0x0300000000ADBDAD81A0D201
"GrooveMonitor"=0x03000000709ACAAC81A0D201
"SunJavaUpdateSched"=0x03000000A0B43BB581A0D201
"RIM PeerManager"=0x03000000902CEFB281A0D201
"RIMBBLaunchAgent.exe"=0x03000000E084E6B381A0D201
"QuickTime Task"=0x020000000000000000000000
"EdgeModem-AutoRun"=0x030000009071CFAB81A0D201
"Malwarebytes TrayApp"=0x020000000000000000000000
"SynTPEnh"=0x03000000C02D1AB681A0D201

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"OEM Links"=C:\ProgramData\OEM\Links
"CommonVideo"=C:\Users\Public\Videos [22/08/2013 21:06:30]
"Common Documents"=C:\Users\Public\Documents [22/08/2013 21:06:30]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [22/08/2013 21:06:30]
"Common AppData"=C:\ProgramData [22/08/2013 19:06:15]
"CommonPictures"=C:\Users\Public\Pictures [22/08/2013 21:06:30]
"Common Desktop"=C:\Users\Public\Desktop [22/08/2013 21:06:30]
"CommonMusic"=C:\Users\Public\Music [22/08/2013 21:06:30]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [22/08/2013 21:06:30]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [22/08/2013 21:06:30]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [22/08/2013 21:06:30]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/08/2013 21:06:30]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads
"Common Documents"=%PUBLIC%\Documents
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common AppData"=%ProgramData%
"CommonPictures"=%PUBLIC%\Pictures
"Common Desktop"=%PUBLIC%\Desktop
"CommonMusic"=%PUBLIC%\Music
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"Spooler"=yes
"DeviceNotSelectedTimeout"=15
"TransmissionRetryTimeout"=90
"EnableDwmInputProcessing"=7
"ShutdownWarningDialogTimeout"=4294967295
"USERProcessHandleQuota"=10000
"LoadAppInit_DLLs"=0
"IconServiceLib"=IconCodecService.dll
"DesktopHeapLogging"=1
"DdeSendTimeout"=0
"DwmInputUsesIoCompletionPort"=1
"USERPostMessageLimit"=10000
"USERNestedWindowLimit"=50
"AppInit_DLLs"=
"NaturalInputHandler"=Ninput.dll
"ThreadUnresponsiveLogTimeout"=500
"GDIProcessHandleQuota"=10000
"Win32kLastWriteTime"=1D283D1360882E2

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"PathCompletionChar"=64
"EnableExtensions"=1
"CompletionChar"=64
"DefaultColor"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [14/02/2014 04:36:06]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [27/03/2014 04:05:26]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"RIMBBLaunchAgent.exe"=C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [31/10/2014 15:52:14]
"RIM PeerManager"="C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteOnReboot"=C:\Users\183-k\AppData\Local\Temp\DeleteOnReboot.bat

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"OEM Links"=C:\ProgramData\OEM\Links
"CommonVideo"=C:\Users\Public\Videos [22/08/2013 21:06:30]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/08/2013 21:06:30]
"Common Documents"=C:\Users\Public\Documents [22/08/2013 21:06:30]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [22/08/2013 21:06:30]
"Common AppData"=C:\ProgramData [22/08/2013 19:06:15]
"CommonPictures"=C:\Users\Public\Pictures [22/08/2013 21:06:30]
"Common Desktop"=C:\Users\Public\Desktop [22/08/2013 21:06:30]
"CommonMusic"=C:\Users\Public\Music [22/08/2013 21:06:30]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [22/08/2013 21:06:30]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [22/08/2013 21:06:30]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [22/08/2013 21:06:30]

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads
"Common Documents"=%PUBLIC%\Documents
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common AppData"=%ProgramData%
"CommonPictures"=%PUBLIC%\Pictures
"Common Desktop"=%PUBLIC%\Desktop
"CommonMusic"=%PUBLIC%\Music
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"Spooler"=yes
"DeviceNotSelectedTimeout"=15
"TransmissionRetryTimeout"=90
"EnableDwmInputProcessing"=7
"ShutdownWarningDialogTimeout"=4294967295
"USERProcessHandleQuota"=10000
"LoadAppInit_DLLs"=0
"IconServiceLib"=IconCodecService.dll
"DesktopHeapLogging"=1
"DdeSendTimeout"=0
"DwmInputUsesIoCompletionPort"=1
"USERPostMessageLimit"=10000
"USERNestedWindowLimit"=50
"AppInit_DLLs"=
"NaturalInputHandler"=Ninput.dll
"ThreadUnresponsiveLogTimeout"=500
"GDIProcessHandleQuota"=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}


---------- | Win.ini :



---------- | System.ini :



---------- | Startings up registry ¦ Folder


---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"StartRCM"=0
"DeleteTempDirsOnExit"=1
"fSingleSessionPerUser"=1
"TSUserEnabled"=0
"RCDependentServices"=CertPropSvc
SessionEnv
"SnapshotMonitors"=1
"DelayConMgrTimeout"=0
"NotificationTimeOut"=0
"PerSessionTempDir"=0
"AllowRemoteRPC"=0
"ProductVersion"=5.1
"fDenyTSConnections"=1
"InstanceID"=8031e255-b2d9-42e9-b578-9783ef8
"GlassSessionId"=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
"GlobalFlag"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapDeCommitFreeBlockThreshold"=0
"ResourceTimeoutCount"=648000
"ObjectDirectories"=\Windows
\RPC Control
"ProtectionMode"=1
"CriticalSectionTimeout"=2592000
"ProcessorControl"=2
"HeapSegmentReserve"=0
"ExcludeFromKnownDlls"=
"BootExecute"=autocheck autochk *
"BootShell"=%SystemRoot%\system32\bootim.exe
"NumberOfInitialSessions"=2
"RunLevelExecute"=WinInit
ServiceControlManager
"AutoChkTimeout"=1
"RunLevelValidate"=ServiceControlManager
"SETUPEXECUTE"=
"PendingFileRenameOperations"=\??\C:\Program Files\WindowsApps\57405F7AB8904.MathLogicalTest_1.0.0.0_neutral__b55ywndse5f8y\App2.exe


[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
"BootDriverFlags"=28
"CurrentUser"=USERNAME
"WaitToKillServiceTimeout"=200
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll
"SystemStartOptions"= NOEXECUTE=OPTIN NOVGA
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
"LastBootSucceeded"=1
"LastBootShutdown"=1
"DirtyShutdownCount"=68

[HKLM\System\CurrentControlSet\Control\lsa]
"Bounds"=0x0030000000200000
"auditbasedirectories"=0
"fullprivilegeauditing"=0x00
"crashonauditfail"=0
"auditbaseobjects"=0
"Security Packages"="" [28/07/2014 21:17:26]
"LimitBlankPasswordUse"=0
"NoLmHash"=1
"Notification Packages"=scecli
"Authentication Packages"=msv1_0
"LsaPid"=848
"SecureBoot"=1
"ProductType"=3
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"restrictanonymous"=0
"restrictanonymoussam"=1
"SamConnectedAccountsExist"=1


---------- | .LNK

c:\hp\hpqware\dtshortcuts\de-de\aut\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_at) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\che\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_de_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\deu\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_de) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\gbr\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_gb) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\irl\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ie) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\aus\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_au) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\can\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ca) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\gbr\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_gb) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\irl\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ie) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\nzl\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_nz) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\usa\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_us) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es-es\usa\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_us) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\can\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr_ca) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\che\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\fra\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\che\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_it_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\ita\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_it_it) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\zh-cn\chn\惠普喀嚓鱼.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_cn) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\aut\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_at) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\che\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_de_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\deu\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_de) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\gbr\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_gb) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\irl\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ie) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\aus\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_au) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\can\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ca) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\gbr\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_gb) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\irl\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_ie) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\nzl\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_nz) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\usa\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_us) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es-es\usa\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_us) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\can\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr_ca) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\che\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\fra\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_fr) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\che\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_it_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\ita\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_it_it) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\zh-cn\chn\music, photos and videos\惠普喀嚓鱼.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_cn) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Control Panel\Desktop]
"DragHeight"=4
"CoolSwitchColumns"=7
"ActiveWndTrackTimeout"=0
"MouseCornerClipLength"=6
"MouseMonitorEscapeSpeed"=0
"DragWidth"=4
"WallpaperStyle"=6
"ScreenSaveActive"=1
"TileWallpaper"=0
"WheelScrollLines"=5
"FontSmoothingType"=2
"WindowArrangementActive"=1
"BlockSendInputResets"=0
"MenuShowDelay"=400
"ClickLockTime"=1200
"CaretWidth"=1
"FocusBorderWidth"=1
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"DragFullWindows"=1
"CoolSwitchRows"=3
"ForegroundFlashCount"=7
"LeftOverlapChars"=3
"ForegroundLockTimeout"=10436368
"FontSmoothingGamma"=0
"DragFromMaximize"=1
"FontSmoothing"=2
"FocusBorderHeight"=1
"WheelScrollChars"=3
"DockMoving"=1
"SnapSizing"=1
"CursorBlinkRate"=530
"MouseWheelRouting"=1
"RightOverlapChars"=3
"FontSmoothingOrientation"=1
"PaintDesktopVersion"=0
"Win8DpiScaling"=0
"UserPreferencesMask"=0x9E1E078012000000
"AutoColorization"=0
"Wallpaper"=C:\Windows\Web\Wallpaper\Hewlett-Packard Backgrounds\Birth_Of_An_Idea.jpg [13/05/2014 09:26:44]
"MaxVirtualDesktopDimension"=2646
"MaxMonitorDimension"=1366
"TranscodedImageCount"=1
"LastUpdated"=4294967295
"TranscodedImageCache"=0x7AC30100B59E0B005605000000030000FAE52F5B5F6ECF0143003A005C00570069006E0064006F00770073005C005700650062005C00570061006C006C00700061007000650072005C004800650077006C006500740074002D005000610063006B0061007200640020004200610063006B00670072006F0075006E00640073005C00420069007200740068005F004F0066005F0041006E005F0049006400650061002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ImageColor"=2940857331
"Pattern Upgrade"=TRUE
"LockScreenAutoLockActive"=0
"PreferredUILanguages"=en-US

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
"{59031A47-3F72-44A7-89C5-5595FE6B30EE}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1
"ShellState"=0x240000003728000000000000000000000000000001000000130000000000000062000000
"UserSignedIn"=1
"SIDUpdatedOnLibraries"=1
"LastClockSize"=0x270000000F000000460000000F000000490000000F000000
"AppReadinessLogonComplete"=1
"GlobalAssocChangedCounter"=521
"Browse For Folder Width"=695
"Browse For Folder Height"=479
"Reason Setting"=255
"link"=0x1D000000
"ScreenshotIndex"=310

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"StoreAppsOnTaskbar"=1
"ServerAdminUI"=0
"Hidden"=1
"ShowCompColor"=1
"HideFileExt"=0
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"ShowSuperHidden"=0
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ShowStatusBar"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"StartMenuInit"=6
"ReindexedProfile"=1
"RTStartMenuNotificationDisplayCount"=0

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x3C0000005200000055000000540000005D0000003B0000005300000049000000120000002E0000004D0000004C0000004A0000002B000000460000004500000043000000420000005B00000041000000400000003F0000003A0000004F00000039000000320000000300000020000000480000001D000000300000002F000000370000004E00000034000000330000002D000000260000002A0000002C000000270000002900000025000000240000002100000022000000080000001F000000000000001E0000005600000028000000380000001C0000001A00000019000000230000001800000017000000160000000D00000011000000510000000E00000015000000500000005C0000004B0000000B0000000C0000000500000004000000140000001300000058000000100000005F000000470000000F0000000A00000063000000070000000900000006000000610000003E0000003500000002000000010000004400000062000000600000001B0000005E000000360000005A000000590000003D0000003100000057000000FFFFFFFF
"10"=0x74006800650072006D006F000000
"12"=0x61006B006900720061000000
"21"=0x2E00670062000000
"34"=0x640070002D0073007400610074006900730074006900630061006C002D00620075006C006C006500740069006E002D006D00610079002D0032003000310036002D0065006E002E007000640066000000
"78"=0x2E007400650078000000
"83"=0x7300650061007200630068002E006A0073006F006E000000
"87"=0x460069006E0061006C002000500061007000650072000000
"49"=0x460069006E0061006C002000500061007000650072002E0064006F0063000000
"61"=0x4D0061006A006F0072002000500072006F006A006500630074000000
"89"=0x69006E006400690061006E0020007200650063000000
"90"=0x69006E006400690061006E0020007200650063006F0067006E00690074000000
"54"=0x69006E006400690061006E0020007200650063006F000000
"94"=0x69006E006400690061006E0020007200650063006F0067006E006900740069006F006E000000
"27"=0x70006900310039000000
"96"=0x4F00780066006F00720064000000
"98"=0x7400750074006F007200690061006C000000
"68"=0x5300770061000000
"1"=0x700061007000650072000000
"2"=0x6D0065007200670065000000
"53"=0x6D0061007400680065006D006100740069006300690061006E000000
"62"=0x480061007200640079000000
"97"=0x480041004D000000
"6"=0x6C006900630065006E00730065000000
"9"=0x47006F0064000000
"7"=0x47004F004400530048005200450059000000
"99"=0x5300770061007200740068006D006F00720065000000
"15"=0x6D006F00720061006C000000
"71"=0x440061006E000000
"95"=0x52004500530055004D0045000000
"16"=0x53004F00500020004F00580046004F00520044000000
"88"=0x520065007300650061007200630068002000500061007000650072000000
"19"=0x54000000
"20"=0x540068006500200062006F0078000000
"4"=0x5400680065000000
"5"=0x52006900630065000000
"11"=0x6D0061007400680065006D00610074006900630061006C002000650063006F006E006F006D006900630073000000
"75"=0x2E006A007000650067000000
"92"=0x690073006A006F0073000000
"80"=0x660052004F004D000000
"14"=0x2E006700620062000000
"81"=0x690073000000
"17"=0x690073006A000000
"13"=0x690073006A006F000000
"22"=0x6D0061007200740069006E0020006800610069007200650072000000
"23"=0x630076000000
"24"=0x450063006F006C006500200050006F006C00790074006500630068006E0069007100750065000000
"35"=0x2E0070007000740078000000
"25"=0x2E007000700074000000
"26"=0x68004F005700200054004F00200054004500530054000000
"28"=0x7A006F006F006D000000
"56"=0x720065007300650061007200630068000000
"40"=0x720065007300650061007200630068002000700072006F006A006500630074000000
"86"=0x500072006F006A006500630074000000
"30"=0x30003700340036003800330034003200330036003500380032002E00610070003000350030003000300032002E00300035006100300030003100350030002E0070006400660030003700340036003800330034003200330036003500380032002E00610070003000350030003000300032002E00300035006100300030003100350030002E007000640066000000
"0"=0x30003700340036003800330034003200330036003500380032002E00610070003000350030003000300032002E00300035006100300030003100350030002E007000640066000000
"31"=0x54006800650020006D0061007400680065000000
"8"=0x6D006100740068000000
"33"=0x640070002D0073007400610074006900730074006900630061006C002D00620075006C006C006500740069006E002D006D00610079002D0032003000310036002D0065006E002E00700064006600640070002D0073007400610074006900730074006900630061006C002D00620075006C006C006500740069006E002D006D00610079002D0032003000310036002D0065006E002E007000640066000000
"36"=0x69006E006400690061000000
"37"=0x49006E0064006900610020007200650063006F0067006E006900740069006F006E000000
"41"=0x7400610078002000720065007400750072006E000000
"39"=0x5300630068006F006C006100720073006800690070002000670075006900640065000000
"44"=0x46006100730074002C00200075006E00690066006F0072006D0020007300630061006C006100720020006D0075006C007400690070006C00690063006100740069006F006E00200066006F0072002000670065006E00750073002000320020004A00610063006F006200690061006E007300200077006900740068002000660061007300740020004B0075006D006D006500720073000000
"42"=0x4E00530044004C000000
"38"=0x420069006E00640069006E0067000000
"45"=0x4100700070006C00690063006100740069006F006E000000
"51"=0x75006E0064006500720067007200610064007500610074006500200073007500700070006F00720074000000
"52"=0x32003000310036002000750067000000
"55"=0x630076002E007400650078000000
"47"=0x410064006D000000
"48"=0x610064006D0069007300730069006F006E000000
"29"=0x6C006F0079006F006C0061000000
"72"=0x6D0079002D00700061007300730070006F00720074000000
"32"=0x6D0079002D0070006100730073000000
"3"=0x2E006A00700067000000
"50"=0x6E00650077000000
"57"=0x65007800630065006C000000
"79"=0x63006F006D0070007500740065007200200073006300690065006E00630065002000630061006D006200720069006400670065000000
"58"=0x74007200690070006F0073000000
"63"=0x47006E007500200045006D006100630073000000
"64"=0x6A0061007600610063000000
"65"=0x4A006100760061000000
"91"=0x2E007000640066000000
"66"=0x610062007300700072000000
"67"=0x6B00720061006E0074007A000000
"69"=0x2E006D00700033000000
"70"=0x67006C006F00620061006C000000
"43"=0x49005400520056000000
"74"=0x660069006C00650065007800740065006E00730069006F006E003A006500780065000000
"76"=0x6D006F006400690066006900650064003A0032002F0031002F00320030003100360020002E002E00200032002F00320030002F0032003000310036000000
"77"=0x6D006F006400690066006900650064003A0033002F00310033002F0032003000310037000000
"46"=0x64006100740065006D006F006400690066006900650064003A007900650073007400650072006400610079000000
"18"=0x700072006500660073002E006A0073000000
"73"=0x68007400740070005F00680070002E006D0079007700610079002E0063006F006D005F0030002E006C006F00630061006C00730074006F0072006100670065000000
"59"=0x6A0079007200710066006A00780037002E00640065006600610075006C0074000000
"93"=0x530065006300750072006500200050007200650066006500720065006E000000
"84"=0x2E006500780065000000
"85"=0x53007900730057004F005700360034000000
"82"=0x45007300650074000000
"60"=0x2E007400780074000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Control Panel\Desktop]
"DragHeight"=4
"CoolSwitchColumns"=7
"ActiveWndTrackTimeout"=0
"MouseCornerClipLength"=6
"MouseMonitorEscapeSpeed"=0
"DragWidth"=4
"WallpaperStyle"=10
"ScreenSaveActive"=1
"TileWallpaper"=0
"WheelScrollLines"=3
"Pattern"=0
"FontSmoothingType"=2
"WindowArrangementActive"=1
"BlockSendInputResets"=0
"MenuShowDelay"=400
"ClickLockTime"=1200
"CaretWidth"=1
"FocusBorderWidth"=1
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"DragFullWindows"=1
"CoolSwitchRows"=3
"ForegroundFlashCount"=7
"LeftOverlapChars"=3
"ForegroundLockTimeout"=200000
"FontSmoothingGamma"=0
"DragFromMaximize"=1
"FontSmoothing"=2
"FocusBorderHeight"=1
"WheelScrollChars"=3
"DockMoving"=1
"SnapSizing"=1
"CursorBlinkRate"=530
"MouseWheelRouting"=1
"RightOverlapChars"=3
"FontSmoothingOrientation"=1
"PaintDesktopVersion"=0
"Win8DpiScaling"=0
"UserPreferencesMask"=0x9E1E078012000000
"AutoColorization"=1
"Wallpaper"=C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg [13/05/2014 09:26:44]
"MaxVirtualDesktopDimension"=1366
"MaxMonitorDimension"=1366
"TranscodedImageCount"=2
"LastUpdated"=4294967295
"TranscodedImageCache"=0x7AC301003D321200560500000003000066341F5B5F6ECF0143003A005C00570069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C004800650077006C006500740074002D005000610063006B0061007200640020004200610063006B00670072006F0075006E00640073005C006200610063006B00670072006F0075006E006400440065006600610075006C0074002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ImageColor"=2654369459
"WaitToKillAppTimeout"=200

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1
"ShellState"=0x240000003D28000000000000000000000000000001000000130000000000000062000000
"UserSignedIn"=1
"SIDUpdatedOnLibraries"=1
"LastClockSize"=0x270000000F000000460000000F000000490000000F000000
"AppReadinessLogonComplete"=1
"GlobalAssocChangedCounter"=25
"Browse For Folder Width"=318
"Browse For Folder Height"=288

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"StoreAppsOnTaskbar"=1
"ServerAdminUI"=0
"Hidden"=1
"ShowCompColor"=1
"HideFileExt"=1
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"ShowSuperHidden"=0
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ShowStatusBar"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"StartMenuInit"=6
"ReindexedProfile"=1
"RTStartMenuNotificationDisplayCount"=0

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x03000000020000000100000000000000FFFFFFFF
"0"=0x2A002E006A00700067000000
"1"=0x2E006D00700034000000
"2"=0x2E006100760069000000
"3"=0x2E006D006B0076000000

[HKLM\Software\Policies\Microsoft\Windows\System]
"DisableCMD"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableVirtualization"=1
"EnableInstallerDetection"=1
"PromptOnSecureDesktop"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"ConsentPromptBehaviorAdmin"=5
"ValidateAdminCodeSignatures"=0
"EnableUIADesktopToggle"=0
"EnableCursorSuppression"=1
"ConsentPromptBehaviorUser"=3
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableTaskMgr"=0
"DisableRegistryTools"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=1
"NoActiveDesktop"=1
"NoRun"=0
"NoFolderOptions"=0
"NoControlPanel"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoComponents"=1
"NoAddingComponents"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{8E74D236-7F35-4720-B138-1FED0B85EA75}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"HKeyRoot"=2147483649
"DefaultValue"=2
"ValueName"=Hidden
"Text"=@shell32.dll,-30500
"Type"=radio

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"GlobalAssocChangedCounter"=26
"DoNotCleanTaskBar"=1
"SmartScreenEnabled"=RequireAdmin
"MultipleInvokePromptMinimum"=10000

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0
"HideFileExt"=0
"SuperHidden"=1
"ShowSuperHidden"=1
"Hidden"=1

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System]
"DisableCMD"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableVirtualization"=1
"EnableInstallerDetection"=1
"PromptOnSecureDesktop"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"ConsentPromptBehaviorAdmin"=5
"ValidateAdminCodeSignatures"=0
"EnableUIADesktopToggle"=0
"EnableCursorSuppression"=1
"ConsentPromptBehaviorUser"=3
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableTaskMgr"=0
"DisableRegistryTools"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=1
"NoActiveDesktop"=1
"NoRun"=0
"NoFolderOptions"=0
"NoControlPanel"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoComponents"=1
"NoAddingComponents"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{8E74D236-7F35-4720-B138-1FED0B85EA75}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"HKeyRoot"=2147483649
"DefaultValue"=2
"ValueName"=Hidden
"Text"=@shell32.dll,-30500
"Type"=radio

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"GlobalAssocChangedCounter"=77

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s


---------- | Winlogon

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;SkyDrive;Work Folders
"BuildNumber"=9600
"FirstLogon"=0
"ParseAutoexec"=1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;SkyDrive;Work Folders
"BuildNumber"=9600
"FirstLogon"=0
"ParseAutoexec"=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"=C:\Windows\system32\userinit.exe,
"LegalNoticeText"=
"Shell"=explorer.exe
"LegalNoticeCaption"=
"DebugServerCommand"=no
"ForceUnlockLogon"=0
"ReportBootOk"=1
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"AutoRestartShell"=1
"PowerdownAfterShutdown"=0
"ShutdownWithoutLogon"=0
"Background"=0 0 0
"PasswordExpiryWarning"=5
"CachedLogonsCount"=10
"WinStationsDisabled"=0
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"scremoveoption"=0
"DisableCAD"=1
"ShutdownFlags"=2147483687
"EnableFirstLogonAnimation"=1
"AutoLogonSID"=S-1-5-32
"LastUsedUsername"=

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"=userinit.exe,
"Shell"=explorer.exe
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"DefaultDomainName"=
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"DefaultUserName"=


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\Classes\.com]
""=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.reg]
""=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\Classes\.scr]
""=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\Classes\.bat]
""=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.cmd]
""=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.pif]
""=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.inf]
""=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes\.url]
""=InternetShortcut

[HKLM\Software\Classes\.lnk]
""=lnkfile

[HKLM\Software\Classes\.hta]
""=htafile
"PerceivedType"=text
"Content Type"=application/hta

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"EditFlags"=2
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"EditFlags"=4259840
"BrowserFlags"=4096
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200

[HKLM\Software\Classes\Application.Reference]
""=Application Reference
"NeverShowExt"=
"EditFlags"=131072
"IsShortcut"=
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201

[HKLM\Software\Classes\Folder]
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeLayoutPatternForBrowse"=delta
""=Folder
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"ThumbnailCutoff"=0
"NoRecentDocs"=
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile
"PerceivedType"=text
"Content Type"=application/hta

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"EditFlags"=2
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest
"EditFlags"=4259840
"BrowserFlags"=4096
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference
"NeverShowExt"=
"EditFlags"=131072
"IsShortcut"=
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201

[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeLayoutPatternForBrowse"=delta
""=Folder
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"ThumbnailCutoff"=0
"NoRecentDocs"=
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""=
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"=

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""=C:\Program Files (x86)\Mozilla Firefox\firefox.exe [28/07/2014 21:46:33]
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [10/12/2015 00:34:25]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""=C:\Program Files (x86)\Mozilla Firefox\firefox.exe [28/07/2014 21:46:33]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [10/12/2015 00:34:25]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000F0100300E14C030001000000000000000000030600210000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000FFE693B8000000005700000057000000
"C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"=0x534143500100000000000000070000002800000038560600E13D070001000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000FBC593B8000000001301000013010000
"C:\Users\HP-PC\AppData\Local\Pokki\Engine\StartMenuIndexer.exe"=0x534143500100000000000000070000002800000048532F005531300001000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000750CE628000000000500000005000000
"C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE"=0x5341435001000000000000000700000028000000A83E0E000CD70E0001000000000000000000030671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000BF664417000000000B0000000B000000
"C:\Program Files (x86)\Connected Music powered by Universal Music Group\Connected Music powered by Universal Music Group.exe"=0x534143500100000000000000070000002800000000C2060000000000010000000000000000000106F1020000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000007D7D0000000000000800000008000000
"SIGN.MEDIA=E3A507E5 winrar-x64-510.exe"=0x5341435001000000000000000700000028000000983B1D00D6951D0001000000000000000000020600010000B395E7CF049FCE01000000000000000002000000280000000000000000000040000000000000000000000000000000007F2C0000000000000100000001000000
"C:\Users\HP-PC\Desktop\Ms Office-2007\setup.exe"=0x534143500100000000000000070000002800000030110700C7F8070001000000000000000000000671020000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000D7140500000000000200000002000000
"SIGN.MEDIA=E3A507E5 picasa39-setup.exe"=0x534143500100000000000000070000002800000068F7E200D76DE30001000000000000000000010671220000975FD891C99ECE0100000080000000000200000028000000000000000000000000000000000000000000000000000000F58A0100000000000100000001000000
"SIGN.MEDIA=E3A507E5 photoshop_cs4_micro_setup BY PRATEEK.exe"=0x5341435001000000000000000700000028000000181853030000000001000000000000000000020641220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000987D0100000000000100000001000000
"C:\Program Files\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000058981600F3B3160001000000000000000000020600010000B395E7CF049FCE01000000000000000002000000280000000000000000000010000000000000000000000000000000002AF35928000000005200000052000000
"SIGN.MEDIA=E3A507E5 Firefox Setup 3.5.7.exe"=0x534143500100000000000000070000002800000038677B0037C57B0001000000000000000000000671020000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000007F600000000000000100000001000000
"C:\Program Files\Hewlett-Packard\HP Utility Center\HPUC.exe"=0x534143500100000000000000070000002800000038CD0600DFD0060001000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E5560603000000000A0000000A000000
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Eula.exe"=0x5341435001000000000000000700000028000000804E0100CD80010001000000000000000000010671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000F10C0000000000000100000001000000
"C:\Users\HP-PC\Desktop\BlueJ\bluej.exe"=0x534143500100000000000000070000002800000000D60800A0E6080001000000000000000000010671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000002000000000000000000000000009F57AD23000000001F0000001F000000
"C:\Users\HP-PC\Desktop\BlueJ\jdk1.7.0_15\jre\lib\launcher.exe"=0x5341435001000000000000000700000028000000A0AF0000E823010001000000000000000000010600010000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000003F000000000000000100000001000000
"C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe"=0x534143500100000000000000070000002800000008BF02001FC3020001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000100000000000000000000000000000007AAC678F000000002200000022000000
"G:\kanpur\fifa 09\EA Sports\FIFA 09 Demo\FIFA09.exe"=0x534143500100000000000000070000002800000008E56000253C610001000000000000000000000671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000200000000000000000000000000817F0000000000000400000004000000
"C:\Program Files\7-Zip\7zFM.exe"=0x5341435001000000000000000700000028000000004C0B000000000001000000000000000000010673200000B395E7CF049FCE01000000000000000002000000280000000000000000000010000000000000000000000000000000005ED0FB12000000006000000060000000
"C:\Program Files (x86)\Microsoft Office\Office12\MSACCESS.EXE"=0x534143500100000000000000070000002800000028439E00ED5C9E0001000000000000000000000671020000975FD891C99ECE0100000010000000000200000028000000000000000000001004000000000000000000000000000000EE2E0700000000000200000002000000
"C:\Users\HP-PC\Desktop\Ms Office-2007\Word.en-us\WordMUI.msi"=0x534143500100000000000000070000002800000000F400008396010001000000000000000000010500300000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A7130000000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE"=0x5341435001000000000000000700000028000000284D0500AAA8050001000000000000000000000671020000975FD891C99ECE010000000100000000
"C:\Program Files (x86)\WildGames\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe"=0x5341435001000000000000000700000028000000801E09004047090001000000000000000000020671000000975FD891C99ECE01000000000000000002000000280000000000000000000000001000000000000000000000000000005E560000000000000100000001000000
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe"=0x5341435001000000000000000700000028000000D88E7300F029740001000000000000000000030600210000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D5010000000000000300000003000000
"C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe"=0x5341435001000000000000000700000028000000084729008F9C290001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000156F0000000000000100000001000000
"G:\Karan passport pic\New folder\New folder\quicksnooker.exe"=0x534143500100000000000000070000002800000004701C00687E1C0001000000000000000000010671200000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000001E080000000000000100000001000000
"SIGN.MEDIA=582BB4 AutoRun.exe"=0x53414350010000000000000007000000280000000050010066F5010001000000000000000000000671000000975FD891C99ECE0100000000000000000200000028000000000000008000000000000000000000000000000000000000FDC68001000000000200000002000000
"C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"=0x534143500100000000000000070000002800000008C702006A28030001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000010000000000000000000000000AE3AA344000000000B0000000B000000
"C:\Program Files\Micromax 200G USB Modem\EdgeModem.exe"=0x534143500100000000000000070000002800000000440F00D2EE0F0001000000000000000000000673000000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000033EE0100000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE"=0x5341435001000000000000000700000028000000301907002F59070001000000000000000000000671020000975FD891C99ECE010000000100000000
"C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE"=0x534143500100000000000000070000002800000028FF1001D228110101000000000000000000000671020000975FD891C99ECE010000000100000000
"C:\Program Files (x86)\Adobe\Photoshop CS4\Photoshop.exe"=0x534143500100000000000000070000002800000030C507031567080301000000000000000000000671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000974F0000000000001100000011000000
"E:\Games\Saints Row IV\SaintsRowIV.exe"=0x5341435001000000000000000700000028000000006426010000000001000000000000000000020671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000001D100000000000000100000001000000
"E:\Games\Need for Speed Most Wanted\NFS13.exe"=0x53414350010000000000000007000000280000000010DC00E88ACF0001000000000000000000010671020000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000030050000000000000100000001000000
"E:\Games\Need for Speed Most Wanted (old)\speed.exe"=0x534143500100000000000000070000002800000000005C000000000001000000000000000000010571200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E8030000000000000100000001000000
"E:\Games\GTA.San.Andreas\gta_sa.exe"=0x5341435001000000000000000700000028000000007ADB00EA5BDC0001000000000000000000010571200000975FD891C99ECE01000000000000000002000000280000000000000000000010000000000000000000000000000000009CB10000000000000100000001000000
"C:\Program Files\mcafee.com\agent\mcagent.exe"=0x5341435001000000000000000700000028000000883508003746080001000000000000000000030600210000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C7060000000000000100000001000000
"C:\Program Files (x86)\Autograph 3.3\agraph.exe"=0x534143500100000000000000070000002800000000A07500F41D760001000000000000000000010671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000200000000000000000000000000698A46B6000000002400000024000000
"C:\Users\HP-PC\Desktop\BlueJ\jre7\bin\java.exe"=0x5341435001000000000000000700000028000000A0DF0200D57F030001000000000000000000010600010000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000063070000000000000100000001000000
"C:\Users\HP-PC\Desktop\IB Question Banks\Physics\welcome.exe"=0x5341435001000000000000000700000028000000A00522000000000001000000000000000000010641200000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000029FB0000000000000200000002000000
"C:\Program Files (x86)\IB Questionbank32\IB Questionbank32.exe"=0x5341435001000000000000000700000028000000009213000000000001000000000000000000000641200000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000020F54E49000000004B0000004B000000
"C:\Users\HP-PC\Desktop\IB Question Banks\Mathematics\welcome.exe"=0x534143500100000000000000070000002800000064E622000000000001000000000000000000020641200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C46A0900000000000100000001000000
"C:\Users\HP-PC\Desktop\IB Question Banks\Mathematics\welcome (2).exe"=0x534143500100000000000000070000002800000064E622000000000001000000000000000000020641200000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000029010000000000000100000001000000
"C:\Users\HP-PC\Desktop\IB Question Banks\Physics\welcome (2).exe"=0x5341435001000000000000000700000028000000A00522000000000001000000000000000000010641200000975FD891C99ECE01000000000000000002000000280000000000000000000000400000000000000000000000000000007A590000000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\Office12\OIS.EXE"=0x534143500100000000000000070000002800000038310400914C040001000000000000000000000671020000975FD891C99ECE010000000000000000020000002800000000000000000000100000000000000000000000000000000079F36900000000000400000004000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\39.0.2171.65\delegate_execute.exe"=0x534143500100000000000000070000002800000048651F007E6D1F0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E8030000000000000100000001000000
"C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe"=0x5341435001000000000000000700000028000000083F0500449B050001000000000000000000020671020000975FD891C99ECE01000000000000000002000000280000000000000080000000000000000000000000000000000000000690B91C000000000300000003000000
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe"=0x534143500100000000000000070000002800000018B4050048D3050001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000001000000000000000000000000000000000BB2F5B15000000000200000002000000
"SIGN.MEDIA=AA179C SAT_2400.exe"=0x5341435001000000000000000700000028000000A017AA00D7E37B0001000000000000000000010671220000975FD891C99ECE01000000000000000002000000280000000000000080000000000000000000000000000000000000005F620100000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe"=0x534143500100000000000000070000002800000048651F00C7E81F0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000006834DB23000000000400000004000000
"SIGN.MEDIA=3D2C8 start.exe"=0x5341435001000000000000000700000028000000007400000000000001000000000000000000010671200000975FD891C99ECE010000000000000000020000002800000000000000800000000000000000000000000000000000000018FD0100000000000100000001000000
"SIGN.MEDIA=3D2C8 IB HL OPTION - CALCULUS.EXE"=0x5341435001000000000000000700000028000000007400000000000001000000000000000000010671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000BA12D701000000000100000001000000
"SIGN.IE=0765C0 FortiClientOnlineInstaller.exe"=0x5341435001000000000000000700000028000000C06507003DCE070001000000000000000000030600210000975FD891C99ECE010000000000000000
"C:\Program Files (x86)\Evernote\Evernote\Evernote.exe"=0x534143500100000000000000070000002800000060F5EF00E335F00001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000010000000000000000000000000000000003C2B0200000000000100000001000000
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D8DB0D0090950E0001000000000000000000000671020000975FD891C99ECE010000000100000000
"C:\Program Files (x86)\Vernier Software\Logger Pro 3\LoggerPro.exe"=0x5341435001000000000000000700000028000000001073008F8E730001000000000000000000000671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000845D0E19000000003A0100003A010000
"F:\iCare Data Recovery Free\iCareDataRecoveryFree.exe"=0x5341435001000000000000000700000028000000008C0A00E4950A0001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000003C9A0000000000000100000001000000
"C:\Program Files (x86)\Fortinet\FortiClient\FortiClient.exe"=0x534143500100000000000000070000002800000050986600EB32670001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000011400100000000000600000006000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\41.0.2272.118\delegate_execute.exe"=0x534143500100000000000000070000002800000048190A00AFE70A0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000007B080000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\43.0.2357.124\delegate_execute.exe"=0x534143500100000000000000070000002800000048810A0064AD0A0001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000010050000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Pokki\Engine\HostAppService.exe"=0x534143500100000000000000070000002800000000D67700A47F780001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000405BEF04000000000200000002000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\43.0.2357.130\delegate_execute.exe"=0x5341435001000000000000000700000028000000488F0A0041730B0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000006C080000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\43.0.2357.132\delegate_execute.exe"=0x5341435001000000000000000700000028000000488F0A003E2F0B0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000009A030000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\44.0.2403.89\delegate_execute.exe"=0x5341435001000000000000000700000028000000489B0A0017BD0A0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A06BFE03000000000300000003000000
"E:\SetupGraph-4.3.exe"=0x53414350010000000000000007000000280000009DBC31000000000001000000000000000000030641220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000004B660000000000000100000001000000
"C:\Program Files (x86)\Graph\Graph.exe"=0x5341435001000000000000000700000028000000003657000000000001000000000000000000000671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000411B530A000000000C0000000C000000
"SIGN.MEDIA=F7AA250D software\bluej-bundled-314 (1).msi"=0x534143500100000000000000070000002800000000FE0000B780010001000000000000000000010500100000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000003D460400000000000100000001000000
"C:\Program Files (x86)\BlueJ\BlueJ.exe"=0x534143500100000000000000070000002800000000DE0800F951090001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000001CCB732C000000005100000051000000
"C:\Users\HP-PC\Downloads\python-2.7.9.msi"=0x534143500100000000000000070000002800000000FE0000B780010001000000000000000000010500100000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000B12E0000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOA822.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE010000000000000000020000002800000000000000000000000002020000000000000000000000000073070000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOB37D.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE0100000000000000000200000028000000000000000000000000020200000000000000000000000000E4010000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOB812.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE010000000000000000020000002800000000000000000000000002020000000000000000000000000047230000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOB95B.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE0100000000000000000200000028000000000000000000000000020200000000000000000000000000B6280000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOBAA4.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE0100000000000000000200000028000000000000000000000000020200000000000000000000000000BB2F0000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOBC0D.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE0100000000000000000200000028000000000000000000000000020200000000000000000000000000C0360000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOBD46.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE0100000000000000000200000028000000000000000000000000020200000000000000000000000000BB3C0000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOBEFD.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE010000000000000000020000002800000000000000000000000002020000000000000000000000000088420000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOC007.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE0100000000000000000200000028000000000000000000000000020200000000000000000000000000B1480000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOC19F.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE01000000000000000002000000280000000000000000000000000202000000000000000000000000003A060000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zOC2C8.tmp\_generator.exe"=0x534143500100000000000000070000002800000062B408000000000001000000000000000000010571200000975FD891C99ECE01000000000000000002000000280000000000000000000000000202000000000000000000000000000D030000000000000100000001000000
"C:\Users\HP-PC\GeoGebra 5.0\GeoGebra.exe"=0x5341435001000000000000000700000028000000302C02000000000001000000000000000000010600010000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000017B66539000000001C0000001C000000
"C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe"=0x534143500100000000000000070000002800000030257500A704760001000000000000000000000671200000975FD891C99ECE0100000000000000000200000028000000000000000000001000000000000000000000000000000000F13EBC24000000000200000002000000
"C:\Users\HP-PC\AppData\Local\Pokki\Engine\ServiceHostApp.exe"=0x534143500100000000000000070000002800000000207800FDAC780001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000003249590D000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe"=0x534143500100000000000000070000002800000048A50A00B58D0B0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000006B030000000000000100000001000000
"C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\BigBang\Runtime\CLUpdater.exe"=0x5341435001000000000000000700000028000000082F0600C0ED060001000000000000000000020671020000975FD891C99ECE0100000080000000000200000028000000000000000000000000000000000000000000000000000000D3530200000000000100000001000000
"C:\Users\HP-PC\Downloads\netbeans-8.1-javase-windows.exe"=0x5341435001000000000000000700000028000000A85EE5051636E60501000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000D0131500000000000200000002000000
"C:\Program Files\NetBeans 8.1\bin\netbeans.exe"=0x5341435001000000000000000700000028000000EF0B0A0064AA0A0001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000002C51220D000000000400000004000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\47.0.2526.73\delegate_execute.exe"=0x5341435001000000000000000700000028000000481F0B00FD590B0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000FF070000000000000100000001000000
"C:\Users\HP-PC\Downloads\Ginger.exe"=0x5341435001000000000000000700000028000000E8B10D0026340E0001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000A1C75701000000000100000001000000
"C:\Program Files (x86)\InstallShield Installation Information\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}\setup.exe"=0x5341435001000000000000000700000028000000006413000000000003000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000213A0200000000000100000001000000
"C:\Users\HP-PC\Downloads\SkypeSetup.exe"=0x534143500100000000000000070000002800000080F2160043AD170001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000006E062300000000000100000001000000
"C:\Users\HP-PC\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe"=0x5341435001000000000000000700000028000000002878008B46780001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000050120000000000000100000001000000
"C:\Users\HP-PC\Downloads\code2flowchart.exe"=0x53414350010000000000000007000000280000005DCE26000000000001000000000000000000030641220000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000008380000000000000100000001000000
"C:\Program Files\NetBeans 8.1\uninstall.exe"=0x534143500100000000000000070000002800000045601F009209060003000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000AF520100000000000100000001000000
"C:\Program Files (x86)\StarUML\StarUML.exe"=0x534143500100000000000000070000002800000000B81000279C110001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000056422800000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\47.0.2526.106\delegate_execute.exe"=0x5341435001000000000000000700000028000000481F0B0012150C0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A1070000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\Rar$EXb0.694\Men Of Mathematics Downloader__3687_i1831514230_il2046321.exe"=0x5341435001000000000000000700000028000000000013005001130001000000000000000000020600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000F4245E00000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\5B60.exe"=0x5341435001000000000000000700000028000000988544004234450001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000008AAB8200000000000200000002000000
"C:\Users\HP-PC\Downloads\MovaviScreenCaptureSetupC.exe"=0x53414350010000000000000007000000280000004873F304226AF40401000000000000000000010600010000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000004710100000000000100000001000000
"C:\Program Files (x86)\Movavi Screen Capture Studio 7\uninst.exe"=0x534143500100000000000000070000002800000098116700B21B670003000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000F03B0000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Temp\7zO11DD.tmp\TinyTakeSetup_v_4_0_1.exe"=0x534143500100000000000000070000002800000030F96A012E2C6B0101000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000096D6350B000000000100000001000000
"C:\Users\HP-PC\Downloads\FreeScreenToVideoSetup-r0-n-bc.exe"=0x53414350010000000000000007000000280000004824130069A4130001000000000000000000010600010000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FBCD0400000000000100000001000000
"E:\setup.exe"=0x5341435001000000000000000700000028000000B8060D00211B143E01000000000000000000030600210000975FD891C99ECE01000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000005B46F919000000000200000002000000
"C:\Users\HP-PC\Downloads\ezvid1.002b03.exe"=0x5341435001000000000000000700000028000000704A0F00C245100001000000000000000000020600010000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000030F81600000000000100000001000000
"C:\Program Files (x86)\ezvid\ezvid.exe"=0x534143500100000000000000070000002800000008075300DA255300010000000000000000000306F1220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A73B4400000000000100000001000000
"C:\Users\HP-PC\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe"=0x534143500100000000000000070000002800000058880500A9960500010000000000000000000306F1200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000DD0A0000000000000100000001000000
"C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDRW.exe"=0x534143500100000000000000070000002800000058050500609A050001000000000000000000030673220000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000005C2A0D00000000000200000002000000
"C:\Program Files (x86)\Autograph 3.3\Autograph Virtual Keyboard.exe"=0x5341435001000000000000000700000028000000007C00002FE4000001000000000000000000010671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C0140000000000000100000001000000
"C:\SmartDraw CI\Messages.exe"=0x5341435001000000000000000700000028000000446E05000000000001000000000000000000010671000000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000009010000000000000100000001000000
"C:\SmartDraw CI\SD.exe"=0x5341435001000000000000000700000028000000C1BF3F000000000001000000000000000000010671000000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000034070000000000000100000001000000
"C:\SmartDraw CI\SDUI.exe"=0x5341435001000000000000000700000028000000F0A036000000000001000000000000000000010671000000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000006F050000000000000100000001000000
"C:\SmartDraw CI\DLLs.exe"=0x5341435001000000000000000700000028000000EFF033000000000001000000000000000000010671000000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D0070000000000000100000001000000
"C:\SmartDraw CI\Tooltips.exe"=0x5341435001000000000000000700000028000000E8AB0600B945070001000000000000000000010671000000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000B50E0000000000000100000001000000
"C:\SmartDraw CI\Filters.exe"=0x5341435001000000000000000700000028000000D8101000E254100001000000000000000000010671000000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000006B030000000000000100000001000000
"C:\SmartDraw CI\Ribbons.exe"=0x53414350010000000000000007000000280000003E8108000000000001000000000000000000010671000000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000042020000000000000100000001000000
"C:\SmartDraw CI\Spelling.exe"=0x5341435001000000000000000700000028000000501D0700C64F070001000000000000000000010671000000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000EA000000000000000100000001000000
"C:\SmartDraw CI\Dialog7.exe"=0x5341435001000000000000000700000028000000E8A904000000000001000000000000000000010671000000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000DB000000000000000100000001000000
"C:\SmartDraw CI\LibraryPreviews.exe"=0x5341435001000000000000000700000028000000D84E59000000000001000000000000000000010671000000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C2190000000000000100000001000000
"C:\SmartDraw CI\Templates\2010.exe"=0x5341435001000000000000000700000028000000D8B8290054DD290001000000000000000000010671000000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000F10C0000000000000100000001000000
"C:\SmartDraw CI\Templates\Categories.exe"=0x53414350010000000000000007000000280000000FAC10000000000001000000000000000000010671000000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000004F0D0000000000000100000001000000
"C:\SmartDraw CI\SmartDraw.exe"=0x5341435001000000000000000700000028000000E0376C009B306D0001000000000000000000030671200000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000054EF3E00000000000300000003000000
"C:\Users\HP-PC\AppData\Local\Temp\Jing_Setup\Jing_Setup_Release.msi"=0x534143500100000000000000070000002800000000EA0000AA51010001000000000000000000010500100000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000003DD80700000000000200000002000000
"C:\Program Files (x86)\TechSmith\Jing\Jing.exe"=0x5341435001000000000000000700000028000000F86B2C00FA272D00010000000000000000000306F1220000975FD891C99ECE0100000000000000000200000028000000000000000000005000000000000000000000000000000000B51C0983000000001800000018000000
"C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe"=0x534143500100000000000000070000002800000098AA3200C2DA320001000000000000000000030680210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000003B9B4E00000000000200000002000000
"C:\SYSTEM.SAV\Util\HPCPDesktopIcon.exe"=0x5341435001000000000000000700000028000000001E000000000000010000000000000000000306F1220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000454D0000000000000100000001000000
"C:\Users\183-k\Desktop\bin\java.exe"=0x5341435001000000000000000700000028000000A8E90200B83A030001000000000000000000030600210000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A01C0000000000000400000004000000
"C:\Users\183-k\Desktop\bin\javacpl.exe"=0x5341435001000000000000000700000028000000A82D0100987B010001000000000000000000010600010000B395E7CF049FCE0100000000000000000200000028000000000000000000000000100000000000000000000000000000B388730F000000000200000002000000
"C:\Users\183-k\Desktop\bin\javaws.exe"=0x5341435001000000000000000700000028000000A8E50400BA78050001000000000000000000010600010000B395E7CF049FCE0100000000000000000200000028000000000000000000000000100000000000000000000000000000E8CC0600000000000100000001000000
"C:\Program Files (x86)\slitherlink\SLITHERLINK.EXE"=0x534143500100000000000000070000002800000000000E00D4B90E0001000000000000000000020671200000975FD891C99ECE010000000000000000020000002800000000000000000000000010000000000000000000000000000066880400000000000100000001000000
"C:\Program Files (x86)\Texmaker\texmaker.exe"=0x53414350010000000000000007000000280000000040590036B6590001000000000000000000020671200000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000002EC2C134000000006700000067000000
"C:\Users\HP-PC\AppData\Local\Programs\MiKTeX 2.9\miktex\bin\mpm_mfc.exe"=0x534143500100000000000000070000002800000000460300A94A030001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D7610000000000000100000001000000
"C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe"=0x5341435001000000000000000700000028000000F8821600CDD21600010000000000000000000306F1220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000005D591000000000000100000001000000
"C:\Program Files (x86)\BlackBerry\BlackBerry Blend\Blend.exe"=0x5341435001000000000000000700000028000000F83A4F003C08500001000000000000000000030671220000975FD891C99ECE010000000000000000
"SIGN.MEDIA=228BEF19 StartModem.exe"=0x53414350010000000000000007000000280000003019080058FD080001000000000000000000020671200000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000000D53284F000000000200000002000000
"C:\Users\HP-PC\Downloads\python-2.7.9 (1).msi"=0x534143500100000000000000070000002800000000FE00002CDB010001000000000000000000010500100000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000403C0300000000000200000002000000
"C:\Python27\pythonw.exe"=0x5341435001000000000000000700000028000000006A0000AC88000001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000406EB010000000000A0000000A000000
"C:\Python27\python.exe"=0x53414350010000000000000007000000280000000068000081A8000001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000001F4C2700000000002600000026000000
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe"=0x5341435001000000000000000700000028000000384508005D0C0900010000000000000000000306F5220000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000048459700000000000300000003000000
"C:\Program Files (x86)\LizardTech\DjVu Solo 3.1\DjVuSolo.exe"=0x534143500100000000000000070000002800000000E020000000000001000000000000000000010571200000975FD891C99ECE0100000000000000000200000028000000000000000000000000040000000000000000000000000000E3950400000000000400000004000000
"C:\Program Files\WinDjView\WinDjView.exe"=0x5341435001000000000000000700000028000000005E31000000000001000000000000000000010673200000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000B0110D2C000000001E0000001E000000
"SIGN.IE=08F1960 Connectify2016Installer.exe"=0x534143500100000000000000070000002800000060198F00EE4E8F0001000000000000000000030600210000975FD891C99ECE010000000000000000
"C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe"=0x534143500100000000000000070000002800000048594900FB354A0001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C600420A000000001100000011000000
"C:\Program Files (x86)\Google\Picasa3\Picasa3.exe"=0x534143500100000000000000070000002800000048099B00A3279B0001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000001000000000000000000000000000000000F3810300000000000100000001000000
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000D8B41100C199120001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000004565EA1300000000C5000000C5000000
"C:\Users\HP-PC\AppData\Roaming\Zoom\bin\Zoom.exe"=0x5341435001000000000000000700000028000000B0D2060067D4060001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000005C030000000000000200000002000000
"C:\Users\HP-PC\Downloads\Zoom_launcher.exe"=0x534143500100000000000000070000002800000048090200B314020001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000800000000000000000000000000000000000000058010000000000000200000002000000
"C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x5341435001000000000000000700000028000000D8579F011141A00101000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000001E080000000000000100000001000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000586D0E005DC80E0001000000000000000000030600210000975FD891C99ECE010000000100000000
"C:\Users\HP-PC\AppData\Roaming\Zoom\uninstall\Installer.exe"=0x5341435001000000000000000700000028000000B0160800D763080003000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000096230000000000000100000001000000
"C:\Users\HP-PC\Downloads\basic-miktex.exe"=0x534143500100000000000000070000002800000008915C0B33058B0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000000BDB0400000000000300000003000000
"C:\Users\HP-PC\AppData\Local\Programs\MiKTeX 2.9\miktex\bin\miktex-texworks.exe"=0x5341435001000000000000000700000028000000007469001FFE690001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000130C0400000000000300000003000000
"C:\Users\HP-PC\Desktop\Mathematics\Computer Science\EMACS\smlnj-110.80.msi"=0x534143500100000000000000070000002800000000FE00002CDB010001000000000000000000010500100000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000009C3E0400000000000600000006000000
"C:\Users\HP-PC\Desktop\Mathematics\Computer Science\EMACS\libexec\emacs\24.5\i686-pc-mingw32\profile.exe"=0x5341435001000000000000000700000028000000FB9E0900A8F3090001000000000000000000030671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000111F0000000000000100000001000000
"C:\Users\HP-PC\Desktop\Mathematics\Computer Science\EMACS\bin\addpm.exe"=0x534143500100000000000000070000002800000069020900D115090001000000000000000000030671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A7200000000000000700000007000000
"C:\Users\HP-PC\Desktop\Mathematics\Computer Science\EMACS\bin\emacs.exe"=0x53414350010000000000000007000000280000000E708C00FDB18C0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E3C74200000000000C0000000C000000
"C:\Program Files (x86)\SMLNJ\bin\.run\run.x86-win32.exe"=0x534143500100000000000000070000002800000000BE05000000000001000000000000000000030671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000F57D0100000000000400000004000000
"C:\Users\HP-PC\Desktop\Mathematics\Computer Science\EMACS\bin\emacs-24.5.exe"=0x53414350010000000000000007000000280000000E708C00FDB18C0001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000072180500000000000300000003000000
"C:\Users\HP-PC\Desktop\smlnj-110.80.msi"=0x534143500100000000000000070000002800000000FE00002CDB010001000000000000000000010500100000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E4570000000000000100000001000000
"C:\Users\HP-PC\Desktop\bin\addpm.exe"=0x534143500100000000000000070000002800000069020900D115090001000000000000000000030671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000CD0A0000000000000100000001000000
"C:\Users\HP-PC\Desktop\bin\emacs.exe"=0x53414350010000000000000007000000280000000E708C00FDB18C0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000006AD60A00000000000500000005000000
"C:\Users\HP-PC\Desktop\emacs.exe"=0x53414350010000000000000007000000280000000E708C00FDB18C0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000CF290000000000000200000002000000
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE"=0x5341435001000000000000000700000028000000288B0F00E0940F0001000000000000000000000671020000975FD891C99ECE010000000100000000
"C:\Users\HP-PC\AppData\Local\Package Cache\{26f1a2e1-0974-440e-9f5b-092c573b659f}\GrammarlyAddInSetup6.5.87.exe"=0x534143500100000000000000070000002800000020AD3100C83D320003000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000EF710100000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe"=0x5341435001000000000000000700000028000000D0030600738C060001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C9030000000000000100000001000000
"C:\Program Files\AVAST Software\Avast\avastui.exe"=0x534143500100000000000000070000002800000020F68F00B7DF900001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000055E50C00000000000300000003000000
"C:\Users\HP-PC\AppData\Local\Google\Chrome\Application\56.0.2924.87\Installer\setup.exe"=0x534143500100000000000000070000002800000058E31400D493150001000000000000000000030600210000975FD891C99ECE010000000000000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000585F0E0077AC0E0001000000000000000000030600210000975FD891C99ECE010000000100000000
"C:\Users\HP-PC\Downloads\kts17.0.0.611en_10761.exe"=0x53414350010000000000000007000000280000002008990AC4A8990A01000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000F2110000000000000700000007000000
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe"=0x5341435001000000000000000700000028000000D8690300411F040001000000000000000000030600210000975FD891C99ECE010000000000000000
"C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\Installer\setup.exe"=0x53414350010000000000000007000000280000005823140048CB140001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D3A7D604000000000100000001000000
"C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\Installer\chrmstp.exe"=0x53414350010000000000000007000000280000005823140048CB140001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000000F6B0000000000000100000001000000
"C:\Users\HP-PC\Downloads\SysInfo.exe"=0x5341435001000000000000000700000028000000A06A0B0074C40B0001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000DEC70800000000000400000004000000
"C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe"=0x5341435001000000000000000700000028000000001800000000000001000000000000000000030673220000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000010000000000000000100000001000000
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000789A1700397F180001000000000000000000010600010000975FD891C99ECE010000000100000000
"C:\Program Files (x86)\MathType\MathType.exe"=0x5341435001000000000000000700000028000000B8471F0060C21F0001000000000000000000010600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000055D00900000000000100000001000000
"C:\Users\HP-PC\Downloads\FRST64.exe"=0x5341435001000000000000000700000028000000000025002BFD240001000000000000000000030600210000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000098DC4B00000000000400000004000000
"C:\Program Files (x86)\Connectify\Connectify.exe"=0x5341435001000000000000000700000028000000380A3F00EA783F0001000000000000000000030680210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000009A100000000000000100000001000000
"C:\Program Files (x86)\Connectify\DispatchUI.exe"=0x5341435001000000000000000700000028000000386C24000CF4240001000000000000000000030680210000975FD891C99ECE010000008000000000020000002800000000000000000000000000000000000000000000000000000069130000000000000100000001000000
"C:\Users\HP-PC\Downloads\Everything-1.3.4.686.x64.Multilingual-Setup.exe"=0x534143500100000000000000070000002800000046790F000000000001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E40E0000000000000200000002000000
"C:\Program Files\Everything\Everything.exe"=0x5341435001000000000000000700000028000000000016001741160001000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000407F9B00000000000600000006000000
"C:\Users\HP-PC\Desktop\FRST64.exe"=0x5341435001000000000000000700000028000000000025002BFD240001000000000000000000030600210000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000006A120100000000000100000001000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\WildGames\Uninstall.exe"=0x5341435001000000000000000700000028000000B0020A00F71A0A0003000000000000000000010671020000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A7EF0500000000000100000001000000
"SIGN.MEDIA=3D1D0 software\Autograph3.3.10\Autograph3.3.10\setup.exe"=0x534143500100000000000000070000002800000000500E005B900E0001000000000000000000010600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000519E0700000000000100000001000000
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000F0100300E14C030001000000000000000000030600210000B395E7CF049FCE01000000000000000002000000280000000000000000000040000000000000000000000000000000008FFAB507000000000E0000000E000000
"C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"=0x534143500100000000000000070000002800000038560600E13D070001000000000000000000030673220000B395E7CF049FCE010000000000000000020000002800000000000000000000400000000000000000000000000000000034C3B507000000001F0000001F000000
"C:\Users\183-k\AppData\Local\Pokki\Engine\StartMenuIndexer.exe"=0x534143500100000000000000070000002800000048532F005531300001000000000000000000030673220000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000012B9B507000000000900000009000000
"C:\Program Files (x86)\Autograph 3.3\agraph.exe"=0x534143500100000000000000070000002800000000A07500F41D760001000000000000000000010671200000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000034AF0500000000000200000002000000
"C:\Program Files\mcafee\msc\mcuihost.exe"=0x5341435001000000000000000700000028000000D85A0E00B7200F0003000000000000000000030600210000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000002DA20300000000000100000001000000
"C:\Users\HP-PC\Downloads\jre-8u25-windows-x64.exe"=0x5341435001000000000000000700000028000000A8D985058635860501000000000000000000030673220000B395E7CF049FCE010000000000000000020000002800000000000000000000400000000000000000000000000000000000010200000000000300000003000000
"SIGN.MEDIA=E5CF7E8C loger\LoggerPro361\setup.exe"=0x5341435001000000000000000700000028000000D80507006BAF070001000000000000000000000671220000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000003C5B0400000000000100000001000000
"C:\Program Files (x86)\Vernier Software\Logger Pro 3\LoggerPro.exe"=0x5341435001000000000000000700000028000000001073008F8E730001000000000000000000000671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000BF1C0000000000000100000001000000
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D8DB0D0090950E0001000000000000000000000671020000975FD891C99ECE010000000100000000
"SIGN.IE=014B3F1 icarefree.exe"=0x5341435001000000000000000700000028000000F1B314000000000001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000006C182700000000000200000002000000
"C:\Program Files (x86)\iCare Data Recovery Free\iCareDataRecoveryFree.exe"=0x5341435001000000000000000700000028000000008C0A00E4950A0001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000008C8C0100000000000200000002000000
"C:\Program Files (x86)\iCare Data Recovery Free\unins000.exe"=0x5341435001000000000000000700000028000000C94A12000000000003000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A83A0000000000000100000001000000
"F:\iCare Data Recovery Free\unins000.exe"=0x5341435001000000000000000700000028000000C94A12000000000003000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000462B0000000000000100000001000000
"C:\Users\HP-PC\Downloads\InstallMTW6.9a.exe"=0x5341435001000000000000000700000028000000A0D69E0021299F0001000000000000000000010600010000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000004E010200000000000100000001000000
"C:\Users\HP-PC\Downloads\CorelDRAW_X7_EN (1).exe"=0x534143500100000000000000070000002800000010E90900F0940A0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000A3A83800000000000100000001000000
"E:\software school\SkypeSetupFull.exe"=0x5341435001000000000000000700000028000000B018BF01EB1DBF0101000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000E3880100000000000100000001000000
"SIGN.MEDIA=5DCE754 SkypeSetup for Desktop.exe"=0x534143500100000000000000070000002800000080DC9A021FF59A0201000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000042D50000000000000100000001000000
"C:\Users\183-k\AppData\Local\Temp\certutil.exe"=0x5341435001000000000000000700000028000000006001000000000001000000000000000000010571000000975FD891C99ECE010000000000000000020000002800000000000000000000000004000000000000000000000000000096280000000000000600000006000000
"C:\Users\HP-PC\Downloads\screen-recorder-pro.exe"=0x5341435001000000000000000700000028000000A0830501C7BC050101000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000094180100000000000100000001000000
"C:\ProgramData\Package Cache\{cbb7c584-20c0-4426-9921-ac1cc52ff54d}\TinyTakeSetup.exe"=0x534143500100000000000000070000002800000000430900FD79090003000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000006FF20300000000000100000001000000
"C:\Users\HP-PC\Downloads\WebSudokuDeluxeSetup.exe"=0x5341435001000000000000000700000028000000F0A114007078150001000000000000000000030641200000975FD891C99ECE01000000000000000002000000280000000000000000080040000000000000000000000000000000004EC44E00000000000100000001000000
"C:\Users\HP-PC\Downloads\slitherlink-1.0-setup.exe"=0x534143500100000000000000070000002800000010C90E000000000001000000000000000000030641200000975FD891C99ECE0100000000000000000200000028000000000000000008004000000000000000000000000000000000792D0000000000000100000001000000
"C:\Users\HP-PC\Downloads\texmakerwin32_install.exe"=0x5341435001000000000000000700000028000000EED234030000000001000000000000000000000671000000975FD891C99ECE010000000000000000020000002800000000000000000800400000000000000000000000000000000078900000000000000200000002000000
"C:\Program Files (x86)\Texmaker\uninstall.exe"=0x534143500100000000000000070000002800000041E900000000000003000000000000000000000671000000975FD891C99ECE01000000000000000002000000280000000000000000080000000000000000000000000000000000004F1A0000000000000100000001000000
"SIGN.MEDIA=1AD567 Start.exe"=0x5341435001000000000000000700000028000000F8B00600AD4E070001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000AA269900000000000200000002000000
"C:\Program Files (x86)\WebSudokuDeluxe\unins000.exe"=0x5341435001000000000000000700000028000000BC460A000000000003000000000000000000030641200000975FD891C99ECE0100000000000000000200000028000000000000000008000000000000000000000000000000000000C6130000000000000100000001000000
"C:\Program Files\44fd47e702288e1fbe38f8612f4e569d\3ebb3b6956483bce3d8535d9165edfaf.exe"=0x534143500100000000000000070000002800000038390E006101020003000000000000000000030671200000975FD891C99ECE010000000000000000020000002800000000000000000800000000000000000000000000000000000034C30600000000000100000001000000
"C:\Users\HP-PC\Downloads\adwcleaner_5.200.exe"=0x5341435001000000000000000700000028000000408238008484380001000000000000000000030600210000975FD891C99ECE010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000066ED0800000000000100000001000000
"C:\Users\183-k\AppData\Roaming\WeatherChickn\Uninstall.exe"=0x53414350010000000000000007000000280000008C4F01000000000003000000000000000000010600010000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000008000000000000000800000000000D0140000000000000100000001000000010000000400000001000000
"C:\Windows\unins000.exe"=0x5341435001000000000000000700000028000000B7800B000000000003000000000000000000020600010000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000049350000000000000100000001000000
"C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Setup\SetupARP.exe"=0x53414350010000000000000007000000280000006087300009D0300003000000000000000000020600010000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D8BBAA02000000000100000001000000
"C:\Users\HP-PC\Downloads\SHAREitLENOVOSUPPORT.exe"=0x5341435001000000000000000700000028000000C8104F000A214F0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000001A220100000000000100000001000000
"C:\Users\HP-PC\Downloads\VPython-Win-32-Py2.7-6.11.exe"=0x5341435001000000000000000700000028000000F75A68020000000001000000000000000000020600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000FFE80200000000000100000001000000
"C:\Users\HP-PC\Downloads\Tracker-4.94-windows-installer.exe"=0x534143500100000000000000070000002800000079B1DA01C0932B0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000751CDE04000000000100000001000000
"C:\Users\HP-PC\Downloads\DjVuSolo3.1-noncom.exe"=0x534143500100000000000000070000002800000070002200DBAE220001000000000000000000010571000000975FD891C99ECE010000000000000000020000002800000000000000000800400000000000000000000000000000000018CF0000000000000100000001000000
"SIGN.IE=014F600 VirtualRouterInstaller.msi"=0x534143500100000000000000070000002800000000FE00002CDB010001000000000000000000010500100000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000AA660000000000000100000001000000
"C:\Users\183-k\Downloads\setup.exe"=0x5341435001000000000000000700000028000000B54F21000000000001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000F8110200000000000100000001000000
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Eula.exe"=0x5341435001000000000000000700000028000000804E0100CD80010001000000000000000000010671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000001A0E0000000000000100000001000000
"C:\Program Files (x86)\Hotspoter\Hotspoter.exe"=0x534143500100000000000000070000002800000000E01E0000000000010000000000000000000306F5220000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000FB42B20E000000000600000006000000
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000D8A611005CCE110001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000059D10A00000000000200000002000000
"SIGN.IE=08CF2F8 Connectify2016Installer.exe"=0x5341435001000000000000000700000028000000F8F28C00D0638D0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A9B00200000000000100000001000000
"C:\Users\HP-PC\Downloads\WinDjView-2.0.1-Setup.exe"=0x5341435001000000000000000700000028000000E2F8E3000000000001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000BA3C0000000000000100000001000000
"C:\Program Files (x86)\Connectify\Connectify.exe"=0x5341435001000000000000000700000028000000380A3F00EA783F0001000000000000000000030680210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000769FAA07000000000300000003000000
"C:\Users\HP-PC\LJM1130_M1210_MFP_Full_Solution.exe"=0x5341435001000000000000000700000028000000E0059B0DB89C9B0D01000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000433F4A00000000000300000003000000
"C:\Program Files (x86)\Hotspoter\unins000.exe"=0x5341435001000000000000000700000028000000DE960D000000000003000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000DC120000000000000100000001000000
"C:\Program Files (x86)\athtek\CodeToFlowchart\unins000.exe"=0x534143500100000000000000070000002800000019910A000000000003000000000000000000030641220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000017110000000000000100000001000000
"C:\Users\HP-PC\Downloads\antimalwaresetup.exe"=0x5341435001000000000000000700000028000000F0740D0055660E0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000A4F61400000000000100000001000000
"C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\uninstall.exe"=0x53414350010000000000000007000000280000005B030300C6CA510103000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000631B0100000000000100000001000000
"C:\Users\HP-PC\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe"=0x5341435001000000000000000700000028000000A8C16703EE57680301000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000415F0100000000000100000001000000
"C:\Users\HP-PC\Downloads\BDAntiRansomwareSetup.exe"=0x534143500100000000000000070000002800000010C447008E28480001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000030FA0300000000000100000001000000
"C:\Users\HP-PC\Downloads\avast_free_antivirus_setup_online.exe"=0x5341435001000000000000000700000028000000A0A9600056C3600001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000020B50800000000000100000001000000
"C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe"=0x5341435001000000000000000700000028000000581E140030E0140001000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000E9C10000000000000100000001000000
"C:\Users\HP-PC\Downloads\kts17.0.0.611en_10761.exe"=0x53414350010000000000000007000000280000002008990AC4A8990A01000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000C34F1100000000000100000001000000
"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8B0481A9A34D47CD.exe"=0x534143500100000000000000070000002800000070DA10000D02110003000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000ED590C00000000000100000001000000
"C:\Users\HP-PC\Downloads\InstallMTW6.9b.exe"=0x5341435001000000000000000700000028000000F8F19E00884A9F0001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000E50B0700000000000100000001000000
"C:\Program Files (x86)\MathType\Setup.exe"=0x534143500100000000000000070000002800000040AB08007B63090003000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000990D0400000000000100000001000000
"C:\Users\HP-PC\Downloads\MTW6.7a.exe"=0x5341435001000000000000000700000028000000D06C5F005045600001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000D0B80000000000000100000001000000
"C:\Users\HP-PC\Downloads\MASetup.exe"=0x534143500100000000000000070000002800000068B06900EB1E6A0001000000000000000000010571000000975FD891C99ECE01000000000000000002000000280000000000000080090040000000000000000000000000000000008FB60300000000000200000002000000
"C:\Users\HP-PC\Downloads\aswmbr.exe"=0x5341435001000000000000000700000028000000005A4F000000000001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000BB692000000000000200000002000000
"C:\Program Files (x86)\Connectify\Uninstall.exe"=0x5341435001000000000000000700000028000000C7960400D0228E0003000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C3DE0100000000000100000001000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000585F0E0077AC0E0001000000000000000000030600210000975FD891C99ECE010000000100000000
"C:\Users\HP-PC\Downloads\FRST64.exe"=0x5341435001000000000000000700000028000000000025002BFD240001000000000000000000030600210000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000EDEC2500000000000100000001000000
"C:\Program Files (x86)\Texmaker\texmaker.exe"=0x53414350010000000000000007000000280000000040590036B6590001000000000000000000020671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000B9A20300000000000100000001000000
"C:\Program Files\AVAST Software\Avast\setup\instup.exe"=0x534143500100000000000000070000002800000018F913000000000003000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000569C0200000000000100000001000000
"C:\Program Files\AVAST Software\Avast\VisthAux.exe"=0x5341435001000000000000000700000028000000405303004354030001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000080000040000000000000000000000000000000002D030000000000000100000001000000
"C:\Users\HP-PC\Downloads\ccsetup528.exe"=0x5341435001000000000000000700000028000000F0848D0037BB8D0001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000032D90500000000000100000001000000
"C:\Users\HP-PC\Downloads\ZHPCleaner.exe"=0x534143500100000000000000070000002800000000F6290060922A0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000FC602E00000000000300000003000000
"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe"=0x5341435001000000000000000700000028000000D0030600738C060001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000001A4F0000000000000600000006000000
"C:\Users\HP-PC\Downloads\setup.exe"=0x5341435001000000000000000700000028000000F0B415027034160201000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000004F680000000000000100000001000000
"C:\Program Files\RogueKiller\RogueKiller64.exe"=0x534143500100000000000000070000002800000048BC8E0166DF8E0101000000000000000000030600210000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000B11E2800000000000100000001000000
"C:\Users\HP-PC\Downloads\JRT.exe"=0x5341435001000000000000000700000028000000A0631900416D190001000000000000000000010671020000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000000A2A0400000000000200000002000000
"C:\Users\HP-PC\Downloads\adwcleaner_6.044.exe"=0x5341435001000000000000000700000028000000D0833D00422A3E0001000000000000000000030600210000975FD891C99ECE010000000000000000
"C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe"=0x5341435001000000000000000700000028000000C8CE2B00B9E72B0001000000000000000000030671200000975FD891C99ECE0100000000000000000200000028000000000000000008004000000000000000000000000000000000A0B0C600000000000200000002000000
"C:\Users\HP-PC\Downloads\Zemana.AntiMalware.Setup.exe"=0x534143500100000000000000070000002800000090D0570002521D3901000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000004019200000000000100000001000000
"C:\Users\HP-PC\Downloads\ZHPDiag3.exe"=0x534143500100000000000000070000002800000000622900D1E9290001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000066730100000000000300000003000000
"C:\Users\HP-PC\Desktop\FRST64.exe"=0x5341435001000000000000000700000028000000000025002BFD240001000000000000000000030600210000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000C3840600000000000100000001000000
"C:\Users\HP-PC\Downloads\SecurityCheck.exe"=0x53414350010000000000000007000000280000003ACC070065BC010001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000FE440200000000000100000001000000
"C:\Users\HP-PC\Downloads\Adware Removal Tool by TSA.exe"=0x5341435001000000000000000700000028000000A87A0B0004E60B00010000000000000000000306F1220000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000005D7C1F00000000000100000001000000
"C:\Users\HP-PC\Downloads\rmtool-setup-x64.exe"=0x534143500100000000000000070000002800000060AA620074EC620001000000000000000000010600010000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000033450E00000000000100000001000000
"C:\Program Files\9-lab\Removal Tool\rmtool.exe"=0x5341435001000000000000000700000028000000C0D1800016FD800001000000000000000000030673220000B395E7CF049FCE010000000000000000020000002800000000000000000000400000000000000000000000000000000015772E00000000000200000002000000
"C:\Users\HP-PC\Downloads\quickdiag_3_31.01.17.1.exe"=0x5341435001000000000000000700000028000000A8212500CE01260001000000000000000000030600210000975FD891C99ECE010000000000000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"DragFullWindows"=USR:Control Panel\Desktop
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"DoubleClickHeight"=#USR:Control Panel\Mouse
"MouseSpeed"=#USR:Control Panel\Mouse
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"MouseThreshold2"=#USR:Control Panel\Mouse
"SwapMouseButtons"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"CoolSwitch"=USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DoubleClickWidth"=#USR:Control Panel\Mouse
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"Beep"=#USR:Control Panel\Sound
"ScreenSaveActive"=#USR:Control Panel\Desktop
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"ScreenSaverActive"=USR:Control Panel\Desktop

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"DoubleClickHeight"=#USR:Control Panel\Mouse
"MouseSpeed"=#USR:Control Panel\Mouse
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"MouseThreshold2"=#USR:Control Panel\Mouse
"SwapMouseButtons"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"CoolSwitch"=USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DoubleClickWidth"=#USR:Control Panel\Mouse
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"Beep"=#USR:Control Panel\Sound
"ScreenSaveActive"=#USR:Control Panel\Desktop
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"ScreenSaverActive"=USR:Control Panel\Desktop

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Windows Defender]
"LastKnownGoodProxy"=1

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=130216565553372332
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"DisableAntiSpyware"=1
"ProductType"=2
"ProductStatus"=0
"TrustedImageIdentifier"=758211-372
"DisableAntiVirus"=1
"InstallTime"=0x657507E61AC4CF01
"OneTimeSqmDataSent"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts

# 127.0.0.1 localhost

---------- | Ping

---------- | @

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"OperationalData"=13
"CompatibilityFlags"=0
"IE10TourNoShow"=1
"FullScreen"=no
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0A02000000000000040300009F000000
"ImageStoreRandomFolder"=h17qkcu
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0xAEE228C18363D201
"Use FormSuggest"=no
"AutoHide"=yes
"DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2000000054000000A002000034020000
"SuppressScriptDebuggerDialog"=0
"UseSWRender"=0
"Expand Alt Text"=no
"Move System Caret"=no
"PlaySounds"=0
"NscSingleExpand"=0
"Error Dlg Displayed On Every Error"=no
"UseThemes"=1
"GotoIntranetSiteForSingleWordEntry"=0
"NotifyDownloadComplete"=yes
"Friendly http errors"=yes
"Check_Associations"=no
"SmoothScroll"=1
"EnableAlternativeCodec"=yes
"Enable AutoImageResize"=yes
"Show image placeholders"=0
"MixedContentBlockImages"=0
"Isolation64Bit"=0
"DOMStorage"=1
"Isolation"=PMIL
"DoNotTrack"=1
"Start Page_TIMESTAMP"=0xBA1DFB9C264ED201
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x010000001A0000009A5354EE9DFF58E6DE2182C16075EE6711DBDE682CD7070C8539020000000E0000004D4C4243555250666D4D55253364

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"IE5_UA_Backup_Flag"=5.0
"ZonesSecurityUpgrade"=0xC6E8DA507BAACF01
"EmailName"=User@
"AutoConfigProxy"=wininet.dll
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"WarnOnPost"=0x01000000
"UseSchannelDirectly"=0x01000000
"EnableHttp1_1"=1
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"EnableAutodial"=0
"ProxyHttp1.1"=1
"EnableSPDY3_0"=1
"ShowPunycode"=0
"EnablePunycode"=1
"DisableIDNPrompt"=0
"EnforceP3PValidity"=0
"WarnonBadCertRecving"=1
"WarnOnPostRedirect"=1
"ProxyEnable"=0

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Internet Explorer\Main]
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"OperationalData"=13
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF05010000520000005A040000AA020000
"ImageStoreRandomFolder"=lovazcl
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0xA299FF678BA0D201
"IE10TourNoShow"=1
"DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"Use FormSuggest"=yes
"FormSuggest Passwords"=yes
"FormSuggest PW Ask"=yes
"Start Page_TIMESTAMP"=0x414A4DC0FCD2D101
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"IE5_UA_Backup_Flag"=5.0
"ZonesSecurityUpgrade"=0xE30F369319C4CF01
"EmailName"=User@
"AutoConfigProxy"=wininet.dll
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"WarnOnPost"=0x01000000
"UseSchannelDirectly"=0x01000000
"EnableHttp1_1"=1
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"FormSuggest PW Ask"=no
"FormSuggest Passwords"=no
"DoNotTrack"=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"FormSuggest PW Ask"=no
"FormSuggest Passwords"=no
"DoNotTrack"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"EnablePunycode"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify


---------- | Execution FileExts












---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [07/03/2015 17:40:05]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} -- C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [27/10/2006 00:48:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -- C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [27/10/2006 00:48:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} -- C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [27/10/2006 00:48:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} -- C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [27/10/2006 00:48:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -- C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [27/10/2006 00:48:42]

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=Groove GFS Stub Execution Hook


---------- | Toolbar

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1
"ShowDiscussionButton"=Yes

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Height"=0
"ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"KnownProvidersUpgradeTime"=0xE564ACBD8363D201
"DownloadRetries"=15
"Version"=4
"UpgradeTime"=0x00A68DBF8363D201
"DefaultPackCorrection"=1
"DefaultPackNTCorrection"=1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Height"=0
"ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"KnownProvidersUpgradeTime"=0x509E83678BA0D201
"DownloadRetries"=6
"DefaultPackCorrection"=1
"Version"=4
"UpgradeTime"=0xD20E15688BA0D201
"DefaultPackNTCorrection"=1
"ShowSearchSuggestionsInAddressGlobal"=0

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (S&end to OneNote) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101) - []

---------- | SearchScopes

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS :
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} :

---------- | Browser Helper Objects


---------- | Chrome


[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]

---------- | Opera


---------- | Firefox


[HKLM\Software\mozilla\Firefox\Extensions]
"light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2] - (Java™ Deployment Toolkit) : C:\Users\183-k\Desktop\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Users\183-k\Desktop\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) : C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@autograph-maths.com/Autograph Player Plugin] - (Autograph Plugin for Firefox) : C:\Program Files (x86)\Autograph 3.3\WebPlayer\npagraph.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] - (Picasa3 plugin) : C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0] - (BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers) : C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


---------- | DNS

[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{D8CDCD34-1927-4308-BFA6-CD78629C69FD}]
"DhcpNameServer"=192.168.0.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D8CDCD34-1927-4308-BFA6-CD78629C69FD}]
"DhcpNameServer"=192.168.0.1

---------- | Applications

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Classes\Applications\::{52205FD8-5DFB-447D-801A-D0B52F2E83E1}] : "::{52205FD8-5DFB-447D-801A-D0B52F2E83E1}" %1
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Classes\Applications\AcroRd32.exe] : "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "%1"
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Classes\Applications\WinDjView.exe] : "C:\Program Files\WinDjView\WinDjView.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe] : "C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\PicasaPhotoViewer.exe] : "C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"RPCSS"=RpcEptMapper
RpcSs
"LocalService"=nsi
WdiServiceHost
w32time
EventSystem
WinHttpAutoProxySvc
SstpSvc
netprofm
lltdsvc
THREADORDER
FontCache
fdphost
bthserv
WebClient
workfolderssvc
RemoteRegistry
"WepHostSvcGroup"=WepHostSvc
"defragsvc"=defragsvc
"LocalServiceAndNoImpersonation"=TimeBroker
SSDPSRV
upnphost
SCardSvr
BthHFSrv
QWAVE
fdrespub
wcncsvc
SensrSvc
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"LocalSystemNetworkRestricted"=WdiSystemHost
ScDeviceEnum
WiaRpc
trkwks
AudioEndpointBuilder
WUDFSvc
hidserv
dot3svc
NcbService
svsvc
sysmain
StorSvc
TabletInputService
fhsvc
PcaSvc
DeviceAssociationService
homegrouplistener
wlansvc
WPDBusEnum
vmickvpexchange
vmicshutdown
vmicvss
vmicguestinterface
irmon
Netman
UmRdpService
"netsvcs"=AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
iphlpsvc
seclogon
AppInfo
msiscsi
EapHost
schedule
winmgmt
MMCSS
browser
ProfSvc
SessionEnv
wercplsupport
hkmsvc
BDESVC
lfsvc
wlidsvc
Themes
DsmSvc
NcaSvc
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
"WerSvcGroup"=wersvc
"WbioSvcGroup"=WbioSrvc
"LocalServiceNoNetwork"=DPS
PLA
BFE
mpssvc
NcdAutoSetup
WwanSvc
"imgsvc"=StiSvc
"termsvcs"=TermService
"swprv"=swprv
"wsappx"=WSService
AppXSvc
"smphost"=smphost
"ICService"=vmicheartbeat
vmicrdv
"LocalServiceNetworkRestricted"=DHCP
eventlog
AudioSrv
wscsvc
LmHosts
AppIDSvc
wcmsvc
homegroupprovider
WPCSvc
vmictimesync
"LocalServicePeerNet"=PNRPSvc
p2pimsvc
p2psvc
PnrpAutoReg
"NetworkServiceAndNoImpersonation"=KtmRm
"regsvc"=RemoteRegistry
"wcssvc"=WcsPlugInService
"NetworkServiceNetworkRestricted"=PolicyAgent
"AxInstSVGroup"=AxInstSV
"AppReadiness"=AppReadiness
"NetworkService"=CryptSvc
nlasvc
lanmanworkstation
NapAgent
WinRM
WECSVC
DNSCache
Tapisrv
DHCP
TermService
"print"=PrintNotify
"apphost"=apphostsvc
w3logsvc
"iissvcs"=w3svc
was
"utcsvc"=DiagTrack
"bthaudiosvc"=BthHFSrv

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
iphlpsvc
msiscsi
schedule
winmgmt
SessionEnv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
"LocalSystemNetworkRestricted"=ScDeviceEnum
WiaRpc
AudioEndpointBuilder
dot3svc
StorSvc
Netman
DeviceAssociationService
WPDBusEnum
wlansvc
"LocalService"=WinHttpAutoProxySvc
netprofm
RemoteRegistry
WebClient
"imgsvc"=StiSvc
"LocalServiceNoNetwork"=PLA
"smphost"=smphost
"rpcss"=RpcSs
"LocalServiceNetworkRestricted"=AudioSrv
wscsvc
LmHosts
WPCSvc
"wcssvc"=WcsPlugInService
"LocalServiceAndNoImpersonation"=SSDPSRV
upnphost
SCardSvr
BthHFSrv
QWAVE
wcncsvc
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"NetworkService"=CryptSvc
NapAgent
WinRM
WECSVC
DHCP
TermService
DNSCache
Tapisrv
"apphost"=apphostsvc
w3logsvc
"iissvcs"=w3svc
was


---------- | SvcHost - Netsvcs (Whitelisted)


---------- | Software

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\3rd Eye Solutions]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\7-Zip]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\9-lab]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Adobe]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Andrew Zhezherun]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Apowersoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\AppDataLow]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\AT&T Labs]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\BlackBerry]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\BlueJ]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Bytescout]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Chromium]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\clCI75RGsstX0Gr]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Clients]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Config]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Corel]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\CyberLink]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Design Science]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\DjVuSolo]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Eastmond Publishing Ltd.]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Evernote]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Extended Systems]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Google]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Grammarly]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Hewlett-Packard]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\IM Providers]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Install Options]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Intel]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Ivan]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\JavaSoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\KasperskyLab]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Lagarith]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Locky]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Macromedia]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Malwarebytes]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\MangoApps]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\McAfee]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\MiKTeX.org]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Mine]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Mirage]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\MOVAVI]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Mozilla]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\MozillaPlugins]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Netscape]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\ODBC]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Piriform]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Policies]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\QtProject]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Realtek]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Research In Motion]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Skype]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\SmartDraw.com]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Softex]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\StarUML]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Synaptics]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\SystemQQX]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\TUG]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Vernier Software]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Web Sudoku]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\WinRAR]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Wow6432Node]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\xm1]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\ZoomUMX]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\AppDataLow\Software\Adobe]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\9-lab]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Adobe]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Apowersoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\AppDataLow]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Bitdefender]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\BlackBerry]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\clCI75RGsstX0Gr]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Config]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\CyberLink]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Design Science]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Eastmond Publishing Ltd.]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\ESET]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Google]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Hewlett-Packard]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\IM Providers]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\InstallPath]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Intel]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Ivan]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\JavaSoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\KasperskyLab]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Locky]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Mine]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Mirage]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Mozilla]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Netscape]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Northcode Inc]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Piriform]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Policies]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Realtek]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\RegisteredApplications]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Research In Motion]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\SHAREit]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Skype]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Softex]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Synaptics]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\sysinternals]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Vernier Software]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Web Sudoku]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Wow6432Node]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\xm1]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Zemana]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\ZHP]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\应用程序向导生成的本地应用程序]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\AppDataLow\Software\Adobe]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Broadcom]
[HKLM\Software\Clients]
[HKLM\Software\Corel]
[HKLM\Software\CyberLink]
[HKLM\Software\Design Science]
[HKLM\Software\ESET]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IM Providers]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\PortNameSetting]
[HKLM\Software\Protexis64]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\Softex]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Zemana]
[HKLM\Software\ZmnGlobalSDK]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Adware Removal Tool by TSA]
[HKLM\Software\WOW6432Node\AppDataLow]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\BlueJ]
[HKLM\Software\WOW6432Node\bmModem]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\Corel]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\DDD5473C62677ECE24054A6D47DD272F]
[HKLM\Software\WOW6432Node\Design Science]
[HKLM\Software\WOW6432Node\DivXNetworks]
[HKLM\Software\WOW6432Node\Eastmond Publishing Ltd.]
[HKLM\Software\WOW6432Node\Eset]
[HKLM\Software\WOW6432Node\Evernote]
[HKLM\Software\WOW6432Node\Extended Systems]
[HKLM\Software\WOW6432Node\Funk Software, Inc.]
[HKLM\Software\WOW6432Node\Ginger]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Hewlett-Packard]
[HKLM\Software\WOW6432Node\HewlettPackard]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\Install Options]
[HKLM\Software\WOW6432Node\Insyde]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Ivan]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\KasperskyLab]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Lake]
[HKLM\Software\WOW6432Node\LizardTech]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\McAfee]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\MOVAVI]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Open Source Physics]
[HKLM\Software\WOW6432Node\Piriform]
[HKLM\Software\WOW6432Node\Python]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Research In Motion]
[HKLM\Software\WOW6432Node\SHAREit]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\Software]
[HKLM\Software\WOW6432Node\Vernier Software]
[HKLM\Software\WOW6432Node\Vernier Software & Technology]
[HKLM\Software\WOW6432Node\WildTangent]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

---------- | Drives


C:


D:

[01/03/2016 11:01:00] - |A| - (.-.) - [468] - (0.0.0.0) - D:\New Volume (F) - Shortcut.lnk
[13/05/2014 11:18:55] - |RASH| - (.-.) - [55] - (0.0.0.0) - D:\RP.ini

F:


---------- | C:\Windows

[22/08/2013 21:06:30] - |D| - [802] - C:\Windows\addins
[22/08/2013 21:06:31] - |D| - [1175552] - C:\Windows\ADFS
[22/08/2013 21:06:30] - |D| - [45022563] - C:\Windows\AppCompat
[22/08/2013 21:06:31] - |D| - [11868960] - C:\Windows\apppatch
[22/08/2013 21:06:30] - |D| - [0] - C:\Windows\AppReadiness
[22/08/2013 21:06:30] - |RSD| - [1130817459] - C:\Windows\assembly
[MD5.FA78F9739F8F0239A539A06B10D354C7] - [22/08/2013 16:51:53] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [56832] - (6.3.9600.16384) - C:\Windows\bfsvc.exe
[22/08/2013 21:06:31] - |D| - [36950530] - C:\Windows\Boot
[MD5.0709B491145279E2DC26FB3D1E2D72B9] - [22/08/2013 20:16:23] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[22/08/2013 21:06:31] - |D| - [2295864] - C:\Windows\Branding
[22/08/2013 21:06:30] - |D| - [7220496] - C:\Windows\Camera
[22/08/2013 20:50:01] - |D| - [10770] - C:\Windows\CbsTemp
[MD5.0505315076F50DE128B8256927B94722] - [18/03/2014 15:08:12] - |A| - (.-.) - [35851] - (0.0.0.0) - C:\Windows\CoreConnectedSingleLanguage.xml
[MD5.315BC3A000AE8C15A29F280D2F01EE1F] - [13/05/2014 09:40:35] - |A| - (.-.) - [35397] - (0.0.0.0) - C:\Windows\CoreSingleLanguage.xml
[MD5.3C7CF33D66642B5CF0314C71A0B213EF] - [08/05/2014 06:59:46] - |A| - (.-.) - [12] - (0.0.0.0) - C:\Windows\CSUP.txt
[22/08/2013 21:06:30] - |D| - [4503720] - C:\Windows\Cursors
[22/08/2013 21:06:31] - |D| - [3325066] - C:\Windows\debug
[22/08/2013 21:06:30] - |RD| - [22590] - C:\Windows\DesktopTileResources
[22/08/2013 21:06:30] - |D| - [3495466] - C:\Windows\diagnostics
[22/08/2013 21:13:29] - |D| - [0] - C:\Windows\DigitalLocker
[22/08/2013 21:06:31] - |SD| - [65] - C:\Windows\Downloaded Program Files
[MD5.300E65BFAF25856869C9053580B7171C] - [13/05/2014 08:48:04] - |A| - (.-.) - [22776] - (0.0.0.0) - C:\Windows\DPINST.LOG
[MD5.E3BFE4D0BB7CCD091F80F0C28A788B42] - [22/08/2013 21:07:25] - |A| - (.-.) - [6055] - (0.0.0.0) - C:\Windows\DtcInstall.log
[22/08/2013 21:06:31] - |HD| - [28792] - C:\Windows\ELAMBKUP
[22/08/2013 21:13:29] - |D| - [97792] - C:\Windows\en-US
[MD5.CF61F70AF2179EFE62A8332F66AFFF73] - [22/10/2014 20:46:41] - |A| - (.-.) - [573] - (0.0.0.0) - C:\Windows\exampro32.ini
[MD5.ED6B4C95E2A6D67480B9DBB8A8E7D9B4] - [12/10/2016 11:53:29] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [2755504] - (6.3.9600.18460) - C:\Windows\explorer.exe
[22/08/2013 21:06:30] - |D| - [14532137] - C:\Windows\FileManager
[22/08/2013 19:06:15] - |RSD| - [598678832] - C:\Windows\Fonts
[22/08/2013 21:06:30] - |D| - [93324848] - C:\Windows\Globalization
[22/08/2013 21:06:31] - |D| - [2023950] - C:\Windows\Help
[MD5.7C549E06CA1F45806B940641991EE8DE] - [16/03/2017 00:28:54] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [1001472] - (6.3.9600.18589) - C:\Windows\HelpPane.exe
[13/05/2014 09:01:32] - |D| - [30573772] - C:\Windows\Hewlett-Packard
[MD5.B934411DFE7DEACFA95A1255A48133C9] - [07/03/2015 17:36:33] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [17408] - (6.3.9600.17415) - C:\Windows\hh.exe
[MD5.B509BFF02A576F28EE1440F2D022D56F] - [22/10/2014 20:48:06] - |A| - (.-.) - [197] - (0.0.0.0) - C:\Windows\IB_MH.LOG
[MD5.C5E091BF50875FFBC9FAC6CFC6FC8975] - [22/10/2014 20:46:32] - |A| - (.-.) - [192] - (0.0.0.0) - C:\Windows\IB_PH.LOG
[MD5.7D2754BE054D57961BF76BA4DADFDF4B] - [02/04/2014 15:22:09] - |A| - (.-.) - [10342] - (0.0.0.0) - C:\Windows\iis.log
[22/08/2013 21:06:30] - |D| - [152843668] - C:\Windows\IME
[22/08/2013 21:06:31] - |RD| - [7298012] - C:\Windows\ImmersiveControlPanel
[22/08/2013 19:06:15] - |D| - [159052989] - C:\Windows\Inf
[22/08/2013 21:06:31] - |D| - [119175822] - C:\Windows\InputMethod
[22/08/2013 21:06:31] - |SHD| - [1317271721] - C:\Windows\Installer
[MD5.515E4684008E955DE0C81E6A7AEA1C2A] - [22/09/2016 02:10:25] - |A| - (.Copyright InstallShield Corporation, Inc. 1990-1997 - InstallShield® unInstaller.) - [306688] - (5.51.138.0) - C:\Windows\IsUninst.exe
[22/08/2013 21:06:31] - |D| - [61417] - C:\Windows\L2Schemas
[22/08/2013 21:06:31] - |D| - [9638054] - C:\Windows\LiveKernelReports
[22/08/2013 19:06:15] - |D| - [605796000] - C:\Windows\Logs
[22/08/2013 21:06:30] - |RSD| - [19944453] - C:\Windows\Media
[22/08/2013 21:06:31] - |D| - [18917376] - C:\Windows\MediaViewer
[MD5.EA1419F961CC179B7747973EFE8DF7E4] - [14/08/2014 05:31:12] - |A| - (.-.) - [666846546] - (0.0.0.0) - C:\Windows\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [22/08/2013 12:31:23] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[22/08/2013 21:06:30] - |D| - [705990145] - C:\Windows\Microsoft.NET
[25/06/2015 11:36:09] - |D| - [1263] - C:\Windows\Migration
[14/08/2014 05:31:22] - |D| - [23918712] - C:\Windows\Minidump
[22/08/2013 21:06:31] - |D| - [4956] - C:\Windows\ModemLogs
[MD5.D84209D3FB6FC9A1FD1519CAE28DC9E7] - [28/01/2010 15:55:34] - |A| - (.-.) - [53478] - (0.0.0.0) - C:\Windows\mvtcpui.ini
[MD5.FC2EA5BD5307D2CFA5AAA38E0C0DDCE9] - [01/09/2015 21:42:31] - |A| - (.© Microsoft Corporation. - Notepad.) - [221184] - (6.3.9600.17930) - C:\Windows\notepad.exe
[MD5.3B9A62A1BF28E18D7EE90CF414FE69F5] - [14/03/2017 02:22:14] - |A| - (.-.) - [219360] - (0.0.0.0) - C:\Windows\ntbtlog.txt
[22/08/2013 21:06:30] - |RD| - [65] - C:\Windows\Offline Web Pages
[02/04/2014 15:55:28] - |D| - [4427186] - C:\Windows\Panther
[28/07/2014 21:35:52] - |D| - [0] - C:\Windows\PCHEALTH
[22/08/2013 21:06:30] - |D| - [45240617] - C:\Windows\Performance
[MD5.86EF9331AB187A6391BB5C76B901BD98] - [18/03/2014 15:14:06] - |A| - (.-.) - [820278] - (0.0.0.0) - C:\Windows\PFRO.log
[22/08/2013 21:06:30] - |D| - [1121834] - C:\Windows\PLA
[22/08/2013 21:06:30] - |D| - [2337170] - C:\Windows\PolicyDefinitions
[13/05/2014 08:43:20] - |D| - [37711548] - C:\Windows\Prefetch
[MD5.B67DB709F5FDAA89CA6C2CB6C1E39B3B] - [07/03/2015 17:36:22] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [154624] - (6.3.9600.17415) - C:\Windows\regedit.exe
[22/08/2013 21:06:30] - |D| - [22588] - C:\Windows\Registration
[22/08/2013 21:06:30] - |D| - [7466180] - C:\Windows\rescache
[22/08/2013 21:06:31] - |D| - [2578755] - C:\Windows\Resources
[MD5.A8F0B315F67842060906A301108CDAB0] - [13/05/2014 08:53:44] - |A| - (.Copyright (C) 2014 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2080472] - (1.0.5.4) - C:\Windows\RtlExUpd.dll
[22/08/2013 21:06:31] - |D| - [0] - C:\Windows\SchCache
[22/08/2013 21:06:30] - |D| - [118561] - C:\Windows\schemas
[22/08/2013 21:06:31] - |D| - [1069964] - C:\Windows\security
[22/08/2013 20:15:15] - |D| - [102162977] - C:\Windows\ServiceProfiles
[22/08/2013 19:06:15] - |D| - [204071063] - C:\Windows\servicing
[22/08/2013 20:15:23] - |D| - [42] - C:\Windows\Setup
[MD5.A6C258876B3EB153B461ABC968E038D3] - [22/08/2013 20:16:17] - |A| - (.-.) - [1860178] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/08/2013 20:16:17] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[18/03/2014 15:08:02] - |D| - [95758] - C:\Windows\ShellNew
[18/03/2014 15:08:02] - |D| - [31373168] - C:\Windows\SKB
[28/07/2014 21:17:13] - |D| - [136619864] - C:\Windows\SoftwareDistribution
[22/08/2013 21:06:30] - |D| - [125808437] - C:\Windows\Speech
[MD5.4D9DA155B7B449964E14FC32124CC601] - [07/03/2015 17:34:48] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [128512] - (6.3.9600.17415) - C:\Windows\splwow64.exe
[MD5.A77E65831A152C8FCA5B822749E2624D] - [22/08/2013 20:49:59] - |A| - (.-.) - [35891] - (0.0.0.0) - C:\Windows\Starter.xml
[MD5.D9BD45F470C2C9E1EC641435766D5E18] - [13/05/2014 08:48:03] - |A| - (.-.) - [1344] - (0.0.0.0) - C:\Windows\Synaptics.log
[22/08/2013 21:06:30] - |D| - [31039] - C:\Windows\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 18:55:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[22/08/2013 19:06:16] - |D| - [4785925734] - C:\Windows\System32
[22/08/2013 21:06:30] - |D| - [8393192] - C:\Windows\SystemResources
[22/08/2013 19:06:16] - |D| - [1369816316] - C:\Windows\SysWOW64
[22/08/2013 21:06:31] - |D| - [0] - C:\Windows\TAPI
[22/08/2013 21:06:30] - |D| - [344] - C:\Windows\Tasks
[22/08/2013 19:06:16] - |D| - [0] - C:\Windows\Temp
[22/08/2013 21:06:30] - |RD| - [22151] - C:\Windows\ToastData
[22/08/2013 21:06:31] - |D| - [13702409] - C:\Windows\tracing
[22/08/2013 21:06:31] - |D| - [7680] - C:\Windows\twain_32
[MD5.727B4519FE9919447108CBEC4768F34A] - [07/03/2015 17:33:48] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [54272] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.2A07CFC6BEB8CE6DC22CFDD6CAE8CC52] - [22/08/2013 20:16:17] - |A| - (.-.) - [5446] - (0.0.0.0) - C:\Windows\vmgcoinstall.log
[22/08/2013 21:06:30] - |D| - [15651986] - C:\Windows\vpnplugins
[22/08/2013 21:06:30] - |D| - [12420] - C:\Windows\Vss
[22/08/2013 21:06:31] - |D| - [10772006] - C:\Windows\Web
[MD5.E711DE76EF8430545C6052E2B98B81C0] - [22/08/2013 18:55:43] - |A| - (.-.) - [199] - (0.0.0.0) - C:\Windows\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [22/08/2013 12:23:50] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.A0B051A32CA4E1EEBA439E45E9C92050] - [28/07/2014 21:17:13] - |A| - (.-.) - [1389479] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.335C38783B3F1B383ECAC17DB3705895] - [07/03/2015 17:37:41] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.3.9600.17415) - C:\Windows\winhlp32.exe
[22/08/2013 21:06:31] - |D| - [1798774] - C:\Windows\WinStore
[22/08/2013 19:06:16] - |D| - [8584321878] - C:\Windows\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [22/08/2013 12:22:18] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.73E19BE0E0ECD88616B5762F621B0226] - [07/03/2015 17:32:25] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (6.3.9600.17415) - C:\Windows\write.exe
[MD5.1892E20FF40790407D9627A20841CFA4] - [20/03/2017 00:10:55] - |A| - (.-.) - [139496] - (0.0.0.0) - C:\Windows\ZAM.krnl.trace
[MD5.72557DAF180D51ED268D9C92F5332FFD] - [20/03/2017 00:10:55] - |A| - (.-.) - [67209] - (0.0.0.0) - C:\Windows\ZAM_Guard.krnl.trace

---------- | C:\Windows\System32\GroupPolicy

[19/03/2017 14:37:12] - |D| - [0] - C:\Windows\System32\GroupPolicy\Machine
[19/03/2017 14:37:12] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[22/10/2014 20:20:22] - C:\Windows\Installer\11b62b1.msi : (Java SE Runtime Environment 8.0 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/10/2014 20:22:21] - C:\Windows\Installer\11b62b7.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/03/2014 05:46:44] - C:\Windows\Installer\13feb.msi : ( - © 2008-2014 Hewlett-Packard Development Compay, L.P.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/02/2016 13:10:05] - C:\Windows\Installer\15033bd8.msi : (Shell Extensions - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/02/2016 13:09:48] - C:\Windows\Installer\15033bde.msi : (64BitKeys - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/02/2016 13:28:01] - C:\Windows\Installer\15033c81.msi : (Blank Project Template - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2015 16:10:40] - C:\Windows\Installer\17106394.msi : (BlackBerry Link Remover - BlackBerry Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2015 10:14:40] - C:\Windows\Installer\1710639a.msi : (BlackBerry Device Drivers - BlackBerry Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2015 10:14:40] - C:\Windows\Installer\171063a0.msi : (BlackBerry Communication Drivers - BlackBerry Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2015 16:10:38] - C:\Windows\Installer\171063a6.msi : (BlackBerry Link - BlackBerry) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2015 16:10:36] - C:\Windows\Installer\171063ac.msi : (BlackBerry Blend - BlackBerry Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/09/2011 21:09:44] - C:\Windows\Installer\19cd3712.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/09/2012 09:17:27] - C:\Windows\Installer\1ceff4.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/03/2014 21:43:10] - C:\Windows\Installer\1f710.msi : (HP SimplePass - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/03/2014 21:43:10] - C:\Windows\Installer\1f71b.msi : (Softex OmniPass Graphical Password Authentication Installer - Softex Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/03/2014 21:42:44] - C:\Windows\Installer\1f721.msi : (Softex OmniPass wbf Plugin Installer - Softex Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/09/2013 15:15:54] - C:\Windows\Installer\1f72b.msi : (swMSM - Adobe Systems, Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/05/2014 06:25:03] - C:\Windows\Installer\1f730.msi : (Evernote v. 5.2 - Evernote Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/11/2013 03:44:48] - C:\Windows\Installer\1f735.msi : ( - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/03/2014 05:35:54] - C:\Windows\Installer\1f73a.msi : ( - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/05/2014 06:25:57] - C:\Windows\Installer\1f740.msi : (HP Support Assistant - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/08/2013 00:33:14] - C:\Windows\Installer\1f745.msi : (Blank Project Template - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/05/2014 06:26:57] - C:\Windows\Installer\1f74a.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/02/2013 02:23:16] - C:\Windows\Installer\27989b.msi : ( - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/03/2014 15:45:16] - C:\Windows\Installer\28b03.msi : (HP Documentation - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/10/2012 06:57:56] - C:\Windows\Installer\28b07.msi : ( - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/02/2014 00:00:42] - C:\Windows\Installer\28b0f.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/03/2014 04:13:00] - C:\Windows\Installer\28b17.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/11/2012 16:01:25] - C:\Windows\Installer\31ccd0c7.msi : ( - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/03/2017 01:40:00] - C:\Windows\Installer\33a7f.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2013 20:57:38] - C:\Windows\Installer\3fdf6.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/12/2013 14:48:36] - C:\Windows\Installer\3fdfa.msi : (Intel Smart Connect Technology enables your computer to periodically wake from sleep to keep your content fresh - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/11/2013 23:55:08] - C:\Windows\Installer\3fdfe.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/05/2014 08:57:40] - C:\Windows\Installer\3fe06.msi : ( - Cisco Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/05/2014 08:57:40] - C:\Windows\Installer\3fe0a.msi : ( - Cisco Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/05/2014 08:57:40] - C:\Windows\Installer\3fe0e.msi : ( - Cisco Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/05/2014 08:59:04] - C:\Windows\Installer\3fe13.msi : (HP Wireless Button Driver - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/05/2014 09:00:01] - C:\Windows\Installer\3fe20.msi : (HP 3D DriveGuard - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/01/2014 06:54:16] - C:\Windows\Installer\3fe28.msi : (Broadcom Bluetooth Drivers - Broadcom Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/08/2013 13:22:22] - C:\Windows\Installer\3fe31.msi : (HP Postscript Converter - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/09/2016 17:34:29] - C:\Windows\Installer\6071fb71.msi : (Python 2.7.9 - Python Software Foundation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/01/2017 08:36:42] - C:\Windows\Installer\6118627b.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/03/2017 19:20:57] - C:\Windows\Installer\6316c41b.msi : (SML of New Jersey. - University of Chicago) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/03/2017 01:27:41] - C:\Windows\Installer\7cb51.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/01/2014 06:58:12] - C:\Windows\Installer\b746b.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/02/2014 01:55:44] - C:\Windows\Installer\b746f.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/12/2013 00:28:30] - C:\Windows\Installer\b7473.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/12/2013 01:18:08] - C:\Windows\Installer\b7479.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/03/2014 23:25:38] - C:\Windows\Installer\b747d.msi : ( - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/02/2014 17:47:04] - C:\Windows\Installer\b7481.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2017 21:38:27] - C:\Windows\Installer\cae3adbf.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/03/2017 20:03:31] - C:\Windows\Installer\e8cf24.msi : (Kaspersky Total Security - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/03/2017 20:03:13] - C:\Windows\Installer\e8cf2b.msi : (Kaspersky Secure Connection - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[22/08/2013 21:06:48] - [75] - C:\Windows\System32\desktop.ini
[16/04/2015 20:24:41] - [16303] - C:\Windows\System32\ieuinit.inf
[18/03/2014 15:23:28] - [958356] - C:\Windows\System32\PerfStringBackup.INI
[22/08/2013 12:26:03] - [60124] - C:\Windows\System32\tcpmon.ini
[18/03/2014 15:24:48] - [2255] - C:\Windows\System32\WimBootCompress.ini
[22/10/2014 20:46:39] - [478] - C:\Windows\Syswow64\ic32.ini
[16/04/2015 20:24:27] - [16303] - C:\Windows\Syswow64\ieuinit.inf
[02/04/2014 15:22:15] - [974698] - C:\Windows\Syswow64\PerfStringBackup.INI
[18/03/2014 15:25:05] - [2255] - C:\Windows\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64
[MD5.BE452D7BF880125D2832F99BFDBFD1AE] - |A| - [22/08/2013 12:27:05] - (.-.) - [6.83 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\pcamain.sdb
[MD5.3F668EB300F67E3BFA6ED02B0E04C720] - |A| - [13/04/2016 11:54:47] - (.-.) - [423.33 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:51] - [0 Ko] - C:\Windows\System32\0409
[MD5.104B5349ABBA7E990B43E8E835045415] - |A| - [14/12/2016 13:53:27] - (.-.) - [435.42 Ko] - (0.0.0.0) - C:\Windows\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [13/12/2014 12:28:03] - [2463.71 Ko] - C:\Windows\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [553.94 Ko] - C:\Windows\System32\ar-SA
[MD5.D638E3AD81E149A75EEF59E9C743E27C] - |A| - [22/08/2013 21:06:38] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\AutoWorkplace.exe.config
[MD5.A5F320FFE96F6939D2FF39360ADA9B5A] - |A| - [07/03/2015 17:32:41] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [94 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [0.93 Ko] - C:\Windows\System32\Bthprops
[MD5.6E14F444A2506049EEC25CB5EDFE0905] - |A| - [13/05/2014 08:53:45] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [110.91 Ko] - (1.0.0.4) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [466097.53 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 21:06:31] - [19.02 Ko] - C:\Windows\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [365.9 Ko] - C:\Windows\System32\cs-CZ
[MD5.59075B2A63DF6A568123218BF4DC2696] - |A| - [18/03/2014 22:59:04] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\CustomModeApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/03/2014 22:59:04] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\CustomModeAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [362.4 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [389.4 Ko] - C:\Windows\System32\de-DE
[MD5.08750A50CF027F93070C8BB78E27C3B7] - |SH| - [22/08/2013 21:06:48] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [18/03/2014 15:25:23] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\Windows\System32\dfpinc.dat
[MD5.59075B2A63DF6A568123218BF4DC2696] - |A| - [18/03/2014 22:59:06] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/03/2014 22:59:06] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [82992.5 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:01:28] - [1208769.18 Ko] - C:\Windows\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [13/05/2014 09:17:55] - [101.77 Ko] - C:\Windows\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 21:06:30] - [83.5 Ko] - C:\Windows\System32\dsc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [391.9 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:51] - [1680 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [305.91 Ko] - C:\Windows\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [36137.2 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [396.18 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [306.4 Ko] - C:\Windows\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [365.4 Ko] - C:\Windows\System32\fi-FI
[MD5.0C71AC33C7E2281E914CBECFE4BBCB95] - |A| - [31/12/2011 14:16:38] - (.- Microsoft® Forms DLL.) - [1552.78 Ko] - (15.0.3628.1000) - C:\Windows\System32\FM20.DLL
[MD5.B062F368280585276C5B01A9B812CB86] - |A| - [31/12/2011 14:16:38] - (.- Microsoft® Forms International DLL.) - [31.31 Ko] - (15.0.3628.1000) - C:\Windows\System32\FM20enu.DLL
[MD5.50D204892F8E657C551B52E90F1109EB] - |A| - [22/08/2013 20:14:50] - (.-.) - [766.25 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [431.4 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.55158C8F4CFAB021134137B68BBFD01F] - |A| - [22/08/2013 12:28:31] - (.-.) - [72.53 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/03/2014 22:59:06] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxv2_0.exe.config
[MD5.59075B2A63DF6A568123218BF4DC2696] - |A| - [18/03/2014 22:59:08] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxv4_0.exe.config
[MD5.00000000000000000000000000000000] - |HD| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [334.4 Ko] - C:\Windows\System32\he-IL
[MD5.7B22F443577847796E4BB70D3BDBB612] - |A| - [13/05/2014 09:02:42] - (.© Copyright 2013 HPDC - Port Monitor Server DLL.) - [395.5 Ko] - (0.3.1282.12202) - C:\Windows\System32\hpbprtmon.dll
[MD5.205DA90FEF81EEA38948F70A784E1A4E] - |A| - [13/05/2014 09:02:42] - (.© Copyright 2013 HPDC - Port Monitor UI DLL.) - [221.5 Ko] - (0.3.1282.12202) - C:\Windows\System32\hpbprtmonui.dll
[MD5.0028C9BB7E220D951E0EAE196949B108] - |A| - [13/05/2014 09:02:42] - (.© Copyright 2013 HPDC - Real Port Monitor DLL.) - [415 Ko] - (0.3.1282.12202) - C:\Windows\System32\hpbrprtmon.dll
[MD5.1A4695BDC5017B37E6D23A88CFEC0760] - |A| - [08/05/2014 06:15:23] - (.Copyright (C) 2011 -.) - [114.5 Ko] - (1.3.0.0) - C:\Windows\System32\HPMUIDir.exe
[MD5.105CFE016CCB20175BEACEC146F175AB] - |A| - [18/03/2014 22:59:08] - (.-.) - [92 Ko] - (0.0.0.0) - C:\Windows\System32\IccLibDll_x64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.EEB2021309E12BE3C385E9E1DEDB7110] - |A| - [18/03/2014 22:59:20] - (.-.) - [156.5 Ko] - (0.0.0.0) - C:\Windows\System32\igdail64.dll
[MD5.F32B25EC22A8DA5B144D95693E315441] - |A| - [18/03/2014 22:59:22] - (.-.) - [218.5 Ko] - (0.0.0.0) - C:\Windows\System32\igdde64.dll
[MD5.0FCC6FB236A4F4A8C5C8230946985C5E] - |A| - [18/03/2014 22:59:24] - (.-.) - [415.88 Ko] - (0.0.0.0) - C:\Windows\System32\igdmd64.dll
[MD5.3BD3E8D9EE91C375BEE2E4FEB4CD5678] - |A| - [18/03/2014 22:59:28] - (.Copyright (C) 2012-2013 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [178.5 Ko] - (3.0.0.1054) - C:\Windows\System32\igfx11cmrt64.dll
[MD5.FE22ABD1CBFB680536730E8E04FFEF7A] - |A| - [18/03/2014 22:59:30] - (.Copyright (C) 2010 - 2013 - MDF(CM) JIT Dynamic Link Library.) - [1973.5 Ko] - (3.0.0.1054) - C:\Windows\System32\igfxcmjit64.dll
[MD5.CFE95077F05DF23FDC6FB52F59D0939D] - |A| - [18/03/2014 22:59:30] - (.Copyright (C) 2010 - 2013 - MDF(CM) Runtime Dynamic Link Library.) - [183.02 Ko] - (3.0.0.1054) - C:\Windows\System32\igfxcmrt64.dll
[MD5.4D5ECFF6828D35EFCA24F01322827DBB] - |A| - [18/03/2014 22:59:30] - (.-.) - [249 Ko] - (0.0.0.0) - C:\Windows\System32\igfxCPL.cpl
[MD5.5E7A2E92BE847FDC4DDE2318A544FB59] - |A| - [18/03/2014 22:59:30] - (.-.) - [67 Ko] - (0.0.0.0) - C:\Windows\System32\igfxCUIServicePS.dll
[MD5.2F0D6C6E6D67B0996DDF6AC07CF94523] - |A| - [18/03/2014 22:59:30] - (.-.) - [56 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDHLib.dll
[MD5.87A80F1E9D216B8A11A7242B2D031624] - |A| - [18/03/2014 22:59:32] - (.-.) - [68 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDHLibv2_0.dll
[MD5.842F60D24BBB75885651DF33388F589D] - |A| - [18/03/2014 22:59:32] - (.-.) - [10.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDILib.dll
[MD5.434BC703A32D9D527E6C1D1CC5BBC33D] - |A| - [18/03/2014 22:59:32] - (.-.) - [10 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDILibv2_0.dll
[MD5.AD5600379309077BD06D0DF2E1964FC5] - |A| - [18/03/2014 22:59:32] - (.-.) - [10 Ko] - (1.0.0.0) - C:\Windows\System32\igfxEMLib.dll
[MD5.58BD76DD19C87F21983D521C2FEE5E16] - |A| - [18/03/2014 22:59:32] - (.-.) - [10 Ko] - (1.0.0.0) - C:\Windows\System32\igfxEMLibv2_0.dll
[MD5.14D0F63B2A95681A99FCC1F290B567DC] - |A| - [18/03/2014 22:59:32] - (.-.) - [78.43 Ko] - (0.0.0.0) - C:\Windows\System32\igfxexps.dll
[MD5.0C9B9DD960AE1483094B9093331DC8D8] - |A| - [18/03/2014 22:59:34] - (.-.) - [5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxLHMLib.dll
[MD5.6C88F01DF0DF66F634C1DA428C8B8E66] - |A| - [18/03/2014 22:59:34] - (.-.) - [5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxLHMLibv2_0.dll
[MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [18/03/2014 22:59:34] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.cpa
[MD5.2FCCF7939D4D3F392AB3C0F5F40039DD] - |A| - [18/03/2014 22:59:34] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.vp
[MD5.B226B85123619EF1394339C1B5EB5A8D] - |A| - [18/03/2014 22:59:34] - (.-.) - [42.47 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64.vp
[MD5.55C71EDC47B57E5115B40095EEC9E205] - |A| - [18/03/2014 22:59:34] - (.-.) - [42.79 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64_dev.vp
[MD5.94ED4F871997E5DFC610DC1649C38911] - |A| - [18/03/2014 22:59:34] - (.-.) - [42.24 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64.vp
[MD5.04590E9E52E13EF34B2AA02C7EA2431B] - |A| - [18/03/2014 22:59:34] - (.-.) - [42.28 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64_dev.vp
[MD5.3B6EF4F03F2DE75A3B7DDF627A3EC146] - |A| - [18/03/2014 22:59:36] - (.-.) - [42.99 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64.vp
[MD5.715DBDBED4599E798F94EDF6003F75B6] - |A| - [18/03/2014 22:59:36] - (.-.) - [41.09 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64_dev.vp
[MD5.2DC14883590068EF3446B0F12B14214C] - |A| - [18/03/2014 22:59:36] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs64.vp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [23310.67 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [4084.83 Ko] - C:\Windows\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [4637.5 Ko] - C:\Windows\System32\InputMethod
[MD5.E446AA183E6344CF84A98730098D3D46] - |A| - [18/03/2014 22:59:40] - (.Copyright © The Khronos Group Inc 2011 - OpenCL Client DLL.) - [62.5 Ko] - (1.2.11.0) - C:\Windows\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [384.9 Ko] - C:\Windows\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [302.4 Ko] - C:\Windows\System32\ja-JP
[MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [14/03/2017 20:15:26] - (.Copyright © Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\Windows\System32\klfphc.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [301.4 Ko] - C:\Windows\System32\ko-KR
[MD5.FAFA8B2317AABF4EBDC94D74CDB73394] - |A| - [22/08/2013 12:29:51] - (.-.) - [11741.31 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [92.9 Ko] - C:\Windows\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [17450.48 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [313.4 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [313.4 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [29878.74 Ko] - C:\Windows\System32\Macromed
[MD5.3774B5C0E0BBA8C8EE54DF3606AB815C] - |A| - [22/08/2013 12:23:23] - (.-.) - [1.14 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [23/08/2014 10:48:12] - [15.98 Ko] - C:\Windows\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [45.5 Ko] - C:\Windows\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [4148.28 Ko] - C:\Windows\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [5.5 Ko] - C:\Windows\System32\MUI
[MD5.3E1902A89DDBE35C1D676293665A1B66] - |A| - [16/02/2017 10:47:23] - (.Copyright (C) 2008-2009 Marvell Semiconductor - Marvell High Level EWS Interface DLL (64 bit).) - [342.5 Ko] - (2012.929.1.58769) - C:\Windows\System32\mvhlewsi.dll
[MD5.5E2B43AD018D109DFDB30A9F8BB5478B] - |A| - [28/01/2010 16:10:00] - (.Copyright © 2007-2008 Marvell Semiconductor, Inc. - Advanced TCP/IP Port Monitor DLL.) - [528.5 Ko] - (2010.128.1.16416) - C:\Windows\System32\mvtcpmon.dll
[MD5.986C097413830747F7B50E58B40EF973] - |A| - [28/01/2010 16:10:38] - (.Copyright © 2007-2008 Marvell Semiconductor, Inc. - Network Port Monitor Resource DLL.) - [848.5 Ko] - (2010.128.1.16416) - C:\Windows\System32\mvtcpui.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [357.4 Ko] - C:\Windows\System32\nb-NO
[MD5.8BE808553EB7339A6212EB978D9AE832] - |A| - [13/05/2014 09:50:36] - (.-.) - [0.06 Ko] - (0.0.0.0) - C:\Windows\System32\ndCPrepLog
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [960 Ko] - C:\Windows\System32\NDF
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [22/08/2013 12:28:31] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [51 Ko] - C:\Windows\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [376.9 Ko] - C:\Windows\System32\nl-NL
[MD5.37239924826E3DF833D1527B5339D222] - |AT| - [22/08/2013 21:06:38] - (.-.) - [4.77 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [22/08/2013 12:22:33] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [20136.39 Ko] - C:\Windows\System32\oobe
[MD5.24F14EE64F4792FE6D5936C257748A3B] - |A| - [09/10/2012 22:09:52] - (.Softex Inc. - OmniPass PBA Driver.) - [5 Ko] - (1.0.0.0) - C:\Windows\System32\oprom.sys
[MD5.BCE5EFCB04968C3C050DD91E38E3A47F] - |A| - [22/08/2013 21:09:08] - (.-.) - [162.08 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [22/08/2013 21:09:08] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.615B03A53A84BDF53689A55FBA71C4B9] - |A| - [22/08/2013 21:09:08] - (.-.) - [782.66 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.4E10778E94D1E3A3AE7BEFD49B3F81A2] - |A| - [18/03/2014 15:23:28] - (.-.) - [935.89 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [374.4 Ko] - C:\Windows\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:50] - [413.88 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [22/08/2013 14:47:09] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [389.38 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [409.56 Ko] - C:\Windows\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\System32\RasToast
[MD5.17047D24F02F8A8FD3050290DB03B7A7] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [157.49 Ko] - (0.0.0.0) - C:\Windows\System32\resARA.cui
[MD5.7C64F98778D1CEDE9B127D5B08A2D1A2] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [142.16 Ko] - (0.0.0.0) - C:\Windows\System32\resCHS.cui
[MD5.689D71AD257584E9485EC07C0D009586] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [142.97 Ko] - (0.0.0.0) - C:\Windows\System32\resCHT.cui
[MD5.60ACAF7287B507C99B42F02019746A89] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [148.96 Ko] - (0.0.0.0) - C:\Windows\System32\resCSY.cui
[MD5.C3CA8DAFE878973F888004D8A0D5BCCB] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [145.98 Ko] - (0.0.0.0) - C:\Windows\System32\resDAN.cui
[MD5.F952A06650E1E00FF920A831368DE135] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [150.67 Ko] - (0.0.0.0) - C:\Windows\System32\resDEU.cui
[MD5.C4ACB4987AA0560AEE6ED0AD3F74D764] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [175.3 Ko] - (0.0.0.0) - C:\Windows\System32\resELL.cui
[MD5.F0962922D46C060E00510E65EA463614] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [144.7 Ko] - (0.0.0.0) - C:\Windows\System32\resENU.cui
[MD5.C2FE01C84FD18E0186D1F72CD1B4B290] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [150.43 Ko] - (0.0.0.0) - C:\Windows\System32\resESN.cui
[MD5.8D4530712673464C8183AA053240AB89] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [148.43 Ko] - (0.0.0.0) - C:\Windows\System32\resFIN.cui
[MD5.97F2071B652D9D166AECB18549A4E8D5] - |RASH| - [18/03/2014 23:00:02] - (.-.) - [152.45 Ko] - (0.0.0.0) - C:\Windows\System32\resFRA.cui
[MD5.06D37B4DE7F466C183F9F3B44203D5E4] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [156.95 Ko] - (0.0.0.0) - C:\Windows\System32\resHEB.cui
[MD5.656228EB61B135FB5600B1F5B9EEF03A] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [148 Ko] - (0.0.0.0) - C:\Windows\System32\resHRV.cui
[MD5.1DFE9B79228C1B6576E030C28AC09F32] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [152.43 Ko] - (0.0.0.0) - C:\Windows\System32\resHUN.cui
[MD5.A3BF3AAC7B20BA92139E9D6789AC1CE3] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [150.7 Ko] - (0.0.0.0) - C:\Windows\System32\resITA.cui
[MD5.CB675854B81535EED9474ABA81AF3B21] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [156.93 Ko] - (0.0.0.0) - C:\Windows\System32\resJPN.cui
[MD5.F06723DFF5F186B8C664F1A757E6C698] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [150.76 Ko] - (0.0.0.0) - C:\Windows\System32\resKOR.cui
[MD5.2A2B52E12B6164D95E18A15BB36E3426] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [149.67 Ko] - (0.0.0.0) - C:\Windows\System32\resNLD.cui
[MD5.8034A7326E3E489196ACF0876B9511DC] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [146.49 Ko] - (0.0.0.0) - C:\Windows\System32\resNOR.cui
[MD5.13EA22E443CC20B286ABE6C15484C299] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [150 Ko] - (0.0.0.0) - C:\Windows\System32\resPLK.cui
[MD5.A4A91B5A7A276193FB531DEEA202310D] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [149.12 Ko] - (0.0.0.0) - C:\Windows\System32\resPTB.cui
[MD5.475523329454470D5F03AE0F20F61320] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [148.84 Ko] - (0.0.0.0) - C:\Windows\System32\resPTG.cui
[MD5.E6403DF04D68E9580BA868FB3BC85E4F] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [150.54 Ko] - (0.0.0.0) - C:\Windows\System32\resROM.cui
[MD5.377BFCB95D9162704C9A09C86E6BCE5C] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [171.28 Ko] - (0.0.0.0) - C:\Windows\System32\resRUS.cui
[MD5.C1305107CA0496D729E6D99DB80A6EAB] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [149.86 Ko] - (0.0.0.0) - C:\Windows\System32\resSKY.cui
[MD5.359669C896A7E4553259E1835A9DA10A] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [147.39 Ko] - (0.0.0.0) - C:\Windows\System32\resSLV.cui
[MD5.237C25164DD5BC4BF7CB5B33F5320788] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [147.56 Ko] - (0.0.0.0) - C:\Windows\System32\resSVE.cui
[MD5.777E5775AC577F3D95CF5CA856835E2B] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [182.26 Ko] - (0.0.0.0) - C:\Windows\System32\resTHA.cui
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.EC1F88FA3BF50F1800DBF0297D222C55] - |RASH| - [18/03/2014 23:00:04] - (.-.) - [148.97 Ko] - (0.0.0.0) - C:\Windows\System32\resTRK.cui
[MD5.E187E9A4F7A32C1733189E24DAA2F797] - |A| - [13/05/2014 09:04:27] - (.-.) - [15.57 Ko] - (0.0.0.0) - C:\Windows\System32\results.xml
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [13/05/2014 08:53:53] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [13/05/2014 08:53:53] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [13/05/2014 08:53:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [13/05/2014 08:53:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [13/05/2014 08:53:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [13/05/2014 08:53:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [22/08/2013 16:24:19] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [6.92 Ko] - C:\Windows\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [22/08/2013 12:25:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [318.9 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [315.4 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:51] - [45.92 Ko] - C:\Windows\System32\slmgr
[MD5.76828701F4D8884C320A52B2D881C374] - |A| - [28/01/2010 16:08:00] - (.- libslp Dynamic Link Library.) - [141.5 Ko] - (1.0.0.1) - C:\Windows\System32\slp64.dll
[MD5.B3F04DA097AB0A4047A73B461D96C9E5] - |A| - [28/01/2010 15:55:30] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\Windows\System32\SLPConf.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [20445.02 Ko] - C:\Windows\System32\SMI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [7791.31 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [157378.23 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [5043.5 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [23.63 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [224.5 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [350.49 Ko] - C:\Windows\System32\sr-Latn-RS
[MD5.B7CC32E00C5C5152D221DF182827F58E] - |A| - [19/08/2014 15:04:30] - (.-.) - [49.56 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [13/05/2014 08:54:06] - [2144.28 Ko] - C:\Windows\System32\SRSLabs
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [13/05/2014 08:53:55] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [13/05/2014 08:53:55] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [40272 Ko] - C:\Windows\System32\sru
[MD5.00000000000000000000000000000000] - |D| - [29/06/2016 17:36:16] - [0 Ko] - C:\Windows\System32\SSL
[MD5.B59958CD06C9F89C39281FB12F1BB233] - |A| - [22/08/2013 12:27:09] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\Windows\System32\staticurllist.bin
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [363.4 Ko] - C:\Windows\System32\sv-SE
[MD5.F5ACDA673D2054B980E144A45BBB0505] - |A| - [13/03/2014 22:20:06] - (.Copyright (C) Synaptics Incorporated 1996-2014 - SynCOM.) - [732.23 Ko] - (18.1.5.2) - C:\Windows\System32\SynCOM.dll
[MD5.D5899DDBE376F921B67BD1DD0B11EB6E] - |A| - [13/03/2014 22:20:10] - (.Copyright (C) Synaptics Incorporated 1996-2014 - SynTPAPI.) - [249.23 Ko] - (18.1.5.2) - C:\Windows\System32\SynTPAPI.dll
[MD5.07920D810A69C0875509D41206EED228] - |A| - [13/03/2014 22:20:12] - (.Copyright (C) Synaptics Incorporated 1996-2014 - Synaptics Pointing Device Driver Co-Installer.) - [203.73 Ko] - (18.1.5.2) - C:\Windows\System32\SynTPCo20.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [5014.96 Ko] - C:\Windows\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [1074.49 Ko] - C:\Windows\System32\SystemResetPlatform
[MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] - |A| - [18/03/2014 15:24:48] - (.-.) - [136.33 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [449.91 Ko] - C:\Windows\System32\Tasks
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [22/08/2013 12:26:03] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.60CE51972E0A06217C52202F7208EB9A] - |A| - [22/08/2013 15:48:00] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\TelemetrySampleManifest.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [574.52 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [397.57 Ko] - C:\Windows\System32\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [568.63 Ko] - C:\Windows\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [67038.56 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:51] - [0 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [96234.39 Ko] - C:\Windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [22/08/2013 13:59:44] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [64 Ko] - C:\Windows\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [46 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.1738AF59D7E2D56078A35CD2D2E1D5F4] - |A| - [22/10/2014 20:22:16] - (.Copyright © 2014 - Java(TM) Platform SE binary.) - [108.41 Ko] - (8.0.25.18) - C:\Windows\System32\WindowsAccessBridge-64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [14.53 Ko] - C:\Windows\System32\WindowsInternal.Inbox.Media.Shared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [27.59 Ko] - C:\Windows\System32\WindowsInternal.Inbox.Shared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [7304.32 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [210864 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [1928.5 Ko] - C:\Windows\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:51] - [100.11 Ko] - C:\Windows\System32\winrm
[MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |A| - [22/08/2013 12:27:09] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\Windows\System32\WpcNBModel.bin
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [407.56 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:30] - [278.9 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [278.9 Ko] - C:\Windows\System32\zh-TW
[MD5.F7424D6CF244922D045D00F3EF111535] - |A| - [13/05/2014 09:04:19] - (.-.) - [0.24 Ko] - (0.0.0.0) - C:\Windows\System32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
[MD5.E47A844AC4B2A85B1E4EAE78C6E40FD9] - |A| - [28/07/2014 21:18:02] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:53] - [0 Ko] - C:\Windows\SysWOW64\0409
[MD5.00000000000000000000000000000000] - |D| - [08/05/2014 06:22:24] - [32051.05 Ko] - C:\Windows\SysWOW64\Adobe
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [2228.5 Ko] - C:\Windows\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [537.94 Ko] - C:\Windows\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [302.4 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0.93 Ko] - C:\Windows\SysWOW64\Bthprops
[MD5.FDEF330575C8C8EAD815F58BB7A93ED3] - |A| - [13/05/2014 08:47:12] - (.Copyright 2011 - CSVer.) - [52 Ko] - (9.4.0.1026) - C:\Windows\SysWOW64\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [344.9 Ko] - C:\Windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [369.4 Ko] - C:\Windows\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [4706.67 Ko] - C:\Windows\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [327.5 Ko] - C:\Windows\SysWOW64\downlevel
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [3653.6 Ko] - C:\Windows\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [370.9 Ko] - C:\Windows\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:53] - [1653.5 Ko] - C:\Windows\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [288.41 Ko] - C:\Windows\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [31453.51 Ko] - C:\Windows\SysWOW64\en-US
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/06/2016 23:07:09] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\err.txt
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [376.68 Ko] - C:\Windows\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [289.4 Ko] - C:\Windows\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [346.9 Ko] - C:\Windows\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [410.9 Ko] - C:\Windows\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp
[MD5.8787CA206DF4E6B2B0F559284A6DB6A8] - |A| - [13/10/2015 15:54:00] - (.© 2004-2011 Google Inc. - Google Photos Screensaver.) - [4480 Ko] - (3.9.141.259) - C:\Windows\SysWOW64\GPhotos.scr
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [318.9 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [297.4 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [349.9 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.7CFDED2F98FA26D76F5D20448B203640] - |A| - [22/10/2014 20:46:39] - (.Copyright © The Imaging Source Europe GmbH - IC Image Control.) - [100 Ko] - (10.1.302.500) - C:\Windows\SysWOW64\ic32.dll
[MD5.4A651624A6F9B5B98F2938B9137F1617] - |A| - [22/10/2014 20:46:39] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ic32.ini
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.132EAB84538E2BEC8D362C9F012C6D86] - |A| - [18/03/2014 22:59:20] - (.-.) - [139.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igdail32.dll
[MD5.C9E041530F1B907B2303972455146603] - |A| - [18/03/2014 22:59:24] - (.-.) - [334.91 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igdmd32.dll
[MD5.D823A6ED12810DC4FBA9184B5922E5AD] - |A| - [18/03/2014 22:59:40] - (.Copyright © The Khronos Group Inc 2011 - OpenCL Client DLL.) - [59 Ko] - (1.2.11.0) - C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [365.4 Ko] - C:\Windows\SysWOW64\it-IT
[MD5.FA2E1F09ED6C4C221E4513A7E815E13D] - |A| - [28/08/2013 02:30:08] - (.-.) - [1.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\IusEventLog.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [290.4 Ko] - C:\Windows\SysWOW64\ja-JP
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [289.9 Ko] - C:\Windows\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [92.9 Ko] - C:\Windows\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [295.4 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [295.4 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [24331.67 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [3306 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [789 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [52.28 Ko] - C:\Windows\SysWOW64\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [5.5 Ko] - C:\Windows\SysWOW64\MUI
[MD5.F18ED7DB109DFEF2D031BB8023583FD5] - |A| - [18/07/2016 12:40:18] - (.© 2005-2006 by Thesycon GmbH - Generic Class Co-Installer.) - [101 Ko] - (2.0.0.0) - C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [340.4 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [51 Ko] - C:\Windows\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [357.9 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [636.5 Ko] - C:\Windows\SysWOW64\oobe
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/06/2016 23:07:09] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\out.txt
[MD5.C7F7DD54FCCD385E4FD33BFB03E83699] - |A| - [02/04/2014 15:22:15] - (.-.) - [951.85 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [354.4 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:52] - [413.88 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [370.38 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [390.56 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.8A9982FB956104DFD6E0ECFB34F30FFE] - |A| - [10/12/2014 12:25:00] - (.Copyright © 2001-2014 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. - Python Core.) - [2401.5 Ko] - (2.7.9150.1013) - C:\Windows\SysWOW64\python27.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0.76 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [299.4 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.435C017922F8A896EC4900778E889AE9] - |A| - [13/03/2014 22:20:08] - (.Copyright (C) Synaptics Incorporated 1996-2014 - SynCOM.) - [397.23 Ko] - (18.1.5.2) - C:\Windows\SysWOW64\SynCom.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:53] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [557.52 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [380.07 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.88B7CCB0743F852706CC45E2F0D96DAC] - |A| - [22/10/2014 20:46:39] - (.-.) - [524 Ko] - (10.1.1010.500) - C:\Windows\SysWOW64\Tx32.dll
[MD5.D1983E8DF260EE0797C5CCF27AC71B23] - |A| - [22/10/2014 20:46:39] - (.Copyright © The Imaging Source Europe GmbH - TX TextControl Custom OLE Control.) - [328 Ko] - (10.0.150.500) - C:\Windows\SysWOW64\Tx4ole.ocx
[MD5.5897E1144454629C9854F45B93228E11] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control OLE container library.) - [320 Ko] - (9.0.114.500) - C:\Windows\SysWOW64\txobj32.dll
[MD5.DF893AA4C19336528102CF84010DE5D8] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Tool Bars for TX Text Control.) - [112 Ko] - (10.1.212.500) - C:\Windows\SysWOW64\txtls32.dll
[MD5.C913143F3B9765636D86C317D93A1CCD] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Image Filter for Windows Bitmaps.) - [52 Ko] - (10.0.200.500) - C:\Windows\SysWOW64\tx_bmp32.flt
[MD5.B2937D91582B495CA1C95FE521D1CBFE] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Filter for CSS Format.) - [348 Ko] - (10.1.130.500) - C:\Windows\SysWOW64\tx_css.dll
[MD5.702A08C4CEE705FCFE2DEF5D67D67826] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Filter for HTML Format.) - [196 Ko] - (10.1.201.500) - C:\Windows\SysWOW64\tx_htm32.dll
[MD5.F2F69C484F33207E8BD3851AF98897DC] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Image Filter for JPEG Format.) - [168 Ko] - (10.0.110.500) - C:\Windows\SysWOW64\tx_jpg32.flt
[MD5.D64C855AC40265BF97A075DCAA6FFC41] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Export Filter for PDF Format.) - [460 Ko] - (10.1.110.500) - C:\Windows\SysWOW64\tx_pdf.dll
[MD5.EB96F375DAA86B5F73415A117583FBF5] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Image Filter for Portable Network Graphics.) - [184 Ko] - (10.0.110.500) - C:\Windows\SysWOW64\tx_png32.flt
[MD5.E7FDCF7BDD0E88025526AD9556909F19] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Filter for Rich Text Format.) - [156 Ko] - (10.1.322.500) - C:\Windows\SysWOW64\tx_rtf32.dll
[MD5.00CB8C43DF5F4231F962088010BBAA0D] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Image Filter for TIFF files.) - [60 Ko] - (10.0.243.503) - C:\Windows\SysWOW64\tx_tif32.flt
[MD5.BE105DAB8AA57EAFF8C588D66FD59C8F] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - Image Filter for Windows Metafiles.) - [48 Ko] - (10.0.112.503) - C:\Windows\SysWOW64\tx_wmf32.flt
[MD5.33020A1ADFF58592CF745BF3C36D76B5] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Filter for Word Format.) - [364 Ko] - (10.1.210.500) - C:\Windows\SysWOW64\tx_word.dll
[MD5.36A7AD0C476EBB6129E2691CA44E06B7] - |A| - [22/10/2014 20:46:40] - (.Copyright © The Imaging Source Europe GmbH - TX Text Control Filter for XML Format.) - [372 Ko] - (10.1.120.500) - C:\Windows\SysWOW64\tx_xml.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [550.13 Ko] - C:\Windows\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 19:06:16] - [13259.08 Ko] - C:\Windows\SysWOW64\wbem
[MD5.1AE0A91052EAB8728F44129B439639F3] - |A| - [22/10/2014 20:46:40] - (.-.) - [2685.6 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\wccav.zip
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:52] - [0 Ko] - C:\Windows\SysWOW64\WCN
[MD5.F3202FCD811A1322F3BC9BEEB3CFF281] - |A| - [27/03/2015 15:09:25] - (.Copyright © Jungo 2002 - 2006 - wdapi 8.11.) - [100 Ko] - (8.1.1.0) - C:\Windows\SysWOW64\wdapi811.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [158.1 Ko] - C:\Windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [6040.69 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [1928.5 Ko] - C:\Windows\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [18/03/2014 14:55:53] - [100.11 Ko] - C:\Windows\SysWOW64\winrm
[MD5.F932617C8CD7079EFB531ED323E66F49] - |A| - [22/10/2014 20:46:41] - (.Copyright © The Imaging Source Europe GmbH - Control Window Management Tool.) - [52 Ko] - (10.1.141.500) - C:\Windows\SysWOW64\wndtls32.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [398.06 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [268.9 Ko] - C:\Windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 21:06:31] - [268.9 Ko] - C:\Windows\SysWOW64\zh-TW

---------- | [183-k]

[02/08/2014 09:06:00] - |D| - [300810661] - C:\Users\183-k\AppData\Local
[02/08/2014 09:06:28] - |D| - [92207251] - C:\Users\183-k\AppData\LocalLow
[02/08/2014 09:06:00] - |D| - [14774109] - C:\Users\183-k\AppData\Roaming
[15/11/2016 21:43:55] - |D| - [258119] - C:\Users\183-k\AppData\Local\Adobe
[27/03/2015 15:10:23] - |D| - [0] - C:\Users\183-k\AppData\Local\Apple
[02/08/2014 09:06:28] - |SHD| - [0] - C:\Users\183-k\AppData\Local\Application Data
[19/03/2017 11:57:30] - |D| - [0] - C:\Users\183-k\AppData\Local\CEF
[15/11/2016 21:31:25] - |D| - [477] - C:\Users\183-k\AppData\Local\Chris_Pietschmann_(http__
[24/11/2016 08:18:13] - |D| - [1302870] - C:\Users\183-k\AppData\Local\CrashDumps
[30/08/2014 11:47:23] - |D| - [156] - C:\Users\183-k\AppData\Local\CyberLink
[16/11/2016 08:18:15] - |D| - [9890268] - C:\Users\183-k\AppData\Local\Diagnostics
[04/09/2016 14:55:03] - |D| - [3951942] - C:\Users\183-k\AppData\Local\ElevatedDiagnostics
[03/02/2015 01:20:13] - |SHD| - [0] - C:\Users\183-k\AppData\Local\EmieBrowserModeList
[30/08/2014 11:45:16] - |SHD| - [0] - C:\Users\183-k\AppData\Local\EmieSiteList
[30/08/2014 11:45:16] - |SHD| - [0] - C:\Users\183-k\AppData\Local\EmieUserList
[10/12/2016 22:10:35] - |D| - [76773824] - C:\Users\183-k\AppData\Local\Google
[01/02/2016 11:29:30] - |D| - [71] - C:\Users\183-k\AppData\Local\GWX
[30/08/2014 11:45:58] - |D| - [2868] - C:\Users\183-k\AppData\Local\Hewlett-Packard
[02/08/2014 09:06:28] - |SHD| - [0] - C:\Users\183-k\AppData\Local\History
[17/07/2016 20:35:03] - |D| - [0] - C:\Users\183-k\AppData\Local\Lenovo
[02/08/2014 09:06:00] - |D| - [141312748] - C:\Users\183-k\AppData\Local\Microsoft
[08/04/2015 12:36:19] - |D| - [0] - C:\Users\183-k\AppData\Local\Mozilla
[30/08/2014 11:43:46] - |D| - [9645279] - C:\Users\183-k\AppData\Local\Packages
[08/04/2015 12:40:43] - |D| - [0] - C:\Users\183-k\AppData\Local\Programs
[23/06/2016 23:07:19] - |D| - [2134804] - C:\Users\183-k\AppData\Local\Research In Motion
[06/09/2016 21:15:06] - |D| - [0] - C:\Users\183-k\AppData\Local\Skype
[02/08/2014 09:06:00] - |D| - [0] - C:\Users\183-k\AppData\Local\Temp
[02/08/2014 09:06:28] - |SHD| - [0] - C:\Users\183-k\AppData\Local\Temporary Internet Files
[30/08/2014 11:43:47] - |D| - [654] - C:\Users\183-k\AppData\Local\VirtualStore
[20/03/2017 00:10:39] - |D| - [55536581] - C:\Users\183-k\AppData\Local\Zemana
[15/11/2016 21:43:55] - |D| - [116840] - C:\Users\183-k\AppData\LocalLow\Adobe
[27/03/2015 15:10:09] - |D| - [8796] - C:\Users\183-k\AppData\LocalLow\Apple Computer
[03/02/2015 01:18:21] - |SHD| - [0] - C:\Users\183-k\AppData\LocalLow\EmieBrowserModeList
[30/08/2014 11:45:13] - |SHD| - [0] - C:\Users\183-k\AppData\LocalLow\EmieSiteList
[30/08/2014 11:46:00] - |SHD| - [0] - C:\Users\183-k\AppData\LocalLow\EmieUserList
[30/08/2014 11:29:38] - |SD| - [1663026] - C:\Users\183-k\AppData\LocalLow\Microsoft
[22/10/2014 20:17:07] - |D| - [913408] - C:\Users\183-k\AppData\LocalLow\Oracle
[22/10/2014 20:16:09] - |D| - [89505181] - C:\Users\183-k\AppData\LocalLow\Sun
[20/03/2017 13:32:03] - |D| - [36393] - C:\Users\183-k\AppData\Roaming\9-lab
[30/08/2014 11:43:51] - |D| - [80637] - C:\Users\183-k\AppData\Roaming\Adobe
[20/02/2016 23:39:38] - |D| - [93829] - C:\Users\183-k\AppData\Roaming\Apowersoft
[30/08/2014 11:51:14] - |D| - [987027] - C:\Users\183-k\AppData\Roaming\Autograph
[19/03/2017 23:48:10] - |D| - [13521] - C:\Users\183-k\AppData\Roaming\Everything
[30/08/2014 11:49:09] - |D| - [1657] - C:\Users\183-k\AppData\Roaming\Hewlett-Packard
[01/02/2016 11:27:46] - |D| - [0] - C:\Users\183-k\AppData\Roaming\Identities
[27/03/2015 15:06:38] - |D| - [0] - C:\Users\183-k\AppData\Roaming\InstallShield
[08/04/2015 13:40:57] - |D| - [506] - C:\Users\183-k\AppData\Roaming\Macromedia
[02/08/2014 09:06:00] - |SD| - [692120] - C:\Users\183-k\AppData\Roaming\Microsoft
[08/04/2015 12:36:19] - |D| - [513966] - C:\Users\183-k\AppData\Roaming\Mozilla
[06/09/2016 21:14:33] - |D| - [6643631] - C:\Users\183-k\AppData\Roaming\Skype
[30/08/2014 11:43:35] - |D| - [0] - C:\Users\183-k\AppData\Roaming\Synaptics
[02/08/2014 09:09:23] - |D| - [104] - C:\Users\183-k\AppData\Roaming\WildTangent
[19/03/2017 11:53:40] - |D| - [21625] - C:\Users\183-k\AppData\Roaming\xm1
[19/03/2017 13:05:31] - |D| - [5689093] - C:\Users\183-k\AppData\Roaming\ZHP
[30/08/2014 11:44:38] - |ASH| - [174] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[02/08/2014 09:06:00] - |RD| - [16012] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[02/08/2014 09:06:00] - |RD| - [3888] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[02/08/2014 09:06:00] - |RD| - [1486] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[30/08/2014 11:44:38] - |RD| - [174] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[02/08/2014 09:06:00] - |ASH| - [564] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[02/08/2014 09:06:00] - |A| - [369] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[19/03/2017 23:48:10] - |D| - [2091] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[30/08/2014 11:43:51] - |A| - [1453] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[02/08/2014 09:06:00] - |D| - [170] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[02/08/2014 09:06:00] - |A| - [369] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[30/08/2014 11:44:38] - |RD| - [174] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[02/08/2014 09:06:00] - |RD| - [5274] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[16/06/2016 03:02:06] - |D| - [0] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[30/08/2014 11:44:38] - |ASH| - [174] - C:\Users\183-k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [HP-PC]

[28/07/2014 21:17:26] - |D| - [3329714468] - C:\Users\HP-PC\AppData\Local
[28/07/2014 21:17:57] - |D| - [48002915] - C:\Users\HP-PC\AppData\LocalLow
[28/07/2014 21:17:26] - |D| - [710501056] - C:\Users\HP-PC\AppData\Roaming
[20/02/2016 15:41:12] - |D| - [88] - C:\Users\HP-PC\AppData\System
[28/07/2014 23:13:07] - |D| - [544921] - C:\Users\HP-PC\AppData\Local\Adobe
[27/01/2016 11:46:41] - |D| - [54051002] - C:\Users\HP-PC\AppData\Local\Apowersoft
[30/03/2015 20:00:26] - |D| - [0] - C:\Users\HP-PC\AppData\Local\Apple
[28/07/2014 21:17:57] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\Application Data
[16/01/2016 11:23:19] - |D| - [0] - C:\Users\HP-PC\AppData\Local\Apps
[23/06/2016 23:10:30] - |D| - [951580] - C:\Users\HP-PC\AppData\Local\BlackBerry
[14/03/2017 01:15:51] - |D| - [0] - C:\Users\HP-PC\AppData\Local\CEF
[16/11/2016 21:41:45] - |D| - [473] - C:\Users\HP-PC\AppData\Local\Chris_Pietschmann_(http__
[28/07/2014 22:53:14] - |D| - [186726429] - C:\Users\HP-PC\AppData\Local\CrashDumps
[28/07/2014 21:20:46] - |D| - [168769523] - C:\Users\HP-PC\AppData\Local\CyberLink
[27/01/2016 10:49:10] - |A| - [8192] - C:\Users\HP-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[16/01/2016 11:23:18] - |D| - [0] - C:\Users\HP-PC\AppData\Local\Deployment
[29/07/2014 00:09:51] - |D| - [23855025] - C:\Users\HP-PC\AppData\Local\Diagnostics
[12/12/2014 09:33:12] - |D| - [0] - C:\Users\HP-PC\AppData\Local\ElevatedDiagnostics
[17/11/2014 23:02:52] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\EmieBrowserModeList
[28/07/2014 21:24:31] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\EmieSiteList
[28/07/2014 21:24:31] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\EmieUserList
[03/02/2015 09:46:45] - |D| - [773] - C:\Users\HP-PC\AppData\Local\Evernote
[27/01/2016 10:49:11] - |D| - [438] - C:\Users\HP-PC\AppData\Local\ezvid,_inc
[29/07/2014 02:57:37] - |A| - [238880] - C:\Users\HP-PC\AppData\Local\GDIPFONTCACHEV1.DAT
[28/07/2014 21:33:37] - |D| - [822238904] - C:\Users\HP-PC\AppData\Local\Google
[13/03/2017 22:06:22] - |D| - [0] - C:\Users\HP-PC\AppData\Local\Grammarly
[09/07/2015 23:31:52] - |D| - [1230] - C:\Users\HP-PC\AppData\Local\GWX
[28/07/2014 21:19:52] - |D| - [8825] - C:\Users\HP-PC\AppData\Local\Hewlett-Packard
[28/07/2014 21:17:57] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\History
[14/03/2017 15:05:46] - |AH| - [0] - C:\Users\HP-PC\AppData\Local\IconCache.db
[17/07/2016 20:35:04] - |D| - [0] - C:\Users\HP-PC\AppData\Local\Lenovo
[06/11/2014 23:29:22] - |D| - [0] - C:\Users\HP-PC\AppData\Local\MediaShow
[28/07/2014 21:17:26] - |D| - [513933155] - C:\Users\HP-PC\AppData\Local\Microsoft
[28/07/2014 21:33:21] - |D| - [276356] - C:\Users\HP-PC\AppData\Local\Microsoft Help
[16/06/2016 01:54:01] - |D| - [48572614] - C:\Users\HP-PC\AppData\Local\MiKTeX
[27/01/2016 09:08:43] - |D| - [59121] - C:\Users\HP-PC\AppData\Local\Movavi
[19/08/2014 23:20:06] - |D| - [82948056] - C:\Users\HP-PC\AppData\Local\Mozilla
[08/12/2015 19:31:54] - |D| - [0] - C:\Users\HP-PC\AppData\Local\NetBeans
[28/07/2014 21:18:07] - |D| - [589613132] - C:\Users\HP-PC\AppData\Local\Packages
[27/01/2016 10:24:01] - |D| - [697961490] - C:\Users\HP-PC\AppData\Local\Programs
[28/01/2017 04:27:17] - |D| - [3611178] - C:\Users\HP-PC\AppData\Local\RescueTime
[28/01/2017 04:27:20] - |D| - [1482235] - C:\Users\HP-PC\AppData\Local\RescueTime.com
[23/06/2016 23:07:20] - |D| - [21151144] - C:\Users\HP-PC\AppData\Local\Research In Motion
[27/01/2016 09:09:42] - |D| - [0] - C:\Users\HP-PC\AppData\Local\screencapture
[27/01/2016 09:08:40] - |D| - [0] - C:\Users\HP-PC\AppData\Local\ScreenCaptureStudio
[17/07/2016 20:34:58] - |D| - [67791] - C:\Users\HP-PC\AppData\Local\SHAREit
[01/01/2015 13:21:52] - |D| - [5535651] - C:\Users\HP-PC\AppData\Local\Skype
[20/02/2016 15:41:12] - |D| - [0] - C:\Users\HP-PC\AppData\Local\SmartDraw
[20/02/2016 22:52:49] - |D| - [135313] - C:\Users\HP-PC\AppData\Local\TechSmith
[28/07/2014 21:17:26] - |D| - [2411087] - C:\Users\HP-PC\AppData\Local\Temp
[28/07/2014 21:17:57] - |SHD| - [0] - C:\Users\HP-PC\AppData\Local\Temporary Internet Files
[28/07/2014 21:18:21] - |D| - [54087304] - C:\Users\HP-PC\AppData\Local\VirtualStore
[20/03/2017 12:04:18] - |D| - [50472647] - C:\Users\HP-PC\AppData\Local\Zemana
[28/07/2014 23:13:06] - |D| - [36102671] - C:\Users\HP-PC\AppData\LocalLow\Adobe
[28/03/2015 14:30:56] - |D| - [47131] - C:\Users\HP-PC\AppData\LocalLow\Apple Computer
[17/11/2014 23:02:07] - |SHD| - [0] - C:\Users\HP-PC\AppData\LocalLow\EmieBrowserModeList
[28/07/2014 21:23:59] - |SHD| - [0] - C:\Users\HP-PC\AppData\LocalLow\EmieSiteList
[28/07/2014 22:38:21] - |SHD| - [0] - C:\Users\HP-PC\AppData\LocalLow\EmieUserList
[03/02/2015 09:46:45] - |D| - [0] - C:\Users\HP-PC\AppData\LocalLow\Evernote
[28/07/2014 21:18:27] - |D| - [9780187] - C:\Users\HP-PC\AppData\LocalLow\Microsoft
[22/10/2014 20:16:56] - |D| - [2072926] - C:\Users\HP-PC\AppData\LocalLow\Sun
[22/03/2016 09:29:19] - |D| - [0] - C:\Users\HP-PC\AppData\LocalLow\Temp
[07/03/2017 20:54:00] - |A| - [1417] - C:\Users\HP-PC\AppData\Roaming\.emacs
[07/03/2017 20:41:18] - |D| - [195073] - C:\Users\HP-PC\AppData\Roaming\.emacs.d
[28/07/2014 21:18:21] - |D| - [10307514] - C:\Users\HP-PC\AppData\Roaming\Adobe
[27/01/2016 11:46:51] - |D| - [233234] - C:\Users\HP-PC\AppData\Roaming\Apowersoft
[31/08/2014 22:01:13] - |D| - [990975] - C:\Users\HP-PC\AppData\Roaming\Autograph
[05/02/2016 13:36:07] - |D| - [12652437] - C:\Users\HP-PC\AppData\Roaming\Corel
[28/07/2014 23:40:38] - |D| - [10672] - C:\Users\HP-PC\AppData\Roaming\CyberLink
[27/10/2015 14:47:43] - |D| - [140416] - C:\Users\HP-PC\AppData\Roaming\Design Science
[20/03/2017 00:00:32] - |D| - [9925336] - C:\Users\HP-PC\AppData\Roaming\Everything
[01/11/2015 12:11:19] - |D| - [60884242] - C:\Users\HP-PC\AppData\Roaming\GeoGebra 5.0
[28/07/2014 21:20:50] - |D| - [619] - C:\Users\HP-PC\AppData\Roaming\Hewlett-Packard
[28/07/2014 21:20:24] - |D| - [0] - C:\Users\HP-PC\AppData\Roaming\hpqlog
[13/07/2015 00:25:21] - |D| - [0] - C:\Users\HP-PC\AppData\Roaming\Identities
[28/07/2014 23:40:59] - |D| - [14777] - C:\Users\HP-PC\AppData\Roaming\Macromedia
[27/01/2016 09:41:56] - |D| - [577] - C:\Users\HP-PC\AppData\Roaming\MangoApps
[28/07/2014 21:17:26] - |SD| - [483929770] - C:\Users\HP-PC\AppData\Roaming\Microsoft
[16/06/2016 01:54:01] - |D| - [23231] - C:\Users\HP-PC\AppData\Roaming\MiKTeX
[19/08/2014 23:20:06] - |D| - [1007282] - C:\Users\HP-PC\AppData\Roaming\Mozilla
[08/12/2015 19:31:54] - |D| - [36] - C:\Users\HP-PC\AppData\Roaming\NetBeans
[23/06/2016 23:10:05] - |D| - [5999450] - C:\Users\HP-PC\AppData\Roaming\Research In Motion
[01/01/2015 13:21:44] - |D| - [65217090] - C:\Users\HP-PC\AppData\Roaming\Skype
[20/02/2016 15:41:12] - |D| - [1951573] - C:\Users\HP-PC\AppData\Roaming\SmartDraw
[16/01/2016 11:36:37] - |D| - [7025605] - C:\Users\HP-PC\AppData\Roaming\StarUML
[28/07/2014 21:18:03] - |D| - [0] - C:\Users\HP-PC\AppData\Roaming\Synaptics
[27/01/2016 09:41:47] - |D| - [29893243] - C:\Users\HP-PC\AppData\Roaming\TinyTake by MangoApps
[29/07/2014 04:01:09] - |D| - [209] - C:\Users\HP-PC\AppData\Roaming\WildTangent
[28/07/2014 21:45:24] - |D| - [12] - C:\Users\HP-PC\AppData\Roaming\WinRAR
[23/06/2016 23:10:31] - |D| - [0] - C:\Users\HP-PC\AppData\Roaming\XCPCSync.OEM
[16/06/2016 00:36:49] - |D| - [22172] - C:\Users\HP-PC\AppData\Roaming\xm1
[15/01/2017 20:17:34] - |D| - [20074094] - C:\Users\HP-PC\AppData\Roaming\Zoom
[28/07/2014 21:18:27] - |SH| - [174] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[28/07/2014 21:17:26] - |RD| - [47279] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[28/07/2014 21:17:26] - |RD| - [3888] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[28/07/2014 21:17:26] - |RD| - [1486] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[28/07/2014 21:18:28] - |RD| - [174] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[13/10/2016 22:51:05] - |D| - [2499] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[28/07/2014 21:17:26] - |SH| - [678] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[28/07/2014 21:17:26] - |A| - [369] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[17/04/2016 18:25:46] - |A| - [793] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
[28/10/2015 10:10:59] - |D| - [3987] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 5
[07/03/2017 13:04:46] - |D| - [634] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnu Emacs
[28/07/2014 21:47:48] - |A| - [2276] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[28/07/2014 21:18:21] - |A| - [1453] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[28/07/2014 21:17:26] - |D| - [170] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[16/06/2016 01:59:12] - |D| - [10420] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[28/07/2014 21:17:26] - |A| - [369] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[28/01/2017 04:27:19] - |D| - [2429] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RescueTime
[20/02/2016 15:41:05] - |D| - [1316] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw CI
[07/03/2017 14:33:43] - |A| - [1201] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SML of New Jersey (2).lnk
[07/03/2017 19:25:06] - |A| - [1201] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SML of New Jersey.lnk
[28/07/2014 21:18:28] - |RD| - [2533] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[28/07/2014 21:17:26] - |RD| - [5274] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[28/07/2014 21:31:41] - |D| - [4129] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[28/07/2014 21:18:28] - |SH| - [174] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[08/03/2017 11:04:20] - |A| - [1283] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[28/01/2017 04:27:20] - |A| - [1076] - C:\Users\HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk

---------- | [Public]


---------- | [shrey]

[02/08/2014 08:57:23] - |D| - [490200962] - C:\Users\shrey\AppData\Local
[02/08/2014 08:58:08] - |D| - [3569873] - C:\Users\shrey\AppData\LocalLow
[02/08/2014 08:57:23] - |D| - [3819451] - C:\Users\shrey\AppData\Roaming
[21/09/2014 21:12:34] - |D| - [542380] - C:\Users\shrey\AppData\Local\Adobe
[05/10/2015 18:56:03] - |D| - [0] - C:\Users\shrey\AppData\Local\Apple
[02/08/2014 08:58:08] - |SHD| - [0] - C:\Users\shrey\AppData\Local\Application Data
[15/12/2016 12:01:52] - |D| - [477] - C:\Users\shrey\AppData\Local\Chris_Pietschmann_(http__
[21/01/2015 20:44:45] - |D| - [6761478] - C:\Users\shrey\AppData\Local\CrashDumps
[30/08/2014 12:03:26] - |D| - [202] - C:\Users\shrey\AppData\Local\CyberLink
[04/01/2015 19:35:27] - |SHD| - [0] - C:\Users\shrey\AppData\Local\EmieBrowserModeList
[30/08/2014 12:02:28] - |SHD| - [0] - C:\Users\shrey\AppData\Local\EmieSiteList
[30/08/2014 12:02:28] - |SHD| - [0] - C:\Users\shrey\AppData\Local\EmieUserList
[07/10/2015 09:09:22] - |A| - [238880] - C:\Users\shrey\AppData\Local\GDIPFONTCACHEV1.DAT
[14/03/2017 02:09:25] - |D| - [42356142] - C:\Users\shrey\AppData\Local\Google
[03/10/2015 22:08:34] - |D| - [71] - C:\Users\shrey\AppData\Local\GWX
[02/08/2014 08:59:21] - |D| - [3586] - C:\Users\shrey\AppData\Local\Hewlett-Packard
[02/08/2014 08:58:08] - |SHD| - [0] - C:\Users\shrey\AppData\Local\History
[02/08/2016 21:14:41] - |D| - [0] - C:\Users\shrey\AppData\Local\Lenovo
[02/08/2014 08:57:23] - |D| - [214895095] - C:\Users\shrey\AppData\Local\Microsoft
[21/09/2014 22:13:05] - |D| - [150469850] - C:\Users\shrey\AppData\Local\Mozilla
[02/08/2014 08:58:10] - |D| - [70715492] - C:\Users\shrey\AppData\Local\Packages
[02/08/2016 21:14:03] - |D| - [4067786] - C:\Users\shrey\AppData\Local\Research In Motion
[02/08/2016 21:14:24] - |D| - [148869] - C:\Users\shrey\AppData\Local\SHAREit
[02/08/2014 08:57:23] - |D| - [0] - C:\Users\shrey\AppData\Local\Temp
[02/08/2014 08:58:08] - |SHD| - [0] - C:\Users\shrey\AppData\Local\Temporary Internet Files
[02/08/2014 08:58:19] - |D| - [654] - C:\Users\shrey\AppData\Local\VirtualStore
[21/09/2014 21:12:34] - |D| - [188065] - C:\Users\shrey\AppData\LocalLow\Adobe
[22/11/2015 17:59:19] - |D| - [10929] - C:\Users\shrey\AppData\LocalLow\Apple Computer
[04/01/2015 19:34:47] - |SHD| - [0] - C:\Users\shrey\AppData\LocalLow\EmieBrowserModeList
[24/08/2014 14:12:06] - |SHD| - [0] - C:\Users\shrey\AppData\LocalLow\EmieSiteList
[30/08/2014 12:02:33] - |SHD| - [0] - C:\Users\shrey\AppData\LocalLow\EmieUserList
[02/08/2014 08:58:26] - |D| - [3370879] - C:\Users\shrey\AppData\LocalLow\Microsoft
[02/08/2014 08:58:20] - |D| - [78879] - C:\Users\shrey\AppData\Roaming\Adobe
[07/12/2016 10:50:56] - |D| - [0] - C:\Users\shrey\AppData\Roaming\CyberLink
[21/02/2016 19:01:09] - |D| - [140416] - C:\Users\shrey\AppData\Roaming\Design Science
[03/10/2015 22:08:03] - |D| - [0] - C:\Users\shrey\AppData\Roaming\Identities
[16/09/2014 15:31:19] - |D| - [2133] - C:\Users\shrey\AppData\Roaming\Macromedia
[02/08/2014 08:57:23] - |SD| - [1572019] - C:\Users\shrey\AppData\Roaming\Microsoft
[21/09/2014 22:13:05] - |D| - [2026004] - C:\Users\shrey\AppData\Roaming\Mozilla
[02/08/2014 08:58:11] - |D| - [0] - C:\Users\shrey\AppData\Roaming\Synaptics
[02/08/2014 08:58:28] - |SH| - [174] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[02/08/2014 08:57:23] - |RD| - [16711] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[02/08/2014 08:57:23] - |RD| - [3888] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[02/08/2014 08:57:23] - |RD| - [1486] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[02/08/2014 08:58:29] - |RD| - [174] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[02/08/2014 08:57:23] - |SH| - [564] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[02/08/2014 08:57:23] - |A| - [369] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[04/12/2016 07:44:55] - |A| - [1494] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk
[02/08/2014 08:58:20] - |A| - [1453] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[02/08/2014 08:57:23] - |D| - [170] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[02/08/2014 08:57:23] - |A| - [369] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[04/12/2016 07:45:01] - |A| - [1296] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
[02/08/2014 08:58:29] - |RD| - [174] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[02/08/2014 08:57:23] - |RD| - [5274] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[02/08/2014 08:58:29] - |SH| - [174] - C:\Users\shrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\ProgramData

[20/03/2017 13:31:51] - |D| - [58882847] - C:\ProgramData\9-lab
[28/07/2014 21:45:39] - |D| - [557091399] - C:\ProgramData\Adobe
[29/01/2016 02:17:47] - |D| - [2067424] - C:\ProgramData\Apowersoft
[13/05/2014 09:02:42] - |D| - [0] - C:\ProgramData\Apple
[22/08/2013 20:15:52] - |SHD| - [0] - C:\ProgramData\Application Data
[03/02/2015 09:08:16] - |D| - [0] - C:\ProgramData\Applications
[30/08/2014 11:31:16] - |D| - [6235978] - C:\ProgramData\Autograph 3
[30/08/2014 11:29:40] - |D| - [1480] - C:\ProgramData\Autograph 3 Logs
[14/03/2017 01:05:31] - |D| - [6962272] - C:\ProgramData\AVAST Software
[29/07/2014 04:01:27] - |D| - [750] - C:\ProgramData\BlueStacks
[13/05/2014 09:08:19] - |D| - [53469999] - C:\ProgramData\CyberLink
[22/08/2013 20:15:52] - |SHD| - [0] - C:\ProgramData\Desktop
[22/08/2013 20:15:52] - |SHD| - [0] - C:\ProgramData\Documents
[08/05/2014 06:25:46] - |D| - [32978201] - C:\ProgramData\Hewlett-Packard
[13/05/2014 09:07:20] - |D| - [725317] - C:\ProgramData\install_clap
[13/05/2014 08:49:40] - |D| - [15818387] - C:\ProgramData\Intel
[14/03/2017 20:10:40] - |D| - [622574798] - C:\ProgramData\Kaspersky Lab
[17/07/2016 20:35:03] - |D| - [6634] - C:\ProgramData\Lenovo
[13/03/2017 23:41:21] - |D| - [108335007] - C:\ProgramData\Malwarebytes
[13/05/2014 09:18:11] - |D| - [6128] - C:\ProgramData\McAfee
[30/07/2014 00:11:32] - |D| - [1529322] - C:\ProgramData\Micromax
[22/08/2013 19:06:15] - |SD| - [2658277561] - C:\ProgramData\Microsoft
[28/07/2014 21:33:16] - |D| - [62866] - C:\ProgramData\Microsoft Help
[27/01/2016 09:06:59] - |D| - [64] - C:\ProgramData\Movavi Screen Capture Studio 7
[14/03/2017 20:08:15] - |A| - [262144] - C:\ProgramData\ntuser.dat
[14/03/2017 20:08:15] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG1
[14/03/2017 20:08:15] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG2
[14/03/2017 20:08:15] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TM.blf
[14/03/2017 20:08:15] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TMContainer00000000000000000001.regtrans-ms
[14/03/2017 20:08:15] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TMContainer00000000000000000002.regtrans-ms
[27/01/2016 09:06:58] - |A| - [5392] - C:\ProgramData\oqztiqep.adk.4B4FC70A905FD32B.matrix
[22/10/2014 20:16:34] - |D| - [82551925] - C:\ProgramData\Oracle
[13/05/2014 08:59:48] - |D| - [170513267] - C:\ProgramData\Package Cache
[05/02/2016 13:36:11] - |D| - [2071] - C:\ProgramData\Protexis64
[22/08/2013 21:06:30] - |D| - [2062] - C:\ProgramData\regid.1991-06.com.microsoft
[23/06/2016 23:07:09] - |D| - [2420681] - C:\ProgramData\Research In Motion
[19/03/2017 14:02:40] - |D| - [2466472] - C:\ProgramData\RogueKiller
[13/12/2014 12:35:17] - |D| - [145895424] - C:\ProgramData\Skype
[22/08/2013 20:15:52] - |SHD| - [0] - C:\ProgramData\Start Menu
[22/10/2014 20:17:08] - |D| - [154] - C:\ProgramData\Sun
[13/05/2014 09:04:13] - |D| - [1878] - C:\ProgramData\Synaptics
[13/05/2014 09:07:21] - |D| - [2176472] - C:\ProgramData\Temp
[22/08/2013 20:15:52] - |SHD| - [0] - C:\ProgramData\Templates
[05/02/2016 12:30:14] - |D| - [294] - C:\ProgramData\UniqueId
[13/05/2014 09:10:03] - |D| - [546891] - C:\ProgramData\WildTangent
[08/05/2014 06:25:57] - |D| - [45639670] - C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[22/08/2013 21:06:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[30/07/2014 00:11:32] - |A| - [1809] - C:\ProgramData\Microsoft\Windows\Start Menu\MMX200G Netwarrior Manager.lnk
[22/08/2013 21:06:30] - |D| - [245556] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[03/09/2016 08:40:10] - |A| - [1524] - C:\ProgramData\Microsoft\Windows\Start Menu\VIDLE for VPython.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[20/03/2017 13:31:58] - |D| - [975] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
[22/08/2013 21:06:30] - |RD| - [1590] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[22/08/2013 21:06:30] - |RD| - [16835] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[22/08/2013 21:06:30] - |RD| - [25520] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[28/07/2014 21:34:26] - |D| - [2362] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[28/07/2014 21:34:27] - |A| - [1192] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[28/07/2014 21:46:13] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[20/02/2016 23:40:02] - |D| - [2899] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
[30/08/2014 11:34:54] - |D| - [8302] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autograph 3.3
[23/06/2016 23:08:39] - |D| - [1016] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Blend
[23/06/2016 23:08:00] - |D| - [1100] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Link
[17/08/2015 13:35:37] - |D| - [4426] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueJ
[22/08/2013 12:27:22] - |RAS| - [2131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
[19/03/2017 12:50:05] - |D| - [941] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[13/05/2014 09:09:47] - |RD| - [1721] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
[08/05/2014 06:25:20] - |A| - [1511] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk
[18/07/2016 12:40:30] - |D| - [2384] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link Connection Manager
[22/08/2013 21:06:33] - |SH| - [1252] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[22/08/2013 12:27:05] - |RAS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
[18/03/2014 15:25:08] - |RAS| - [2440] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
[13/05/2014 09:10:07] - |RD| - [93] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[14/03/2017 01:25:52] - |A| - [2182] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[16/08/2015 13:29:37] - |D| - [2979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graph
[08/05/2014 06:25:45] - |RD| - [6042] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[22/10/2014 20:46:41] - |D| - [3840] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IB Questionbank
[22/08/2013 12:24:10] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[13/05/2014 08:52:56] - |D| - [2301] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[22/10/2014 20:22:10] - |D| - [6935] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[14/03/2017 20:19:57] - |D| - [5627] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
[14/03/2017 20:18:22] - |D| - [6536] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
[17/07/2016 20:34:21] - |D| - [1118] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[22/09/2016 02:10:44] - |D| - [1194] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LizardTech
[22/08/2013 21:06:30] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[13/03/2017 23:41:50] - |D| - [3840] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[18/03/2017 20:05:18] - |D| - [6926] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathType 6
[30/07/2014 00:11:32] - |D| - [2819] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Micromax 200G USB Modem
[28/07/2014 21:37:27] - |D| - [37198] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[08/05/2014 06:20:20] - |A| - [2029] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
[28/07/2014 21:46:38] - |D| - [3880] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[13/05/2014 08:54:13] - |RD| - [9122] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[22/08/2013 12:27:08] - |RAS| - [2365] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
[28/07/2014 21:33:38] - |D| - [3397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[08/05/2014 06:18:29] - |RD| - [9887] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
[03/09/2016 08:16:37] - |D| - [8352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[19/03/2017 14:02:34] - |D| - [895] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
[22/08/2013 12:15:50] - |A| - [938] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
[08/05/2014 06:19:22] - |RD| - [1949] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
[17/07/2016 20:34:21] - |D| - [1118] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
[15/11/2016 19:03:29] - |D| - [2120] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[30/05/2016 13:11:15] - |D| - [1044] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slitherlink
[22/08/2013 21:06:30] - |RD| - [2251] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[22/08/2013 21:06:30] - |RD| - [6218] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[16/06/2016 00:28:00] - |D| - [1100] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
[10/09/2016 02:29:48] - |D| - [2324] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker
[27/03/2015 15:08:18] - |D| - [3190] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vernier Software
[15/11/2016 22:48:12] - |D| - [1924] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView
[22/08/2013 12:18:43] - |RAS| - [2191] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
[28/07/2014 21:31:41] - |D| - [4057] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[20/03/2017 00:10:49] - |D| - [1149] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[22/08/2013 21:06:33] - |SH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[13/05/2014 08:52:56] - |A| - [2077] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk

---------- | C:\Program Files (x86)

[28/07/2014 21:33:11] - |D| - [417236406] - C:\Program Files (x86)\Adobe
[20/03/2017 12:23:07] - |D| - [1293] - C:\Program Files (x86)\Adware Removal Tool by TSA
[20/02/2016 23:39:38] - |D| - [41705385] - C:\Program Files (x86)\Apowersoft
[30/08/2014 11:31:16] - |D| - [353148835] - C:\Program Files (x86)\Autograph 3.3
[23/06/2016 23:08:33] - |D| - [81205290] - C:\Program Files (x86)\BlackBerry
[17/08/2015 13:34:07] - |D| - [329539211] - C:\Program Files (x86)\BlueJ
[13/05/2014 08:58:12] - |D| - [3598306] - C:\Program Files (x86)\Cisco
[22/08/2013 19:06:15] - |D| - [881943369] - C:\Program Files (x86)\Common Files
[08/05/2014 06:25:20] - |D| - [2203388] - C:\Program Files (x86)\Connected Music powered by Universal Music Group
[13/05/2014 09:07:54] - |D| - [1925464562] - C:\Program Files (x86)\CyberLink
[18/07/2016 12:40:16] - |D| - [45095860] - C:\Program Files (x86)\D-Link Connection Manager
[22/08/2013 21:06:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[19/03/2017 15:38:43] - |D| - [203007274] - C:\Program Files (x86)\ESET
[08/05/2014 06:25:06] - |D| - [215846090] - C:\Program Files (x86)\Evernote
[27/01/2016 10:09:36] - |D| - [19844027] - C:\Program Files (x86)\Free Screen To Video
[28/07/2014 21:33:17] - |D| - [464056732] - C:\Program Files (x86)\Google
[16/08/2015 13:29:33] - |D| - [11049106] - C:\Program Files (x86)\Graph
[08/05/2014 06:15:21] - |D| - [345465438] - C:\Program Files (x86)\Hewlett-Packard
[15/11/2016 21:43:00] - |D| - [21992] - C:\Program Files (x86)\Hotspoter
[22/10/2014 20:46:32] - |D| - [257263818] - C:\Program Files (x86)\IB Questionbank32
[08/05/2014 06:19:19] - |HD| - [169605284] - C:\Program Files (x86)\InstallShield Installation Information
[13/05/2014 08:47:11] - |D| - [21800977] - C:\Program Files (x86)\Intel
[22/08/2013 21:06:30] - |D| - [7118996] - C:\Program Files (x86)\Internet Explorer
[14/03/2017 20:10:40] - |D| - [239914249] - C:\Program Files (x86)\Kaspersky Lab
[22/09/2016 02:10:39] - |D| - [3416158] - C:\Program Files (x86)\LizardTech
[27/10/2015 14:46:11] - |D| - [12657202] - C:\Program Files (x86)\MathType
[13/05/2014 09:18:14] - |D| - [29647692] - C:\Program Files (x86)\McAfee
[18/03/2017 20:10:27] - |D| - [3002380] - C:\Program Files (x86)\Microsoft Mathematics Add-in
[08/05/2014 06:20:16] - |D| - [647436860] - C:\Program Files (x86)\Microsoft Office
[28/07/2014 21:36:26] - |D| - [14904] - C:\Program Files (x86)\Microsoft Visual Studio
[28/07/2014 21:34:10] - |D| - [1262854] - C:\Program Files (x86)\Microsoft Visual Studio 8
[28/07/2014 21:36:46] - |D| - [3178824] - C:\Program Files (x86)\Microsoft Works
[22/08/2013 21:06:30] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[28/07/2014 21:46:31] - |D| - [27253132] - C:\Program Files (x86)\Mozilla Firefox
[02/04/2014 15:20:36] - |D| - [26521] - C:\Program Files (x86)\MSBuild
[08/05/2014 06:24:55] - |RD| - [739776] - C:\Program Files (x86)\Online Services
[13/05/2014 08:53:12] - |D| - [23391246] - C:\Program Files (x86)\Realtek
[02/04/2014 15:20:36] - |D| - [36953857] - C:\Program Files (x86)\Reference Assemblies
[23/06/2016 23:07:42] - |D| - [26242609] - C:\Program Files (x86)\Research In Motion
[17/07/2016 20:34:11] - |D| - [13697898] - C:\Program Files (x86)\SHAREit
[15/11/2016 19:03:24] - |RD| - [85152973] - C:\Program Files (x86)\Skype
[30/05/2016 13:11:13] - |D| - [2436724] - C:\Program Files (x86)\slitherlink
[07/03/2017 19:25:01] - |D| - [35318156] - C:\Program Files (x86)\SMLNJ
[13/05/2014 08:53:45] - |HD| - [0] - C:\Program Files (x86)\Temp
[16/06/2016 03:01:53] - |D| - [147131618] - C:\Program Files (x86)\Texmaker
[10/09/2016 02:29:22] - |D| - [74617011] - C:\Program Files (x86)\Tracker
[02/08/2014 09:06:32] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[27/03/2015 15:08:18] - |D| - [123047316] - C:\Program Files (x86)\Vernier Software
[15/11/2016 21:29:11] - |D| - [335] - C:\Program Files (x86)\Virtual Router
[13/05/2014 09:10:03] - |D| - [21600799] - C:\Program Files (x86)\WildTangent Games
[22/08/2013 21:06:30] - |D| - [1455744] - C:\Program Files (x86)\Windows Defender
[22/08/2013 21:06:30] - |D| - [5953536] - C:\Program Files (x86)\Windows Mail
[22/08/2013 21:06:30] - |D| - [3315226] - C:\Program Files (x86)\Windows Media Player
[22/08/2013 21:06:30] - |D| - [230912] - C:\Program Files (x86)\Windows Multimedia Platform
[22/08/2013 21:06:30] - |D| - [7472698] - C:\Program Files (x86)\Windows NT
[22/08/2013 21:06:30] - |D| - [5495440] - C:\Program Files (x86)\Windows Photo Viewer
[22/08/2013 21:06:30] - |D| - [230912] - C:\Program Files (x86)\Windows Portable Devices
[22/08/2013 21:06:30] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[22/08/2013 21:06:30] - |D| - [0] - C:\Program Files (x86)\WindowsPowerShell
[20/03/2017 00:10:48] - |D| - [17202506] - C:\Program Files (x86)\Zemana AntiMalware

---------- | \Program Files

[20/03/2017 13:31:50] - |D| - [19035820] - \Program Files\9-lab
[13/05/2014 08:58:14] - |D| - [47542946] - \Program Files\Broadcom
[19/03/2017 12:50:01] - |D| - [20456512] - \Program Files\CCleaner
[22/08/2013 19:06:15] - |D| - [101706393] - \Program Files\Common Files
[22/08/2013 21:06:45] - |ASH| - [174] - \Program Files\desktop.ini
[19/03/2017 23:48:10] - |D| - [1969093] - \Program Files\Everything
[14/03/2017 01:39:45] - |D| - [0] - \Program Files\Google
[08/05/2014 06:15:18] - |D| - [41246503] - \Program Files\Hewlett-Packard
[16/02/2017 10:47:23] - |D| - [18893494] - \Program Files\HP
[13/05/2014 08:48:54] - |D| - [103682111] - \Program Files\Intel
[22/08/2013 21:06:31] - |D| - [26312169] - \Program Files\Internet Explorer
[13/03/2017 23:41:21] - |D| - [133397508] - \Program Files\Malwarebytes
[30/07/2014 00:11:32] - |D| - [3798303] - \Program Files\Micromax 200G USB Modem
[28/07/2014 21:34:17] - |D| - [1140374] - \Program Files\Microsoft Office
[02/04/2014 15:20:32] - |D| - [25757] - \Program Files\MSBuild
[13/05/2014 08:54:06] - |D| - [32823279] - \Program Files\Realtek
[02/04/2014 15:20:32] - |D| - [34612905] - \Program Files\Reference Assemblies
[19/03/2017 14:02:29] - |D| - [82220766] - \Program Files\RogueKiller
[13/05/2014 08:48:24] - |D| - [141828003] - \Program Files\Synaptics
[22/08/2013 20:17:10] - |HD| - [0] - \Program Files\Uninstall Information
[15/11/2016 22:48:10] - |D| - [3318125] - \Program Files\WinDjView
[22/08/2013 21:06:31] - |D| - [10240231] - \Program Files\Windows Defender
[22/08/2013 21:06:31] - |D| - [6312448] - \Program Files\Windows Mail
[22/08/2013 21:06:31] - |D| - [5367870] - \Program Files\Windows Media Player
[22/08/2013 21:06:31] - |D| - [286208] - \Program Files\Windows Multimedia Platform
[22/08/2013 21:06:31] - |D| - [7824954] - \Program Files\Windows NT
[22/08/2013 21:06:31] - |D| - [6426768] - \Program Files\Windows Photo Viewer
[22/08/2013 21:06:31] - |D| - [286208] - \Program Files\Windows Portable Devices
[22/08/2013 21:06:31] - |SHD| - [0] - \Program Files\Windows Sidebar
[22/08/2013 21:06:31] - |HD| - [1165452848] - \Program Files\WindowsApps
[22/08/2013 21:06:31] - |D| - [0] - \Program Files\WindowsPowerShell
[28/07/2014 21:31:33] - |D| - [5123704] - \Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[28/07/2014 21:33:13] - |D| - [16246295] - C:\Program Files (x86)\Common Files\Adobe
[30/08/2014 11:31:35] - |D| - [7938448] - C:\Program Files (x86)\Common Files\Autograph 3
[13/05/2014 09:17:54] - |D| - [96216] - C:\Program Files (x86)\Common Files\CyberLink
[28/07/2014 21:36:26] - |D| - [92976] - C:\Program Files (x86)\Common Files\DESIGNER
[13/05/2014 08:53:42] - |D| - [2106564] - C:\Program Files (x86)\Common Files\InstallShield
[13/05/2014 08:56:52] - |D| - [155537785] - C:\Program Files (x86)\Common Files\Intel
[13/05/2014 08:58:23] - |D| - [234303] - C:\Program Files (x86)\Common Files\Intel Corporation
[22/10/2014 20:22:22] - |D| - [2151307] - C:\Program Files (x86)\Common Files\Java
[13/05/2014 09:18:14] - |D| - [836168] - C:\Program Files (x86)\Common Files\mcafee
[22/08/2013 21:06:30] - |D| - [533404753] - C:\Program Files (x86)\Common Files\Microsoft Shared
[13/05/2014 09:26:35] - |D| - [1485205] - C:\Program Files (x86)\Common Files\Nikon
[13/05/2014 08:48:36] - |D| - [196972] - C:\Program Files (x86)\Common Files\postureAgent
[23/06/2016 23:02:35] - |D| - [66727857] - C:\Program Files (x86)\Common Files\Research In Motion
[22/08/2013 21:06:30] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[15/11/2016 19:03:26] - |D| - [2581120] - C:\Program Files (x86)\Common Files\Skype
[16/02/2017 10:41:24] - |D| - [0] - C:\Program Files (x86)\Common Files\SWF Studio
[22/08/2013 21:06:30] - |D| - [43178066] - C:\Program Files (x86)\Common Files\System
[27/03/2015 15:09:55] - |D| - [110592] - C:\Program Files (x86)\Common Files\TI Shared
[27/03/2015 15:08:56] - |D| - [2465038] - C:\Program Files (x86)\Common Files\Vernier Software
[23/06/2016 23:07:42] - |D| - [46551002] - C:\Program Files (x86)\Common Files\XCPCSync.OEM

---------- | \Program Files\Common files

[14/03/2017 01:13:26] - |D| - [1774538] - \Program Files\Common files\AV
[05/02/2016 13:25:06] - |D| - [5128124] - \Program Files\Common files\Corel
[22/08/2013 21:06:31] - |D| - [81459594] - \Program Files\Common files\microsoft shared
[05/02/2016 13:24:32] - |D| - [2653552] - \Program Files\Common files\Protexis
[22/08/2013 21:06:31] - |D| - [2702] - \Program Files\Common files\Services
[22/08/2013 21:06:31] - |D| - [10687883] - \Program Files\Common files\System

---------- | Tasks

[MD5.6F1F877DB5E59250A8815AEB4536B7FF] - [14/03/2017 19:45:20] - |A| - [338] - C:\Windows\Tasks\HPCeeScheduleForHP-PC.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [22/08/2013 20:15:54] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.00000000000000000000000000000000] - [14/03/2017 01:13:27] - |D| - [3860] - C:\Windows\System32\Tasks\AVAST Software
[MD5.93CD85217221313D05B791779F2735A0] - [19/03/2017 12:50:09] - |A| - [2778] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.5EB026328B6804DB9FBA6365E34E30EB] - [14/03/2017 01:23:16] - |A| - [3204] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.84D7A8D02C07BC2E21E3C5E65028D718] - [14/03/2017 01:23:19] - |A| - [3332] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [08/05/2014 06:25:33] - |D| - [7620] - C:\Windows\System32\Tasks\Hewlett-Packard
[MD5.2B169D3F3A77278B4073048384B9B68A] - [28/07/2014 21:48:26] - |A| - [4012] - C:\Windows\System32\Tasks\HPGenoobeReminder : "C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe"
[MD5.CFCA31F3505F9B2D9C973C33E360D11D] - [14/03/2017 20:17:36] - |A| - [3032] - C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.00000000000000000000000000000000] - [22/08/2013 21:06:30] - |D| - [383856] - C:\Windows\System32\Tasks\Microsoft
[MD5.748DB416DAD2770DAD822FAAA308E9DA] - [28/07/2014 21:23:49] - |A| - [3600] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1605944295-1278072363-3366277582-1001 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.33287F88E8DC083D8F7FEE8C6052A70F] - [02/08/2014 09:04:02] - |A| - [3598] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1605944295-1278072363-3366277582-1004 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.46F0488517C1D760FDEFBA33844A4A6D] - [30/08/2014 11:50:39] - |A| - [3600] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1605944295-1278072363-3366277582-1005 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.DF7A006AB9CDECC4B611C35D818BF69C] - [13/05/2014 10:34:56] - |A| - [2324] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1605944295-1278072363-3366277582-500 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.71E845317605583052F811E1DF69586B] - [02/04/2014 15:05:50] - |A| - [3596] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1725350855-1927001909-1276192757-500 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.F399DA6F2FBFE29A193A6C14E039BFEE] - [08/05/2014 06:10:25] - |A| - [3596] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1926912868-3721114296-1435701358-500 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.C141D6474D322F48DFD41D69C568140B] - [13/05/2014 08:43:18] - |A| - [3596] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2733828166-1789802061-3082008228-500 : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.C960CEB40F711F5B7002433EBC9A2B8B] - [30/08/2014 12:02:28] - |A| - [3902] - C:\Windows\System32\Tasks\User_Feed_Synchronization-{3B4D6E76-FC38-41A1-9102-DBC7623838F7} : C:\Windows\system32\msfeedssync.exe
[MD5.23F04245784F5E5DF9DBF0092A81AE11] - [28/07/2014 21:24:00] - |A| - [3902] - C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1F2061F-BE85-4148-A1E1-65F4E7E6E010} : C:\Windows\system32\msfeedssync.exe
[MD5.2EC7293DAD7916ECABA959D2AF9D5A16] - [30/08/2014 11:45:17] - |A| - [3902] - C:\Windows\System32\Tasks\User_Feed_Synchronization-{DE27E9B2-459D-4537-842A-16F287853CBA} : C:\Windows\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [28/07/2014 21:18:41] - |D| - [13398] - C:\Windows\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [22/08/2013 21:06:31] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WirelessDisplay-Out-UDP"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-In-TCP"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"Netlogon-TCP-RPC-In"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-NamedPipe-In"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
"Wininit-Shutdown-In-Rule-TCP-RPC"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
"TCP Query User{A29BD3EF-FE76-4EC4-8475-B84A52CC2CF8}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|
"UDP Query User{9FCC04E9-E499-4B5B-99B7-02D63229409D}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{17fdd8f0-53df-406f-8287-8c38f6fc9bcc}] : (RIMUSBBB) [] -> BlackBerry
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @PrintQueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%SECURITYACCELERATORCLASSNAME%;Security Accelerator
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @idtsec.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem28.inf,%ClassName%;SAMSUNG Android Phone
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @%SystemRoot%\System32\Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{502EB68B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{57465043-616c-6c6f-7574-5f636c617373}] : (WFPCALLOUTS) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem48.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8c78b96c-9120-4da4-a144-ff427f2cf132}] : (BarcodeScanner) [] -> @hidscanner.inf,%ClassName%;POS HID Barcode scanners
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{B95B836B-234E-4857-A1F8-D0D9A9BEC1C5}] : (vmbus) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @AudioEndpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @WSDPrint.Inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c671678c-82c1-43f3-d700-0049433e9a4b}] : (Jungo) [] -> Jungo
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem32.inf,%ClassName%;ADB Interface
[HKLM\SYSTEM\CurrentControlSet\Control\Class\~backup.{4D36E972-E325-11CE-BFC1-08002bE10318}.bak0] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\~backup.{4D36E972-E325-11CE-BFC1-08002bE10318}.bak1] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[02/06/2016 03:43:38] - (6.8.0.67) - (AO Kaspersky Lab - Kaspersky Unified Driver) - C:\Windows\system32\DRIVERS\kl1.sys
[10/06/2016 06:41:26] - (4.0.74.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\Windows\system32\DRIVERS\cm_km.sys
[07/06/2016 23:33:14] - (12.0.0.6) - (AO Kaspersky Lab - Backup Disk Filter [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\klbackupdisk.sys
[23/07/2013 22:58:56] - (6.0.5.1) - (Hewlett-Packard - HP Disk Filter - SATA/RAID) - C:\Windows\system32\DRIVERS\hpdskflt.sys
[20/06/2016 17:54:10] - (12.0.111.62) - (AO Kaspersky Lab - klhk [fre_win8_x64]) - C:\Windows\System32\drivers\klhk.sys
[15/06/2016 00:23:44] - (12.0.0.8) - (AO Kaspersky Lab - Backup File Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klbackupflt.sys
[14/03/2017 20:07:43] - (12.0.31.0) - (AO Kaspersky Lab - Filter Core [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klflt.sys
[14/03/2017 20:07:41] - (12.0.208.0) - (AO Kaspersky Lab - Core System Interceptors [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klif.sys
[31/05/2016 23:31:20] - (12.0.0.6) - (AO Kaspersky Lab - Format Recognizer [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\klpd.sys
[18/06/2016 01:36:24] - (12.0.0.11) - (AO Kaspersky Lab - WFP Network Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klwfp.sys
[20/06/2016 23:41:10] - (13.0.0.8) - (AO Kaspersky Lab - Packet Network Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klim6.sys
[02/06/2016 22:39:42] - (12.0.0.39) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klwtp.sys
[20/03/2017 00:10:50] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\Windows\System32\drivers\zamguard64.sys
[20/03/2017 00:10:50] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\Windows\System32\drivers\zam64.sys
[14/06/2016 17:47:52] - (12.0.0.22) - (AO Kaspersky Lab - Network Processor [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kneps.sys
[13/05/2014 09:17:55] - (1.0.0.3512) - (CyberLink - It is a virtual device driver which could create multiple virtual devices and mount image files.) - C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
[07/06/2016 01:31:06] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\Windows\system32\DRIVERS\kltap.sys
[19/03/2015 12:22:44] - (1.1.0.18) - (BlackBerry Limited - BlackBerry Virtual Private Network Driver) - C:\Windows\System32\Drivers\rimvndis6_AMD64.sys
[14/08/2013 04:32:08] - (1.0.11.0) - ( - Intel Keyboard Class Upper Filter Driver) - C:\Windows\system32\DRIVERS\ikbevent.sys
[13/03/2014 22:20:16] - (18.1.5.2) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\Windows\system32\DRIVERS\SynTP.sys
[19/05/2016 00:57:36] - (12.0.0.1) - (AO Kaspersky Lab - Keyboard Device Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klkbdflt.sys
[14/08/2013 04:32:12] - (1.0.11.0) - ( - Intel Mouse Class Upper Filter Driver) - C:\Windows\system32\DRIVERS\imsevent.sys
[07/06/2015 01:52:56] - (10.0.0.11) - (Kaspersky Lab ZAO - Mouse Device Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klmouflt.sys
[13/03/2014 22:20:16] - (18.1.5.2) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
[23/07/2013 22:58:56] - (6.0.5.1) - (Hewlett-Packard - HP Accelerometer) - C:\Windows\system32\DRIVERS\Accelerometer.sys
[23/07/2013 05:15:58] - (1.0.6.1) - (Hewlett-Packard Development Company, L.P. - HP Wireless Button Driver) - C:\Windows\System32\drivers\WirelessButtonDriver64.sys
[14/08/2013 04:32:12] - (1.0.8.0) - ( - Intel(R) Smart Connect Technology Device Driver) - C:\Windows\System32\drivers\ISCTD64.sys
[13/05/2014 09:09:52] - (1.0.27893.6128) - (CyberLink Corporation - CyberLink WebCam Virtual Driver) - C:\Windows\system32\DRIVERS\clwvd.sys
[23/06/2016 23:03:31] - (2.3.0.11) - (Research in Motion Ltd - RIM Virtual Serial Driver) - C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
[31/05/2016 23:24:06] - (12.0.0.1) - (AO Kaspersky Lab - Virtual Disk [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kldisk.sys
[13/05/2014 09:04:09] - (0.0.0.0) - ( -) - C:\Windows\System32\Drivers\INETMON.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) -> system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II 10 GigE VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - gagp30kx (@machine.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - hpdskflt (@oem23.inf,%service_desc%;HP Filter) -> system32\DRIVERS\hpdskflt.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - kl1 (kl1) -> system32\DRIVERS\kl1.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) -> system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - klelam (klelam) -> system32\DRIVERS\klelam.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2 () -> System32\drivers\lsi_sas2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3 () -> System32\drivers\lsi_sas3.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@machine.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - uagp35 (@machine.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - viaide () -> System32\drivers\viaide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> system32\DRIVERS\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - CLVirtualDrive (CLVirtualDrive) -> \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) -> system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klhk (@oem86.inf,%klhkDisplayName%;Kaspersky Lab service driver) -> \SystemRoot\System32\drivers\klhk.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) -> system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - KLIM6 (@oem73.inf,%KLIM6_Desc%;Kaspersky Anti-Virus NDIS 6 Filter) -> \SystemRoot\system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) -> system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klwfp (klwfp) -> \SystemRoot\system32\DRIVERS\klwfp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Klwtp (KLwtp - WFP callout traffic inspector) -> \SystemRoot\system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - kneps (kneps) -> \SystemRoot\system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> \SystemRoot\system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> \SystemRoot\system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> \SystemRoot\system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM (ZAM Helper Driver) -> \??\C:\Windows\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) -> \??\C:\Windows\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - kldisk (kldisk) -> \SystemRoot\system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> \SystemRoot\system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> \SystemRoot\system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> \SystemRoot\system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft Files whitelisted)

[MD5.AD508A1A46EC21B740AB31C28EFDFDB1] - [22/08/2013 12:27:45] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [106.34 Ko] - (5.1.0.51) - C:\Windows\System32\Drivers\3ware.sys
[MD5.F39180029723D7779C80360F9E255709] - [23/07/2013 22:58:56] - (.© Copyright 2001-2013 Hewlett-Packard Development Company, L.P. - HP Accelerometer.) - [42.3 Ko] - (6.0.5.1) - C:\Windows\System32\Drivers\Accelerometer.sys
[MD5.7C1FDF1B48298CBA7CE4BDD4978951AD] - [22/08/2013 12:31:07] - (.Copyright (C) PMC-Sierra 2001-2013 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [763.84 Ko] - (1.0.0.254) - C:\Windows\System32\Drivers\adp80xx.sys
[MD5.D2BF2F94A47D332814910FD47C6BBCD2] - [22/08/2013 12:31:07] - (.Copyright © 2008-2013 AMD, Inc. - AHCI 1.3 Device Driver.) - [77.34 Ko] - (1.1.4.14) - C:\Windows\System32\Drivers\amdsata.sys
[MD5.A8E04943C7BBA7219AA50400272C3C6E] - [22/08/2013 12:27:45] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\Windows\System32\Drivers\amdsbs.sys
[MD5.CEA5F4F27CFC08E3A44D576811B35F50] - [22/08/2013 12:31:07] - (.Copyright © 2008-2013 AMD, Inc. - Storage Filter Driver.) - [25.34 Ko] - (1.1.4.14) - C:\Windows\System32\Drivers\amdxata.sys
[MD5.65045784366F7EC5FB4E71BCF923187B] - [22/08/2013 12:31:07] - (.Copyright 2013 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [111.34 Ko] - (7.2.0.30261) - C:\Windows\System32\Drivers\arcsas.sys
[MD5.F8FE7E12F8151E0A17C23CF840599F9A] - [14/11/2013 09:59:42] - (.Copyright (C) 2000-2012, Broadcom Corporation. - Broadcom Bluetooth Firmware Download Filter.) - [166.71 Ko] - (12.0.0.8047) - C:\Windows\System32\Drivers\bcbtums.sys
[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - [22/08/2013 12:27:48] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [17.21 Ko] - (6.3.9391.6) - C:\Windows\System32\Drivers\bcmfn2.sys
[MD5.79B6BF28DD35C673D1B02D7D7D8C4827] - [13/05/2014 08:58:15] - (.1998-2012, Broadcom Corp. All Rights Rsvd - Broadcom 802.11 Network Adapter wireless driver.) - [7341.67 Ko] - (6.223.215.5) - C:\Windows\System32\Drivers\BCMWL63a.SYS
[MD5.D0C542D44800D6600ED04755F5106DE9] - [06/04/2016 16:08:42] - (.Copyright 2016 BlackBerry - BlackBerry CDC/NCM Driver.) - [35.51 Ko] - (1.0.0.38) - C:\Windows\System32\Drivers\blackberryncm6_AMD64.sys
[MD5.20C8EB70C0B179DF06A01CA503F4A824] - [05/09/2013 08:46:54] - (.Copyright (C) 2000-2012, Broadcom Corporation. - Broadcom Bluetooth USB AMP Filter for Windows Vista.) - [162.21 Ko] - (12.0.0.7820) - C:\Windows\System32\Drivers\btwampfl.sys
[MD5.0CBAC17B51CB0411938AB82240E4EEFA] - [10/09/2013 08:36:44] - (.Copyright (C) 2000-2012, Broadcom Corporation. - Bluetooth Serial Bus Driver.) - [147.21 Ko] - (12.0.0.7825) - C:\Windows\System32\Drivers\BtwSerialBus.sys
[MD5.A4A73F631FE2AA2826FBE4A399B04DEF] - [22/08/2013 12:27:55] - (.(c) COPYRIGHT 2001-2012 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [518.84 Ko] - (7.4.14.0) - C:\Windows\System32\Drivers\bxvbda.sys
[MD5.6D4391508AA902798259DE327DFDC621] - [15/11/2016 21:58:22] - (.Copyright © Connectify 2015 - Connectify NDISRD helper driver.) - [35.88 Ko] - (3.2.4.1) - C:\Windows\System32\Drivers\cfywlan1.sys
[MD5.5C646CAC91E086F7FF53C7F2E857F263] - [13/05/2014 09:17:55] - (.Copyright (C) 2011 CyberLink - It is a virtual device driver which could create multiple virtual devices and mount image files..) - [89.76 Ko] - (1.0.0.3512) - C:\Windows\System32\Drivers\CLVirtualDrive.sys
[MD5.9731DAFDC7B690B2C7752FDFF045BFD8] - [13/05/2014 09:09:52] - (.Copyright (C) 2009 CyberLink Corporation. - CyberLink WebCam Virtual Driver.) - [40.73 Ko] - (1.0.27893.6128) - C:\Windows\System32\Drivers\clwvd.sys
[MD5.B29A764A1E76473CD9D64C9438705C19] - [10/06/2016 06:41:26] - (.© 2016 AO Kaspersky Lab. - Cryptographic Module Driver x64 (56 bit).) - [233.34 Ko] - (4.0.74.0) - C:\Windows\System32\Drivers\cm_km.sys
[MD5.0E4142B0858B7F3F110E8BF8854062D7] - [15/11/2016 21:58:21] - (.Copyright Connectify© 2015 - CNNCTFY helper driver.) - [42.84 Ko] - (3.2.4.2) - C:\Windows\System32\Drivers\cnnctfy3.sys
[MD5.114BCFDF367FF37C3F1B0A96AF542E4D] - [22/08/2013 12:27:55] - (.(c) COPYRIGHT 2001-2013 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3278.34 Ko] - (7.4.33.1) - C:\Windows\System32\Drivers\evbda.sys
[MD5.E8E0D53AA910D8BC60A403E77DBA9B8C] - [14/03/2017 00:37:40] - (.(C) Malwarebytes. - Malwarebytes Anti-Ransomware Protection.) - [108.93 Ko] - (3.0.0.265) - C:\Windows\System32\Drivers\farflt.sys
[MD5.8B8E6BD988EAF18C1B86704BF05E5C03] - [23/07/2013 22:58:56] - (.© Copyright 2001-2013 Hewlett-Packard Development Company, L.P. - HP Disk Filter - SATA/RAID.) - [29.8 Ko] - (6.0.5.1) - C:\Windows\System32\Drivers\hpdskflt.sys
[MD5.A6AACEA4C785789BDA5912AD1FEDA80D] - [22/08/2013 12:27:45] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\Windows\System32\Drivers\HpSAMD.sys
[MD5.5D90E32E36CE5D4C535D17CE08AEAF05] - [22/08/2013 12:27:49] - (.Copyright © 2013, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [23.99 Ko] - (1.1.163.0) - C:\Windows\System32\Drivers\iaLPSSi_GPIO.sys
[MD5.DD05E7E80F52ADE9AEB292819920F32C] - [22/08/2013 12:27:49] - (.Copyright © 2013, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [96.99 Ko] - (1.1.163.0) - C:\Windows\System32\Drivers\iaLPSSi_I2C.sys
[MD5.4558F084BCB7EFA3E8321C95B4EE736F] - [08/11/2013 23:52:00] - (.Copyright(C) Intel Corporation 1994-2013 - Intel Rapid Storage Technology driver - x64.) - [617.35 Ko] - (12.8.9.1000) - C:\Windows\System32\Drivers\iaStorA.sys
[MD5.08BFE413B0B4AA8DFA4B5684CE06D3DC] - [22/08/2013 12:31:07] - (.Copyright(C) Intel Corporation 1994-2012 - Intel Rapid Storage Technology driver (inbox) - x64.) - [635.98 Ko] - (12.0.1.1018) - C:\Windows\System32\Drivers\iaStorAV.sys
[MD5.A2200C3033FA4EF249FC096A7A7D02A2] - [22/08/2013 12:31:07] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\Windows\System32\Drivers\iaStorV.sys
[MD5.142CFBE6ED0E498CCA7ABE8DD932C1AF] - [18/03/2014 22:59:24] - (.Copyright (c) 1998-2012 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [3642.5 Ko] - (10.18.10.3496) - C:\Windows\System32\Drivers\igdkmd64.sys
[MD5.E71AC94964ED675B3ED0727059B7F97B] - [14/08/2013 04:32:08] - (.Copyright (C) 2011 - 2013 Intel Corporation - Intel Keyboard Class Upper Filter Driver.) - [20.91 Ko] - (1.0.11.0) - C:\Windows\System32\Drivers\ikbevent.sys
[MD5.2FDB67F5B9F4E96B40FDC9D1AA0B686F] - [14/08/2013 04:32:12] - (.Copyright (C) 2011 - 2013 Intel Corporation - Intel Mouse Class Upper Filter Driver.) - [21.41 Ko] - (1.0.11.0) - C:\Windows\System32\Drivers\imsevent.sys
[MD5.3F2BB021CB280880F8C1B7A6FEF9B447] - [13/05/2014 09:04:09] - (.-.) - [28.41 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\INETMON.sys
[MD5.8E4044C6B71B2F837166F6EDB6BF9100] - [18/03/2014 22:59:02] - (.Intel(R) Corporation. - Intel(R) Display Audio Driver.) - [439.96 Ko] - (6.16.0.3135) - C:\Windows\System32\Drivers\IntcDAud.sys
[MD5.F0F581A2299CB2BAB1DF2597BCDDB80F] - [02/03/2014 02:12:29] - (.Copyright © 2013-2013, Intel Corporation. - Intel® WiDi Solution.) - [37.4 Ko] - (4.5.44.0) - C:\Windows\System32\Drivers\intelaud.sys
[MD5.4EE2423C38F43D37F8497A672FD10BDC] - [14/08/2013 04:32:12] - (.Copyright (C) 2011-2012 - Intel(R) Smart Connect Technology Device Driver.) - [45.48 Ko] - (1.0.8.0) - C:\Windows\System32\Drivers\ISCTD64.sys
[MD5.C2BC9AC9C6514230A481BDCA6A24BEFD] - [02/03/2014 02:12:30] - (.Copyright © 2013-2013, Intel Corporation. - Intel® WiDi Solution.) - [26.4 Ko] - (4.5.44.0) - C:\Windows\System32\Drivers\iwdbus.sys
[MD5.97E3E8F35632EECD0ABD2DE6519A9666] - [02/06/2016 03:43:38] - (.© 2016 AO Kaspersky Lab. - Kaspersky Unified Driver.) - [541.42 Ko] - (6.8.0.67) - C:\Windows\System32\Drivers\kl1.sys
[MD5.B01AD8DA034EE42D4C2282F77FDB03AE] - [07/06/2016 23:33:14] - (.© 2016 AO Kaspersky Lab. - Backup Disk Filter [fre_wnet_x64].) - [62.42 Ko] - (12.0.0.6) - C:\Windows\System32\Drivers\klbackupdisk.sys
[MD5.10549B5BFD9A3DCF4FFA6287236FA959] - [15/06/2016 00:23:44] - (.© 2016 AO Kaspersky Lab. - Backup File Filter [fre_win8_x64].) - [84.33 Ko] - (12.0.0.8) - C:\Windows\System32\Drivers\klbackupflt.sys
[MD5.7DAA9047F50BF5A3F8C147719FC520AF] - [31/05/2016 23:24:06] - (.© 2015 AO Kaspersky Lab. - Virtual Disk [fre_wnet_x64].) - [76.38 Ko] - (12.0.0.1) - C:\Windows\System32\Drivers\kldisk.sys
[MD5.5766A27C85EE813029831D125D2EFB45] - [31/03/2016 00:09:04] - (.© 2016 AO Kaspersky Lab. - Early Launch Anti-Malware Filter [fre_win8_x64].) - [28.12 Ko] - (12.0.0.6) - C:\Windows\System32\Drivers\klelam.sys
[MD5.2CBFFDD6325676C1DBD42C9F668B40EB] - [14/03/2017 20:07:43] - (.© 2016 AO Kaspersky Lab. - Filter Core [fre_win8_x64].) - [191.77 Ko] - (12.0.31.0) - C:\Windows\System32\Drivers\klflt.sys
[MD5.C2AED7EDBC43E8316513251C633FF546] - [20/06/2016 17:54:10] - (.© 2016 AO Kaspersky Lab. - klhk [fre_win8_x64].) - [497.78 Ko] - (12.0.111.62) - C:\Windows\System32\Drivers\klhk.sys
[MD5.9349AAE93762D6F23187E646D9BC00C9] - [14/03/2017 20:07:41] - (.© 2016 AO Kaspersky Lab. - Core System Interceptors [fre_win8_x64].) - [993.77 Ko] - (12.0.208.0) - C:\Windows\System32\Drivers\klif.sys
[MD5.6357C533C30650361110DBAF59A25DF8] - [20/06/2016 23:41:10] - (.© 2016 AO Kaspersky Lab. - Packet Network Filter [fre_win8_x64].) - [56.08 Ko] - (13.0.0.8) - C:\Windows\System32\Drivers\klim6.sys
[MD5.5480CC93737F48282552C84FA7EBA59B] - [19/05/2016 00:57:36] - (.© 2016 AO Kaspersky Lab. - Keyboard Device Filter [fre_win8_x64].) - [50.91 Ko] - (12.0.0.1) - C:\Windows\System32\Drivers\klkbdflt.sys
[MD5.FD47C92A63B6EADEA830BFA96C06EAEE] - [07/06/2015 01:52:56] - (.© 2015 Kaspersky Lab ZAO. - Mouse Device Filter [fre_win8_x64].) - [40.68 Ko] - (10.0.0.11) - C:\Windows\System32\Drivers\klmouflt.sys
[MD5.6B0C605591C892CBB683F63EA47822DC] - [31/05/2016 23:31:20] - (.© 2016 AO Kaspersky Lab. - Format Recognizer [fre_wnet_x64].) - [44.42 Ko] - (12.0.0.6) - C:\Windows\System32\Drivers\klpd.sys
[MD5.828B042A95F055648DA190DF6C7AB1B6] - [07/06/2016 01:31:06] - (.OpenVPN Technologies, Inc. - TAP-Windows Virtual Network Driver (NDIS 6.0).) - [50.93 Ko] - (9.0.0.21) - C:\Windows\System32\Drivers\kltap.sys
[MD5.4C5305295B51BA72FC9C8CDAB32F95C3] - [18/06/2016 01:36:24] - (.© 2016 AO Kaspersky Lab. - WFP Network Filter [fre_win8_x64].) - [83.32 Ko] - (12.0.0.11) - C:\Windows\System32\Drivers\klwfp.sys
[MD5.4799405773BB400A2FF96663CF0EE4A2] - [02/06/2016 22:39:42] - (.© 2016 AO Kaspersky Lab. - WFP Network Connection Filter Driver [fre_win8_x64].) - [133.22 Ko] - (12.0.0.39) - C:\Windows\System32\Drivers\klwtp.sys
[MD5.098D3EBDC599E05449A3BFB5BB519FE0] - [14/06/2016 17:47:52] - (.© 2016 AO Kaspersky Lab. - Network Processor [fre_wnet_x64].) - [194.72 Ko] - (12.0.0.22) - C:\Windows\System32\Drivers\kneps.sys
[MD5.C755AE4635457AA2A11F79C0DF857ABC] - [22/08/2013 12:27:45] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.84 Ko] - (1.34.3.82) - C:\Windows\System32\Drivers\lsi_sas.sys
[MD5.ADAC09CBE7A2040B7F68B5E5C9A75141] - [22/08/2013 12:27:45] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [91.34 Ko] - (2.0.60.82) - C:\Windows\System32\Drivers\lsi_sas2.sys
[MD5.04D1274BB9BBCCF12BD12374002AA191] - [22/08/2013 12:27:45] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen3 Driver (StorPort).) - [79.84 Ko] - (2.50.65.1) - C:\Windows\System32\Drivers\lsi_sas3.sys
[MD5.327469EEF3833D0C584B7E88A76AEC0C] - [22/08/2013 12:27:45] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\Windows\System32\Drivers\lsi_sss.sys
[MD5.ACB81E9F20882D2D2BEC7FF626E090AE] - [13/03/2017 23:41:44] - (.-.) - [75.59 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\mbae64.sys
[MD5.88BD122C3A35DE63D75D382DF75554CE] - [13/03/2017 23:42:09] - (.(C) Malwarebytes. - Malwarebytes Real-Time Protection.) - [42.94 Ko] - (3.0.0.83) - C:\Windows\System32\Drivers\mbam.sys
[MD5.835E1D6B5835EF70FC3BDF93ED42243A] - [13/03/2017 23:42:30] - (.(C) Malwarebytes. - Malwarebytes Chameleon.) - [181.94 Ko] - (3.0.0.155) - C:\Windows\System32\Drivers\MBAMChameleon.sys
[MD5.F8E8B0977741F114407494174522B71A] - [13/03/2017 23:42:01] - (.(C) Malwarebytes. - Malwarebytes SwissArmy.) - [245.94 Ko] - (4.2.0.108) - C:\Windows\System32\Drivers\MBAMSwissArmy.sys
[MD5.EA01AD547F3C4D8A841A113C857B440B] - [03/02/2015 10:00:16] - (.2012 Fortinet Inc. - Malware Detection and Removal Engine Driver.) - [91.72 Ko] - (2.0.52.0) - C:\Windows\System32\Drivers\mdare64_54.sys
[MD5.67687829B08837CEFD802B72DFAD8E3C] - [18/11/2015 22:59:28] - (.2012 Fortinet Inc. - Malware Detection and Removal Engine Driver.) - [91.38 Ko] - (2.0.61.0) - C:\Windows\System32\Drivers\mdare64_63.sys
[MD5.EB5C03A070F30D64A6DF80E53B22F53F] - [22/08/2013 12:27:45] - (.Copyright © LSI Corporation 2013 - MEGASAS RAID Controller Driver for Windows.) - [55.34 Ko] - (6.3.9466.0) - C:\Windows\System32\Drivers\megasas.sys
[MD5.F6F13533196DE7A582D422B0241E4363] - [22/08/2013 12:27:45] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\Windows\System32\Drivers\megasr.sys
[MD5.81AB6B6A13CD0FF378FC8EAE61B21E4D] - [13/12/2012 07:19:54] - (.Copyright (C) MediaTek Inc.. - MediaTek Mobile Broadband NDIS 6.20 Miniport Driver.) - [204 Ko] - (1.12.44.0) - C:\Windows\System32\Drivers\mtkmbim7_x64.sys
[MD5.B8C35C94DCB2DFEAF03BB42131F2F77F] - [22/08/2013 12:27:45] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1015) - C:\Windows\System32\Drivers\mvumis.sys
[MD5.71C365620D484750948664AA4A579AB3] - [13/03/2017 23:42:19] - (.(C) Malwarebytes. - Malwarebytes Web Protection.) - [89.93 Ko] - (3.0.0.138) - C:\Windows\System32\Drivers\mwac.sys
[MD5.BC6B5942AFF25EBAF62DE43C3807EDF8] - [22/08/2013 12:31:09] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.22) - C:\Windows\System32\Drivers\nvraid.sys
[MD5.1F43ABFFAC3D6CA356851D517392966E] - [22/08/2013 12:31:09] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [164.34 Ko] - (10.6.0.22) - C:\Windows\System32\Drivers\nvstor.sys
[MD5.B0E7D5D2CFAA6ED5F20EB8B84A35E593] - [21/03/2011 12:54:24] - (.2006-2009 Fortinet Inc., Fortinet Inc. - pppop.) - [41.53 Ko] - (2009.7.14.0) - C:\Windows\System32\Drivers\pppop64.sys
[MD5.344604E6913BD6E4EAEC34AF2E0943D7] - [23/06/2016 23:03:31] - (.Copyright (c) 2011 Research in Motion Ltd - RIM Virtual Serial Driver.) - [43.5 Ko] - (2.3.0.11) - C:\Windows\System32\Drivers\RimSerial_AMD64.sys
[MD5.968897C7F8184E2534F14B9B10BCFB72] - [06/05/2014 09:21:02] - (.Copyright 2014 BlackBerry Limited - BlackBerry Device Driver.) - [78 Ko] - (4.2.0.32) - C:\Windows\System32\Drivers\RimUsb_AMD64.sys
[MD5.8D5E629E39FD2A36ADF963BBAECC15D2] - [19/03/2015 12:22:44] - (.Copyright 2015 BlackBerry Limited - BlackBerry Virtual Private Network Driver.) - [18 Ko] - (1.1.0.18) - C:\Windows\System32\Drivers\rimvndis6_AMD64.sys
[MD5.7CC0D898D00675F14BA0C4BF056C1CF4] - [13/05/2014 08:55:17] - (.Copyright (C) 2013 Realtek Semiconductor Corporation. All Right Reserved. - Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver .) - [820.21 Ko] - (8.24.1218.2013) - C:\Windows\System32\Drivers\Rt630x64.sys
[MD5.44ED7064A8CFF33E6D2BCC81412145F7] - [13/05/2014 08:53:54] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [3850.96 Ko] - (6.0.1.7231) - C:\Windows\System32\Drivers\RTKVHD64.sys
[MD5.A5A0BBC875A1E50E29ED02E21A8FA13E] - [13/05/2014 08:53:12] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8.) - [305.71 Ko] - (6.3.9600.27047) - C:\Windows\System32\Drivers\RtsBaStor.sys
[MD5.6A940599A059C6C9D6E54D7A3EF356B8] - [13/05/2014 08:53:12] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8.) - [284.71 Ko] - (6.3.9600.29075) - C:\Windows\System32\Drivers\RtsP2Stor.sys
[MD5.8E255394255FB64DB7D31DD3D08F68A6] - [13/05/2014 08:53:12] - (.Copyright © Realtek Semiconductor Corporation 2013 - RTS PCIE READER Driver.) - [455.21 Ko] - (6.3.9600.21247) - C:\Windows\System32\Drivers\RtsPer.sys
[MD5.D23399622ED6692BF6AA1D30322345FC] - [13/05/2014 08:53:12] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8.) - [350.71 Ko] - (6.3.9600.28150) - C:\Windows\System32\Drivers\RtsPStor.sys
[MD5.14182642967B8751F3717E94FC90DF48] - [13/05/2014 08:53:12] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Win8.) - [264.71 Ko] - (6.3.9600.30174) - C:\Windows\System32\Drivers\RtsUStor.sys
[MD5.B0B2C5F4D0A41FAAE7F2DD51C889CC13] - [13/05/2014 08:53:12] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Win8.) - [324.21 Ko] - (6.3.9600.39057) - C:\Windows\System32\Drivers\RtsUVStor.sys
[MD5.3EA8A16169C26AFBEB544E0E48421186] - [22/08/2013 21:06:40] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [22.5 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys
[MD5.2F518D13DD6F3053837FE606F1A2EA1F] - [22/08/2013 12:31:09] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys
[MD5.1AC9A200A9C49C4508F04AAFFCA34A3F] - [22/08/2013 12:31:09] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys
[MD5.13DFE743C3AF65458F5C7777A9B16CCC] - [13/03/2014 22:20:14] - (.Copyright (C) Synaptics Incorporated 1996-2014 - Synaptics SMBus Driver.) - [29.73 Ko] - (18.1.5.2) - C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys
[MD5.3D3A01F8499FD703513A33ED0C8921C2] - [13/03/2014 22:20:16] - (.Copyright (C) Synaptics Incorporated 1996-2014 - Synaptics SMBus Driver.) - [30.73 Ko] - (18.1.5.2) - C:\Windows\System32\Drivers\Smb_driver_Intel.sys
[MD5.73BDD44A6088916964945886F9025409] - [22/01/2014 08:52:10] - (.Copyright (c) DEVGURU 2002-2008.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) - [106.25 Ko] - (2.11.7.0) - C:\Windows\System32\Drivers\ssudbus.sys
[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - [22/01/2014 08:52:10] - (.Copyright (c) DEVGURU 2002-2008. (www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) - [201.25 Ko] - (2.11.7.0) - C:\Windows\System32\Drivers\ssudmdm.sys
[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - [22/08/2013 12:27:45] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\Windows\System32\Drivers\stexstor.sys
[MD5.12711DAB3FCCC1649FE149B61C26C80A] - [13/03/2014 22:20:16] - (.Copyright (C) Synaptics Incorporated 1996-2014 - Synaptics Touchpad Win64 Driver.) - [528.73 Ko] - (18.1.5.2) - C:\Windows\System32\Drivers\SynTP.sys
[MD5.EB1D78140D6634C32A46AB1006105EDC] - [10/12/2013 20:57:36] - (.Copyright © 2006-2013, Intel Corporation. - Intel(R) Management Engine Interface.) - [97.96 Ko] - (9.5.24.1790) - C:\Windows\System32\Drivers\TeeDriverx64.sys
[MD5.C44D96B1CDDE705B23F55AB423CCA73D] - [29/03/2010 17:31:18] - (.Copyright © 2010 Texas Instruments - tinspusb.sys.) - [139.5 Ko] - (1.0.1.0) - C:\Windows\System32\Drivers\tinspusb.sys
[MD5.0D5A09B08568760AE85A801FCBC0F83D] - [19/03/2017 14:03:05] - (.-.) - [27.61 Ko] - (2.0.2.0) - C:\Windows\System32\Drivers\TrueSight.sys
[MD5.CABA2C0BBBDA1410EB18D4C7C574F355] - [18/07/2016 12:40:22] - (.Copyright (C) MediaTek Inc. - MediaTek USB to Com Port Driver.) - [79.5 Ko] - (1.0.1244.0) - C:\Windows\System32\Drivers\usb2ser.sys
[MD5.06D38968028E9AB19DE9B618C7B6D199] - [22/08/2013 17:52:58] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [19.34 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys
[MD5.4539F45F9F4C9757A86A56C949421E07] - [22/08/2013 12:31:09] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [164.84 Ko] - (7.0.9200.6320) - C:\Windows\System32\Drivers\vsmraid.sys
[MD5.0849B7260F26FE05EA56DED0672E2F4B] - [22/08/2013 12:31:10] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\Windows\System32\Drivers\VSTXRAID.SYS
[MD5.A3D04EBF5227886029B4532F20D026F7] - [27/01/2015 00:23:46] - (.(C) 2006-2008 Western Digital Technologies - WD SCSI Architecture Model (SAM) driver.) - [14.13 Ko] - (1.0.7.2) - C:\Windows\System32\Drivers\wdcsam64.sys
[MD5.4F2A80D65AE6F845776E2F06AE6782ED] - [23/07/2013 05:15:58] - (.Copyright (C) 2000-2012 Hewlett-Packard Development Company, L.P. - HP Wireless Button Driver.) - [20.31 Ko] - (1.0.6.1) - C:\Windows\System32\Drivers\WirelessButtonDriver64.sys
[MD5.21E13F2CB269DEFEAE5E1D09887D47BB] - [20/03/2017 00:10:50] - (.Zemana Ltd. - ZAM.) - [198.91 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\zam64.sys
[MD5.21E13F2CB269DEFEAE5E1D09887D47BB] - [20/03/2017 00:10:50] - (.Zemana Ltd. - ZAM.) - [198.91 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\zamguard64.sys
[MD5.0D58FE0B853A1FD3D626F5118CE79F8F] - [27/03/2015 15:09:24] - (.Copyright © 1998 - ezusb.) - [17.02 Ko] - (1.20.0.0) - C:\Windows\Syswow64\Drivers\ezusb.sys
[MD5.A1124EBC672AA3AE1B327096C1DCC346] - [27/03/2015 15:09:55] - (.Copyright © 2003 Texas Instruments Incorporated - tiehdusb.sys.) - [48.38 Ko] - (1.5.0.0) - C:\Windows\Syswow64\Drivers\tiehdusb.sys
[MD5.9969E105B350D0F7CF03956FC4DC5407] - [27/03/2015 15:09:55] - (.Copyright © 2000 by Walter Oney - WDM stub functions for Windows 98.) - [11.25 Ko] - (5.0.0.6) - C:\Windows\Syswow64\Drivers\wdmstub.sys
[MD5.097A8291DF541F9B9AF2C500797CDCAA] - [27/03/2015 15:09:25] - (.Copyright © Jungo 1997 - 2006 - WinDriver Device Driver 8.11.) - [189.81 Ko] - (8.1.1.0) - C:\Windows\Syswow64\Drivers\windrvr6.sys

---------- | Uninstall

[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GeoGebra 5] : (GeoGebra 5.-.International GeoGebra Institute) -> "C:\Users\HP-PC\GeoGebra 5.0\uninstaller.exe"
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MiKTeX 2.9] : (MiKTeX 2.9.-.MiKTeX.org) -> "C:\Users\HP-PC\AppData\Local\Programs\MiKTeX 2.9\miktex/bin/internal\copystart.exe" "C:\Users\HP-PC\AppData\Local\Programs\MiKTeX 2.9\miktex/bin/internal\uninstall.exe"
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SmartDraw CI] : (.-.SmartDraw, LLC) -> "C:\SMARTD~1\Uninstall.exe" "C:\SMARTD~1\Install.log" SmartDraw Uninstall
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1] : (RescueTime 2.12.5.1490.-.RescueTime.com) -> "C:\Users\HP-PC\AppData\Local\RescueTime\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\8B3D7924-ED89-486B-8322-E8594065D5CB_is1] : (RogueKiller version 12.10.0.0.-.Adlice Software) -> "C:\Program Files\RogueKiller\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Broadcom 802.11 Network Adapter] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Broadcom 802.11 Wireless LAN Adapter] : (Broadcom 802.11 Wireless LAN Adapter.-.Broadcom Corporation) -> "C:\Program Files\Broadcom\Broadcom 802.11\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11" driver
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Broadcom Wireless Utility] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Everything] : (Everything 1.3.4.686 (x64).-.) -> C:\Program Files\Everything\Uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SynTPDeinstKey] : (Synaptics Pointing Device Driver.-.Synaptics Incorporated) -> rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinDjView] : (WinDjView 2.0.1.-.Andrew Zhezherun) -> C:\Program Files\WinDjView\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.10 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\_{4DC318F5-1640-4417-A218-912ED9905FAA}] : (Corel Graphics - Windows Shell Extension.-.Corel Corporation) -> c:\Program Files\Common Files\Corel\Shared\Shell Extension\x64\ShellUninst.exe -ProductCode {4DC318F5-1640-4417-A218-912ED9905FAA} -arp
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0A1B4690-E176-4533-8058-939480AEE1D0}] : (Broadcom Bluetooth Drivers.-.Broadcom Corporation) -> MsiExec.exe /X{0A1B4690-E176-4533-8058-939480AEE1D0}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86418025F0}] : (Java 8 Update 25 (64-bit).-.Oracle Corporation) -> MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F86418025F0}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}] : (Inst5675.-.Softex Inc.) -> MsiExec.exe /I{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{314FAD12-F785-4471-BCE8-AB506642B9A1}] : (HP SimplePass.-.Hewlett-Packard) -> MsiExec.exe /X{314FAD12-F785-4471-BCE8-AB506642B9A1}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.0.6.1469.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}] : (HP Utility Center.-.Hewlett-Packard Company) -> MsiExec.exe /I{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}] : (Corel Graphics - Windows Shell Extension 32 Bit.-.Corel Corporation) -> MsiExec.exe /I{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{409CB30E-E457-4008-9B1A-ED1B9EA21140}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe" -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}] : (Energy Star.-.Hewlett-Packard Company) -> MsiExec.exe /I{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4DC318F5-1640-4417-A218-912ED9905FAA}] : (Corel Graphics - Windows Shell Extension.-.Corel Corporation) -> MsiExec.exe /X{4DC318F5-1640-4417-A218-912ED9905FAA}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{51AC86D3-C431-48AD-9195-0D6C930D07CD}] : (Intel(R) Smart Connect Technology.-.Intel Corporation) -> MsiExec.exe /I{51AC86D3-C431-48AD-9195-0D6C930D07CD}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}] : (HP Postscript Converter.-.Hewlett-Packard) -> MsiExec.exe /I{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}] : (DisableMSDefender.-.Hewlett-Packard Company) -> MsiExec.exe /I{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{878F6913-7421-4713-97F7-0A736EE2A188}] : (Inst5676.-.Softex Inc.) -> MsiExec.exe /I{878F6913-7421-4713-97F7-0A736EE2A188}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9E9C290F-18E8-412D-B4F2-6CD6B45E47C0}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{9E9C290F-18E8-412D-B4F2-6CD6B45E47C0}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B5E06417-A4AC-4225-B36E-7E34C91616E7}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{B5E06417-A4AC-4225-B36E-7E34C91616E7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1] : (BDAntiRansomware.-.Bitdefender) -> "C:\Program Files\Bitdefender\Tools\BDAntiRansomware\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}] : (HP Registration Service.-.Hewlett-Packard) -> MsiExec.exe /X{D1E8F2D7-7794-4245-B286-87ED86C1893C}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D1F9117F-7187-4734-B105-8EEB4B2A3696}_is1] : (MMX200G Netwarrior Manager V20090909.-.Micromax Informatics Limited) -> "C:\Program Files\Micromax 200G USB Modem\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E8A34AC8-0137-4515-A94B-0A0946DDC251}] : (Scan To.-.HP) -> MsiExec.exe /I{E8A34AC8-0137-4515-A94B-0A0946DDC251}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\9-lab Removal Tool] : (9-lab Removal Tool.-.) -> "C:\Program Files\9-lab\Removal Tool\uninst.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Photoshop CS4_is1] : (Adobe Photoshop CS4.-.Adobe Systems Incorporated) -> "C:\Program Files (x86)\Adobe\Photoshop CS4\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Shockwave Player] : (Adobe Shockwave Player 12.0.-.Adobe Systems, Inc.) -> "C:\windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Broad Mobi HSPA Modem Normal Version_is1] : (D-Link Connection Manager v7.0.1IN.-.) -> "C:\Program Files (x86)\D-Link Connection Manager\uninst\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DjVu Solo 3.1] : (DjVu Solo 3.1.-.) -> C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\LizardTech\DjVu Solo 3.1\Uninst.isu"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DSMT6] : (MathType 6.-.Design Science, Inc.) -> "C:\Program Files (x86)\MathType\Setup.exe" -R
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ESET Online Scanner] : (ESET Online Scanner v3.-.) -> C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\Installer\setup.exe" --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Graph_is1] : (Graph 4.3.-.Ivan Johansen) -> "C:\Program Files (x86)\Graph\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IB Questionbank IB_MH] : (IB Questionbank Maths HL.-.) -> C:\PROGRA~2\IBQUES~1\UNWISE32.EXE C:\PROGRA~2\IBQUES~1\IB_MH.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IB Questionbank IB_PH] : (IB Questionbank Physics.-.) -> C:\PROGRA~2\IBQUES~1\UNWISE32.EXE C:\PROGRA~2\IBQUES~1\IB_PH.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}] : (CyberLink YouCam.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}] : (CyberLink Media Suite 10.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}] : (CyberLink Power2Go 8.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}] : (HP SimplePass.-.Hewlett-Packard) -> "C:\Program Files (x86)\InstallShield Installation Information\{314FAD12-F785-4471-BCE8-AB506642B9A1}\setup.exe" -runfromtemp -l0x0409 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}] : (Cyberlink PhotoDirector.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{39337565-330E-4ab6-A9AE-AC81E0720B10}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}] : (CyberLink PowerDirector 10.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}] : (CyberLink PowerDVD 12.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{1CF84962-50F8-48CA-9082-B70F3A02C686} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (Kaspersky Total Security.-.Kaspersky Lab) -> MsiExec.exe /I{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.7)] : (Mozilla Firefox (3.5.7).-.Mozilla) -> C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OSP Tracker] : (Tracker.-.Open Source Physics) -> C:\Program Files (x86)\Tracker\uninstall_Tracker.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Picasa 3] : (Picasa 3.-.Google, Inc.) -> "C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SHAREit_is1] : (SHAREit.-.Lenovo) -> "C:\Program Files (x86)\SHAREit\SHAREit\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\slitherlink_is1] : (slitherlink version 1.0.-.) -> "C:\Program Files (x86)\slitherlink\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Texmaker] : (Texmaker.-.) -> C:\Program Files (x86)\Texmaker\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VPython for Python 2.7_is1] : (VPython 6.11.-.) -> "C:\Python27\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres] : (.-.WildTangent, Inc.) -> "C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-main] : (.-.WildTangent, Inc.) -> "C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - main\Uninstall.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WildTangentGDF-hp-doubledowncasinosocial] : (.-.WildTangent) -> "C:\Program Files (x86)\WildTangent Games\Web Link - DoubleDown Casino\Uninstall.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WildTangentGDF-hp-dragonsofatlantis] : (.-.WildTangent) -> "C:\Program Files (x86)\WildTangent Games\Web Link - Dragons Of Atlantis\Uninstall.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}] : (CyberLink YouCam.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}] : (HP Customer Experience Enhancements.-.Hewlett-Packard) -> MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}] : (HP Documentation.-.Hewlett-Packard) -> MsiExec.exe /X{082B1425-0F24-43FA-9B64-E8F617B0AD3B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A10532B-CC99-415C-A51F-B8418DE7A395}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{1CF84962-50F8-48CA-9082-B70F3A02C686}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1D657FA2-4C53-4CCB-8903-C86AD9338D8F}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}] : (BlackBerry Blend.-.BlackBerry Ltd.) -> MsiExec.exe /I{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}] : (BlackBerry Device Drivers.-.BlackBerry Ltd.) -> MsiExec.exe /I{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}] : (CyberLink Media Suite 10.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}] : (CyberLink Power2Go 8.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}] : (HP Wireless Button Driver.-.Hewlett-Packard Company) -> MsiExec.exe /X{30B2D1D8-0A07-4B71-9553-0710C5D31E35}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{314FAD12-F785-4471-BCE8-AB506642B9A1}] : (.-.Softex Inc.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{39337565-330E-4ab6-A9AE-AC81E0720B10}] : (Cyberlink PhotoDirector.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{39337565-330E-4ab6-A9AE-AC81E0720B10}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3D8B9E90-B711-4F60-A181-7CE80B2D6F89}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40201846-B6BD-4858-A993-85030D1FF675}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{412F6426-A3C7-11E3-8A71-00163E98E7D6}] : (Evernote v. 5.2.-.Evernote Corp.) -> MsiExec.exe /X{412F6426-A3C7-11E3-8A71-00163E98E7D6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}] : (BlackBerry Link Remover.-.BlackBerry Ltd.) -> MsiExec.exe /I{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}] : (BlackBerry Communication Drivers.-.BlackBerry Ltd.) -> MsiExec.exe /I{46CD5A63-0C1F-45C3-B643-CA87A17275C0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4715760F-AF61-494C-A699-7DF5D29A03A8}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A3579A7-8A6A-4F07-8EFD-9E1DD7605864}_is1] : (Connected Music powered by Universal Music Group version 1.0.-.Universal Music India) -> "C:\Program Files (x86)\Connected Music powered by Universal Music Group\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{51C7AD07-C3F6-4635-8E8A-231306D810FE}] : (Cisco LEAP Module.-.Cisco Systems, Inc.) -> MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] : (swMSM.-.Adobe Systems, Inc) -> MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}] : (Cisco EAP-FAST Module.-.Cisco Systems, Inc.) -> MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{65386E59-7F41-4843-AC59-B57C57439BB8}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{697DD5FE-79B0-4F3B-9555-24B0B167DF03}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}] : (Hewlett-Packard ACLM.NET v1.2.2.3.-.Hewlett-Packard Company) -> MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{79F081BF-7454-43DB-BD8F-9EE596813232}] : (Python 2.7.9.-.Python Software Foundation) -> MsiExec.exe /I{79F081BF-7454-43DB-BD8F-9EE596813232}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7D66971C-652B-4065-A6B1-B3EE313C254B}] : (BlueJ.-.BlueJ Team) -> MsiExec.exe /X{7D66971C-652B-4065-A6B1-B3EE313C254B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver.-.Realtek) -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}] : (HP Support Assistant.-.Hewlett-Packard Company) -> "C:\Program Files (x86)\InstallShield Installation Information\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}\setup.exe" -runfromtemp -l0x0409 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1] : (Zemana AntiMalware.-.Zemana Ltd.) -> "C:\Program Files (x86)\Zemana AntiMalware\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9D50B374-147A-41E1-B2FD-A76C0A9916E9}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{a0642dd3-1105-464b-84c8-caaf676c39c8}] : (BlackBerry 10 Desktop Software.-.BlackBerry) -> "C:\ProgramData\Package Cache\{a0642dd3-1105-464b-84c8-caaf676c39c8}\BlackBerryDesktopSoftware.exe" /uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824211354}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824211354}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}] : (Adobe Reader XI (11.0.19).-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AD6A8057-680B-459E-84D6-13A880A3575C}] : (Autograph 3.3.-.Eastmond Publishing Ltd.) -> MsiExec.exe /I{AD6A8057-680B-459E-84D6-13A880A3575C}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}] : (CyberLink PowerDirector 10.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}] : (CyberLink PowerDVD 12.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C42468F9-9812-4550-A54B-5DDB062EB10F}] : (BlackBerry Link.-.BlackBerry) -> MsiExec.exe /I{C42468F9-9812-4550-A54B-5DDB062EB10F}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CBE48FF8-521A-4AE1-92B5-7008D8529630}] : (Logger Pro 3.6.1.-.Vernier Software & Technology) -> C:\Program Files (x86)\InstallShield Installation Information\{CBE48FF8-521A-4AE1-92B5-7008D8529630}\setup.exe -runfromtemp -l0x0009 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D22761B2-44C4-44D5-9F23-7DAB4DF56655}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}] : (Intel(R) C++ Redistributables for Windows* on Intel(R) 64.-.Intel Corporation) -> MsiExec.exe /X{D2437C5C-2D8C-40D2-8059-689AD7239FA3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D8F984D3-79C1-4AD0-8E27-1F4528BC1712}] : (HP Recovery Manager.-.Hewlett-Packard) -> MsiExec.exe /I{D8F984D3-79C1-4AD0-8E27-1F4528BC1712}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1] : (Apowersoft Screen Recorder Pro V2.1.1.-.APOWERSOFT LIMITED) -> "C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DEF23826-DB71-4654-BC00-D5D6C20802EA}] : (HP System Event Utility.-.Hewlett-Packard Company) -> MsiExec.exe /I{DEF23826-DB71-4654-BC00-D5D6C20802EA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (Kaspersky Total Security.-.Kaspersky Lab) -> MsiExec.exe /I{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}] : (HP CoolSense.-.Hewlett-Packard Company) -> MsiExec.exe /I{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E6F7EDC4-6271-4560-A22B-F13BC710F47B}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}] : (Cisco PEAP Module.-.Cisco Systems, Inc.) -> MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{f761359c-9ced-45ae-9a51-9d6605cd55c4}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F7CA0FDB-0C97-480B-A532-2A579917CFDB}] : (Standard ML of New Jersey.-.University of Chicago) -> MsiExec.exe /X{F7CA0FDB-0C97-480B-A532-2A579917CFDB}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F90A86C9-7779-47DD-AC06-8EE832C55F55}] : (HP 3D DriveGuard.-.Hewlett-Packard Company) -> MsiExec.exe /X{F90A86C9-7779-47DD-AC06-8EE832C55F55}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.30.-.Skype Technologies S.A.) -> MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6}

---------- | Installer

[HKCR\Installer\Products\0694AF70830BBE9498B1F95939A05A44] : HP Customer Experience Enhancements -> C:\windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0964B1A0671E33540885394908EA1E0D] : Broadcom Bluetooth Drivers -> C:\Windows\Installer\{0A1B4690-E176-4533-8058-939480AEE1D0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0A93EF4767BFDC7448AB192EBB1BE72F] : DisableMSDefender
[HKCR\Installer\Products\10C24AD12DE4E4B49BC081CFAB21CF14] : BlackBerry Blend
[HKCR\Installer\Products\21DAF413587F1744CB8EBA0566249B1A] : HP SimplePass -> C:\windows\Installer\{314FAD12-F785-4471-BCE8-AB506642B9A1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\26948FC18F05AC8409287BF0A3206C68] : Kaspersky Secure Connection -> C:\Windows\Installer\{1CF84962-50F8-48CA-9082-B70F3A02C686}\setup2.ico
[HKCR\Installer\Products\2C0D8C2E79C150C439A9B5310AEF56C5] : HP CoolSense -> C:\windows\Installer\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\2D6F4B0BEA2FA1544969F6F2A698B723] : PowerDirector -> C:\Windows\Installer\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3196F87812473174797FA037E62E1A88] : Inst5676 -> C:\windows\Installer\{878F6913-7421-4713-97F7-0A736EE2A188}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\36A5DC64F1C03C546B34AC781A27570C] : BlackBerry Communication Drivers
[HKCR\Installer\Products\3D489F8D1C970DA4E872F15482CB7121] : HP Recovery Manager -> C:\windows\Installer\{D8F984D3-79C1-4AD0-8E27-1F4528BC1712}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\3D68CA15134CDA841959D0C639D070DC] : Intel(R) Smart Connect Technology -> C:\Windows\Installer\{51AC86D3-C431-48AD-9195-0D6C930D07CD}\ISCT.ico
[HKCR\Installer\Products\42C6FBF1Df1C10144AB2C065F4E9E897] : Media Suite -> C:\Windows\Installer\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2681408520F] : Java 8 Update 25 (64-bit)
[HKCR\Installer\Products\5241B28042F0AF34B9468E6F710BDAB3] : HP Documentation -> C:\Windows\Installer\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}\NotebookDocs.exe
[HKCR\Installer\Products\56573393E0336ba49AEACA180E27B001] : PhotoDirector -> C:\Windows\Installer\{39337565-330E-4ab6-A9AE-AC81E0720B10}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5D6775DE4B957B64FA18F5D2497D6C04] : Cisco PEAP Module
[HKCR\Installer\Products\5E0946F10457D624CBE1BE750BFBC083] : BlackBerry Device Drivers
[HKCR\Installer\Products\5F813CD4046171442A8119E29D09F5AA] : Corel Graphics - Windows Shell Extension -> c:\Windows\Installer\{4DC318F5-1640-4417-A218-912ED9905FAA}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6246F2147C3A3E11A8170061E3897E6D] : Evernote v. 5.2 -> C:\windows\Installer\{412F6426-A3C7-11E3-8A71-00163E98E7D6}\Evernote.ico
[HKCR\Installer\Products\62832FED17BD4564CB005D6D2C8020AE] : HP System Event Utility -> C:\windows\Installer\{DEF23826-DB71-4654-BC00-D5D6C20802EA}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\63AEB64B17B0E4A4EA1478426134AFA0] : PowerDVD -> C:\Windows\Installer\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA408033019195008142123145] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824211354}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA73301B744BA0000000010] : Adobe Reader XI (11.0.19) -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
[HKCR\Installer\Products\6B2AC564FA8977E4EB229A803CB49BCE] : Energy Star -> C:\Windows\Installer\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\6D6E41E65713A1E49B43AC5B8A3676DC] : HP Postscript Converter
[HKCR\Installer\Products\701043F6AA9F6C745BC43C1AF91155F3] : Hewlett-Packard ACLM.NET v1.2.2.3 -> C:\windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\70DA7C156F3C5364E8A83231608D01EF] : Cisco LEAP Module
[HKCR\Installer\Products\71460E5BCA4A52243BE6E7439C61617E] : Intel® Trusted Connect Service Client
[HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.30 -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
[HKCR\Installer\Products\7508A6DAB086E954486D318A083A75C5] : Autograph 3.3 -> C:\Windows\Installer\{AD6A8057-680B-459E-84D6-13A880A3575C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7810FB462D3FB89499AE61A39FEAE69C] : Cisco EAP-FAST Module
[HKCR\Installer\Products\7C43C21609E58D74B9C5F017D78D7262] : swMSM -> C:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7D2F8E1D497754242B6878DE681C98C3] : HP Registration Service -> C:\Windows\Installer\{D1E8F2D7-7794-4245-B286-87ED86C1893C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8994BF104C33134458DE70E9E3FE7ED5] : YouCam -> C:\Windows\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8CA43A8E731051549AB4A09064DD2C15] : Scan To
[HKCR\Installer\Products\8D1D2B0370A017B4593570015C3DE153] : HP Wireless Button Driver -> C:\Windows\Installer\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
[HKCR\Installer\Products\9A1EA4B3620C80D40840ADA9584A114A] : Corel Graphics - Windows Shell Extension 32 Bit -> c:\Windows\Installer\{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9C68A09F9777DD74CA60E88E235CF555] : HP 3D DriveGuard -> C:\Windows\Installer\{F90A86C9-7779-47DD-AC06-8EE832C55F55}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9F86424C218905545AB4D5BD60E21BF0] : BlackBerry Link
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\B4B696C81BA6CB44496169AE4C47ACEB] : HP Support Assistant -> C:\windows\Installer\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\B7D1B72E43B32A34F90C89825DFD642E] : Kaspersky Total Security -> C:\Windows\Installer\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}\setup2.ico
[HKCR\Installer\Products\BAC56D448CB17B74FBB5E38B6BBB2067] : BlackBerry Link Remover
[HKCR\Installer\Products\C17966D7B25656046A1B3BEE13C352B4] : BlueJ
[HKCR\Installer\Products\C5C7342DC8D22D04089586A97D32F93A] : Intel(R) C++ Redistributables for Windows* on Intel(R) 64 -> C:\Windows\Installer\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C7426ED27707B154B87AFF1D2ABABB74] : Inst5675 -> C:\windows\Installer\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D84D78A2FDF3df1479DC1A3E07FEFF2E] : Power2Go -> C:\Windows\Installer\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F092C9E98E81D2144B2FC66D4BE5740C] : Intel(R) Rapid Storage Technology
[HKCR\Installer\Products\F5C08F63D0CD4FD4FA90CD81760FBEA0] : HP Utility Center -> C:\Windows\Installer\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater
[HKCR\Installer\Products\FB180F974547BD34DBF8E95E69182323] : Python 2.7.9

---------- | ADS


---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : Impossible to extract !!!!!

---------- | 20 LastEventLog

Activation context generation failed for "C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
------------

Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x504
Faulting application start time: 0x01d2a1649c7b7a97
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: e3ebca20-0d57-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:
------------

Activation context generation failed for "C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
------------

Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x1678
Faulting application start time: 0x01d2a15475edcf32
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: c669793d-0d57-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:
------------

There was an error with the Windows Location Provider database
------------

Activation context generation failed for "C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
------------

Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x1a44
Faulting application start time: 0x01d2a154585aab9a
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ab1fd5de-0d47-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:
------------

Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x914
Faulting application start time: 0x01d2a154423fcdeb
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 89cd7efe-0d47-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:
------------

Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x117c
Faulting application start time: 0x01d2a154021ea380
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 624f0d97-0d47-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:
------------

Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x18dc
Faulting application start time: 0x01d2a153d43455c0
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 3b316175-0d47-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:
------------

Activation context generation failed for "C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
------------

The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1474
Start Time: 01d2a152f499eceb
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: e997498b-0d46-11e7-82f9-a02bb859a5c2
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

------------

Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x1730
Faulting application start time: 0x01d2a1537783fcef
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ce4d881d-0d46-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:
------------

Activation context generation failed for "C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
------------

Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x134c
Faulting application start time: 0x01d2a152f20a4608
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 5f9f21f1-0d46-11e7-82f9-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:
------------

Activation context generation failed for "C:\Users\HP-PC\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
------------

Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075
Exception code: 0x0eedfade
Fault offset: 0x0000000000008a5c
Faulting process id: 0x9bc
Faulting application start time: 0x01d2a143f33068d6
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: a4501107-0d44-11e7-82f8-a02bb859a5c2
Faulting package full name:
Faulting package-relative application ID:
------------

The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1bac
Start Time: 01d2a14543b82cf7
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 392b69cb-0d39-11e7-82f8-a02bb859a5c2
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

------------

Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ebfab9cc-f78b-4905-a65b-4b4eb94b1200}
------------


----------( EOF)---------- - 4912 | 16:11:08

6383522C180BADC4E1D5C30A5C4F4913 \Program Files\desktop.ini
B0221E152F38E1E231BF2AF7E80F99E5 \Program Files\Everything\Changes.txt
FE18DDEA98D90DBF850AFCA0158ABEC8 \Program Files\Everything\Everything.exe
E161C6DC64F493DB361A706A50246449 \Program Files\Everything\Everything.ini
2B6ED08D9106F2465648B46D098EA24B \Program Files\Everything\Everything.lng
7C40ED77D115E2A00869A9170D9D8829 \Program Files\Everything\License.txt
9EA9E790C65E6FFD13311A517868049F \Program Files\Everything\Uninstall.exe
6B3C87E039BF7051A7CE2AA4D74EA69B \Program Files\Micromax 200G USB Modem\autorun_start.bat
6A5F592A293ECCE283C9E92897DC33EE \Program Files\Micromax 200G USB Modem\autorun_stop.bat
F3D4E3183473253CF9FF0C9D91AAE891 \Program Files\Micromax 200G USB Modem\EdgeModem-DrvSrv.exe
E064C143B725C3CF8AD4A3BE337F533E \Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe
57EB555C897318FCC4C8D3CCAF43FEDF \Program Files\Micromax 200G USB Modem\EdgeModem.exe
B492D7BC6F7376193190B0DB1687E00D \Program Files\Micromax 200G USB Modem\install_service.bat
6F73334675693392744C67E9AB08072E \Program Files\Micromax 200G USB Modem\MainIcon.ico
AF270C69F0F44D7D5626695F2BD8EC3A \Program Files\Micromax 200G USB Modem\remove_service.bat
E6E6110923B9FAB5C1DF9B75C72B4665 \Program Files\Micromax 200G USB Modem\unins000.dat
26A1930CB9695E6E0F272A968063A1FA \Program Files\Micromax 200G USB Modem\unins000.exe
544C27B0AB05B0EF03853B25FD8E3207 \Program Files\WinDjView\uninstall.exe
565907C9D8595D1897DDB882ABD8A927 \Program Files\WinDjView\WinDjView.exe
89163F4D2E020316704E1509B0C22530 \Program Files\Common files\System\DirectDB.dll
356F1393BE0A0E714CDCC3FDD2C9D881 \Program Files\Common files\System\wab32.dll
DD0D66DC398A5840B74CADD5A6BA1C7D \Program Files\Common files\System\wab32res.dll
5B8A2BA3138573583FF9E0158096EC48 C:\Program Files (x86)\desktop.ini
0C86F2BEECFB39234110BD68B38745F1 C:\Program Files (x86)\Autograph 3.3\advanced.xml
7585DB02AFCF6BC3A590CE306B9F2A20 C:\Program Files (x86)\Autograph 3.3\AGlib.dll
BDCDC8388080555209E2F1C4BE30D6CF C:\Program Files (x86)\Autograph 3.3\agraph.agc
8BACAD6422F24A32B19977179905D2A0 C:\Program Files (x86)\Autograph 3.3\agraph.exe
AFE9DA5B4CDB9FD0184E02FAFD4C4D27 C:\Program Files (x86)\Autograph 3.3\Autograph Virtual Keyboard.exe
CBF1C6178B0FE1C5EEDB455E0D053B57 C:\Program Files (x86)\Autograph 3.3\junior.xml
17C1308472ED11BC58A5CFB5561B3E1B C:\Program Files (x86)\Autograph 3.3\layout.xml
9487113D6E1375C45451DDDE696330AB C:\Program Files (x86)\Autograph 3.3\LocalisedLauncher.exe
E731BB25FC49626F30F0350936533F2E C:\Program Files (x86)\Autograph 3.3\owl620vu.dll
9824977EB71B2FFA40187338DBB0EF6B C:\Program Files (x86)\Autograph 3.3\owlx3vu.dll
93402941AB5583B687CDEE1779A94647 C:\Program Files (x86)\Autograph 3.3\spr32du70.dll
DC0BC69955D2E666AD5957B4EC3701A1 C:\Program Files (x86)\Autograph 3.3\swiftshader_d3d9.dll
090DCAF179F52832CD6EB0A308146F67 C:\Program Files (x86)\Autograph 3.3\vkbdll.dll
B5A9DB9657161CB188E8D4797AED8EEB C:\Program Files (x86)\BlueJ\BlueJ.exe
2D90FA46585B5EBDF12F9BAC19BD5A75 C:\Program Files (x86)\BlueJ\LICENSE.txt
3A41F27F53C3E34B942F32AAA7E52D52 C:\Program Files (x86)\BlueJ\README.TXT
44A59C086DEA93E14676A955EE6F1AB9 C:\Program Files (x86)\BlueJ\THIRDPARTYLICENSE.txt
B16108B0AB68964B563B2AC4542C8FFC C:\Program Files (x86)\D-Link Connection Manager\ACLctrl.exe
AF776D199FFE5227891B8695D4FFFBFA C:\Program Files (x86)\D-Link Connection Manager\Modem.ini
B92AF5959DC138114B57BFB3C9E6AEE0 C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe
EE902C9116FAEE7325EF2D4AD3A0BF56 C:\Program Files (x86)\Free Screen To Video\log.log
8F58FBF89811ECCD19C1C5BA68889B4C C:\Program Files (x86)\Graph\Graph.exe
4D62AC8B7DEAE276FC253ABC90BF564B C:\Program Files (x86)\Graph\License.txt
6364B0647CD6FC80AF3FFA52831956EC C:\Program Files (x86)\Graph\PDFlib.dll
7A7D0706D0AEDEA6974EF6A5BF03DCAB C:\Program Files (x86)\Graph\Thumbnails.dll
E065DF06842FEDC22C663441ED8E4975 C:\Program Files (x86)\Graph\unins000.dat
89ADD4D44B584443602A38681E78AA0D C:\Program Files (x86)\Graph\unins000.exe
1BE77C17C9157D3B46DCF729AC103B62 C:\Program Files (x86)\Hotspoter\exceptions.log
2321B23A5640FBEAC93FF945CDFE676F C:\Program Files (x86)\Hotspoter\settings.config
8A432BEB85AE9D7AEFACABC46CCD81DE C:\Program Files (x86)\Hotspoter\trace.log
CD8376EDD166B439CE79B17D8963A8FF C:\Program Files (x86)\IB Questionbank32\IB Licence.txt
3C67B91C459C24C29250696E61AE0DE7 C:\Program Files (x86)\IB Questionbank32\IB Questionbank32.cnt
5D05D60D96EDDA47EF5FA3D0AAFCA6D5 C:\Program Files (x86)\IB Questionbank32\IB Questionbank32.exe
E8673B3FCAA517D06F3AB910099B3060 C:\Program Files (x86)\IB Questionbank32\IB Questionbank32.hlp
81FBF90B4684E948C1DA9858AD0C96B1 C:\Program Files (x86)\IB Questionbank32\IB.ico
322C26646C4C30D3A814653B84432D25 C:\Program Files (x86)\IB Questionbank32\IB_MH.LOG
054828C9F598851C07E8D74C6FD3C882 C:\Program Files (x86)\IB Questionbank32\IB_PH.LOG
9CBA2E40567DA8C4594AEC8EF454B718 C:\Program Files (x86)\IB Questionbank32\Launcher.exe
7AFF2FF05136B5058E2B78324619FA8D C:\Program Files (x86)\IB Questionbank32\ta4i.xlt
1DE69F64E93FD216267DF5EF8B5F1067 C:\Program Files (x86)\IB Questionbank32\UNWISE32.EXE
7AE6F5411E2C3BE8969D87EF7BA165CD C:\Program Files (x86)\MathType\MathType.exe
146FB2A46FCE78A87D30E56EF48F133C C:\Program Files (x86)\MathType\MT6.DSC
2EA5634CE376CE52B42638CF99155D4D C:\Program Files (x86)\MathType\MT6enu.chm
41762A75F6BBBD3F4EF74003428ECB58 C:\Program Files (x86)\MathType\Setup.exe
5A285041B32EE49552B283B43AAF0CF2 C:\Program Files (x86)\MathType\Setup.inf
C2DE32A39EFFE0EB1413D7B58B701E13 C:\Program Files (x86)\slitherlink\ALL.COL
5C139C0D7F6CAEB5BEEF4E69BE74E98A C:\Program Files (x86)\slitherlink\IMPORT.TXT
34DC6DF2DF33C1AB2DFB86727B13E79F C:\Program Files (x86)\slitherlink\JUMBO50X50PUZZLE.XLS
0135ABD26FB700A7B49893394CC5D59C C:\Program Files (x86)\slitherlink\PUZ-WITHPATTERNS.TXT
D2E89A35F23281D5C83534FF2BB00338 C:\Program Files (x86)\slitherlink\PUZZLES.TXT
93CCF9C4CE4166B4E1A1CA49D938564C C:\Program Files (x86)\slitherlink\README.TXT
5F5582C440237B97DB745F7663596BBC C:\Program Files (x86)\slitherlink\SAMPLEPATTERNS.TXT
3BB98FB3C7BF33A0E493A858E65B2FE7 C:\Program Files (x86)\slitherlink\SLITHERLINK.EXE
D4C91F02ADA98D01A099D306CB2DE7FD C:\Program Files (x86)\slitherlink\SLITHERLINK.GIF
D85B8FBD7A97CF2A1D66FFAA84701661 C:\Program Files (x86)\slitherlink\SLITHERLINK.HTM
AA37429D6270BD685B967DE52326E611 C:\Program Files (x86)\slitherlink\SLITHERLINK.JPG
4B4B8169942C6F8F1C5A8E26326F1D3D C:\Program Files (x86)\slitherlink\SLITHERLINK1.GIF
992B7303343CD2ACEFC988FE8ED261AC C:\Program Files (x86)\slitherlink\SLITHERLINK2.GIF
E71C87674F3CBF0099381DEB6579776D C:\Program Files (x86)\slitherlink\SLITHERLINK3.GIF
EC7BAF3816361198057827517FE80C6F C:\Program Files (x86)\slitherlink\SLITHERLINK4.GIF
C643212E9A550F094D000924A0817153 C:\Program Files (x86)\slitherlink\SLITHERLINKSOLUTIONTECHNIQUES.DOCX
3196E9411658C9657C06DB069E6D30A8 C:\Program Files (x86)\slitherlink\TEMPORARYPUZFILE.TXT
369D5426725928F86C35B3744A2EF26D C:\Program Files (x86)\slitherlink\unins000.dat
3C68ECBCAD97A38B1CC705C797C615B0 C:\Program Files (x86)\slitherlink\unins000.exe
A4C32C4291D728BFE1E9F369E70BD931 C:\Program Files (x86)\Tracker\logback-classic.jar
36F007FF934DDA7735F8491F282F8DF7 C:\Program Files (x86)\Tracker\logback-core.jar
A134D83E0C12A9611824284C855FFB13 C:\Program Files (x86)\Tracker\slf4j-api.jar
8BB9422CAA05F8C6DAC113F8E1C203C7 C:\Program Files (x86)\Tracker\tracker-4.94.jar
899A98AA45B8E18D9CD9E78DB2C1C70E C:\Program Files (x86)\Tracker\Tracker.exe
E4CE0CCB153C6D66A25EFB239DD86E04 C:\Program Files (x86)\Tracker\tracker.ico
8BB9422CAA05F8C6DAC113F8E1C203C7 C:\Program Files (x86)\Tracker\tracker.jar
67F77C1FD00E0F52E4EBD471A4D8CE8A C:\Program Files (x86)\Tracker\tracker.prefs.default
217D6FD4208DE5C73FB20A93C5D89C47 C:\Program Files (x86)\Tracker\tracker_icon.png
9E37D9F153691D41F834A68A8FF4B08A C:\Program Files (x86)\Tracker\tracker_install.log
F85D08B72BC6FE640C1C460EE9B87F1A C:\Program Files (x86)\Tracker\Tracker_README.txt
B9552CEC6DCE29F93FA3827CE39E5BA3 C:\Program Files (x86)\Tracker\trk.ico
1B8590B1C412946714292C11A145D7A8 C:\Program Files (x86)\Tracker\uninstall_Tracker.dat
E91F2D6026AA656787FA6E450CDBCB98 C:\Program Files (x86)\Tracker\uninstall_Tracker.exe
B955D7F96F0479B8B3659B0A947FAA4E C:\Program Files (x86)\Tracker\xuggle-xuggler.jar
DCFE96535BD4BAFB4304BB759AA3F578 C:\Program Files (x86)\Virtual Router\VirtualRouterService.savedstate
AB93131A0C749ED8FB76F24B29BBF37F C:\Program Files (x86)\Common Files\Autograph 3\ChilkatFtp2.dll
D9E7FE77EBAED42EF1EAD6AAD57B5705 C:\Program Files (x86)\Common Files\Autograph 3\Codejock.CommandBars.Unicode.v13.1.0.ocx
ED16D4E9A709752BDD2F186424A2683D C:\Program Files (x86)\Common Files\Autograph 3\Codejock.DockingPane.Unicode.v13.1.0.ocx
B2D769E652ECCCB799EE88D7E538CD6C C:\Program Files (x86)\Common Files\Autograph 3\oedfx20.dll
0CD5C0E6BF2B84C3E13B5DCFE423DF68 C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL
890A8B30966E321811AA66BB1B3391A8 C:\Program Files (x86)\Common Files\System\DirectDB.dll
6DDD879C1D7E1704DFD4420BBF3F239D C:\Program Files (x86)\Common Files\System\wab32.dll
56B55186E930BC9DA4668342FCEED0A0 C:\Program Files (x86)\Common Files\System\wab32res.dll
C4C62871879AB6F60E0EDBC35ABD719C C:\Program Files (x86)\Common Files\Vernier Software\NonDemo.txt
B8D6726C58A4045E5B1CBF4C77EB1DD3 C:\ProgramData\ntuser.dat
DEFFFCD1467BEE7C741DB3D069B6CD9F C:\ProgramData\ntuser.dat.LOG1
6021F21BAF16F17878FF095658FB70B1 C:\ProgramData\ntuser.dat.LOG2
7FF3AC993EE7350967AC73A115941A05 C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TM.blf
A0041D533C6548A4731FF5FC7EBC0519 C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TMContainer00000000000000000001.regtrans-ms
59071590099D21DD439896592338BF95 C:\ProgramData\ntuser.dat{f1a29b6c-089f-11e7-82ee-a02bb859a5c2}.TMContainer00000000000000000002.regtrans-ms
FE2E1E921284A21901BE4E59397A4607 C:\ProgramData\oqztiqep.adk.4B4FC70A905FD32B.matrix
0D52AD7000A28538E11376C37690C888 C:\ProgramData\Autograph 3\activation.agc
A7C7C7467C45EE7CAD6F3B9514B3BD5E C:\ProgramData\Autograph 3\Autograph3.3.10.lic
F794A4C7F5C2DEC5066B0BCA2E7DA3AD C:\ProgramData\Autograph 3\LicProtector270.dll
EF776044072A375A61E63742A57A2C21 C:\ProgramData\Autograph 3 Logs\InstallLog.log
6D2A80F4CAF1C8336C7B165213D75364 C:\ProgramData\install_clap\ErrorInfo.ini
F3CC75CABB61ED70BD87ABC7780E41AB C:\ProgramData\install_clap\summary.log
FA847C26AD5E97B63E88A80178041BF7 C:\ProgramData\UniqueId\data
36AFFBD6FF77D1515CFC1C5E998FBAF9 C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}\0x0409.ini
CF17568BC6B09AEA7AC79D877D7C9D08 C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}\HP Support Assistant.msi
E161C6DC64F493DB361A706A50246449 C:\Users\183-k\AppData\Roaming\Everything\Everything.ini
04B870B8637B8941C07FB827B8100C3F C:\Users\183-k\AppData\Roaming\xm1\texmaker.ini
BA8826937D1969BE3858FC011CE08ABE C:\Users\183-k\AppData\Roaming\xm1\texmakerapp.ini
E80C0437114A453F760A9C8D14E05D44 C:\Users\183-k\AppData\Local\Microsoft\bass.dll
C0C3FA022F605FD04C867CD7B2F5F2A5 C:\Users\183-k\AppData\Local\Microsoft\basscd.dll
3A26BB7CE8660F08734C578BAA332814 C:\Users\183-k\AppData\Local\Microsoft\bassenc.dll
50AF8A7D49E83A723ED0F70FB682DCFB C:\Users\183-k\AppData\Local\Microsoft\bassflac.dll
BEBA64522AA8265751187E38D1FC0653 C:\Users\183-k\AppData\Local\Microsoft\bassmidi.dll
99F4F38007D347CEED482B7C04FDD122 C:\Users\183-k\AppData\Local\Microsoft\bassmix.dll
CD942B3E28FA9E6F13B6F120901EDC79 C:\Users\183-k\AppData\Local\Microsoft\basswasapi.dll
EBE29552B1449D95CB61867B6633AAEF C:\Users\183-k\AppData\Local\Microsoft\basswma.dll
0B3A2ED25A6AC6D676EBB12EA934AD0F C:\Users\183-k\AppData\Local\Microsoft\bass_fx.dll
1176720C2AB5EB3089222ABF1A96F54A C:\Users\183-k\AppData\Local\Microsoft\bass_vst.dll
C9ED3A910A4341F869AEBBFFAAA0D7F1 C:\Users\183-k\AppData\Local\Microsoft\engine_vx.dll
 
#44
Shrey Aryan said:
If the problem is resolved, then could we decrypt the ecrypted files?
Click to expand...


This log will take a while to go over, as far as I know there is no decryption for this particular ransomware.

Shrey Aryan said:
I read on the internet that one could restore the system, but I am not sure how should I go about doing that?
Click to expand...


That would be a system restore, but with this type of malware the restore points are usually wiped out. If you do a system restore then you run the risk of restoring the malware, but you can certainly try Although you would need to go through the removal process once more if you do indeed restore the malware.
 
#45
Quick Diag Fix.


First please create a restore point!
Disable your antivirus anti spyware applications!!
Right click in Quick Diag Run as Admin.
Copy the content of the code box below to your clipboard.
Click on the S within the User Interface of the program.
Then click on Script.
Allow completion.
Post the log created in your next reply.


Code: 
Key::
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Chromium]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\clCI75RGsstX0Gr]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\McAfee]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\SystemQQX]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Bitdefender]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\clCI75RGsstX0Gr]
[HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Locky]
[HKLM\Software\McAfee]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\DDD5473C62677ECE24054A6D47DD272F]
[HKLM\Software\WOW6432Node\Eset]
[HKLM\Software\WOW6432Node\McAfee]

File::
C:\Users\183-k\AppData\Local\GWX
C:\Users\HP-PC\AppData\Local\GWX
C:\Users\shrey\AppData\Local\GWX
C:\ProgramData\AVAST Software
C:\ProgramData\McAfee
C:\Users\HP-PC\AppData\Local\Temp\5B60.exe
C:\Users\183-k\AppData\Local\Pokki
C:\ProgramData\oqztiqep.adk.4B4FC70A905FD32B.matrix
C:\ProgramData\oqztiqep
C:\Program Files (x86)\ESET
C:\Program Files (x86)\Adware Removal Tool by TSA
C:\Program Files (x86)\McAfee
C:\Program Files (x86)\Common Files\mcafee
C:\Windows\Tasks\HPCeeScheduleForHP-PC.job
C:\Windows\System32\Tasks\AVAST Software
C:\Users\183-k\AppData\Roaming\WeatherChickn
C:\Windows\System32\Tasks\Hewlett-Packard
C:\Windows\System32\Drivers\mdare64_54.sys
C:\Windows\System32\Drivers\mdare64_63.sys
C:\Windows\System32\Drivers\kltap.sys
C:\Windows\System32\Drivers\pppop64.sys

Driver::
clCI75RGsstX0Gr
DDD5473C62677ECE24054A6D47DD272F

CMD::
sc delete DiagTrack

ADS::
C:\ProgramData\Temp

Clean::
yes


HijackThis.



1- Please click HERE to download HijackThis. -- Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.
 
Last edited:
#49
--------------- QuickScript | g3n-h@ckm@n | V3_31.01.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 20/03/2017 23:48:12

Updated 31/01/2017 | 13.00 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi
[183-k (Administrator)] - [HP] (S-1-5-21-1605944295-1278072363-3366277582-1005)

System: Microsoft Windows 8.1 Single Language - - (6.3.9600) - BuildType: Multiprocessor Free - OSLanguage: 1033 (4009)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 8.1 Single Language|C:\Windows|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: HP Pavilion 15 Notebook PC - Hewlett-Packard - IdNumber: 5CD42147XD - UUID: 34444335-3132-3734-5844-A02BB859A5C2
Processor : X64 - 1896 Mhz - Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
F.02 - en|US|iso8859-1 - Insyde - S/N: 5CD42147XD - F.02 - HPQOEM - 1
CoreTemp : 56 Celsius

----------| Script

Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Chromium] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\clCI75RGsstX0Gr] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\McAfee] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\SystemQQX] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Bitdefender] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\clCI75RGsstX0Gr] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Locky] Deleted Successfully
Key : [HKLM\Software\McAfee] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\AVAST Software] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\DDD5473C62677ECE24054A6D47DD272F] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\Eset] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\McAfee] Not Found !
C:\Users\183-k\AppData\Local\GWX Moved Successfully
C:\Users\HP-PC\AppData\Local\GWX Moved Successfully
C:\Users\shrey\AppData\Local\GWX Moved Successfully
C:\ProgramData\AVAST Software Moved Successfully
C:\ProgramData\McAfee Moved Successfully
C:\Users\HP-PC\AppData\Local\Temp\5B60.exe Not Found !
C:\Users\183-k\AppData\Local\Pokki Not Found !
C:\ProgramData\oqztiqep.adk.4B4FC70A905FD32B.matrix Moved Successfully
C:\ProgramData\oqztiqep Not Found !
C:\Program Files (x86)\ESET Moved Successfully
C:\Program Files (x86)\Adware Removal Tool by TSA Moved Successfully
C:\Program Files (x86)\McAfee Moved Successfully
C:\Program Files (x86)\Common Files\mcafee Moved Successfully
C:\Windows\Tasks\HPCeeScheduleForHP-PC.job Moved Successfully
C:\Windows\System32\Tasks\AVAST Software Moved Successfully
C:\Users\183-k\AppData\Roaming\WeatherChickn Not Found !
C:\Windows\System32\Tasks\Hewlett-Packard Moved Successfully
C:\Windows\System32\Drivers\mdare64_54.sys Moved Successfully
C:\Windows\System32\Drivers\mdare64_63.sys Moved Successfully
C:\Windows\System32\Drivers\kltap.sys Moved Successfully
C:\Windows\System32\Drivers\pppop64.sys Moved Successfully
Service : clCI75RGsstX0Gr Not Found !
Service : DDD5473C62677ECE24054A6D47DD272F Not Found !
 
#53
Logfile of Trend Micro HiJackThis 2.0.6 - Private Fork by Alex Dragokas ver. Beta 4.5

Platform: x64 Windows 8.1 (Home Single Language), 6.3.9600, Service Pack: 0
Time: 21.03.2017 - 02:01
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x4009)
Elevated: No
Ran by: HP-PC (group: Limited User) on HP

Chrome: 57.0.2987.98
Firefox: 1.9.1.3642
Internet Explorer: 11.0.9600.18123

Boot mode: Normal

Running processes:
Number | Path
1 ?:\?\BbDevMgr.exe
1 ?:\?\EdgeModem-DrvSrv.exe
1 ?:\?\GoogleUpdate.exe
1 ?:\?\HPSA_Service.exe
1 ?:\?\HPWMISVC.exe
1 ?:\?\IAStorDataMgrSvc.exe
1 ?:\?\IntelMeFWService.exe
1 ?:\?\LMS.exe
1 ?:\?\PresentationFontCache.exe
2 ?:\?\RAVBg64.exe
1 ?:\?\RtkAudioService64.exe
1 ?:\?\SynTPEnhService.exe
1 ?:\?\ZAM.exe
1 ?:\?\armsvc.exe
1 ?:\?\hpqwmiex.exe
1 ?:\?\iSCTAgent.exe
1 ?:\?\ksde.exe
1 ?:\?\mDNSResponder.exe
1 ?:\?\tunmgr.exe
1 ?:\?\wmpnetwk.exe
17 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
1 C:\Program Files\7-Zip\7zFM.exe
1 C:\Program Files\Everything\Everything.exe
1 C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
1 C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Users\HP-PC\AppData\Local\RescueTime\RescueTime.exe
1 C:\Users\HP-PC\Desktop\HiJackThis.exe
1 C:\Windows\System32\igfxEM.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\system32\igfxCUIService.exe
1 (Microsoft) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
1 (Microsoft) C:\Windows\System32\SettingSyncHost.exe
2 (Microsoft) C:\Windows\System32\Wbem\WmiPrvSE.exe
1 (Microsoft) C:\Windows\System32\audiodg.exe
1 (Microsoft) C:\Windows\System32\notepad.exe
1 (Microsoft) C:\Windows\System32\taskhostex.exe
1 (Microsoft) C:\Windows\explorer.exe
1 (Microsoft) C:\Windows\splwow64.exe
1 (Microsoft) C:\Windows\system32\SearchFilterHost.exe
1 (Microsoft) C:\Windows\system32\SearchIndexer.exe
1 (Microsoft) C:\Windows\system32\SearchProtocolHost.exe
1 (Microsoft) C:\Windows\system32\conhost.exe
2 (Microsoft) C:\Windows\system32\csrss.exe
1 (Microsoft) C:\Windows\system32\dasHost.exe
1 (Microsoft) C:\Windows\system32\dwm.exe
1 (Microsoft) C:\Windows\system32\hpservice.exe
1 (Microsoft) C:\Windows\system32\lsass.exe
1 (Microsoft) C:\Windows\system32\services.exe
1 (Microsoft) C:\Windows\system32\smss.exe
1 (Microsoft) C:\Windows\system32\spoolsv.exe
14 (Microsoft) C:\Windows\system32\svchost.exe
1 (Microsoft) C:\Windows\system32\wininit.exe
1 (Microsoft) C:\Windows\system32\winlogon.exe
1 (Microsoft) C:\Windows\system32\wlanext.exe

O1 - Hosts.ICS: 192.168.173.197 android-a14cf9dccc46d418.mshome.net # 2016 12 5 23 11 10 59 574
O1 - Hosts.ICS: 192.168.173.1 HP.mshome.net # 2021 12 3 15 11 10 59 574
O4 - Global User Startup: ISCTSystray.lnk -> C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O4 - HKCU\..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKLM\..\Run: [EdgeModem-AutoRun] C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe -start
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM\..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
O4 - HKLM\..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
O4 - HKLM\..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZAM] "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
O4 - HKLM\..\RunOnce: [*EmptyTemp] cmd /c rd /q/s C:\FRST\Temp
O4 - User Startup: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - User Startup: RescueTime.lnk -> C:\Users\HP-PC\AppData\Local\RescueTime\RescueTime.exe
O4-32 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4-32 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4-32 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4-32 - HKLM\..\Run: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
O4-32 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4-32 - HKLM\..\RunOnce: [DeleteOnReboot] C:\Users\183-k\AppData\Local\Temp\DeleteOnReboot.bat (file missing)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra 'Tools' menuitem: Add to Evernote 5 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (HKLM)
O9 - Extra 'Tools' menuitem: HP Network Check - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HKLM)
O9 - Extra button: Add to Evernote 5 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (HKLM)
O9 - Extra button: Launches HP Network Check that helps you solve connection issues - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HKLM)
O9-32 - Extra 'Tools' menuitem: Add to Evernote 5 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html (HKLM)
O9-32 - Extra 'Tools' menuitem: HP Network Check - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HKLM)
O9-32 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (HKLM)
O9-32 - Extra button: Add to Evernote 5 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html (HKLM)
O9-32 - Extra button: Launches HP Network Check that helps you solve connection issues - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HKLM)
O9-32 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (HKLM)
O9-32 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (HKLM)
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 7 missing)
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)(32)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)(32)
O17 - DHCP DNS - 1: 192.168.43.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O22 - ScheduledTask: (Disabled) Optimize Start Menu Cache Files-S-1-5-21-1605944295-1278072363-3366277582-1001 - {root} - {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF},$(Arg0)
O22 - ScheduledTask: (Ready) HPGenoobeReminder - {root} - "C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe" CLEAR
O22 - ScheduledTask: (Ready) Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - {root} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
O22 - ScheduledTask: (Ready) SqmUpload_S-1-5-21-1605944295-1278072363-3366277582-1001 - \WPD - C:\Windows\system32\rundll32.exe portabledeviceapi.dll,#1
O22 - ScheduledTask: (Ready) Uploader - \Microsoft\Windows\Customer Experience Improvement Program - C:\Windows\system32\WSqmCons.exe -u
O23 - Service R2: HP SimplePass Service - (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: BlackBerry Link Communication Manager - (RIM Tunnel Service) - BlackBerry Limited - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
O23 - Service R2: EdgeModem Driver Service - (EdgeModem-DrvSrv) - Shanghai DS-Mobile Technology Co., Ltd. - C:\Program Files\Micromax 200G USB Modem\EdgeModem-DrvSrv.exe
O23 - Service R2: Everything - (Everything) - Unknown owner - C:\Program Files\Everything\Everything.exe
O23 - Service R2: HP Support Assistant Service - (HP Support Assistant Service) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service R2: HPWMISVC - (HPWMISVC) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service R2: Intel(R) Capability Licensing Service Interface - (Intel(R) Capability Licensing Service Interface) - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - Intel Corporation - C:\Windows\system32\igfxCUIService.exe
O23 - Service R2: Intel(R) ME Service - (Intel(R) ME Service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Rapid Storage Technology - (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service R2: Intel(R) Smart Connect Technology Agent - (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service R2: Kaspersky Secure Connection Service 1.0.0 - (KSDE1.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
O23 - Service R2: RIM MDNS - (RIM MDNS) - Apple Inc. - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: ZAM Controller Service - (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
O23 - Service R3: BlackBerry Device Manager - (BlackBerry Device Manager) - BlackBerry Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service R3: HP Software Framework Service - (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S2: Kaspersky Anti-Virus Service 17.0.0 - (AVP17.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
O23 - Service S2: Malwarebytes Service - (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Google Software Updater - (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - (Intel(R) Capability Licensing Service TCP IP Interface) - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: ShareItSvc - (ShareItSvc) - SHAREit Technologies Co.Ltd - C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe
O23 - Service S3: klvssbrigde64 - (klvssbrigde64) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe

--
End of file - Time spent: 20 sec. - 29172 bytes, CRC32: FFFFFFFF. Sign: 胷矄
 
#55
Step 1: Reset Host File


  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.



Step 2: Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

O4 - HKCU\..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
O4 - HKLM\..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
O4 - HKLM\..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui
O4 - HKLM\..\Run: [ZAM] "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
O4 - HKLM\..\RunOnce: [*EmptyTemp] cmd /c rd /q/s C:\FRST\Temp
O4 - User Startup: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - User Startup: RescueTime.lnk -> C:\Users\HP-PC\AppData\Local\RescueTime\RescueTime.exe
O4-32 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4-32 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4-32 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4-32 - HKLM\..\Run: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
O4-32 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4-32 - HKLM\..\RunOnce: [DeleteOnReboot] C:\Users\183-k\AppData\Local\Temp\DeleteOnReboot.bat (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O22 - ScheduledTask: (Ready) Uploader - \Microsoft\Windows\Customer Experience Improvement Program - C:\Windows\system32\WSqmCons.exe -u

Now click on fix checked.
After the fix is complete, then reboot your machine.
 
#56
Glad to have helped!! Please tell a friend ...... or two about us.
smile.png


Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.


Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.




Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore



Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
#57
-|x| RstHosts v2.0 - Rapport créé le 21/03/2017 à 12:18:57
-|x| Système d'exploitation : Windows 8.1 Single Language (64 bits)
-|x| Nom d'utilisateur : 183-k - HP (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 22/08/2013 - 18:55:43
Date de modification : 21/03/2017 - 12:18:47
Date de dernier accès : 21/03/2017 - 12:18:47

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1 localhost
::1 localhost

-|x|- E.O.F - \RstHosts.txt - 609 bytes -|x|-
 
#58
Thank you very much for your help! You are a life saver, I was going to reinstall windows, but with your help, I don't have to take such an extreme measure. Thank you! I had just one question, how do I ensure that I can do banking safely on my laptop. Are there any softwares that you would recommend? I have Kapersky safe banking, but I am not sure whether it is the best...
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu