Solved Wondering if there might be malware on my PC

Antoine · Apr 25, 2017

Sooo any news? I usually wait longer as I dont expect an instant response (not my first time doing this after all) but considering someone who made a topic 13 hours after I made mine has just gotten a reply already I figured I should inquire about my own.

g3n-h@ckm@n · Apr 25, 2017

Hello , sorry
your FRST log doesn't show anything suspicious, do you want we do another more deep diag ?

Antoine · Apr 25, 2017

g3n-h@ckm@n said:
Hello , sorry
your FRST log doesn't show anything suspicious, do you want we do another more deep diag ?

sure though is it possible something could be lurking on/in the places FRST does check, such as my external drive or usb thumb drive? Or are those places people wouldnt put viruses/keyloggers?

g3n-h@ckm@n · Apr 25, 2017

let's see more deepest :
Download Quick Diag to your desktop.
Very Important!! — Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.

Post the log that is generated in your next post.

Antoine · Apr 25, 2017

--------------- QuickDiag | g3n-h@ckm@n | V3_23.04.17.2 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 25/04/2017 14:25:22

Updated 23/04/2017 | 18.25 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-06:00) Central Time (US & Canada)
[Owner (Administrator)] - [OWNER-PC] (S-1-5-21-1014905426-3769363605-1701117676-1001)

System: Microsoft Windows 10 Pro - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Pro|C:\WINDOWS|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: 10AY0020US - LENOVO - IdNumber: MJ014YG1 - UUID: 070DBBA0-0324-11E4-A01A-649804D41100
Processor : X64 - 2893 Mhz - Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
LENOVO BIOS Rev: FHKT48A 0.0 - en|US|iso8859-1 - LENOVO - S/N: MJ014YG1 - FHKT48AUS - LENOVO - 1300
CoreTemp : 29.8 Celsius

----------| Quick

---------- | SoundDevice

Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0283&SUBSYS_17AA309E&REV_1000\4&ED4CB5B&0&0201

---------- | Video

DisplayLink USB Device - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: - PNPDeviceID: USB\VID_17E9&PID_0360\553874 - AdapterCompatibility: DisplayLink - RAM:
Intel(R) HD Graphics 4600 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd12umd64.dll,igdumdim32,igd10iumd32,igd10iumd32,igd12umd32 - PNPDeviceID: PCI\VEN_8086&DEV_0412&SUBSYS_309E17AA&REV_06\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824
Inegrated Video Chipset DeviceName: DisplayLink USB Device - DriverVersion: 10.0.14393.0 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:6 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:2 %

---------- | Network

Intel[R] Ethernet Connection I217-V : SENT:0 bytes/sec / RECVD:0 bytes/sec
Intel[R] Centrino[R] Wireless-N 2230 : SENT:11,433 bytes/sec / RECVD:11,433 bytes/sec
isatap.hsd1.tn.comcast.net : SENT:0 bytes/sec / RECVD:0 bytes/sec
Local Area Connection* 2 : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:11,433 bytes/sec, / RECEIVE Maximum:11,433 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Intel(R) Ethernet Connection I217-V - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_153B&SUBSYS_309E17AA&REV_04\3&11583659&0&C8
Intel(R) Centrino(R) Wireless-N 2230 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_0888&SUBSYS_42628086&REV_C4\00C2C6FFFF71CD0200
Microsoft ISATAP Adapter - - - Status: - PnPID :
Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&36DDFE8&0&0
Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&36DDFE8&0&2
Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&39399298&0&01
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0
Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE

---------- | Memory

RAM = Total (MB) : 4098 | Free (MB) : 2
Pagefile = Total (MB) : 4819 | Free (MB) : 2774
Virtual = Total (MB) : 4194 | Free (MB) : 3925

Physical Memory 1 : Capacity: 4294967296 - ChannelB-DIMM0 - Posit.: 0 - Manufacturer: Samsung - PartNumber: M471B5173QH0-YK0 - S/N: 3849834A

---------- | SID Users

Administrator : [S-1-5-21-1014905426-3769363605-1701117676-500]
DefaultAccount : [S-1-5-21-1014905426-3769363605-1701117676-503]
Guest : [S-1-5-21-1014905426-3769363605-1701117676-501]
HomeGroupUser$ : [S-1-5-21-1014905426-3769363605-1701117676-1003]
Owner : [S-1-5-21-1014905426-3769363605-1701117676-1001]
Access Control Assistance Operators : [S-1-5-32-579]
Administrators : [S-1-5-32-544]
Backup Operators : [S-1-5-32-551]
Cryptographic Operators : [S-1-5-32-569]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
Hyper-V Administrators : [S-1-5-32-578]
IIS_IUSRS : [S-1-5-32-568]
Network Configuration Operators : [S-1-5-32-556]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Power Users : [S-1-5-32-547]
Remote Desktop Users : [S-1-5-32-555]
Remote Management Users : [S-1-5-32-580]
Replicator : [S-1-5-32-552]
System Managed Accounts Group : [S-1-5-32-581]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-1014905426-3769363605-1701117676-1002]
WinRMRemoteWMIUsers__ : [S-1-5-21-1014905426-3769363605-1701117676-1000]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [] | Total : 118.46 Go | Free : 86.71 Go -> NTFS (SSD) [SATA]
D:\ -> [Removable] | [USB20FD] | Total : 7.59 Go | Free : 7.3 Go -> FAT32 [USB]
F:\ -> [Fixed] | [My Passport] | Total : 931.48 Go | Free : 846.92 Go -> NTFS [USB]

Disk Usage Information [3 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:2,701,135 bytes/sec Max Read:0 bytes/sec, Max Write:2,701,135 bytes/sec
Physical Drive #1 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Physical Drive #2 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:2,701,135 bytes/sec

DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0740&REV_1003\575844314139315533383339&0
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_PNY&PROD_USB_2.0_FD&REV_1100\AF424H07YE11002048&0
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_LITEONIT&PROD_LCS-128M6S\4&126E5ADC&0&000000

---------- | Windows updates

Windows Is Activated

---------- | Browsers

IE : 11.0.14393.953 (© Microsoft Corporation.)
GC : 57.0.2987.133 (Copyright 2016 Google Inc.)

Default : "C:\Program Files\Internet Explorer\iexplore.exe" %1

---------- | FlashPlayer

FlashPlayer ActiveX : 25.0.0.148

---------- | Security

AV : Windows Defender Disabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

380 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 06:42:27] CPU Usage:0 %
524 | [Owner : SYSTEM | Parent : 472() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 06:42:27] CPU Usage:0 %
604 | [Owner : SYSTEM | Parent : 472() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 06:42:27] CPU Usage:0 %
616 | [Owner : SYSTEM | Parent : 596() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 06:42:27] CPU Usage:0 %
688 | [Owner : SYSTEM | Parent : 596() | 11.53 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.14393.594) = C:\Windows\System32\winlogon.exe [10/01/2017 19:48:20] CPU Usage:0 %
748 | [Owner : SYSTEM | Parent : 604(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (10.0.14393.479) = C:\Windows\System32\services.exe [10/12/2016 20:03:46] CPU Usage:0 %
756 | [Owner : SYSTEM | Parent : 604(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [27/09/2016 20:22:37] CPU Usage:0 %
844 | [Owner : SYSTEM | Parent : 748(services.exe) | 23.33 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
896 | [Owner : NETWORK SERVICE | Parent : 748(services.exe) | 10.51 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
988 | [Owner : DWM-1 | Parent : 688(winlogon.exe) | 60.16 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.14393.0) = C:\Windows\System32\dwm.exe [16/07/2016 06:42:23] CPU Usage:0 %
292 | [Owner : SYSTEM | Parent : 748(services.exe) | 88.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
308 | [Owner : SYSTEM | Parent : 748(services.exe) | 27.42 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
396 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 30.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
924 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 28.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1196 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 28.68 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1208 | [Owner : LOCAL SERVICE | Parent : 308(svchost.exe) | 8.51 Mo] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe [16/07/2016 06:42:35] CPU Usage:0 %
1288 | [Owner : SYSTEM | Parent : 748(services.exe) | 9.39 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4248) = C:\Windows\System32\igfxCUIService.exe [31/08/2015 21:43:50] CPU Usage:0 %
1316 | [Owner : NETWORK SERVICE | Parent : 748(services.exe) | 18.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1484 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 9.89 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1644 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 12.23 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1768 | [Owner : SYSTEM | Parent : 748(services.exe) | 15.26 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
1852 | [Owner : SYSTEM | Parent : 748(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (17.3.3443.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [05/04/2017 02:33:02] CPU Usage:0 %
1356 | [Owner : SYSTEM | Parent : 748(services.exe) | 23.11 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.14393.953) = C:\Windows\System32\spoolsv.exe [15/03/2017 00:10:10] CPU Usage:0 %
2236 | [Owner : SYSTEM | Parent : 748(services.exe) | 12.65 Mo] - (.Apple Inc. - MobileDeviceService.) - (17.364.0.84) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [02/03/2016 15:31:28] CPU Usage:0 %
2256 | [Owner : SYSTEM | Parent : 748(services.exe) | 26.58 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
2332 | [Owner : SYSTEM | Parent : 748(services.exe) | 4 Mo] - (.Lenovo - Lenovo Desktop BIOS Event Utility.) - (1.0.0.7) = C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe [19/03/2015 13:19:24] CPU Usage:0 %
2344 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 14.75 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
2352 | [Owner : SYSTEM | Parent : 748(services.exe) | 21.82 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
2492 | [Owner : SYSTEM | Parent : 748(services.exe) | 6.46 Mo] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe [12/08/2015 16:03:42] CPU Usage:0 %
2500 | [Owner : SYSTEM | Parent : 748(services.exe) | 6.74 Mo] - (.- RichVideo Module.) - (2.0.0.2930) = C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [04/08/2015 09:28:54] CPU Usage:0 %
2824 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 12.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
2056 | [Owner : NETWORK SERVICE | Parent : 748(services.exe) | 7.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
968 | [Owner : LOCAL SERVICE | Parent : 308(svchost.exe) | 19.52 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe [27/09/2016 20:22:38] CPU Usage:0 %
3160 | [Owner : Owner | Parent : 292(svchost.exe) | 22.92 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 06:42:09] CPU Usage:0 %
3184 | [Owner : Owner | Parent : 748(services.exe) | 27.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
3216 | [Owner : LOCAL SERVICE | Parent : 748(services.exe) | 18.22 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8763) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [17/12/2016 21:06:35] CPU Usage:0 %
3276 | [Owner : Owner | Parent : 292(svchost.exe) | 3.29 Mo] - (.Microsoft Corporation - IType.exe.) - (2.5.166.0) = C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [08/07/2015 21:06:16] CPU Usage:0 %
3288 | [Owner : Owner | Parent : 292(svchost.exe) | 3.61 Mo] - (.Microsoft Corporation - IPoint.exe.) - (2.5.166.0) = C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [08/07/2015 21:06:16] CPU Usage:0 %
3332 | [Owner : Owner | Parent : 292(svchost.exe) | 18.08 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 06:42:36] CPU Usage:0 %
3460 | [Owner : LOCAL SERVICE | Parent : 308(svchost.exe) | 48.48 Mo] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe [16/07/2016 06:42:35] CPU Usage:0 %
3824 | [Owner : Owner | Parent : 844(svchost.exe) | 39.55 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 06:42:05] CPU Usage:0 %
4340 | [Owner : SYSTEM | Parent : 748(services.exe) | 18.91 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.14393.953) = C:\Windows\System32\SearchIndexer.exe [15/03/2017 00:11:03] CPU Usage:0 %
4444 | [Owner : Owner | Parent : 4160() | 118.26 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.14393.953) = C:\Windows\explorer.exe [15/03/2017 00:09:30] CPU Usage:0 %
3448 | [Owner : SYSTEM | Parent : 844(svchost.exe) | 14.1 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [16/07/2016 06:42:31] CPU Usage:0 %
4420 | [Owner : Owner | Parent : 3944() | 13.54 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4248) = C:\Windows\System32\igfxEM.exe [31/08/2015 21:43:50] CPU Usage:0 %
4816 | [Owner : Owner | Parent : 3944() | 9.66 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4248) = C:\Windows\System32\igfxHK.exe [31/08/2015 21:43:50] CPU Usage:0 %
5308 | [Owner : Owner | Parent : 844(svchost.exe) | 61.93 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [10/11/2016 15:51:33] CPU Usage:0 %
5520 | [Owner : Owner | Parent : 3944() | 12.26 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe [31/08/2015 21:43:50] CPU Usage:0 %
5576 | [Owner : Owner | Parent : 844(svchost.exe) | 86.4 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.953) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [15/03/2017 00:09:20] CPU Usage:0 %
548 | [Owner : Owner | Parent : 844(svchost.exe) | 24.31 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.1066) = C:\Windows\System32\smartscreen.exe [11/04/2017 20:35:20] CPU Usage:0 %
444 | [Owner : Owner | Parent : 4444(explorer.exe) | 15.63 Mo] - (.Apple Inc. - iTunesHelper.) - (12.4.1.6) = C:\Program Files\iTunes\iTunesHelper.exe [01/06/2016 13:16:26] CPU Usage:0 %
6320 | [Owner : Owner | Parent : 6200() | 17.13 Mo] - (.AVAST Software - Avast Antivirus.) - (17.3.3443.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [05/04/2017 02:33:04] CPU Usage:0 %
6440 | [Owner : Owner | Parent : 4444(explorer.exe) | 26.52 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6799.327) = C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe [09/01/2016 10:25:26] CPU Usage:0 %
6644 | [Owner : SYSTEM | Parent : 748(services.exe) | 8.15 Mo] - (.Apple Inc. - iPodService Module (64-bit).) - (12.4.1.6) = C:\Program Files\iPod\bin\iPodService.exe [01/06/2016 13:16:30] CPU Usage:0 %
6652 | [Owner : Owner | Parent : 4444(explorer.exe) | 102.53 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/07/2016 22:42:10] CPU Usage:0 %
6768 | [Owner : Owner | Parent : 6652(chrome.exe) | 8.66 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/07/2016 22:42:10] CPU Usage:0 %
6816 | [Owner : Owner | Parent : 6652(chrome.exe) | 9.75 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/07/2016 22:42:10] CPU Usage:0 %
6940 | [Owner : Owner | Parent : 6652(chrome.exe) | 46.61 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/07/2016 22:42:10] CPU Usage:0 %
6464 | [Owner : LOCAL SERVICE | Parent : 1484(svchost.exe) | 19.4 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe [16/07/2016 06:42:22] CPU Usage:0 %
6972 | [Owner : Owner | Parent : 4444(explorer.exe) | 10.11 Mo] - (.- Trendnet USB-KVM SwitcherSoftware.) - (2.4.7.0) = C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe [18/11/2016 14:57:25] CPU Usage:0 %
3648 | [Owner : Owner | Parent : 6836() | 11.13 Mo] - (.CyberLink - CyberLink MediaLibray Service.) - (2.1.3023.0) = C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [20/08/2010 09:57:06] CPU Usage:0 %
4908 | [Owner : Owner | Parent : 6836() | 8.38 Mo] - (.CyberLink Corp. - PowerDVD RC Service.) - (10.0.1403.0) = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [03/02/2010 00:08:56] CPU Usage:0 %
6704 | [Owner : Owner | Parent : 6836() | 11.03 Mo] - (.-.) - (3.3.0.4) = C:\Windows\Samsung\PanelMgr\SSMMgr.exe [05/08/2015 13:02:58] CPU Usage:0 %
5768 | [Owner : Owner | Parent : 6704(SSMMgr.exe) | 6.3 Mo] - (.-.) - (1.1.0.0) = C:\Windows\Samsung\PanelMgr\caller64.exe [05/08/2015 13:02:59] CPU Usage:0 %
6692 | [Owner : Owner | Parent : 6788() | 9.58 Mo] - (.Brother Industries, Ltd. - ControlCenter Main Process.) - (4.1.268.1) = C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe [11/08/2015 16:33:18] CPU Usage:0 %
6360 | [Owner : Owner | Parent : 6692(BrCtrlCntr.exe) | 9.06 Mo] - (.Brother Industries, Ltd. - ControlCenter UX System.) - (4.1.528.1) = C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe [11/08/2015 16:33:18] CPU Usage:0 %
6344 | [Owner : SYSTEM | Parent : 748(services.exe) | 10.43 Mo] - (.Brother Industries, Ltd. - BrYNCSvc.) - (1.4.6.0) = C:\Program Files (x86)\Browny02\BrYNSvc.exe [11/08/2015 16:33:18] CPU Usage:0 %
1620 | [Owner : Owner | Parent : 292(svchost.exe) | 2.15 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.205) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [19/03/2015 12:58:09] CPU Usage:0 %
628 | [Owner : Owner | Parent : 292(svchost.exe) | 2.29 Mo] - (.Realtek Semiconductor - Realtek HD Audio Manager.) - (1.0.0.940) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19/03/2015 12:58:09] CPU Usage:0 %
5196 | [Owner : SYSTEM | Parent : 688(winlogon.exe) | 2.86 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.1066) = C:\Windows\System32\fontdrvhost.exe [11/04/2017 20:34:52] CPU Usage:0 %
6212 | [Owner : Owner | Parent : 292(svchost.exe) | 4.5 Mo] - (.CyberLink - MediaEspresso 6 DeviceDetector.) - (6.0.2309.32373) = C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [03/12/2010 17:45:00] CPU Usage:0 %
4592 | [Owner : Owner | Parent : 6320(AvastUI.exe) | 8.8 Mo] - (.Microsoft Corporation - CTF Loader.) - (10.0.14393.0) = C:\Windows\SysWOW64\ctfmon.exe [16/07/2016 06:43:04] CPU Usage:0 %
4300 | [Owner : Owner | Parent : 844(svchost.exe) | 10.7 Mo] - (.-.) - (11.13.133.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe [10/04/2017 06:42:10] CPU Usage:0 %
6584 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 06:42:27] CPU Usage:0 %
7400 | [Owner : SYSTEM | Parent : 748(services.exe) | 7.5 Mo] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.31.9000) = C:\Windows\SysWOW64\IntelCpHeciSvc.exe [31/08/2015 21:43:50] CPU Usage:0 %
8936 | [Owner : Owner | Parent : 6652(chrome.exe) | 66.85 Mo] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/07/2016 22:42:10] CPU Usage:0 %
8124 | [Owner : LogonSessionId_0_1913888 | Parent : 844(svchost.exe) | 14.11 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [16/07/2016 06:42:31] CPU Usage:0 %
7384 | [Owner : SYSTEM | Parent : 4340(SearchIndexer.exe) | 10.98 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.953) = C:\Windows\System32\SearchProtocolHost.exe [15/03/2017 00:11:03] CPU Usage:0 %
3644 | [Owner : SYSTEM | Parent : 4340(SearchIndexer.exe) | 6.17 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.953) = C:\Windows\System32\SearchFilterHost.exe [15/03/2017 00:11:03] CPU Usage:0 %
6228 | [Owner : LogonSessionId_0_2192317 | Parent : 748(services.exe) | 7.1 Mo] - (.Microsoft Corporation - Windows Modules Installer.) - (10.0.14393.479) = C:\Windows\servicing\TrustedInstaller.exe [10/12/2016 20:03:46] CPU Usage:0 %
8972 | [Owner : SYSTEM | Parent : 844(svchost.exe) | 9.94 Mo] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.14393.693) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe [25/01/2017 16:15:31] CPU Usage:0 %
4004 | [Owner : SYSTEM | Parent : 292(svchost.exe) | 7.08 Mo] - (.Microsoft Corporation - WMI Reverse Performance Adapter Maintenance Utility.) - (10.0.14393.0) = C:\Windows\System32\wbem\WMIADAP.exe [16/07/2016 06:42:31] CPU Usage:0 %
8672 | [Owner : Owner | Parent : 4444(explorer.exe) | 35.96 Mo] - (.SosVirus - QuickDiag.) - (23.4.17.2) = C:\Users\Owner\Desktop\QuickDiag.exe [25/04/2017 14:23:58] CPU Usage:2 %
7612 | [Owner : LogonSessionId_0_4582804 | Parent : 844(svchost.exe) | 9.53 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [16/07/2016 06:42:56] CPU Usage:0 %

---------- | MD5

[MD5.F2D58A2E27C2CD486F8F0A123A3F34C3] - [15/03/2017 00:09:30] - (.© Microsoft Corporation. - Windows Explorer.) - [4564.8 Ko] - (10.0.14393.953) : C:\WINDOWS\Explorer.exe
[MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 06:42:36] - (.© Microsoft Corporation. - Windows Command Processor.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe
[MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe
[MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.6955067712F2F4752CA12192B08EF860] - [16/07/2016 06:42:16] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [683.48 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Kernel32.dll
[MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [27/09/2016 20:22:37] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe
[MD5.7BD259FC59CF9C2AE1B979564B374CC6] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - Distributed COM Services.) - [867.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rpcss.dll
[MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 06:42:42] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.3C69CC28665854F1AAB4B4005005FA31] - [10/12/2016 20:03:46] - (.© Microsoft Corporation. - Services and Controller app.) - [443.94 Ko] - (10.0.14393.479) : C:\WINDOWS\System32\services.exe
[MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe
[MD5.C46EA86BF0E7C96235E9064CBAD6ED26] - [17/12/2016 17:10:14] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1426.95 Ko] - (10.0.14393.576) : C:\WINDOWS\System32\user32.dll
[MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - Userinit Logon Application.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe
[MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 06:42:27] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe
[MD5.917F081E2AB667C44F7D96DE1D16DFAE] - [10/01/2017 19:48:20] - (.© Microsoft Corporation. - Windows Logon Application.) - [658 Ko] - (10.0.14393.594) : C:\WINDOWS\System32\Winlogon.exe
[MD5.323AA1953ED9C01E23F740FA891FE064] - [29/10/2016 12:07:44] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 06:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 06:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 06:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 06:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.4BC21E937E9F9F408672D2C2CBE4A153] - [15/03/2017 00:09:27] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [142 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 06:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 06:41:54] - (.© Microsoft Corporation. - i8042 Port Driver.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 06:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.D559FF28B1AD9B1E15A4186E785E61F6] - [15/03/2017 00:10:21] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [439.84 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.63560E6BC9BCA978A6B72DF65F7A8930] - [11/04/2017 20:35:20] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1153.34 Ko] - (10.0.14393.1066) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 06:42:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.98BBD81DC481E9D58EEB31C81EBDEFF5] - [15/03/2017 00:10:06] - (.© Microsoft Corporation. - NT File System Driver.) - [2202.84 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 06:41:53] - (.© Microsoft Corporation. - Parallel Port Driver.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 06:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 06:44:03] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.F3CFBE74DAF9ABD06F0B2A037DC4C90A] - [11/04/2017 20:35:22] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2474.34 Ko] - (10.0.14393.1066) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.0B237F8A96952BF95A14865030E131F2] - [15/03/2017 00:10:24] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.84 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 06:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications

---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll
(.AVAST Software.-.Avast Shell Extension.) - (17.3.3443.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll
(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (10.18.15.4248) -- C:\WINDOWS\SYSTEM32\igd10iumd64.dll
(.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (10.18.15.4248) -- C:\WINDOWS\SYSTEM32\igdusc64.dll
(..-..) - (14.0.7109.5000) -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
(..-..) - (14.0.6009.1000) -- C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
(.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll
(.Apple Inc..-.ShellStreams.) - (41.1.0.7) -- C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
(.Intel Corporation.-.igfxDTCM Module.) - (6.15.10.4248) -- C:\WINDOWS\system32\igfxDTCM.dll
(.Intel Corporation.-.igfxDH Module.) - (6.15.10.4248) -- C:\WINDOWS\system32\igfxDH.dll
(.Intel Corporation.-.igfxLHM Module.) - (6.15.10.4248) -- C:\WINDOWS\system32\igfxLHM.dll
(.Intel Corporation.-.igfxDI Module.) - (6.15.10.4248) -- C:\WINDOWS\system32\igfxDI.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll
(.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll
(.Brother Industries, Ltd..-.Brother MFC WIA minidriver(for 64Bit).) - (3.16.3.3) -- C:\WINDOWS\system32\BrWi212a.dll
(.Brother Industries, Ltd..-.Brother Network Sti Interface DLL(for 64Bit).) - (2.0.13.6) -- C:\WINDOWS\system32\BrNetSti.dll
(..-..) - (0.0.0.0) -- C:\WINDOWS\system32\BrSNMP64.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
OneDrive - ("C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\...\Run]) - User: Owner-PC\Owner
GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 - ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\...\Run]) - User: Owner-PC\Owner
USBKVM Switcher - (C:\PROGRA~2\Trendnet\USBKVM~1\USBKVM.exe [Common Startup]) - User: Public
iTunesHelper - ("C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"ISUSPM"=0x020000000000000000000000

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Brother MFC-J4510DW Printer,winspool,Ne06:
"IsMRUEstablished"=1
"LegacyDefaultPrinterMode"=1

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"AvastUI.exe"=0x020000000000000000000000
"ControlCenter4"=0x020000000000000000000000
"CLMLServer"=0x020000000000000000000000
"ITSecMng"=0x020000000000000000000000
"UpdatePPShortCut"=0x020000000000000000000000
"IndexSearch"=0x020000000000000000000000
"PaperPort PTD"=0x020000000000000000000000
"PDF5 Registry Controller"=0x020000000000000000000000
"PDFHook"=0x020000000000000000000000
"RemoteControl10"=0x020000000000000000000000
"Samsung PanelMgr"=0x020000000000000000000000
"BrStsMon00"=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"AppInit_DLLs"=
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"DeviceNotSelectedTimeout"=15
"DwmInputUsesIoCompletionPort"=1
"EnableDwmInputProcessing"=7
"GDIProcessHandleQuota"=10000
"IconServiceLib"=IconCodecService.dll
"LoadAppInit_DLLs"=0
"NaturalInputHandler"=Ninput.dll
"ShutdownWarningDialogTimeout"=4294967295
"Spooler"=yes
"ThreadUnresponsiveLogTimeout"=500
"TransmissionRetryTimeout"=90
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
"Win32kLastWriteTime"=1D255C50DCC143C

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"UpdatePPShortCut"="C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"ControlCenter4"=C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
"BrStsMon00"=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"AppInit_DLLs"=
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"DeviceNotSelectedTimeout"=15
"DwmInputUsesIoCompletionPort"=1
"EnableDwmInputProcessing"=7
"GDIProcessHandleQuota"=10000
"IconServiceLib"=IconCodecService.dll
"LoadAppInit_DLLs"=0
"NaturalInputHandler"=Ninput.dll
"ShutdownWarningDialogTimeout"=4294967295
"Spooler"=yes
"ThreadUnresponsiveLogTimeout"=500
"TransmissionRetryTimeout"=90
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}

---------- | Win.ini :

---------- | System.ini :

---------- | Tasks List

Avast Emergency Update
DeviceDetector
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Microsoft_MKC_Logon_Task_ipoint.exe
Microsoft_MKC_Logon_Task_itype.exe
OneDrive Standalone Update Task
OneDrive Standalone Update Task v2
Optimize Start Menu Cache Files-S-1-5-21-1014905426-3769363605-1701117676-1001
RtHDVBg_LENOVO_MICPKEY
RTKCPL
SafeZone scheduled Autoupdate 1468726664
User_Feed_Synchronization-{6CFCB75E-A30D-4826-9A56-0BC571027065}

---------- | Startings up registry ¦ Folder

---------- | Other keys

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0
"DelayConMgrTimeout"=0
"DeleteTempDirsOnExit"=1
"fDenyTSConnections"=1
"fSingleSessionPerUser"=1
"NotificationTimeOut"=0
"PerSessionTempDir"=0
"ProductVersion"=5.1
"RCDependentServices"=CertPropSvc
SessionEnv
"SnapshotMonitors"=1
"StartRCM"=0
"TSUserEnabled"=0
"RailShowallNotifyIcons"=1
"RDPVGCInstalled"=1
"InstanceID"=d1d1bc76-2745-4205-a850-00790e0
"GlassSessionId"=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8
"BootExecute"=autocheck autochk *
"BootShell"=%SystemRoot%\system32\bootim.exe
"CriticalSectionTimeout"=2592000
"ExcludeFromKnownDlls"=
"GlobalFlag"=0
"HeapDeCommitFreeBlockThreshold"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapSegmentReserve"=0
"InitConsoleFlags"=0
"NumberOfInitialSessions"=2
"ObjectDirectories"=\Windows
\RPC Control
"ProcessorControl"=2
"ProtectionMode"=1
"ResourceTimeoutCount"=648000
"RunLevelExecute"=WinInit
ServiceControlManager
"RunLevelValidate"=ServiceControlManager
"SETUPEXECUTE"=

[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28
"CurrentUser"=USERNAME
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc
"PreshutdownOrder"=UsoSvc
gpsvc
trustedinstaller
"WaitToKillServiceTimeout"=200
"SystemStartOptions"= NOEXECUTE=OPTIN
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)
"LastBootSucceeded"=1
"LastBootShutdown"=1
"DirtyShutdownCount"=1

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0
"auditbaseobjects"=0
"Bounds"=0x0030000000200000
"crashonauditfail"=0
"fullprivilegeauditing"=0x00
"LimitBlankPasswordUse"=1
"NoLmHash"=1
"Notification Packages"=scecli
"Authentication Packages"=msv1_0
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"LsaPid"=756
"ProductType"=6
"restrictanonymous"=0
"restrictanonymoussam"=1
"SecureBoot"=1
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
livessp

---------- | .LNK with Arguments

---------- | AppCertDlls

---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0
"BlockSendInputResets"=0
"CaretWidth"=1
"ClickLockTime"=1200
"CoolSwitchColumns"=7
"CoolSwitchRows"=3
"CursorBlinkRate"=530
"DockMoving"=1
"DragFromMaximize"=1
"DragFullWindows"=1
"DragHeight"=4
"DragWidth"=4
"FocusBorderHeight"=1
"FocusBorderWidth"=1
"FontSmoothing"=2
"FontSmoothingGamma"=0
"FontSmoothingOrientation"=1
"FontSmoothingType"=2
"ForegroundFlashCount"=7
"ForegroundLockTimeout"=200000
"LeftOverlapChars"=3
"MenuShowDelay"=400
"MouseWheelRouting"=2
"PaintDesktopVersion"=0
"Pattern"=0
"RightOverlapChars"=3
"SnapSizing"=1
"TileWallpaper"=0
"WallPaper"=C:\WINDOWS\web\wallpaper\Windows\img0.jpg [16/07/2016 06:43:10]
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"WallpaperStyle"=10
"WheelScrollChars"=3
"WheelScrollLines"=3
"WindowArrangementActive"=1
"ScreenSaveActive"=1
"MouseMonitorEscapeSpeed"=0
"UserPreferencesMask"=0x9E1E078012000000
"AutoColorization"=1
"MaxVirtualDesktopDimension"=3840
"MaxMonitorDimension"=1920
"TranscodedImageCount"=2
"LastUpdated"=4294967295
"TranscodedImageCache"=0x7AC301002B73030080070000B0040000C1AF623A57DFD10143003A005C00570049004E0044004F00570053005C007700650062005C00770061006C006C00700061007000650072005C00570069006E0064006F00770073005C0069006D00670030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ImageColor"=2940843252
"Win8DpiScaling"=0
"DpiScalingVer"=4096
"WaitToKillAppTimeout"=200

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000
"ExplorerStartupTraceRecorded"=1
"UserSignedIn"=1
"SIDUpdatedOnLibraries"=1
"LocalKnownFoldersMigrated"=1
"TelemetrySalt"=6
"GlobalAssocChangedCounter"=180
"FirstRunTelemetryComplete"=1
"AppReadinessLogonComplete"=1
"SlowContextMenuEntries"=0xB384D9893B816A408298118AFA3A22AECF0200005D54A9A2C2A0B4429708A0B2BADD77C8DE0A00003673466C8182604E8204430CED96822D9A0300008549D87AB487164ABE588B72A5B390F7500500000114020000000000C00000000000004677010000

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"ServerAdminUI"=0
"Hidden"=1
"ShowCompColor"=1
"HideFileExt"=1
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"ShowSuperHidden"=0
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ShowStatusBar"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"StartMenuInit"=13
"ReindexedProfile"=1
"Start_TrackShareContractHistory"=1
"Start_ShareContractHistoryCount"=5
"Start_TrackShareContractMFU"=1
"Start_TrackSearchContract"=1
"ApplicationSearchHistory"=1
"StoreAppsOnTaskbar"=1
"EnableStartMenu"=1
"TaskbarStateLastRun"=0xCBDFF65800000000
"HideDrivesWithNoMedia"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoRecentDocsHistory"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"DefaultValue"=2
"HKeyRoot"=2147483649
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"ValueName"=Hidden

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0
"ActiveSetupTaskOverride"=1
"AsyncRunOnce"=1
"AsyncUpdatePCSettings"=1
"DisableAppInstallsOnFirstLogon"=1
"DisableResolveStoreCategories"=1
"DisableUpgradeCleanup"=1
"EarlyAppResolverStart"=1
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"FSIASleepTimeInMs"=60000
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"MachineOobeUpdates"=1
"NoWaitOnRoamingPayloads"=1
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}
"SmartScreenEnabled"=RequireAdmin

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1
"TaskbarSizeMove"=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoRecentDocsHistory"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"DefaultValue"=2
"HKeyRoot"=2147483649
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"ValueName"=Hidden

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0
"ActiveSetupTaskOverride"=1
"AsyncRunOnce"=1
"AsyncUpdatePCSettings"=1
"DisableAppInstallsOnFirstLogon"=1
"DisableResolveStoreCategories"=1
"DisableUpgradeCleanup"=1
"EarlyAppResolverStart"=1
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"FSIASleepTimeInMs"=60000
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"MachineOobeUpdates"=1
"NoWaitOnRoamingPayloads"=1
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}
"GlobalAssocChangedCounter"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1
"TaskbarSizeMove"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s

---------- | Winlogon

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders
"BuildNumber"=14393
"FirstLogon"=0
"PUUActive"=0x0BB991440A0000000800460074280000E1770B0047790000D100000011001800BC70A41F5EF40D00E29D0600121200004E100000CC01000000000000447F0500DE0200002D00000076F011E2F8BDD20184530200000000000100000000000000
"ParseAutoexec"=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1
"Background"=0 0 0
"CachedLogonsCount"=10
"DebugServerCommand"=no
"DefaultDomainName"=
"DefaultUserName"=
"DisableBackButton"=1
"EnableSIHostIntegration"=1
"ForceUnlockLogon"=0
"LegalNoticeCaption"=
"LegalNoticeText"=
"PasswordExpiryWarning"=5
"PowerdownAfterShutdown"=0
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"ReportBootOk"=1
"Shell"=explorer.exe
"ShellCritical"=0
"ShellInfrastructure"=sihost.exe
"SiHostCritical"=0
"SiHostReadyTimeOut"=0
"SiHostRestartCountLimit"=0
"SiHostRestartTimeGap"=0
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"WinStationsDisabled"=0
"LastLogOffEndTimePerfCounter"=236720800008
"ShutdownFlags"=39
"Userinit"=C:\Windows\system32\userinit.exe,
"scremoveoption"=0
"DisableCad"=1
"ShutdownWithoutLogon"=0
"EnableFirstLogonAnimation"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=
"DefaultUserName"=
"EnableSIHostIntegration"=1
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Shell"=explorer.exe
"ShellCritical"=0
"SiHostCritical"=0
"SiHostReadyTimeOut"=0
"SiHostRestartCountLimit"=0
"SiHostRestartTimeGap"=0

---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\Classes\.com]
""=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.reg]
""=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\Classes\.scr]
""=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\Classes\.bat]
""=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.cmd]
""=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.pif]
""=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.inf]
""=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes\.url]
""=InternetShortcut

[HKLM\Software\Classes\.lnk]
""=lnkfile

[HKLM\Software\Classes\.hta]
""=htafile
"Content Type"=application/hta
"PerceivedType"=text

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"NeverShowExt"=
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internet Shortcut

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"BrowserFlags"=4096
"EditFlags"=4259840
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200

[HKLM\Software\Classes\Application.Reference]
""=Application Reference
"EditFlags"=131072
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201
"IsShortcut"=
"NeverShowExt"=

[HKLM\Software\Classes\Folder]
""=Folder
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile
"Content Type"=application/hta
"PerceivedType"=text

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"NeverShowExt"=
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internet Shortcut

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest
"BrowserFlags"=4096
"EditFlags"=4259840
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference
"EditFlags"=131072
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201
"IsShortcut"=
"NeverShowExt"=

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [15/03/2017 00:09:37]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command]
""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"
[HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\InstallInfo]
"ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [15/03/2017 00:09:37]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command]
""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\InstallInfo]
"ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser

---------- | AppcompatFlags

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\SWTOOLS\DRIVERS\BLUETOOTH\B3BLT10US17_864\Setup.exe"=1
"C:\SWTOOLS\DRIVERS\BLUETOOTH\B3BLT10US17_864\Win64\setup.exe"=1

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"SIGN.MEDIA=545EA DRP_14.9\DriverPackSolution.exe"=0x5341435001000000000000000700000028000000D8A803006CBD0300010000000000000000000206712000002EF6C8A3A56ACD010000008000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000000000000000000000000000000001D50700000000000100000001000000
"SIGN.IE=08DCDCB0 b3blt10us17_864.exe"=0x5341435001000000000000000700000028000000B0DCDC08FB52DD08010000000000000000000106000100002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000824F0100000000000100000001000000
"SIGN.IE=0112E90 c1acp21us17.exe"=0x5341435001000000000000000700000028000000902E110088D51100010000000000000000000106000100002EF6C8A3A56ACD010000008000000000020000002800000000000000000000000000000000000000000000000000000060F70000000000000100000001000000
"SIGN.IE=05172A68 TC00636200A.exe"=0x5341435001000000000000000700000028000000682A1705E3321705010000000000000000000206002100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000009FB60300000000000100000001000000
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\As0.exe"=0x5341435001000000000000000700000028000000707906006CC7060001000000000000000000010600010000647CA60EA56ACD01000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000040000000000000000000000000000007B310100000000000100000001000000
"SIGN.IE=056C150 avast_free_antivirus_setup_online.exe"=0x534143500100000000000000070000002800000050C1560000000000010000000000000000000206002100002EF6C8A3A56ACD010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000013FE0400000000000200000002000000
"C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe"=0x534143500100000000000000070000002800000050C1560000000000010000000000000000000206002100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000040000000000000000000000000000000002B490400000000000100000001000000
"D:\Downloaded Programs\Cyberlink\1_CyberLink_MediaSuite9_Pro_MES101207-01.exe"=0x53414350010000000000000007000000280000000501065600000000010000000000000000000106002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000089180000000000000100000001000000
"D:\Downloaded Programs\Cyberlink\CMS9_Pro_MES101207-01_Single.exe"=0x53414350010000000000000007000000280000000501065600000000010000000000000000000106002100002EF6C8A3A56ACD010000000000000000
"C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"=0x5341435001000000000000000700000028000000286F0100508B010001000000000000000000010671220000975FD891C99ECE01000000000000000002000000280000000000000000000000001000000000000000000000000000007B391902000000000600000006000000
"SIGN.MEDIA=4D66C47 AutoRun\AutoRun.exe"=0x5341435001000000000000000700000028000000E8C100007CAE0100010000000000000000000105710000002EF6C8A3A56ACD010000000000000000050000001000000000000000000000000000000080000000020000002800000000000000800000000004200000000000000020000000000068E00100000000000100000001000000010000000400000001000000
"SIGN.IE=094A7930 iTunes6464Setup.exe"=0x534143500100000000000000070000002800000030794A09E89B4A0901000000000000000000010600010000647CA60EA56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000055480300000000000200000002000000
"C:\Users\Owner\AppData\Local\Temp\IXP544.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000302D0100E2DC0100010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000040000000000000000000000000000000009E460000000000000100000001000000
"SIGN.IE=094A7930 iTunes6464Setup (1).exe"=0x534143500100000000000000070000002800000030794A09E89B4A0901000000000000000000010600010000647CA60EA56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000B7270100000000000100000001000000
"C:\Users\Owner\AppData\Local\Temp\IXP285.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000302D0100E2DC0100010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000040000000000000000000000000000000004C100000000000000100000001000000
"SIGN.MEDIA=C2B0B0 start.exe"=0x5341435001000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000818C00000000000001000000010000000700000028000000504C01007361010001000000000000000000010600210000975FD891C99ECE010000000000000000
"SIGN.MEDIA=9EFDA setup.exe"=0x53414350010000000000000007000000280000007897050080CD0500010000000000000000000106002100002EF6C8A3A56ACD010000000000000000
"SIGN.MEDIA=EDB931 AccessEncryptedFiles.exe"=0x534143500100000000000000070000002800000068C6010031F20100010000000000000000000106712000002EF6C8A3A56ACD0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000040000000000000004000000F6F80000000000000100000001000000010000000400000001000000
"SIGN.MEDIA=71426 setup.exe"=0x53414350010000000000000007000000280000007815070078530700010000000000000000000106002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000500000000000000000000000000000000054241300000000000100000001000000
"SIGN.MEDIA=1341E963 KeePass Password Safe\KeePass.exe"=0x5341435001000000000000000700000028000000902D2100273D210001000000000000000000020671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000725D7A0C000000000700000007000000
"C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe"=0x534143500100000000000000070000002800000000402B004DCE21000100000000000000000001067120000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000094E1200000000001200000012000000
"C:\Users\Owner\AppData\Local\Temp\IXP635.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000302D0100E2DC0100010000000000000000000106000100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000008520000000000000100000001000000
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"=0x534143500100000000000000070000002800000048C801003AD00100010000000000000000000106710200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000287E0000000000000100000001000000
"C:\Windows\System32\spool\drivers\x64\3\ssp8mam.exe"=0x534143500100000000000000070000002800000050FA08001D6509000100000000000000000001067122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000FC7A0000000000000600000006000000
"C:\Windows\System32\spool\drivers\x64\3\ssp8msm.exe"=0x534143500100000000000000070000002800000050D41B00C97E1C000100000000000000000001067122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F3090000000000000600000006000000
"C:\Program Files (x86)\Nuance\PaperPort\pppagevw.exe"=0x534143500100000000000000070000002800000068971400846D1500010000000000000000000106712200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000100000000000000000000000000000000004360000000000000100000001000000
"C:\Program Files (x86)\Nuance\PaperPort\ScannerWizardU.exe"=0x5341435001000000000000000700000028000000206511009BC9110001000000000000000000010600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C32B0000000000000100000001000000
"C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe"=0x5341435001000000000000000700000028000000683714009A43140001000000000000000000010671220000975FD891C99ECE01000000000000000002000000280000000000000000000010000000000000000000000000000000008EB90600000000000100000001000000
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"=0x534143500100000000000000070000002800000028A50600CD5A070001000000000000000000010671220000975FD891C99ECE01000000000000000002000000280000000000000080000000000000000000000000000000000000002E2B0500000000000300000003000000
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ECCenter1.exe"=0x5341435001000000000000000700000028000000609506007136070001000000000000000000000671020000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D9273F00000000000F0000000F000000
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\BtAssist1.exe"=0x534143500100000000000000070000002800000060950600FFB8060001000000000000000000000671020000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C31B1100000000000700000007000000
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe"=0x534143500100000000000000070000002800000050630100A572010001000000000000000000000673020000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D3040000000000000100000001000000
"SIGN.IE=093B868 AmazonMusicImporterInstaller-3.1.0._V320648434_.exe"=0x534143500100000000000000070000002800000068B893006217940001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C0C21100000000000100000001000000
"C:\Program Files (x86)\Amazon\Utilities\Amazon Music Importer\Amazon Music Importer.exe"=0x53414350010000000000000007000000280000004845020033E702000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E34A0000000000000200000002000000
"SIGN.MEDIA=27C5091A KeePass Password Safe\KeePass.exe"=0x5341435001000000000000000700000028000000902D2100273D210001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D5E40A07000000000200000002000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006A18030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"SIGN.MEDIA=64D8EDE KeePass Password Safe\KeePass.exe"=0x5341435001000000000000000700000028000000C8F22000EF7C210001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000A98A603000000000100000001000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8800200726B030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\BigBang\Runtime\CLUpdater.exe"=0x534143500100000000000000070000002800000028E503005F3604000100000000000000000000067102000019B4C529E312D1010000008000000000020000002800000000000000000000000000000000000000000000000000000070240000000000000100000001000000
"C:\Users\Owner\Downloads\Install_CopyTransControlCenter.exe"=0x5341435001000000000000000700000028000000A0205F00898E5F0001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000002ADA2300000000000100000001000000
"C:\Users\Owner\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe"=0x5341435001000000000000000700000028000000A0205F00898E5F0001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000DAF99307000000000300000003000000
"SIGN.MEDIA=646EEDE KeePass Password Safe\KeePass.exe"=0x5341435001000000000000000700000028000000C8F22000EF7C210001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000009F2A1B03000000000100000001000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006821030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA0200D5D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"SIGN.MEDIA=3098DAC KeePass Password Safe\KeePass.exe"=0x534143500100000000000000070000002800000018F7200004EF210001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000CFF74800000000000200000002000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Owner\Downloads\DisplayLink USB Graphics Software for Windows 8.0 M0.exe"=0x5341435001000000000000000700000028000000C8B29502C204960201000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000062D0100000000000100000001000000
"C:\Users\Owner\AppData\Local\Temp\Temp1_kvmswicher.zip\KVMSwicher\Windows\USBKVMInstall.exe"=0x5341435001000000000000000700000028000000CD8509000000000001000000000000000000000A4122000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000021340300000000000100000001000000
"SIGN.MEDIA=30B05AC KeePass Password Safe\KeePass.exe"=0x534143500100000000000000070000002800000018F7200004EF210001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000013C27E00000000000500000005000000
"C:\Program Files\iTunes\iTunes.exe"=0x5341435001000000000000000700000028000000388F2E008CC62E0001000000000000000000000A7322000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006004EF02000000000300000003000000
"C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0740C00BD6F0D0001000000010000000000000A0021000059193B14E312D1010000000000000000
"C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe"=0x534143500100000000000000070000002800000000100900000000000100000000000000000001067120000033504C2B57DFD101000000000000000002000000500000000000000000000000000000000000000000000000000000001A010000000000000900000006000000000000000000004000000000000000000000000000000000DB000000000000000200000000000000
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"=0x5341435001000000000000000700000028000000C0743701018537010100000000000000000001060001000019B4C529E312D1010000000100000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Owner\Documents\KVM Switcher\KVMSwicher\Windows\USBKVMInstall.exe"=0x5341435001000000000000000700000028000000CD8509000000000001000000000000000000000A4122000033504C2B57DFD1010000000000000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6705.1122\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E03000008040001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02001930030001000000010000000000000A7122000033504C2B57DFD1010000000000000000
"C:\Users\Owner\Downloads\VideostreamNetworkRepair.exe"=0x5341435001000000000000000700000028000000981C0300F98E0300010000000000000000000306F102000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000EA000000000000000100000001000000
"C:\Users\Owner\Downloads\VideostreamNetworkRepair (1).exe"=0x5341435001000000000000000700000028000000981C0300F98E0300010000000000000000000306F102000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000031600000000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"=0x5341435001000000000000000700000028000000B8DA1500A2B916000100000000000000000001060001000033504C2B57DFD1010000000100000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"SIGN.MEDIA=30B05AC KeePass Password Safe\KeePass-1.31-Setup.exe"=0x534143500100000000000000070000002800000030671D00897F1D0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000025140000000000000100000001000000
"SIGN.MEDIA=1004CF4 KeePass Password Safe\KeePass-1.32-Setup.exe"=0x5341435001000000000000000700000028000000A8721D0047181E0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000006C670500000000000200000002000000
"SIGN.MEDIA=539ABF6 KeePass Password Safe\KeePass.exe"=0x534143500100000000000000070000002800000000F820004D2A210001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F68C2D12000000000100000001000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6764.0111\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E0300F3A9030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"SIGN.MEDIA=A54CEFE KeePass Password Safe\KeePass.exe"=0x534143500100000000000000070000002800000000F820004D2A210001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000035100800000000000100000001000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D87E3801682C390101000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000585F0E0023DF0E0001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000A8D08B0011B48C0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008C000000000000000300000003000000
"C:\Program Files\AVAST Software\SZBrowser\launcher.exe"=0x534143500100000000000000070000002800000020260E0058590E0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000046B07300000000000200000002000000
"C:\Users\Owner\Downloads\malwarebytes.exe"=0x5341435001000000000000000700000028000000B8FF1803D6E9190301000000000000000000000A0021000033504C2B57DFD1010000000000000000
"C:\Users\Owner\Desktop\FRST64.exe"=0x5341435001000000000000000700000028000000000625000811250001000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000000C0C0200000000000100000001000000
"C:\Users\Owner\Desktop\aswmbr.exe"=0x5341435001000000000000000700000028000000005A4F000000000001000000000000000000000A7122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000ABC00100000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe"=0x5341435001000000000000000700000028000000D0AF05005F46060001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B5010000000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"=0x5341435001000000000000000700000028000000D03112002024130003000000000000000000000A0021000033504C2B57DFD1010000000000000000
"C:\Users\Owner\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000A8612A00D3912A0001000000000000000000000A0021000033504C2B57DFD1010000000000000000

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"=32

---------- | IFEO

---------- | Mountpoints2

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"Beep"=#USR:Control Panel\Sound
"CoolSwitch"=USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SwapMouseButtons"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"Beep"=#USR:Control Panel\Sound
"CoolSwitch"=USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SwapMouseButtons"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131194892913883613

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"DisableAntiSpyware"=1
"ProductType"=2
"ProductStatus"=0
"DisableAntiVirus"=1
"InstallTime"=0xFEBCBE856D62D001
"ManagedDefenderProductType"=0

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1

---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)

---------- | Hosts

---------- | Ping

Pinging google.com [74.125.138.100] with 32 bytes of data:
Reply from 74.125.138.100: bytes=32 time=22ms TTL=45
Reply from 74.125.138.100: bytes=32 time=33ms TTL=45
Reply from 74.125.138.100: bytes=32 time=26ms TTL=45
Reply from 74.125.138.100: bytes=32 time=28ms TTL=45

Ping statistics for 74.125.138.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 33ms, Average = 27ms

---------- | @

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Cache_Update_Frequency"=Once_Per_Session
"Local Page"=C:\WINDOWS\system32\blank.htm
"NoUpdateCheck"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"OperationalData"=13
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000001900000000040000B4020000
"Start Page Redirect Cache_TIMESTAMP"=0xCD5413BD4140D101
"Start Page Redirect Cache AcceptLangs"=en-US
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x2B0564BFFCC9D101
"IconCache"=wvgt5je
"IE10TourShown"=1
"IE10TourShownTime"=0x2B0564BFFCC9D101
"PrivacyPolicyShown"=1
"Use FormSuggest"=no
"DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF90000000540000001003000034020000
"ImageStoreRandomFolder"=wwn5bio
"ApplicationTileImmersiveActivation"=0
"AssociationActivationMode"=2
"EdgeSwitchingOSBuildNumber"=10586.th2_release.160802-1857
"Start Page_TIMESTAMP"=0xCB3F4E9B4EE0D101
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"ZonesSecurityUpgrade"=0xEEEB25529E9ED201
"EmailName"=User@
"AutoConfigProxy"=wininet.dll
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"WarnOnPost"=0x01000000
"UseSchannelDirectly"=0x01000000
"EnableHttp1_1"=1
"UrlEncoding"=0
"WarnonZoneCrossing"=0
"ProxyOverride"=*.local

[HKLM\Software\Microsoft\Internet Explorer\Main]
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"DoNotTrack"=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

---------- | reparsepoint

---------- | Detection of offsets

---------- | Notify

---------- | Execution FileExts

---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [05/04/2017 02:33:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [05/04/2017 02:33:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [16/07/2016 06:42:17]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} -- C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -- C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} -- C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} -- C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -- C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=Groove GFS Stub Execution Hook

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=Groove GFS Stub Execution Hook

---------- | Toolbar

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"KnownProvidersUpgradeTime"=0x2B0564BFFCC9D101
"Version"=5
"UpgradeTime"=0x2B0564BFFCC9D101
"DefaultPackCorrection"=1
"DefaultPackNTCorrection"=1

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - []

---------- | SearchScopes

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] -> (Groove GFS Browser Helper) : C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 07:37:48]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] -> (Groove GFS Browser Helper) : C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [19/12/2013 00:41:02]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 07:37:48]

---------- | Chrome

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\cnciopoikihiagdjbjpnocolokfelagl = : Play your downloaded videos on the Chromecast™ (any file type) - Videostream for Google Chromecast™ - 760761840374-p3tdq2ck1nvdhfagh7sddtohs58psq9v.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\daanglpcpkjjlkhcbladppjphglbigam = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security (BETA) - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\daanglpcpkjjlkhcbladppjphglbigam]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]

---------- | Opera

---------- | Firefox

[HKLM\Software\mozilla\Firefox\Extensions]
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@Apple.com/iTunes,version=] - (iTunes Detector Plug-in) :
[HKLM\Software\WOW6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] - () : C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{5e3c0aea-66f9-465d-8e3b-e66fde3bcfee}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5e3c0aea-66f9-465d-8e3b-e66fde3bcfee}]
"DhcpNameServer"=192.168.1.1

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DeviceInstall
SystemEventsBroker
DcomLaunch
"Camera"=FrameServer
"smbsvcs"=lanmanserver
browser
"PeerDist"=PeerDistSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DeviceInstall
DcomLaunch
"smbsvcs"=lanmanserver

---------- | SvcHost - Netsvcs (Whitelist)

---------- | Software

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Amazon]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\AppDataLow]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Apple Inc.]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\AVAST Software]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Brother]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\CyberLink]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\DisplayLink]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\drpsu]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\FLEXnet]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Google]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\InstallShield]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Intel]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Lake]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\LogiShrd]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Macromedia]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Malwarebytes]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Mine]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Netscape]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\ODBC]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Policies]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Realtek]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Samsung]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\ScanSoft]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\SSPrint]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\sysinternals]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Toshiba]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\WindSolutions]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Wow6432Node]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Zeon]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Brother]
[HKLM\Software\Caphyon]
[HKLM\Software\Clients]
[HKLM\Software\DisplayLink]
[HKLM\Software\Dolby]
[HKLM\Software\DTS]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\Lenovo]
[HKLM\Software\Logishrd]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nahimic]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Samsung]
[HKLM\Software\SonicFocus]
[HKLM\Software\SRS Labs]
[HKLM\Software\SSPrint]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\Toshiba]
[HKLM\Software\Waves Audio]
[HKLM\Software\WIDCOMM_TEMP]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Yamaha APO]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\DWM]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\Brother]
[HKLM\Software\WOW6432Node\Brother Industries, Ltd.]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\InstallShield]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Lake]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Samsung]
[HKLM\Software\WOW6432Node\ScanSoft]
[HKLM\Software\WOW6432Node\SmartSound Software]
[HKLM\Software\WOW6432Node\SPanel]
[HKLM\Software\WOW6432Node\SSPrint]
[HKLM\Software\WOW6432Node\TOSHIBA]
[HKLM\Software\WOW6432Node\Volatile]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives

D:

F:

[09/03/2011 19:56:21] - |A| - (.Copyright 2009-2010 Western Digital - WDQuickFormatter.exe.) - [3290480] - (1.2.0.7) - F:\WD Quick Formatter.exe
[09/03/2011 19:56:25] - |A| - (.(c) Western Digital - Setup Application for WD SmartWare.) - [4246384] - (1.4.5.2) - F:\WD SmartWare.exe

---------- | C:

[22/08/2013 10:36:31] - |SHD| - [1831779661] - C:\$Recycle.Bin
[MD5.21BF183C15AFE62A8D1137BB9007B2A3] - [26/07/2012 03:18:43] - |RASH| - (.-.) - [398156] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [26/07/2012 03:18:43] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[11/08/2015 16:33:19] - |D| - [451456] - C:\Brother
[22/08/2013 09:45:52] - |SHD| - [0] - C:\Documents and Settings
[24/04/2017 15:11:30] - |D| - [117712338] - C:\FRST
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/09/2016 17:31:56] - |ASH| - (.-.) - [1678684160] - (0.0.0.0) - C:\hiberfil.sys
[19/03/2015 13:05:46] - |D| - [42070] - C:\Intel
[05/08/2015 14:26:19] - |RHD| - [719612625] - C:\MSOCache
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/03/2015 12:52:44] - |ASH| - (.-.) - [738197504] - (0.0.0.0) - C:\pagefile.sys
[16/07/2016 06:47:47] - |D| - [0] - C:\PerfLogs
[16/07/2016 01:04:24] - |RD| - [4316863461] - C:\Program Files
[16/07/2016 01:04:24] - |RD| - [4749830132] - C:\Program Files (x86)
[16/07/2016 06:47:48] - |HD| - [1840607552] - C:\ProgramData
[25/04/2017 14:25:12] - |D| - [262052] - C:\QuickDiag
[MD5.FC518E4ECD12021DA911CC1C109C842A] - [25/04/2017 14:25:22] - |A| - (.-.) - [144641] - (0.0.0.0) - C:\QuickDiag.txt
[09/01/2016 10:07:33] - |SHD| - [290066989] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/03/2015 12:52:44] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
[19/03/2015 13:18:11] - |D| - [251564183] - C:\SWTOOLS
[19/03/2015 12:52:43] - |SHD| - [20572] - C:\System Volume Information
[16/07/2016 01:04:24] - |RD| - [4993351410] - C:\Users
[16/07/2016 01:04:24] - |D| - [24971240056] - C:\Windows

---------- | C:\WINDOWS

[16/07/2016 06:47:48] - |D| - [802] - C:\WINDOWS\addins
[MD5.C048724563615DDE0471383910A6959E] - [05/08/2015 13:01:44] - |A| - (.-.) - [5430] - (0.0.0.0) - C:\WINDOWS\AnyWeb Print.ico
[16/07/2016 06:47:48] - |D| - [14559562] - C:\WINDOWS\appcompat
[16/07/2016 06:47:48] - |D| - [12422502] - C:\WINDOWS\AppPatch
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\AppReadiness
[16/07/2016 06:47:47] - |RD| - [836069847] - C:\WINDOWS\assembly
[26/07/2012 03:12:59] - |D| - [0] - C:\WINDOWS\AUInstallAgent
[MD5.12EBDA58437CD1EA7066FCB6455241D2] - [05/09/2016 16:10:58] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr
[16/07/2016 06:47:48] - |D| - [325008] - C:\WINDOWS\bcastdvr
[MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 06:42:16] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe
[16/07/2016 09:29:36] - |SHD| - [591899] - C:\WINDOWS\BitLockerDiscoveryVolumeContents
[16/07/2016 06:47:48] - |D| - [38115435] - C:\WINDOWS\Boot
[MD5.ED812775C5F87D6526AA7A9F496CBC1F] - [27/09/2016 17:27:06] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[16/07/2016 06:47:48] - |D| - [3715096] - C:\WINDOWS\Branding
[MD5.7D6E128FDC85D9EC2130ECAEC7FB7C76] - [11/08/2015 16:33:16] - |A| - (.-.) - [66] - (0.0.0.0) - C:\WINDOWS\Brfaxrx.ini
[MD5.BDAD1C5531FA9ED3863219D6923F4CD1] - [05/08/2015 13:16:03] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\brpcfx.ini
[MD5.2A4D68A1EDFF18D49CC9B9A41CE9C39C] - [05/08/2015 13:16:03] - |A| - (.-.) - [24] - (0.0.0.0) - C:\WINDOWS\Brpfx04a.ini
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/08/2015 13:15:29] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\BRRBCOM.INI
[16/07/2016 06:36:22] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.8AB7E743453CB6E272EF9374CE260C45] - [27/09/2016 17:32:20] - |A| - (.-.) - [19598] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[19/03/2015 12:54:04] - |D| - [0] - C:\WINDOWS\CSC
[16/07/2016 06:47:48] - |D| - [8970858] - C:\WINDOWS\Cursors
[16/07/2016 06:47:48] - |D| - [18692875] - C:\WINDOWS\debug
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [27/09/2016 17:34:10] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[16/07/2016 06:47:48] - |D| - [4494460] - C:\WINDOWS\diagnostics
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [27/09/2016 17:34:10] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[16/07/2016 09:14:00] - |D| - [0] - C:\WINDOWS\DigitalLocker
[16/07/2016 06:47:48] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.3B714C6B68444A6BB38DAAD5F39ED672] - [09/07/2016 13:47:12] - |A| - (.-.) - [9850] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG
[MD5.F6CAE25A0B2F38F536A9339A878E2ED1] - [05/08/2015 13:01:44] - |A| - (.-.) - [11502] - (0.0.0.0) - C:\WINDOWS\Dr. Printer Icon.ico
[MD5.1681D46EDEA33169301564E71CD255F6] - [16/07/2016 06:49:13] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[16/07/2016 06:47:48] - |HD| - [44056] - C:\WINDOWS\ELAMBKUP
[16/07/2016 09:14:00] - |D| - [105984] - C:\WINDOWS\en-US
[MD5.60864394E6C33D72ADC39856101DF832] - [23/09/2005 13:48:52] - |A| - (.Copyright 2000-2005, eSellerate Inc. - eSellerateEngine.) - [356352] - (3.6.2.3) - C:\WINDOWS\eSellerateEngine.dll
[MD5.F2D58A2E27C2CD486F8F0A123A3F34C3] - [15/03/2017 00:09:30] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [4674360] - (10.0.14393.953) - C:\WINDOWS\explorer.exe
[16/07/2016 06:47:48] - |RSD| - [399077936] - C:\WINDOWS\Fonts
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[16/07/2016 06:47:48] - |D| - [27494442] - C:\WINDOWS\Globalization
[16/07/2016 06:47:48] - |D| - [1405337] - C:\WINDOWS\Help
[MD5.DD3887563D64E631168B8C107C61A1EC] - [11/04/2017 20:35:04] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [975872] - (10.0.14393.1066) - C:\WINDOWS\HelpPane.exe
[MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 06:42:21] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe
[16/07/2016 06:47:48] - |D| - [173189416] - C:\WINDOWS\IME
[16/07/2016 06:47:48] - |RD| - [6841392] - C:\WINDOWS\ImmersiveControlPanel
[16/07/2016 06:45:54] - |D| - [64433376] - C:\WINDOWS\INF
[16/07/2016 06:47:48] - |D| - [1076853729] - C:\WINDOWS\InfusedApps
[16/07/2016 06:47:48] - |D| - [36285422] - C:\WINDOWS\InputMethod
[16/07/2016 06:47:48] - |SHDC| - [5949662537] - C:\WINDOWS\Installer
[16/07/2016 06:47:48] - |D| - [89407] - C:\WINDOWS\L2Schemas
[16/07/2016 06:47:48] - |D| - [16983498] - C:\WINDOWS\LiveKernelReports
[16/07/2016 01:04:29] - |D| - [30639783] - C:\WINDOWS\Logs
[16/07/2016 06:47:48] - |RSD| - [20316123] - C:\WINDOWS\Media
[22/08/2013 10:36:31] - |D| - [1619968] - C:\WINDOWS\MediaViewer
[MD5.A3F5562C9098075F6DEAA9CCBBDC96C2] - [15/08/2015 21:15:24] - |A| - (.-.) - [497545026] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 06:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[16/07/2016 06:47:47] - |RD| - [729194838] - C:\WINDOWS\Microsoft.NET
[16/07/2016 06:47:48] - |D| - [2563] - C:\WINDOWS\Migration
[16/07/2016 06:47:48] - |RD| - [484593] - C:\WINDOWS\MiracastView
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.616CA7CA98BC53FAED26040BC0838164] - [06/08/2015 07:44:19] - |A| - (.-.) - [263822] - (0.0.0.0) - C:\WINDOWS\msxml4-KB2758694-enu.LOG
[MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 06:43:51] - |A| - (.© Microsoft Corporation. - Notepad.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe
[16/07/2016 09:15:09] - |D| - [219754] - C:\WINDOWS\OCR
[16/07/2016 06:47:48] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[27/09/2016 20:24:32] - |DC| - [264786199] - C:\WINDOWS\Panther
[17/12/2016 17:52:59] - |D| - [0] - C:\WINDOWS\PCHEALTH
[16/07/2016 06:47:48] - |D| - [29341941] - C:\WINDOWS\Performance
[MD5.E3BABF0687A83295DC55F872ED77BC16] - [30/09/2016 20:14:43] - |A| - (.-.) - [455530] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[16/07/2016 06:47:48] - |D| - [1121835] - C:\WINDOWS\PLA
[16/07/2016 06:47:48] - |D| - [6170776] - C:\WINDOWS\PolicyDefinitions
[27/09/2016 17:25:18] - |D| - [3169848] - C:\WINDOWS\Prefetch
[16/07/2016 06:47:48] - |RD| - [2037042] - C:\WINDOWS\PrintDialog
[MD5.4ACE1A172D35E492443D29527441BB30] - [16/07/2016 09:30:48] - |A| - (.-.) - [33882] - (0.0.0.0) - C:\WINDOWS\Professional.xml
[16/07/2016 06:47:48] - |D| - [1419214] - C:\WINDOWS\Provisioning
[MD5.BF5D30514FEA913E25CCC9E546257088] - [15/03/2017 00:10:12] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [320512] - (10.0.14393.953) - C:\WINDOWS\regedit.exe
[16/07/2016 06:47:48] - |D| - [1117148] - C:\WINDOWS\Registration
[16/07/2016 09:29:36] - |D| - [0] - C:\WINDOWS\RemotePackages
[16/07/2016 06:47:48] - |D| - [10883107] - C:\WINDOWS\rescache
[16/07/2016 06:47:48] - |D| - [4956606] - C:\WINDOWS\Resources
[05/08/2015 13:02:58] - |D| - [1194018] - C:\WINDOWS\Samsung
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\SchCache
[16/07/2016 06:47:48] - |D| - [121229] - C:\WINDOWS\schemas
[16/07/2016 06:47:48] - |D| - [5141370] - C:\WINDOWS\security
[27/09/2016 17:25:18] - |D| - [42114701] - C:\WINDOWS\ServiceProfiles
[16/07/2016 01:04:24] - |D| - [238672406] - C:\WINDOWS\servicing
[16/07/2016 06:49:46] - |D| - [42] - C:\WINDOWS\Setup
[MD5.7BF5FCA0459977A70E9756C5D0D98077] - [27/09/2016 17:26:38] - |A| - (.-.) - [31232] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.93F7ACD3FFB1954DAA84D42C4FF8448C] - [27/09/2016 17:26:38] - |A| - (.-.) - [274] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[16/07/2016 06:47:48] - |D| - [31190016] - C:\WINDOWS\ShellExperiences
[30/10/2015 04:07:42] - |D| - [95790] - C:\WINDOWS\ShellNew
[16/07/2016 09:14:36] - |D| - [3757408] - C:\WINDOWS\SKB
[MD5.6E32354BEFF6EB30D620012098B50FD9] - [05/08/2015 13:01:44] - |A| - (.-.) - [133757] - (0.0.0.0) - C:\WINDOWS\SmartCMS2.ico
[19/03/2015 12:54:02] - |D| - [458116309] - C:\WINDOWS\SoftwareDistribution
[16/07/2016 06:47:48] - |D| - [107844594] - C:\WINDOWS\Speech
[16/07/2016 06:47:48] - |D| - [51335125] - C:\WINDOWS\Speech_OneCore
[MD5.BCDB205132974EC3AB6F5C01DD93489B] - [29/10/2016 12:08:16] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe
[MD5.38468412425D67D18B9BE00D59F7194D] - [05/08/2015 13:03:19] - |A| - (.Copyright ¨Ï 2004. - Non-Device INF Installer.) - [493432] - (1.2.1.2) - C:\WINDOWS\ssndii.exe
[16/07/2016 06:47:48] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 08:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[16/07/2016 01:04:24] - |D| - [5365152862] - C:\WINDOWS\System32
[16/07/2016 06:47:48] - |D| - [145553510] - C:\WINDOWS\SystemApps
[16/07/2016 06:47:48] - |D| - [17453597] - C:\WINDOWS\SystemResources
[16/07/2016 01:04:27] - |AD| - [1340627047] - C:\WINDOWS\SysWOW64
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\TAPI
[22/08/2013 10:36:30] - |D| - [220] - C:\WINDOWS\Tasks
[16/07/2016 06:47:48] - |D| - [9979882] - C:\WINDOWS\Temp
[22/08/2013 10:36:30] - |RD| - [0] - C:\WINDOWS\ToastData
[16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\tracing
[16/07/2016 06:47:48] - |D| - [7468941] - C:\WINDOWS\twain_32
[MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 06:43:52] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[22/08/2013 10:36:30] - |D| - [0] - C:\WINDOWS\vpnplugins
[16/07/2016 06:47:48] - |D| - [12420] - C:\WINDOWS\Vss
[16/07/2016 06:47:48] - |D| - [15729830] - C:\WINDOWS\Web
[MD5.DAA6AAD525D12F8985695B882301336F] - [26/07/2012 00:26:52] - |A| - (.-.) - [167] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 06:42:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [08/08/2015 21:44:21] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 06:42:48] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe
[16/07/2016 01:04:24] - |D| - [6825367731] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 06:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 06:42:39] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy

---------- | Systemroot\System

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[26/04/2011 22:28:48] - C:\WINDOWS\Installer\1164996.msi : (PaperPort Image Printer Driver AMD64 - Nuance Communications, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:44:33] - C:\WINDOWS\Installer\1627b72.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:46:28] - C:\WINDOWS\Installer\1627b76.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:48:21] - C:\WINDOWS\Installer\1627b84.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:49:37] - C:\WINDOWS\Installer\1627b88.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:53:39] - C:\WINDOWS\Installer\1627b90.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:57:35] - C:\WINDOWS\Installer\1627b94.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 18:04:19] - C:\WINDOWS\Installer\1627b98.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 18:00:09] - C:\WINDOWS\Installer\1627b9c.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/08/2015 09:34:42] - C:\WINDOWS\Installer\1627ba4.msi : (SmartSound Quicktracks - SmartSound Software Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 18:03:41] - C:\WINDOWS\Installer\1627bbc.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 18:07:59] - C:\WINDOWS\Installer\1627bc4.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 18:09:34] - C:\WINDOWS\Installer\1627bcc.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/12/2010 19:54:54] - C:\WINDOWS\Installer\1627bd0.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/12/2010 17:50:05] - C:\WINDOWS\Installer\1627bd4.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/04/2017 17:05:26] - C:\WINDOWS\Installer\1916c380.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/09/2015 11:01:31] - C:\WINDOWS\Installer\2309eac9.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/09/2015 11:01:07] - C:\WINDOWS\Installer\2309eacf.msi : (Amazon Music Importer - Amazon Services LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 10:59:44] - C:\WINDOWS\Installer\2a50e05.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:00:01] - C:\WINDOWS\Installer\2a50f9d.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:00:02] - C:\WINDOWS\Installer\2a51071.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:00:40] - C:\WINDOWS\Installer\2a51077.msi : (iCloud for Windows installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:00:55] - C:\WINDOWS\Installer\2a510bc.msi : (Apple Mobile Device Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:00:57] - C:\WINDOWS\Installer\2a5112f.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2016 11:01:29] - C:\WINDOWS\Installer\2a5211e.msi : (iTunes Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/07/2016 04:33:41] - C:\WINDOWS\Installer\64423.msi : (DisplayLink Core Software - DisplayLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/07/2016 22:41:37] - C:\WINDOWS\Installer\7c1cc.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/02/2016 10:27:07] - C:\WINDOWS\Installer\8336e0fd.msi : (DisplayLink Core Software - DisplayLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/02/2015 04:35:42] - C:\WINDOWS\Installer\cdc9d.msi : (DisplayLink Core Software - DisplayLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/11/2014 03:53:04] - C:\WINDOWS\Installer\fd3e5.msi : (Bluetooth Toshiba Stack - Toshiba) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[16/07/2016 06:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[09/01/2016 10:26:00] - [1711050] - C:\WINDOWS\System32\PerfStringBackup.INI
[16/07/2016 06:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[16/07/2016 06:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[21/11/2013 01:02:12] - [114] - C:\WINDOWS\Syswow64\BRLMW03A.INI
[16/07/2016 06:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[16/07/2016 06:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.B7C476BBE4F001F4F33C04D9ABC33DC8] - |A| - [16/07/2016 06:42:17] - (.-.) - [14.52 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
[MD5.8BE31B88D8523648580AFAFB92B78A30] - |A| - [15/03/2017 00:09:03] - (.-.) - [540.84 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
[MD5.BB79ACC1E8EA2FBF2DB0641EE270ED15] - |A| - [13/10/2016 10:46:16] - (.-.) - [703.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\172996dd-9aae-4293-a5dd-e36a3d8c39c2
[MD5.00000000000000000000000000000000] - |D| - [22/03/2017 23:29:50] - [0 Ko] - C:\WINDOWS\Temp\1A7FAA1F-86DA-F9FC-9D65-1C8B453DFFD1
[MD5.00000000000000000000000000000000] - |D| - [19/03/2017 22:22:45] - [0 Ko] - C:\WINDOWS\Temp\27358A54-6AFF-2B50-87E1-513A5606545D
[MD5.00000000000000000000000000000000] - |D| - [08/04/2017 22:19:19] - [0 Ko] - C:\WINDOWS\Temp\2D005A46-2233-D98F-D797-3DB8EF5C639E
[MD5.00000000000000000000000000000000] - |D| - [30/03/2017 22:12:30] - [0 Ko] - C:\WINDOWS\Temp\359E4B82-8792-2228-38F5-FE3283173913
[MD5.00000000000000000000000000000000] - |D| - [29/03/2017 22:11:47] - [0 Ko] - C:\WINDOWS\Temp\55CC4203-51C4-D277-E882-E53AEAFE9BBB
[MD5.00000000000000000000000000000000] - |D| - [08/04/2017 08:43:19] - [0 Ko] - C:\WINDOWS\Temp\69148BE8-165C-26AD-2D39-8872E71B1B7C
[MD5.00000000000000000000000000000000] - |D| - [25/03/2017 22:10:47] - [0 Ko] - C:\WINDOWS\Temp\A26A02D1-2246-E53C-A1B6-C05E9A24923C
[MD5.00000000000000000000000000000000] - |D| - [05/04/2017 19:39:32] - [0 Ko] - C:\WINDOWS\Temp\A6367E95-69F2-D38A-0C54-CF3BDAFE2282
[MD5.00000000000000000000000000000000] - |D| - [01/04/2017 05:06:25] - [0 Ko] - C:\WINDOWS\Temp\A984D120-72BE-1D06-922E-6AACB8D39CD8
[MD5.333F45C62B7DC54DDA8B84410C6C517E] - |A| - [17/12/2016 21:07:10] - (.-.) - [0.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00000.log
[MD5.EF4D76E460CD506AE77A3215651105A6] - |A| - [17/12/2016 21:07:12] - (.-.) - [0.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00001.log
[MD5.00000000000000000000000000000000] - |D| - [27/09/2016 17:32:39] - [0 Ko] - C:\WINDOWS\Temp\avast_ash2
[MD5.00000000000000000000000000000000] - |D| - [26/03/2017 22:21:46] - [0 Ko] - C:\WINDOWS\Temp\BC0EFE74-304D-01DC-285E-4BD1ECCE6367
[MD5.D28E3DBC56565103CD5C1B5A59246E1F] - |A| - [14/10/2016 22:09:03] - (.-.) - [18.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/09/2016 17:38:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser1.51.2220.53SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/10/2016 22:12:25] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser1.51.2220.62SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/03/2017 17:42:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.527SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/03/2017 21:49:29] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.590SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/03/2017 17:43:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.590_0SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [06/04/2017 20:33:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.596SZBrowser_autoupdate.download.lock
[MD5.00000000000000000000000000000000] - |D| - [14/10/2016 22:09:03] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [03/04/2017 19:05:18] - [1378.07 Ko] - C:\WINDOWS\Temp\CR_B750F.tmp
[MD5.00000000000000000000000000000000] - |D| - [25/03/2017 19:36:03] - [0 Ko] - C:\WINDOWS\Temp\D2FF4607-6766-098F-C309-FF1E3E231EB1
[MD5.00000000000000000000000000000000] - |D| - [05/04/2017 22:38:03] - [0 Ko] - C:\WINDOWS\Temp\D7ABD4CB-D8D3-5DC3-2E48-1AE6BDDF71FC
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:20:46] - [0 Ko] - C:\WINDOWS\Temp\DB17AE93-CE6B-F7A5-155A-4CDC561C9B8A
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/09/2016 17:27:05] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DMID953.tmp
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 22:40:45] - [0 Ko] - C:\WINDOWS\Temp\E862AD30-6F29-DA81-E7E4-B835571A899B
[MD5.00000000000000000000000000000000] - |D| - [14/04/2017 23:34:34] - [0 Ko] - C:\WINDOWS\Temp\ECC18474-D755-C5E5-29A5-06D60A5478ED
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 22:21:46] - [0 Ko] - C:\WINDOWS\Temp\EDA70282-2D80-4C89-18E9-5A59CF648555
[MD5.00000000000000000000000000000000] - |D| - [24/04/2017 12:16:41] - [0 Ko] - C:\WINDOWS\Temp\F28C3FE6-8F05-99D7-9313-2CD97FE30C27
[MD5.00000000000000000000000000000000] - |D| - [15/04/2017 22:35:46] - [0 Ko] - C:\WINDOWS\Temp\F4E7161B-E072-CCC1-5646-1B5EF220E849
[MD5.00000000000000000000000000000000] - |D| - [27/03/2017 22:06:46] - [0 Ko] - C:\WINDOWS\Temp\F6A272A6-563E-B915-C2B2-1A4915C88B9A
[MD5.00000000000000000000000000000000] - |D| - [21/03/2017 22:23:45] - [0 Ko] - C:\WINDOWS\Temp\F88784DB-9BA5-8770-F977-7701077A62FD
[MD5.00000000000000000000000000000000] - |D| - [17/03/2017 22:33:47] - [0 Ko] - C:\WINDOWS\Temp\F9890D6F-C724-0400-D153-7B26B6A5A535
[MD5.00000000000000000000000000000000] - |D| - [16/03/2017 22:22:16] - [0 Ko] - C:\WINDOWS\Temp\FFD9A24A-CF06-A429-53C6-049694B93126
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/09/2016 17:34:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/09/2016 17:34:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.4A378994BE45212ED6674AA7DA9D31A8] - |A| - [27/09/2016 17:34:25] - (.-.) - [122.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [30/09/2016 19:16:21] - [0 Ko] - C:\WINDOWS\Temp\MRT
[MD5.00000000000000000000000000000000] - |D| - [14/10/2016 20:48:56] - [38.79 Ko] - C:\WINDOWS\Temp\SafeZone Installer
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/10/2016 20:48:56] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\safezone_crashreporter.log
[MD5.30815505E25760564B02D65A9C9DCD14] - |A| - [10/03/2017 21:49:25] - (.Copyright Opera Software 2017 - Opera Installer.) - [1471 Ko] - (42.0.2393.590) - C:\WINDOWS\Temp\safezone_installer_20173114925978.dll
[MD5.00000000000000000000000000000000] - |D| - [29/03/2017 19:08:11] - [0 Ko] - C:\WINDOWS\Temp\SDIAG_f10311af-de3e-4374-8646-831274f65b85
[MD5.25C915542CA8694B7AC03DA977B097C1] - |A| - [27/09/2016 17:31:02] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\tem794E.tmp
[MD5.B13AF738AA8BE55154B2752979D76827] - |A| - [27/09/2016 17:31:03] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\tem7A48.tmp
[MD5.29F911751FBF1A96D00A3DA51F5C1D5E] - |A| - [29/10/2016 17:37:02] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_3D28.tmp
[MD5.84DB170C696B848B7B2E4E08F15A75BF] - |A| - [29/10/2016 17:37:02] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_3D48.tmp
[MD5.924795A6D96AB5F603DD828ACE69860B] - |A| - [29/10/2016 17:37:12] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_6553.tmp
[MD5.DE1E5A2C1343C8AB420B4300DEA82993] - |A| - [29/10/2016 17:37:12] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_6573.tmp
[MD5.971D7837F9448E01B22B46A5309FFBE8] - |A| - [15/04/2017 00:10:34] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_707C.tmp
[MD5.0739E360D362DF6961A1ED903BDB46A7] - |A| - [15/04/2017 00:10:34] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_708D.tmp
[MD5.1A62A322CEEFCC7F4A812F3308ED7E0B] - |A| - [16/03/2017 17:42:56] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_7DDA.tmp
[MD5.031CD7142F0A7D74ED30E28C349D48BF] - |A| - [30/09/2016 20:15:18] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8CEE.tmp
[MD5.0EB3284801E5D959915CA93360A93369] - |A| - [30/09/2016 20:15:18] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8D0E.tmp
[MD5.84D2879ADF1FFB00B0D2B83C7F134967] - |A| - [30/09/2016 20:15:18] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8D1F.tmp
[MD5.F74CD656DE57813389F75E53E7F8408B] - |A| - [30/09/2016 20:15:18] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8D3F.tmp
[MD5.499D4B6E9FCF258068A6B176ACB5CEB2] - |A| - [30/09/2016 20:15:18] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8D5F.tmp
[MD5.70A514F03888BEEBD72E4AA6E588D9B3] - |A| - [30/09/2016 20:15:18] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8DFC.tmp
[MD5.0A5686AFBF884FE4614530F0B13B8ED1] - |A| - [30/09/2016 20:15:18] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8E0D.tmp
[MD5.C017ABB2F7DAB9222164B05DA96C46E0] - |A| - [30/09/2016 20:15:19] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_8F46.tmp
[MD5.B74F9BA3C131D5879166C9537E6354E1] - |A| - [30/09/2016 20:15:24] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_A451.tmp
[MD5.9E355A9D61C3F508D53547C20EB63389] - |A| - [15/04/2017 00:10:52] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_B6E0.tmp
[MD5.DBCFA768E267C63AD7FC31E3C3B8E973] - |A| - [15/04/2017 00:10:52] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_B6F1.tmp
[MD5.4A6E19FC0483A126314686AC57AD0EB2] - |A| - [16/03/2017 17:43:15] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_C66E.tmp
[MD5.1923A5244D4935831873583BADD4991E] - |A| - [30/09/2016 20:15:35] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_CE22.tmp
[MD5.379B4063066B315F6C58FFC6F5D92DA2] - |A| - [30/09/2016 20:15:35] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_CE42.tmp
[MD5.2CEFE072490919EAE9A2024A0E3145AC] - |A| - [30/09/2016 20:15:35] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_CE52.tmp
[MD5.B437428A7B707239B9379F28E70A77BB] - |A| - [30/09/2016 20:15:38] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DB25.tmp
[MD5.DC754620AFD3559E2C0E01FC44BDD382] - |A| - [30/09/2016 20:15:39] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DDD5.tmp
[MD5.534E9979C1648FB96FED5736987F5299] - |A| - [30/09/2016 20:15:39] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DDE6.tmp
[MD5.235B8E6623C37B9B65E0F4AE109520D2] - |A| - [30/09/2016 20:15:39] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DDF6.tmp
[MD5.97138462F22480B2FF49E58254D47A5E] - |A| - [30/09/2016 20:15:39] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_DE07.tmp
[MD5.0DBFBFA5212642629E11B15B7B0C2178] - |A| - [05/04/2017 20:18:27] - (.-.) - [38.31 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1723.tmp.csv
[MD5.2B60E87AFD3FB9F8B552EB7DEEF20771] - |A| - [05/04/2017 20:18:27] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1733.tmp.txt
[MD5.2DBBCD6F0F86BE004B8A90BCE9E5C0C7] - |A| - [12/03/2017 10:09:00] - (.-.) - [39.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER196F.tmp.csv
[MD5.235030673D0B9DF918D340223B2A3EF6] - |A| - [12/03/2017 10:09:00] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1990.tmp.txt
[MD5.71F975EDB8751A905BE8BB7E6C639184] - |A| - [24/04/2017 14:49:42] - (.-.) - [41.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1C5E.tmp.csv
[MD5.7D32D31FD96DB45BCAF471AB0C13C80C] - |A| - [24/04/2017 14:49:42] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1C6F.tmp.txt
[MD5.9291FDF993A452ABB8E7601B22854095] - |A| - [08/04/2017 22:45:59] - (.-.) - [36.74 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER3BFB.tmp.csv
[MD5.0BD971D0C8F4FAEC1DAC9D8CBF7EBB95] - |A| - [08/04/2017 22:45:59] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER3C2B.tmp.txt
[MD5.7A305449300FFAAEFFAF903D151431F4] - |A| - [26/12/2016 10:08:06] - (.-.) - [39.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5020.tmp.csv
[MD5.9ABA1C617C224E02E41CAF00918D4BB5] - |A| - [26/12/2016 10:08:06] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5031.tmp.txt
[MD5.3F4C906E02DE4AA556D1F1811301FC75] - |A| - [12/03/2017 05:27:29] - (.-.) - [39.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5C9A.tmp.csv
[MD5.727A1AAB61A4A163375CCA6F7756DF79] - |A| - [12/03/2017 05:27:29] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5CBA.tmp.txt
[MD5.25ECD964A0A5413BADE0BCFA0E223D51] - |A| - [28/12/2016 18:51:49] - (.-.) - [39.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8371.tmp.csv
[MD5.1F4076E4106B083A2870CE94CFD6BE8D] - |A| - [28/12/2016 18:51:49] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8391.tmp.txt
[MD5.B07A074316C2C5976CC5255F5E3970A9] - |A| - [23/12/2016 09:25:58] - (.-.) - [35.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA76B.tmp.csv
[MD5.DE634AF936E757E8BFB4F3730D37FDAE] - |A| - [23/12/2016 09:25:58] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA77C.tmp.txt
[MD5.A39AC1EA8C328B660B0736DCCD8FC2EF] - |A| - [15/01/2017 15:02:20] - (.-.) - [26.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA884.tmp.csv
[MD5.621A8EC025C3504470E9D5816BEE9F95] - |A| - [24/04/2017 12:06:40] - (.-.) - [34.72 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA8C3.tmp.csv
[MD5.AB47EFA2D9ADD2A0267E351D2547DEB3] - |A| - [15/01/2017 15:02:20] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA8C4.tmp.txt
[MD5.7B3185FD86B2CE0E545546B8C9C636D9] - |A| - [24/04/2017 12:06:40] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA8D3.tmp.txt
[MD5.620B5D4ED8A5221571BD08C496897E39] - |A| - [15/04/2017 00:10:50] - (.-.) - [20.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERAF2B.tmp.csv
[MD5.F14962C2F1009A1AA8C0711CA40C13A9] - |A| - [15/04/2017 00:10:50] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERAF3C.tmp.txt
[MD5.8D5831EB70DFA2A1D25399F145CBCF2D] - |A| - [24/04/2017 15:04:10] - (.-.) - [37.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERC311.tmp.csv
[MD5.FE502B62F82D06FA759063AA8FF1F2F6] - |A| - [24/04/2017 15:04:10] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERC322.tmp.txt
[MD5.648CE41E9F7A9B755ECB81065F430509] - |A| - [24/04/2017 14:49:25] - (.-.) - [39.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDB8B.tmp.csv
[MD5.4B2FF33A5420288536F8538E484CDC2A] - |A| - [24/04/2017 14:49:25] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDB9B.tmp.txt
[MD5.19EF90317705C8A670B40AD9B65EC479] - |A| - [24/04/2017 14:39:51] - (.-.) - [39.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDD02.tmp.csv
[MD5.2FB99B73B5C3DA233F3E4816E63453B7] - |A| - [24/04/2017 14:39:51] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDD12.tmp.txt
[MD5.C8AAD412EBC3435522ACA175DD66A645] - |A| - [25/04/2017 14:21:44] - (.-.) - [36.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDE79.tmp.csv
[MD5.481DB0A750825868CB4689EE2B0CEA66] - |A| - [25/04/2017 14:21:44] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDE89.tmp.txt
[MD5.FCE9A051A6ACD5C831CDAC59D0489AB7] - |A| - [22/03/2017 19:21:34] - (.-.) - [38.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERE985.tmp.csv
[MD5.72E21010762279588D713F3A01AB23FA] - |A| - [22/03/2017 19:21:34] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERE995.tmp.txt
[MD5.5110406861B67DFA032E2E1EEFD6697B] - |A| - [24/04/2017 14:39:55] - (.-.) - [38.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WEREBC9.tmp.csv
[MD5.50850FDCE92E092106592A5FB8820E60] - |A| - [24/04/2017 14:39:55] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WEREBDA.tmp.txt
[MD5.50946F644AB97B039228DF3885A96CA5] - |A| - [12/03/2017 06:39:05] - (.-.) - [39.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERECE7.tmp.csv
[MD5.CF2042D458269E81DD9885C7C43A0ACF] - |A| - [12/03/2017 06:39:05] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERECF8.tmp.txt
[MD5.7FE94C756FA6EA68F996226D0A755029] - |A| - [27/09/2016 17:31:02] - (.-.) - [0.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\wmsetup.log
[MD5.00000000000000000000000000000000] - |D| - [27/09/2016 17:32:07] - [0 Ko] - C:\WINDOWS\Temp\_avast_
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:00] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 06:42:35] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [16/07/2016 06:42:05] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 06:42:38] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [16/07/2016 06:42:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [16/07/2016 06:42:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 06:42:38] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [16/07/2016 06:42:38] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.58B6CB6A8528BA1B267CFAE325E6B834] - |A| - [16/07/2016 06:42:23] - (.-.) - [20.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F2CF417EF502555B139EDCD9FEBF9CD3] - |A| - [19/03/2015 12:58:13] - (.-.) - [107.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:29] - [3176.34 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.1E53DBCFBA49AB327BF00CC7E0759B6C] - |A| - [15/03/2017 00:10:35] - (.-.) - [437.78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [04/08/2015 20:06:18] - [0 Ko] - C:\WINDOWS\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [2476.01 Ko] - C:\WINDOWS\System32\appraiser
[MD5.F94192B47ACA96AFFEBC1073891EBB42] - |A| - [16/07/2016 06:43:20] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AppVStreamingUX.exe.config
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [272 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.D170249F0FFD538BC587BC1A75EA4FFA] - |A| - [05/04/2017 02:33:13] - (.Copyright (c) 2014 AVAST Software - Avast start-up scanner.) - [390.57 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\aswBoot.exe
[MD5.8113D6E1884940FC3F9DED886B364A1E] - |A| - [19/03/2015 12:58:13] - (.-.) - [94.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll
[MD5.D8632E54B9D4BA45916B0E0D4DD73535] - |A| - [04/08/2015 07:13:53] - (.-.) - [10.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AutoconfigV2.cab
[MD5.00000000000000000000000000000000] - |D| - [05/08/2015 08:04:37] - [0 Ko] - C:\WINDOWS\System32\AutoUpdateLicense
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [247.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [4451.37 Ko] - C:\WINDOWS\System32\Boot
[MD5.9D881BE34B359D0010C676ECA6D219A4] - |A| - [21/11/2013 01:02:10] - (.(C) 1993 - 2013 Brother Industries, Ltd. - Printer Driver CoInstaller.) - [217.5 Ko] - (1.13.0.0) - C:\WINDOWS\System32\BRCOI12I.DLL
[MD5.2AD0B83A2D9024DDB8C1C6EF00F6B341] - |A| - [05/08/2015 13:15:12] - (.Copyright (C) 2003-2011 Brother Industries, Ltd. - PC-FAX DIAL Launcher.) - [305.5 Ko] - (1.0.3.0) - C:\WINDOWS\System32\BrFaxTxAppRun64.dll
[MD5.1719A58DC4127FA80F62A94494947568] - |A| - [21/11/2013 01:02:10] - (.Copyright(C) 2008-2011 Brother Industries, Ltd. - Scanning module for Brother Scanner.) - [272.5 Ko] - (1.0.10.3) - C:\WINDOWS\System32\BrJDec.dll
[MD5.7E0207E3F1CA04FD93CD8E858CCF41D8] - |RA| - [05/08/2015 13:15:11] - (.Copyright (C) 2002-2012 Brother Industries, Ltd. - Brother Network Sti Interface DLL(for 64Bit).) - [85 Ko] - (2.0.13.6) - C:\WINDOWS\System32\BrNetSti.dll
[MD5.F07BAE0904869AE925E4F9D494B842E8] - |RA| - [05/08/2015 13:15:11] - (.Copyright (C) 2003 - 2012 Brother Industries,Ltd - Language DLL for Brother Network Scanner.) - [53 Ko] - (1.19.5.5) - C:\WINDOWS\System32\Brnsplg.dll
[MD5.E3370E3143ED1FB77D356F688F2EBB2A] - |RA| - [05/08/2015 13:15:11] - (.-.) - [140 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BrSNMP64.dll
[MD5.6965400607B0B337B2125FE8B8277E23] - |A| - [21/11/2013 01:02:12] - (.Copyright (C) Brother Industries. 1996-2012 - Brother MFC WIA minidriver(for 64Bit).) - [1408 Ko] - (3.16.3.3) - C:\WINDOWS\System32\BrWi212a.dll
[MD5.6F8A950C5A9635929476C9576F3DD5DB] - |RA| - [05/08/2015 13:15:11] - (.Copyright(C) Brother Industries,Ltd. 2012 - Brother Network Scanner Property UI DLL(for 64Bit).) - [57.5 Ko] - (1.13.0.0) - C:\WINDOWS\System32\BrWiaNCp.dll
[MD5.31ABC8C02F1CCE0DA39550D763384184] - |A| - [16/07/2016 06:42:12] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:24] - [74366.92 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [41294.47 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [2260.35 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.64430E214B5B229D426D2D35538C402D] - |A| - [23/08/2015 02:01:40] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [360 Ko] - C:\WINDOWS\System32\Com
[MD5.6E14F444A2506049EEC25CB5EDFE0905] - |A| - [19/03/2015 12:58:13] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [110.91 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:24] - [370567.37 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [47.64 Ko] - C:\WINDOWS\System32\Configuration
[MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [23/08/2015 02:01:50] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [297 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.C252D88626FDC7DC7276D7A5E0D856DE] - |A| - [19/03/2015 12:58:14] - (.©Conexant Systems Inc. - Conexant APO.) - [1495.69 Ko] - (1.15.0.0) - C:\WINDOWS\System32\CX64APO.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [293 Ko] - C:\WINDOWS\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [177.63 Ko] - C:\WINDOWS\System32\DDFs
[MD5.27C042B16AAB77DA585FDD2A145FAC0D] - |A| - [19/03/2015 12:58:14] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [255.34 Ko] - (7.6.3.1) - C:\WINDOWS\System32\DDPA64.dll
[MD5.897250C97A775A7A667328F849D93D6F] - |A| - [19/03/2015 12:58:14] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1894.34 Ko] - (7.6.3.1) - C:\WINDOWS\System32\DDPD64A.dll
[MD5.A2D8B4C56F55F0349DC7A0C942833E0F] - |A| - [19/03/2015 12:58:14] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [308.34 Ko] - (7.6.3.1) - C:\WINDOWS\System32\DDPO64A.dll
[MD5.CCFDC399241063EF7F3EBA80F273F1A2] - |A| - [19/03/2015 12:58:14] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6072.34 Ko] - (7.6.3.1) - C:\WINDOWS\System32\DDPP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [329 Ko] - C:\WINDOWS\System32\de-DE
[MD5.306B90493D00011EB635E161C6C024B8] - |A| - [16/07/2016 06:42:22] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [16/07/2016 06:47:52] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [21/11/2014 03:53:53] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dfpinc.dat
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [642 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.8B5F7B8C2EFE38CA571FBE24658DF11F] - |A| - [16/07/2016 06:42:36] - (.-.) - [90.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:27] - [7578.09 Ko] - C:\WINDOWS\System32\Dism
[MD5.826802CDD019EC44558A3B7F9F9282F3] - |A| - [23/09/2016 23:58:36] - (.Copyright (c) 2003 - 2016 DisplayLink (UK) Ltd. - DisplayLink Core.) - [7560.54 Ko] - (8.0.762.0) - C:\WINDOWS\System32\dlidcore.dll
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [23/08/2015 02:01:52] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [23/08/2015 02:01:52] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:24] - [108031.98 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:24] - [1720272.97 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [149.5 Ko] - C:\WINDOWS\System32\dsc
[MD5.8B5A737AD11EF45D9B1AEB4ED6884968] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [711.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll
[MD5.21B38D4D86A87909491F690883AE6D1E] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Boost COM DLL.) - [1452.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll
[MD5.FF31A2F57AAAB58DB78FCC961A58B206] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [418.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll
[MD5.BC0474E5476E5EA0D0E1AA5AC41E2061] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS GFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll
[MD5.3B8FB5376F5431C0101747D5138BCB9B] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS GFX APO.) - [236.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll
[MD5.B3977C8BA77559F4F8752AE8EB724C87] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS LFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll
[MD5.192A03A21636D3775CEE4C049C3BEB2A] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Limiter COM DLL.) - [422.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll
[MD5.2EF5442E8E7ED20F7634EEFB09640C8F] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS NEO

C COM DLL.) - [479.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll
[MD5.F7C357462077156DC211AC2112FC8C53] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1531.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll
[MD5.F132C08BD8C58579B400DFAA71F34CFB] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1715.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll
[MD5.9948969B2C1987B1D64789EFEB284A84] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Symmetry COM DLL.) - [695.6 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll
[MD5.37B8A8089ECED77F6CEAF74917C5D12B] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS GFX APO.) - [475.94 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll
[MD5.8AE860D92752CFA136979B1FF797FFDC] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS LFX APO.) - [489.44 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll
[MD5.A9B98F96FBE514ADEABD20B2BD132172] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS LFX APO.) - [405.94 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll
[MD5.DE32448E6B40141C80DAABFF6FBE1744] - |A| - [19/03/2015 12:58:14] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [677.1 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [325 Ko] - C:\WINDOWS\System32\el-GR
[MD5.B590F2E55318D13CED6F7D7ADDEAC27D] - |A| - [08/08/2015 21:41:51] - (.-.) - [22.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:01] - [3445.5 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [236 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [42148.33 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [318 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [257.5 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [232 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [25837.16 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [297 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [23/08/2015 02:01:52] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv
[MD5.20A8157FBEF27E4B2EC303364229891F] - |A| - [27/09/2016 17:25:16] - (.-.) - [340.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [264 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [326 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [16/07/2016 06:42:12] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [23/08/2015 02:01:54] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [23/08/2015 02:01:56] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 10:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 10:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [259.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [241.5 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [300.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.2A571B7728F23E83A800527879105180] - |A| - [16/07/2016 06:42:04] - (.-.) - [44.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.6AF1A037384A174326C816866586FEFB] - |A| - [19/03/2015 12:58:15] - (.Copyright (c) 2014, ICEpower a/s - ICEpower ICEsound audio effects.) - [291.16 Ko] - (1.0.0.8) - C:\WINDOWS\System32\ICEsoundAPO64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.0433C33D839B47503151CD5EB38C00CD] - |A| - [23/08/2015 02:02:46] - (.-.) - [6583.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin
[MD5.7932A98303D187A99F7B6303DA37158E] - |A| - [31/08/2015 21:45:16] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [180.66 Ko] - (5.0.0.1084) - C:\WINDOWS\System32\igfx11cmrt64.dll
[MD5.2B65BEA6FBDFDCBFE93B7F1CB1308F8F] - |A| - [31/08/2015 21:43:50] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1547.49 Ko] - (5.0.0.1084) - C:\WINDOWS\System32\igfxcmjit64.dll
[MD5.E21AB111DD02BAC79541444382731326] - |A| - [31/08/2015 21:45:16] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [181.66 Ko] - (5.0.0.1084) - C:\WINDOWS\System32\igfxcmrt64.dll
[MD5.F29592DEAB5B4BFA32D3FD0801026CBD] - |A| - [31/08/2015 21:43:50] - (.-.) - [267.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl
[MD5.6E7A1C0249B05C94279391BDAB515A22] - |A| - [31/08/2015 21:43:50] - (.-.) - [102.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll
[MD5.400E0BD5B1A070C59673588711366E63] - |A| - [31/08/2015 21:43:50] - (.-.) - [80.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll
[MD5.7A453278D1CBF997145D71B1F6DE1644] - |A| - [31/08/2015 21:43:50] - (.-.) - [89.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll
[MD5.D22910AFE1740733CFD0BB9E273AC9AE] - |A| - [31/08/2015 21:43:50] - (.-.) - [28.52 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll
[MD5.95B68689974D4DC061970F64595C1FBA] - |A| - [31/08/2015 21:43:50] - (.-.) - [28.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll
[MD5.37E2F597F528B5AF6C2C102F2F29E015] - |A| - [31/08/2015 21:43:50] - (.-.) - [29.98 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll
[MD5.DCDD93BFBEF4E74E738BC65D5319AE7D] - |A| - [31/08/2015 21:43:50] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll
[MD5.28EF0E838D0C932BF93612C9BCC72E5A] - |A| - [31/08/2015 21:43:50] - (.-.) - [23.49 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll
[MD5.B508E8C858F4406C483529E29FDED538] - |A| - [31/08/2015 21:43:50] - (.-.) - [23.49 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll
[MD5.21DDDF11A891B01DCE8969EB8AF0C0A1] - |A| - [31/08/2015 21:43:50] - (.-.) - [1002.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe
[MD5.FF64D06C7B3FA6ACEC66B40DC51FB87C] - |A| - [31/08/2015 21:43:50] - (.-.) - [99.49 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll
[MD5.53E3DA0482EB909E1F16B2A94F90AB73] - |A| - [31/08/2015 21:43:50] - (.-.) - [106.49 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll
[MD5.EF0E56F2DEA1FFA787936110FF9A952B] - |A| - [31/08/2015 21:43:50] - (.-.) - [405.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe
[MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [23/08/2015 02:03:26] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa
[MD5.2FCCF7939D4D3F392AB3C0F5F40039DD] - |A| - [23/08/2015 02:03:26] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp
[MD5.B226B85123619EF1394339C1B5EB5A8D] - |A| - [23/08/2015 02:03:26] - (.-.) - [42.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp
[MD5.55C71EDC47B57E5115B40095EEC9E205] - |A| - [23/08/2015 02:03:26] - (.-.) - [42.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp
[MD5.94ED4F871997E5DFC610DC1649C38911] - |A| - [23/08/2015 02:03:26] - (.-.) - [42.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp
[MD5.04590E9E52E13EF34B2AA02C7EA2431B] - |A| - [23/08/2015 02:03:26] - (.-.) - [42.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp
[MD5.3B6EF4F03F2DE75A3B7DDF627A3EC146] - |A| - [23/08/2015 02:03:26] - (.-.) - [42.99 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp
[MD5.715DBDBED4599E798F94EDF6003F75B6] - |A| - [23/08/2015 02:03:26] - (.-.) - [41.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp
[MD5.A30A8CBFA137FE1691C4DB90472B446B] - |A| - [23/08/2015 02:03:26] - (.-.) - [4.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp
[MD5.8898B09A8D08E138F238224648DF0739] - |A| - [16/07/2016 06:42:35] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [23/08/2015 02:03:26] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [25924.17 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [4897.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.06C99667D0A45FE44E634E2D966BA796] - |A| - [31/08/2015 21:43:50] - (.-.) - [594.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe
[MD5.FDA7B165DCA0D17FD693AF7022E2F29B] - |A| - [31/08/2015 21:43:50] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [100.48 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.5EA855B4A875E08AD93FF901B5D9E275] - |A| - [16/07/2016 06:42:09] - (.-.) - [226 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [323 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [235.5 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.6F7D1601DA55BBE5C7A79E01E236D7B9] - |A| - [19/03/2015 12:58:15] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [589.83 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [233 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [16/07/2016 06:42:22] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 22:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [73.41 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [6154.94 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [13/10/2016 22:55:24] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [237 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [238.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [29385.97 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [16/07/2016 06:44:03] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf
[MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [19/03/2015 12:58:15] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll
[MD5.06080807E61471A18AD99F3E6FF3C9B5] - |A| - [19/03/2015 12:58:15] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [647.75 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll
[MD5.80C4F3C1718C9EB97872E8074F215D35] - |A| - [19/03/2015 12:58:15] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1110.09 Ko] - (4.5.5.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll
[MD5.9AC502A3BCBB5A61A652D21280F947B6] - |A| - [19/03/2015 12:58:15] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1141.09 Ko] - (5.5.1.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll
[MD5.3107A0536287C4BB89D70377642F6B4A] - |A| - [19/03/2015 12:58:15] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1287.09 Ko] - (6.0.15.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll
[MD5.20033C3A104038F59668D563F0A0A048] - |A| - [19/03/2015 12:58:15] - (.Copyright (C) 2010-2014 - MaxxAudio APO Shell.) - [1038.59 Ko] - (4.15.0.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll
[MD5.E93ADE8C38CA41442FE60E844DED92AC] - |A| - [19/03/2015 12:58:15] - (.Copyright © 1996-2014 -.) - [1993.59 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll
[MD5.75EA61BDD02296302A61B9188DB2F5A9] - |A| - [19/03/2015 12:58:15] - (.- Waves Realtek App.) - [1889.09 Ko] - (5.2.21.0) - C:\WINDOWS\System32\MaxxAudioRealtek264.dll
[MD5.CF1FBA842B8F4E9AA8926B0BAC1DE47D] - |A| - [19/03/2015 12:58:16] - (.Copyright Â© 1996-2014 -.) - [14515.09 Ko] - (4.5.7.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll
[MD5.E151AAB6C22879648EC0C37422214E08] - |A| - [19/03/2015 12:58:17] - (.Copyright Â© 1996-2014 -.) - [27679.09 Ko] - (1.7.11.0) - C:\WINDOWS\System32\MaxxAudioVnA64.dll
[MD5.631A4E29274E7F0DCDD336F54C8E24BA] - |A| - [19/03/2015 12:58:17] - (.Copyright Â© 1996-2014 -.) - [3866.59 Ko] - (1.4.5.0) - C:\WINDOWS\System32\MaxxAudioVnN64.dll
[MD5.581778867AEB80C4366057B3DE1DC4D0] - |A| - [19/03/2015 12:58:18] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1283.11 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll
[MD5.08CF8AE5EC57381F41F3851C5351A155] - |A| - [19/03/2015 12:58:18] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [934.09 Ko] - (2.5.0.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll
[MD5.9ABDB1ED02FA5E401DF621329CFEB6EA] - |A| - [19/03/2015 12:58:18] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12592.59 Ko] - (3.0.15.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll
[MD5.587A8CF457604D84266FF858CEB60223] - |A| - [19/03/2015 12:58:18] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [647.25 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [16/07/2016 06:42:22] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.BD37AEE75A7A6E0CA52EDE2B3D717310] - |A| - [09/01/2016 19:19:28] - (.-.) - [1.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MsiExec.log
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [6 Ko] - C:\WINDOWS\System32\MUI
[MD5.14C5E35BAC85A2F3D5142B7411B647EB] - |A| - [19/03/2015 12:58:18] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5616.76 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll
[MD5.4A85926F6C7909DA642039116F088FF0] - |A| - [19/03/2015 12:58:19] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [920.3 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NAHIMICAPOSettingsIPC.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [288 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [640 Ko] - C:\WINDOWS\System32\NDF
[MD5.AC40D29C7F961EF000C7595B3ECE3E2B] - |A| - [19/03/2015 13:25:42] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-1101406.txt
[MD5.363AB3B147EC26DE764E2FB32EA2041C] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-11843.txt
[MD5.0A742EBDEC323A1C158125EDDCD0ECB9] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-11968.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [19/03/2015 13:27:25] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-1203750.txt
[MD5.EC3F2258DC5247436CF829AA405523A7] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12078.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 02:15:03] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-1208515.txt
[MD5.E39F5B5F2F8E17B44BC73BFD6F5EEFE8] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12187.txt
[MD5.670571AEA7547824368AAFF1210E5219] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12234.txt
[MD5.876860348EF677B24E4070B6F0D0434B] - |A| - [19/03/2015 12:52:53] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12609.txt
[MD5.D9DF4A50BBA7175DDD31647FDD2E1C1E] - |A| - [19/03/2015 12:52:54] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12718.txt
[MD5.6B60C5E72A98FFD8AA3C3E79EB9EBC37] - |A| - [19/03/2015 12:52:54] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12828.txt
[MD5.FC2AE0A6CD9E5604723A4D73E3485D1B] - |A| - [19/03/2015 12:52:54] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-12937.txt
[MD5.8CC3614DB50EB8B061D80657A5E43793] - |A| - [19/03/2015 12:52:54] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13000.txt
[MD5.FACC27AD18C2F04F14E8E085176E8E96] - |A| - [04/08/2015 03:16:17] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13328.txt
[MD5.948440016A48DEB170FB67536DAE1E31] - |A| - [04/08/2015 03:16:17] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13609.txt
[MD5.7BD67F5B6E0EA29E25082C0439CAAD7D] - |A| - [19/03/2015 12:52:55] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13703.txt
[MD5.44F9A26DA8A19CEB894842E2AE89F4C5] - |A| - [04/08/2015 03:16:18] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13718.txt
[MD5.26D4E41324816A5B30CB3C307130872A] - |A| - [19/03/2015 12:52:55] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-13953.txt
[MD5.FACC27AD18C2F04F14E8E085176E8E96] - |A| - [04/08/2015 03:13:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-14687.txt
[MD5.948440016A48DEB170FB67536DAE1E31] - |A| - [04/08/2015 03:13:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-14984.txt
[MD5.44F9A26DA8A19CEB894842E2AE89F4C5] - |A| - [04/08/2015 03:13:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-15093.txt
[MD5.FACC27AD18C2F04F14E8E085176E8E96] - |A| - [04/08/2015 03:00:56] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-19484.txt
[MD5.512B83A2B7F329DBB4AA9073FA2B8A5A] - |A| - [19/03/2015 12:53:00] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-19562.txt
[MD5.4E0900BD307863327E69862CE06748E6] - |A| - [19/03/2015 12:53:00] - (.-.) - [1.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-19687.txt
[MD5.44F9A26DA8A19CEB894842E2AE89F4C5] - |A| - [04/08/2015 03:00:57] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-19812.txt
[MD5.5AE40F9BB1AE337C39F20352D4D4D5DD] - |A| - [19/03/2015 12:57:49] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-258796.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 02:00:20] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-324687.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [19/03/2015 13:13:22] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-361265.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [19/03/2015 13:13:25] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-364250.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 02:01:07] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-371671.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 03:00:26] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-3931500.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 02:02:00] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-425312.txt
[MD5.E1D3DA9C4386683FB3776AFDCD0AA51C] - |A| - [19/03/2015 13:06:13] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-762687.txt
[MD5.79656C0BED4A1138E9683B0F125B82FF] - |A| - [19/03/2015 13:06:13] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-762875.txt
[MD5.82A13232C05598BFABA48278F810D7C0] - |A| - [04/08/2015 02:11:14] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-979234.txt
[MD5.2B4B5422EBE735F550E89B6D79BF82B2] - |A| - [27/09/2016 17:25:18] - (.-.) - [30.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [16/07/2016 06:42:12] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [308 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.4B29B05E10C5FFE3E35C67CAC3146E54] - |RA| - [05/08/2015 13:15:11] - (.Copyright(c) 2006-2012 Brother Industries,Ltd. - NSSearch.) - [309.5 Ko] - (1.1.0.6) - C:\WINDOWS\System32\NSSRH64.dll
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
[MD5.F54598052A618ADC0231853D870A22BE] - |A| - [16/07/2016 06:47:53] - (.-.) - [15.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [16/07/2016 06:42:11] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [12841.67 Ko] - C:\WINDOWS\System32\oobe
[MD5.42D2360079B1DF3230024AE920737367] - |A| - [16/07/2016 06:42:22] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.AE4E54013E8CE8F70BC7C91BFBAB1D32] - |A| - [16/07/2016 06:49:31] - (.-.) - [324.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [16/07/2016 06:49:35] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.5AA1208CEAFFEFB4DBF8A452C5F6551C] - |A| - [16/07/2016 06:49:31] - (.-.) - [1334.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.E1BD531D1FAEE74519BA87E5D321A6C6] - |A| - [09/01/2016 10:26:00] - (.-.) - [1670.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [306 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [559.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:02] - [413.88 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [16/07/2016 06:42:31] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [308 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [303.5 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.8882AD10853E45402CABD3BAF48A7EFC] - |A| - [19/03/2015 12:58:19] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [121.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll
[MD5.0B5EF50E26CFD1E7BF01E32E053532B2] - |A| - [19/03/2015 12:58:19] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [424.77 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll
[MD5.01096663377134C41D618AF0E53A953E] - |A| - [19/03/2015 12:58:19] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [73.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll
[MD5.D0EB28022A91A5C084E8A7DEBB08D8D2] - |A| - [19/03/2015 12:58:19] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [138.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll
[MD5.03625A179B27362D3A90E3331AEBE95E] - |A| - [19/03/2015 12:58:19] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [6996.27 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.5D9616D2A76F38EF94866248CA4EDB2C] - |A| - [16/07/2016 06:43:18] - (.Copyright (C) 2009 - RemoteFX Helper.) - [106 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [2.05 Ko] - C:\WINDOWS\System32\Recovery
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [16/07/2016 06:42:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.D67CDB8D2584AAC165A77488C5A7A987] - |A| - [16/07/2016 06:42:37] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.4FE9CE56EFA89779D81B988698D2454C] - |A| - [16/07/2016 06:42:37] - (.-.) - [8.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\System32\restore
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [19/03/2015 12:58:19] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [19/03/2015 12:58:19] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [19/03/2015 12:58:19] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [19/03/2015 12:58:19] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [19/03/2015 12:58:19] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [19/03/2015 12:58:19] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [16/07/2016 06:43:50] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [16/07/2016 06:42:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.17ABCAD44A75C635583A238ED6333357] - |A| - [19/03/2015 12:58:20] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [76.84 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll
[MD5.2C25AF115BDDC05D9A84D26227A08E63] - |A| - [19/03/2015 12:58:20] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [79.34 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll
[MD5.7B3E9344FB43D799C6462227A0E65877] - |A| - [19/03/2015 12:58:20] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [215.84 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll
[MD5.55D8C5F89695CBDE93201671F5A4A23F] - |A| - [19/03/2015 12:58:20] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [868.74 Ko] - (3.1.23.0) - C:\WINDOWS\System32\sl3apo64.dll
[MD5.1671AE03E56BEED80A0FBD8519557232] - |A| - [19/03/2015 12:58:20] - (.Copyright (C) 2011 SRS Labs, Inc. - SRS Labs.) - [1024.24 Ko] - (3.1.23.0) - C:\WINDOWS\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [27/09/2016 17:25:18] - [3630.18 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:02] - [45.92 Ko] - C:\WINDOWS\System32\slmgr
[MD5.CBC5F17C1A77DFAC7825575A7BBB15C1] - |A| - [19/03/2015 12:58:21] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [240.24 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll
[MD5.AD8A1086FEBF23D98532659B82F68891] - |A| - [19/03/2015 12:58:21] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [707.74 Ko] - (3.1.23.0) - C:\WINDOWS\System32\sltech64.dll
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [16/07/2016 06:42:22] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:24] - [13697.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [7576.34 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [8565.2 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [174184.65 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [9913.42 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [243.5 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [363.93 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [16/07/2016 06:42:16] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [19/03/2015 12:58:21] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |A| - [19/03/2015 12:58:21] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [19/03/2015 12:58:21] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [19/03/2015 12:58:21] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [22808 Ko] - C:\WINDOWS\System32\sru
[MD5.11946FC82DEB8509F81856F1E1A16FD3] - |A| - [05/08/2015 13:03:08] - (.Copyright Samsung Electronics 2001 - Device Monitor.) - [72.5 Ko] - (1.5.6.0) - C:\WINDOWS\System32\ssdevm64.dll
[MD5.FC21BF5A1667FC745FE53D05DA4CB8A2] - |A| - [05/08/2015 13:02:22] - (.Copyright (C) 2004 Co., Ltd. - SSCoInst.) - [87.5 Ko] - (1.0.0.4) - C:\WINDOWS\System32\ssp8mci.dll
[MD5.36089584FC093A8512F427733A798C6C] - |A| - [05/08/2015 13:02:22] - (.Copyright © 2006 - SSCoInstExe.) - [148 Ko] - (1.0.1.0) - C:\WINDOWS\System32\ssp8mci.exe
[MD5.0BF28DEE7BFB7F2D787756A2009AD5F8] - |A| - [05/08/2015 13:02:35] - (.- Language Monitor for Status Monitor.) - [33.5 Ko] - (1.4.7.0) - C:\WINDOWS\System32\ssp8ml6.dll
[MD5.629014D6FDDD926574B3DD89FC42EC3B] - |A| - [05/08/2015 13:02:35] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssp8ml6.smt
[MD5.E4D0FF0C4B8E7806D64FA1180069C4FA] - |A| - [19/03/2015 12:58:21] - (.-.) - [2071.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SStudio.dll
[MD5.E60CE99951E9CC18143651755E7025D2] - |A| - [05/08/2015 13:03:08] - (.Copyright Samsung Electronics 2001 - USB Device.) - [46 Ko] - (0.6.0.0) - C:\WINDOWS\System32\ssusbp64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [293.5 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [16/07/2016 06:43:20] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:27] - [1622.37 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [912.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.3DC5656723F0A4D8777F9FCDE3693AB9] - |A| - [07/03/2013 17:02:44] - (.Copyright (C) 2001-2008 TOSHIBA CORPORATION, -.) - [198 Ko] - (6.2.0.0) - C:\WINDOWS\System32\TBTMon.dll
[MD5.BC01DF232FD65E50A4FCDF349526AB27] - |A| - [18/06/2009 23:42:00] - (.Copyright (C) 2001-2006 TOSHIBA CORPORATION, -.) - [90.34 Ko] - (5.0.1204.0) - C:\WINDOWS\System32\tbtmon98Language.dll
[MD5.CDF4646E6AF8DEC9759C99933ACD44E0] - |A| - [18/06/2009 23:42:00] - (.Copyright (C) 2001-2007 TOSHIBA CORPORATION, -.) - [160.83 Ko] - (5.0.2411.0) - C:\WINDOWS\System32\TBTMonUI.dll
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [16/07/2016 06:42:39] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.7F374C3AB6EA6413F7F7A483033C8DA8] - |A| - [19/03/2015 13:24:52] - (.Copyright (C) 2008 TOSHIBA CORPORATION, - Class Installer DLL for Bluetooth.) - [39.88 Ko] - (6.3.0.0) - C:\WINDOWS\System32\TosBtCi.dll
[MD5.C8F2952DAE3971614DBD0C509F35BE93] - |A| - [16/07/2016 06:42:38] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [16/07/2016 06:42:38] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [16/07/2016 06:43:20] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config
[MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [16/07/2016 06:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [240 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.E7482D1D449217C8641762F5C38E157C] - |A| - [16/07/2016 06:42:12] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VpnSohDesktop.dll
[MD5.D5DBBF94106B931112FBFB19A1351506] - |A| - [19/03/2015 12:58:22] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2052.59 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [85492.62 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:02] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [81633.75 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [16/07/2016 06:42:11] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 10:36:30] - [0 Ko] - C:\WINDOWS\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [1.1 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [42585.77 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 10:36:31] - [14.53 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Media.Shared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 10:36:31] - [27.59 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Shared
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [9524.26 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [153576 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [4228.5 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:02] - [100.11 Ko] - C:\WINDOWS\System32\winrm
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [16/07/2016 06:42:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [16/07/2016 06:42:27] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [27/09/2016 17:26:57] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [27/09/2016 17:26:57] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
[MD5.0055B62657CE7561F68136FB1E54AFAC] - |A| - [19/03/2015 13:07:24] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:02] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 06:43:00] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 06:43:02] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 06:43:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:30] - [2141.84 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [250 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [222 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.5790DD6C789EFD358CB8E904E22E5105] - |A| - [11/08/2015 16:32:50] - (.Copyright (C) Brother Industries Ltd., 2010 - Brother Device Check Tool.) - [72 Ko] - (1.0.0.2) - C:\WINDOWS\SysWOW64\BrDctF2.dll
[MD5.7718B34E48DC68A2CB1A71CEAA0F43BE] - |A| - [11/08/2015 16:32:50] - (.Copyright (C) Brother Industries Ltd., 2007 - Brother Device Check Tool L.) - [5 Ko] - (1.0.0.0) - C:\WINDOWS\SysWOW64\BrDctF2L.dll
[MD5.B1DEE09C901FB884BA8AA62A5DFDB6D2] - |A| - [11/08/2015 16:32:50] - (.Copyright (C) Brother Industries Ltd., 2012 - Brother Device Check Tool S.) - [5 Ko] - (1.0.11.11) - C:\WINDOWS\SysWOW64\BrDctF2S.dll
[MD5.114E9DE7781BEE1FF4738658C12C013A] - |A| - [21/11/2013 01:02:12] - (.Copyright Brother Industries, Ltd 2004 - brlm03a.) - [24.71 Ko] - (1.0.6.4) - C:\WINDOWS\SysWOW64\BRLM03A.DLL
[MD5.822B31A9FC679366560BC4D416BBBB0E] - |A| - [21/11/2013 01:02:12] - (.Copyright (C) 2003,2004 Brother Industries, Ltd. - Wraper DLL for brlm03a(NT/2K/XP) / brif03a(9x).) - [76 Ko] - (1.0.0.182) - C:\WINDOWS\SysWOW64\BRLMW03A.DLL
[MD5.C0497C30E6976143CB46C016E8333707] - |A| - [21/11/2013 01:02:12] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\BRLMW03A.INI
[MD5.38E5E24BEDE6F59AFC648CB7EF897D69] - |A| - [21/11/2013 01:02:12] - (.Copyright (C) 1999-2008 Brother Industries, Ltd. - BrMuSNMP.) - [176 Ko] - (1.0.2.0) - C:\WINDOWS\SysWOW64\BROSNMP.DLL
[MD5.6F25A4E12EF09A37C3EAC2ACD9BE8FF2] - |A| - [21/11/2013 01:02:12] - (.Copyright (C) 2008-2012 Brother Industries, Ltd. - Brother Printer Driver Setting Controller.) - [49.5 Ko] - (2.0.0.0) - C:\WINDOWS\SysWOW64\BRPRTINK.DLL
[MD5.043B27A3D5E63CDF711D8BE500C5AFB3] - |A| - [21/11/2013 01:02:12] - (.Copyright (C) 2000-2012 Brother Industries Ltd. - brrbtool.) - [111.08 Ko] - (0.1.7.1) - C:\WINDOWS\SysWOW64\BRRBTOOL.EXE
[MD5.954388D98B5CBFA1D32C5D43D5FA5275] - |A| - [21/11/2013 01:02:12] - (.-.) - [44 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\BRTCPCON.DLL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [318 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.582B70CB67B9C1B138D2143E175F9C98] - |A| - [17/07/2016 11:13:34] - (.-.) - [2.92 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\debug.log
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [19 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 01:04:27] - [6007.05 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.58E7DCCA0C20372B630893D487201AB5] - |A| - [31/08/2015 21:43:50] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [102.99 Ko] - (2.0.2.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.877213F739198C3AEF2A615B77C0F0C4] - |A| - [19/03/2015 13:19:24] - (.Copyright (C) Lenovo. 1998-2012 - Lenovo Desktop BIOS Client Library.) - [17.32 Ko] - (1.0.0.7) - C:\WINDOWS\SysWOW64\LBAI.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [73.41 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [213.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [23948.4 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.59434189B1C1BCAC73E49E9D74291C5B] - |A| - [19/03/2015 12:58:15] - (.Copyright (C) 2010-2014 - MaxxAudio APO Shell.) - [879.59 Ko] - (4.15.0.0) - C:\WINDOWS\SysWOW64\MaxxAudioAPOShell.dll
[MD5.00000000000000000000000000000000] - |SD| - [30/09/2016 20:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [3008.96 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [821.34 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [260.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [278 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.1D4F8D6A2B4CB56A14C52BA585F945E7] - |A| - [11/08/2015 16:32:50] - (.Copyright(c) 2006-2012 Brother Industries,Ltd. - NSSearch.) - [240 Ko] - (1.1.0.6) - C:\WINDOWS\SysWOW64\NSSearch.dll
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 06:47:48] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [644.69 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [275.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.27C024A85079E057488302B98118EC62] - |A| - [11/08/2015 16:30:29] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\pp.log
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:03] - [413.88 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [278.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [273.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0.76 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [218.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [27/09/2016 17:26:58] - [5572.77 Ko] - C:\WINDOWS\SysWOW64\RTCOM
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [270.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU
[MD5.16EEB9588BCCAE365BB492D8A79D23E1] - |A| - [05/08/2015 13:03:07] - (.Copyright Samsung Electronics 2001 - Device Monitor.) - [80 Ko] - (1.5.6.0) - C:\WINDOWS\SysWOW64\ssdevm.dll
[MD5.D7F4BAF51DBEE3DC9EAF51BEE5B8F94B] - |A| - [05/08/2015 13:03:07] - (.Copyright Samsung Electronics 2001 - USB Device.) - [48 Ko] - (0.6.0.0) - C:\WINDOWS\SysWOW64\ssusbpn.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [265.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [205 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [261.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [16/07/2016 06:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [16742.42 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [8523.53 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [4228.5 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 09:14:03] - [100.11 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [190.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 06:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
"AppData"=C:\Users\Owner\AppData\Roaming [27/09/2016 17:28:43]
"Local AppData"=C:\Users\Owner\AppData\Local [27/09/2016 17:28:43]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Libraries [19/03/2015 12:54:17]
"My Video"=C:\Users\Owner\Videos [19/03/2015 12:54:04]
"My Pictures"=C:\Users\Owner\Pictures [19/03/2015 12:54:04]
"Desktop"=C:\Users\Owner\Desktop [08/08/2015 21:34:55]
"History"=C:\Users\Owner\AppData\Local\Microsoft\Windows\History [19/03/2015 12:54:04]
"NetHood"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Network Shortcuts [27/09/2016 17:28:43]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Owner\Contacts [19/03/2015 12:54:17]
"{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Owner\AppData\Local\Microsoft\Windows\RoamingTiles [19/03/2015 12:54:17]
"Cookies"=C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCookies [19/03/2015 12:54:04]
"Favorites"=C:\Users\Owner\Favorites [08/08/2015 21:34:55]
"SendTo"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\SendTo [27/09/2016 17:28:43]
"Start Menu"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu [27/09/2016 17:28:43]
"My Music"=C:\Users\Owner\Music [19/03/2015 12:54:04]
"Programs"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [27/09/2016 17:28:43]
"Recent"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent [19/03/2015 12:54:04]
"CD Burning"=C:\Users\Owner\AppData\Local\Microsoft\Windows\Burn\Burn [27/09/2016 17:36:31]
"PrintHood"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [27/09/2016 17:28:43]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Owner\Searches [19/03/2015 12:54:17]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Owner\Downloads [19/03/2015 12:54:04]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Owner\AppData\LocalLow [19/03/2015 12:54:04]
"Startup"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [19/03/2015 12:54:17]
"Administrative Tools"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [19/03/2015 12:54:17]
"Personal"=C:\Users\Owner\Documents [08/08/2015 21:34:55]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Owner\Links [19/03/2015 12:54:04]
"Cache"=C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache [27/09/2016 17:28:43]
"Templates"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Templates [27/09/2016 17:28:43]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Owner\Saved Games [19/03/2015 12:54:04]
"Fonts"=C:\WINDOWS\Fonts [16/07/2016 06:47:48]

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming
"Desktop"=%USERPROFILE%\Desktop
"Favorites"=%USERPROFILE%\Favorites
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History
"Local AppData"=%USERPROFILE%\AppData\Local
"My Music"=%USERPROFILE%\Music
"My Pictures"=%USERPROFILE%\Pictures
"My Video"=%USERPROFILE%\Videos
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
"Personal"=%USERPROFILE%\Documents
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads
"Cache"=C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache [27/09/2016 17:28:43]
"Cookies"=C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCookies [19/03/2015 12:54:04]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/07/2016 06:47:48]
"Common AppData"=C:\ProgramData [16/07/2016 06:47:48]
"Common Desktop"=C:\Users\Public\Desktop [22/08/2013 10:36:30]
"Common Documents"=C:\Users\Public\Documents [22/08/2013 10:36:30]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 06:47:48]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 06:47:48]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 06:47:48]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [26/07/2012 03:12:59]
"CommonMusic"=C:\Users\Public\Music [22/08/2013 10:36:30]
"CommonPictures"=C:\Users\Public\Pictures [22/08/2013 10:36:30]
"CommonVideo"=C:\Users\Public\Videos [22/08/2013 10:36:30]
"OEM Links"=C:\ProgramData\OEM\Links

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates
"CommonMusic"=%PUBLIC%\Music
"CommonPictures"=%PUBLIC%\Pictures
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/07/2016 06:47:48]
"Common AppData"=C:\ProgramData [16/07/2016 06:47:48]
"Common Desktop"=C:\Users\Public\Desktop [22/08/2013 10:36:30]
"Common Documents"=C:\Users\Public\Documents [22/08/2013 10:36:30]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 06:47:48]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 06:47:48]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 06:47:48]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [26/07/2012 03:12:59]
"CommonMusic"=C:\Users\Public\Music [22/08/2013 10:36:30]
"CommonPictures"=C:\Users\Public\Pictures [22/08/2013 10:36:30]
"CommonVideo"=C:\Users\Public\Videos [22/08/2013 10:36:30]
"OEM Links"=C:\ProgramData\OEM\Links

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates
"CommonMusic"=%PUBLIC%\Music
"CommonPictures"=%PUBLIC%\Pictures
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads

---------- | [Owner]

[27/09/2016 17:28:43] - |D| - [2210172208] - C:\Users\Owner\AppData\Local
[19/03/2015 12:54:04] - |D| - [1803763] - C:\Users\Owner\AppData\LocalLow
[27/09/2016 17:28:43] - |D| - [119525859] - C:\Users\Owner\AppData\Roaming
[09/01/2016 10:25:31] - |D| - [0] - C:\Users\Owner\AppData\Local\ActiveSync
[19/09/2015 11:01:07] - |D| - [6454] - C:\Users\Owner\AppData\Local\Adobe
[04/08/2015 17:28:16] - |D| - [0] - C:\Users\Owner\AppData\Local\Apple
[04/08/2015 17:28:33] - |D| - [29480583] - C:\Users\Owner\AppData\Local\Apple Computer
[27/09/2016 17:28:43] - |SHD| - [22987732001] - C:\Users\Owner\AppData\Local\Application Data
[16/07/2016 22:39:24] - |D| - [0] - C:\Users\Owner\AppData\Local\CEF
[09/01/2016 10:23:35] - |D| - [21192728] - C:\Users\Owner\AppData\Local\Comms
[27/09/2016 17:35:09] - |D| - [2217768] - C:\Users\Owner\AppData\Local\ConnectedDevicesPlatform
[04/08/2015 09:28:56] - |D| - [152160117] - C:\Users\Owner\AppData\Local\Cyberlink
[26/12/2015 19:56:32] - |D| - [0] - C:\Users\Owner\AppData\Local\Diagnostics
[16/07/2016 22:41:37] - |D| - [1188788048] - C:\Users\Owner\AppData\Local\Google
[12/08/2015 16:15:11] - |D| - [71] - C:\Users\Owner\AppData\Local\GWX
[27/09/2016 17:28:43] - |SHD| - [130] - C:\Users\Owner\AppData\Local\History
[25/04/2017 14:19:38] - |AH| - [15508] - C:\Users\Owner\AppData\Local\IconCache.db
[27/09/2016 17:28:43] - |D| - [317998621] - C:\Users\Owner\AppData\Local\Microsoft
[05/08/2015 14:26:39] - |D| - [0] - C:\Users\Owner\AppData\Local\Microsoft Help
[09/01/2016 19:56:27] - |D| - [82095] - C:\Users\Owner\AppData\Local\MicrosoftEdge
[09/01/2016 22:26:57] - |D| - [0] - C:\Users\Owner\AppData\Local\NetworkTiles
[19/03/2015 12:54:04] - |D| - [293519276] - C:\Users\Owner\AppData\Local\Packages
[10/01/2016 10:31:09] - |D| - [0] - C:\Users\Owner\AppData\Local\PeerDistRepub
[05/08/2015 08:05:49] - |D| - [40960] - C:\Users\Owner\AppData\Local\Power2Go
[05/02/2017 09:44:58] - |D| - [0] - C:\Users\Owner\AppData\Local\Programs
[09/01/2016 10:23:41] - |D| - [0] - C:\Users\Owner\AppData\Local\Publishers
[27/09/2016 17:28:43] - |D| - [190724374] - C:\Users\Owner\AppData\Local\Temp
[27/09/2016 17:28:43] - |SHD| - [9043786] - C:\Users\Owner\AppData\Local\Temporary Internet Files
[09/01/2016 10:23:32] - |D| - [13918208] - C:\Users\Owner\AppData\Local\TileDataLayer
[19/03/2015 13:28:00] - |D| - [6932] - C:\Users\Owner\AppData\Local\Toshiba
[19/03/2015 12:54:05] - |D| - [21453] - C:\Users\Owner\AppData\Local\VirtualStore
[04/08/2015 09:33:30] - |D| - [0] - C:\Users\Owner\AppData\LocalLow\Apple Computer
[21/09/2016 20:20:51] - |D| - [0] - C:\Users\Owner\AppData\LocalLow\Brother
[19/03/2015 13:13:41] - |D| - [1803763] - C:\Users\Owner\AppData\LocalLow\Microsoft
[19/03/2015 12:54:16] - |D| - [218155] - C:\Users\Owner\AppData\Roaming\Adobe
[04/08/2015 17:28:33] - |D| - [789282] - C:\Users\Owner\AppData\Roaming\Apple Computer
[04/08/2015 07:24:49] - |D| - [19158657] - C:\Users\Owner\AppData\Roaming\AVAST Software
[21/09/2016 20:20:51] - |RD| - [54] - C:\Users\Owner\AppData\Roaming\Brother
[19/09/2015 11:02:44] - |D| - [8192] - C:\Users\Owner\AppData\Roaming\com.amazon.music.uploader
[11/08/2015 16:37:11] - |D| - [41752] - C:\Users\Owner\AppData\Roaming\ControlCenter4
[04/08/2015 09:28:59] - |D| - [228613] - C:\Users\Owner\AppData\Roaming\CyberLink
[05/08/2015 13:18:32] - |D| - [526] - C:\Users\Owner\AppData\Roaming\FLEXnet
[08/08/2015 21:48:24] - |D| - [0] - C:\Users\Owner\AppData\Roaming\Identities
[11/08/2015 16:31:36] - |D| - [0] - C:\Users\Owner\AppData\Roaming\InstallShield
[05/08/2015 14:16:36] - |D| - [2489] - C:\Users\Owner\AppData\Roaming\KeePass
[19/03/2015 13:13:44] - |D| - [321567] - C:\Users\Owner\AppData\Roaming\Macromedia
[27/09/2016 17:28:43] - |SD| - [5031288] - C:\Users\Owner\AppData\Roaming\Microsoft
[05/08/2015 13:10:56] - |D| - [281] - C:\Users\Owner\AppData\Roaming\Nuance
[30/08/2016 04:10:51] - |D| - [76] - C:\Users\Owner\AppData\Roaming\Skype
[19/03/2015 13:24:26] - |D| - [0] - C:\Users\Owner\AppData\Roaming\WinBatch
[06/02/2016 18:43:39] - |D| - [93724054] - C:\Users\Owner\AppData\Roaming\WindSolutions
[11/08/2015 16:22:29] - |D| - [873] - C:\Users\Owner\AppData\Roaming\Zeon
[19/03/2015 12:54:17] - |ASH| - [174] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[27/09/2016 17:28:43] - |RD| - [32613] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[27/09/2016 17:28:43] - |RD| - [3888] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[27/09/2016 17:28:43] - |RD| - [2929] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[19/03/2015 12:54:17] - |RD| - [174] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[27/09/2015 08:50:06] - |A| - [1868] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
[17/12/2016 20:58:01] - |D| - [2867] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[06/02/2016 18:43:47] - |D| - [2963] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
[04/08/2015 09:37:55] - |D| - [1387] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[27/09/2016 17:35:13] - |ASH| - [174] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[27/09/2016 17:28:43] - |D| - [170] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[09/01/2016 10:25:27] - |A| - [2405] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[19/03/2015 12:54:17] - |RD| - [174] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[27/09/2016 17:28:43] - |RD| - [6376] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[27/09/2016 17:28:43] - |RD| - [7238] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[19/03/2015 12:54:17] - |ASH| - [174] - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

---------- | C:\ProgramData

[19/09/2015 11:02:45] - |D| - [0] - C:\ProgramData\Adobe
[04/08/2015 17:28:01] - |D| - [228859211] - C:\ProgramData\Apple
[04/08/2015 17:28:26] - |D| - [76404000] - C:\ProgramData\Apple Computer
[27/09/2016 17:35:01] - |SHD| - [20203574318] - C:\ProgramData\Application Data
[04/08/2015 02:08:28] - |D| - [236497933] - C:\ProgramData\AVAST Software
[05/08/2015 13:08:44] - |D| - [113921] - C:\ProgramData\Brother
[16/07/2016 06:47:48] - |D| - [0] - C:\ProgramData\Comms
[11/08/2015 16:33:18] - |D| - [498] - C:\ProgramData\ControlCenter4
[05/08/2015 13:30:28] - |D| - [71] - C:\ProgramData\Credant
[04/08/2015 09:23:44] - |D| - [149754] - C:\ProgramData\CyberLink
[27/09/2016 17:35:01] - |SHD| - [5699451] - C:\ProgramData\Desktop
[27/09/2016 17:26:45] - |D| - [1830103] - C:\ProgramData\DisplayLink
[27/09/2016 17:35:01] - |SHD| - [278] - C:\ProgramData\Documents
[27/09/2016 17:27:03] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[05/08/2015 13:10:46] - |D| - [154] - C:\ProgramData\FLEXnet
[16/07/2016 06:47:48] - |SD| - [918548468] - C:\ProgramData\Microsoft
[05/08/2015 14:26:38] - |D| - [62220] - C:\ProgramData\Microsoft Help
[27/09/2016 17:36:42] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[05/08/2015 13:10:46] - |D| - [7663038] - C:\ProgramData\Nuance
[05/08/2015 13:15:12] - |D| - [0] - C:\ProgramData\PCFaxTx
[19/03/2015 12:54:04] - |D| - [24208] - C:\ProgramData\PRICache
[16/07/2016 06:47:48] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft
[05/08/2015 13:02:40] - |D| - [70] - C:\ProgramData\Samsung
[05/08/2015 13:10:49] - |D| - [191098] - C:\ProgramData\ScanSoft
[04/08/2015 09:34:46] - |D| - [367134496] - C:\ProgramData\SmartSound Software Inc
[16/07/2016 06:47:48] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[27/09/2016 17:35:01] - |SHD| - [179902] - C:\ProgramData\Start Menu
[25/04/2017 14:25:08] - |D| - [0] - C:\ProgramData\SWCUTemp
[04/08/2015 09:19:52] - |D| - [867345] - C:\ProgramData\Temp
[27/09/2016 17:35:01] - |SHD| - [0] - C:\ProgramData\Templates
[19/03/2015 13:28:00] - |D| - [19203] - C:\ProgramData\TOSHIBA
[16/07/2016 06:47:48] - |D| - [1421] - C:\ProgramData\USOPrivate
[27/09/2016 17:35:55] - |D| - [2326528] - C:\ProgramData\USOShared
[06/02/2016 18:43:39] - |D| - [70311] - C:\ProgramData\WindSolutions

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[16/07/2016 06:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[16/07/2016 06:47:48] - |RD| - [179728] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[16/07/2016 06:47:48] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[16/07/2016 06:47:48] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[16/07/2016 06:47:48] - |RD| - [23012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[19/09/2015 11:02:43] - |A| - [1252] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk
[06/08/2015 08:02:47] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[16/07/2016 18:33:16] - |A| - [1979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
[16/07/2016 22:37:44] - |A| - [1088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[04/08/2015 07:24:13] - |D| - [1940] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[11/08/2015 16:33:37] - |D| - [2093] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[04/08/2015 09:27:05] - |RD| - [24233] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[16/07/2016 06:47:50] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[16/07/2016 22:42:10] - |A| - [2272] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[17/07/2016 11:00:44] - |D| - [24203] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[16/07/2016 06:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[17/07/2016 11:02:29] - |D| - [4065] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[05/02/2017 09:47:10] - |A| - [483] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk
[16/07/2016 06:47:48] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[05/08/2015 07:06:23] - |D| - [2747] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[05/08/2015 14:29:57] - |D| - [44257] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[16/07/2016 06:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[16/07/2016 06:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[05/08/2015 13:03:19] - |D| - [9804] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
[05/08/2015 14:29:57] - |D| - [3055] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[16/07/2016 06:47:48] - |RD| - [1444] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[16/07/2016 06:47:48] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[19/03/2015 13:24:52] - |D| - [98] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[09/07/2016 14:05:33] - |D| - [1276] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendnet
[27/09/2016 17:31:02] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[16/07/2016 06:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[09/07/2016 14:05:33] - |A| - [1270] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\USBKVM Switcher.lnk

---------- | C:\Program Files (x86)

[19/09/2015 11:02:43] - |D| - [339092] - C:\Program Files (x86)\Adobe
[19/09/2015 11:02:27] - |D| - [16206095] - C:\Program Files (x86)\Amazon
[17/07/2016 11:00:25] - |AD| - [2743854] - C:\Program Files (x86)\Apple Software Update
[17/07/2016 11:01:39] - |AD| - [631713] - C:\Program Files (x86)\Bonjour
[11/08/2015 16:32:50] - |D| - [75264020] - C:\Program Files (x86)\Brother
[11/08/2015 16:33:18] - |D| - [12098622] - C:\Program Files (x86)\Browny02
[16/07/2016 01:04:24] - |D| - [591582675] - C:\Program Files (x86)\Common Files
[05/08/2015 13:15:13] - |D| - [72741954] - C:\Program Files (x86)\ControlCenter4
[04/08/2015 09:26:42] - |D| - [2274885265] - C:\Program Files (x86)\CyberLink
[16/07/2016 06:47:50] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[16/07/2016 22:41:37] - |D| - [370499400] - C:\Program Files (x86)\Google
[04/08/2015 09:27:05] - |HD| - [102186949] - C:\Program Files (x86)\InstallShield Installation Information
[19/03/2015 13:05:46] - |D| - [3240612] - C:\Program Files (x86)\Intel
[16/07/2016 06:47:48] - |D| - [1988467] - C:\Program Files (x86)\Internet Explorer
[17/07/2016 11:02:23] - |D| - [76267] - C:\Program Files (x86)\iTunes
[19/03/2015 13:19:24] - |D| - [1348792] - C:\Program Files (x86)\Lenovo
[05/08/2015 14:26:53] - |D| - [39769547] - C:\Program Files (x86)\Microsoft Analysis Services
[05/08/2015 14:26:38] - |AD| - [924565418] - C:\Program Files (x86)\Microsoft Office
[05/08/2015 14:29:36] - |D| - [793991] - C:\Program Files (x86)\Microsoft Sync Framework
[05/08/2015 14:27:50] - |AD| - [1258102] - C:\Program Files (x86)\Microsoft Visual Studio 8
[16/07/2016 06:47:48] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[05/08/2015 14:29:46] - |AD| - [26521] - C:\Program Files (x86)\MSBuild
[05/08/2015 13:09:15] - |AD| - [154033] - C:\Program Files (x86)\MSXML 4.0
[05/08/2015 13:10:46] - |D| - [0] - C:\Program Files (x86)\Nuance
[17/12/2016 21:07:02] - |D| - [36957953] - C:\Program Files (x86)\Reference Assemblies
[05/08/2015 13:01:45] - |D| - [100675475] - C:\Program Files (x86)\Samsung
[05/08/2015 13:03:08] - |D| - [10683272] - C:\Program Files (x86)\SamsungPrinterLiveUpdate
[04/08/2015 09:34:46] - |D| - [7446017] - C:\Program Files (x86)\SmartSound Software
[19/03/2015 13:24:39] - |D| - [64424416] - C:\Program Files (x86)\Toshiba
[09/07/2016 14:05:32] - |D| - [1736290] - C:\Program Files (x86)\Trendnet
[16/07/2016 06:47:48] - |D| - [1922560] - C:\Program Files (x86)\Windows Defender
[16/07/2016 06:47:48] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail
[16/07/2016 06:47:48] - |D| - [3264664] - C:\Program Files (x86)\Windows Media Player
[16/07/2016 06:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform
[16/07/2016 06:47:48] - |D| - [7466690] - C:\Program Files (x86)\Windows NT
[16/07/2016 06:47:48] - |D| - [5418176] - C:\Program Files (x86)\Windows Photo Viewer
[16/07/2016 06:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices
[16/07/2016 06:47:48] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[16/07/2016 06:47:48] - |D| - [3230145] - C:\Program Files (x86)\WindowsPowerShell

---------- | C:\Program Files

[04/08/2015 07:20:59] - |D| - [1509186201] - C:\Program Files\AVAST Software
[17/07/2016 11:01:39] - |AD| - [615066] - C:\Program Files\Bonjour
[16/07/2016 01:04:24] - |D| - [318523455] - C:\Program Files\Common Files
[16/07/2016 06:47:50] - |ASH| - [174] - C:\Program Files\desktop.ini
[27/09/2016 17:26:45] - |AD| - [63292719] - C:\Program Files\DisplayLink Core Software
[27/09/2016 17:26:56] - |D| - [36205061] - C:\Program Files\Intel
[16/07/2016 06:47:47] - |D| - [2581342] - C:\Program Files\Internet Explorer
[17/07/2016 11:02:23] - |D| - [4170211] - C:\Program Files\iPod
[17/07/2016 11:02:23] - |AD| - [190501938] - C:\Program Files\iTunes
[05/08/2015 07:06:14] - |AD| - [78874441] - C:\Program Files\Microsoft Mouse and Keyboard Center
[05/08/2015 14:27:07] - |D| - [22698417] - C:\Program Files\Microsoft Office
[17/12/2016 21:07:02] - |D| - [25757] - C:\Program Files\MSBuild
[05/08/2015 13:11:43] - |D| - [541070] - C:\Program Files\Nuance
[27/09/2016 17:26:58] - |D| - [46617824] - C:\Program Files\Realtek
[17/12/2016 21:07:02] - |D| - [34617001] - C:\Program Files\Reference Assemblies
[27/09/2016 17:26:58] - |D| - [5871] - C:\Program Files\Synaptics
[26/07/2012 02:22:18] - |HD| - [0] - C:\Program Files\Uninstall Information
[16/07/2016 06:47:47] - |RD| - [14859434] - C:\Program Files\Windows Defender
[16/07/2016 09:29:36] - |D| - [6281288] - C:\Program Files\Windows Defender Advanced Threat Protection
[16/07/2016 06:47:47] - |D| - [6181888] - C:\Program Files\Windows Mail
[16/07/2016 06:47:47] - |D| - [4971196] - C:\Program Files\Windows Media Player
[16/07/2016 06:47:47] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform
[16/07/2016 06:47:47] - |D| - [7730370] - C:\Program Files\Windows NT
[16/07/2016 06:47:47] - |D| - [6216896] - C:\Program Files\Windows Photo Viewer
[16/07/2016 06:47:47] - |D| - [37784] - C:\Program Files\Windows Portable Devices
[16/07/2016 06:47:47] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[16/07/2016 06:47:47] - |HD| - [1961009429] - C:\Program Files\WindowsApps
[16/07/2016 06:47:47] - |D| - [3647234] - C:\Program Files\WindowsPowerShell

---------- | C:\Program Files (x86)\Common Files

[19/09/2015 11:02:43] - |AD| - [48777040] - C:\Program Files (x86)\Common Files\Adobe AIR
[04/08/2015 17:28:01] - |D| - [235508990] - C:\Program Files (x86)\Common Files\Apple
[19/12/2015 19:59:23] - |D| - [961872] - C:\Program Files (x86)\Common Files\AV
[06/08/2015 07:46:30] - |AD| - [99992] - C:\Program Files (x86)\Common Files\DESIGNER
[04/08/2015 09:34:42] - |D| - [4055029] - C:\Program Files (x86)\Common Files\InstallShield
[27/09/2016 17:26:54] - |D| - [68056347] - C:\Program Files (x86)\Common Files\Intel
[16/07/2016 06:47:48] - |AD| - [224176336] - C:\Program Files (x86)\Common Files\Microsoft Shared
[16/07/2016 06:47:48] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[16/07/2016 06:47:48] - |D| - [9944367] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[06/08/2015 08:02:38] - |D| - [208534383] - C:\Program Files\Common files\Apple
[19/12/2015 19:59:23] - |D| - [961872] - C:\Program Files\Common files\AV
[16/07/2016 06:47:47] - |AD| - [98821991] - C:\Program Files\Common files\microsoft shared
[16/07/2016 06:47:47] - |D| - [2702] - C:\Program Files\Common files\Services
[16/07/2016 06:47:47] - |D| - [10202507] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.31E447B39B3A82C2C2E2532AE5A2F250] - [24/04/2017 14:52:31] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [27/09/2016 17:33:56] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.00000000000000000000000000000000] - [27/09/2016 17:33:56] - |D| - [2606] - C:\WINDOWS\System32\Tasks\Apple
[MD5.9AEA3AAB0ECCA998300E14B80F066144] - [08/02/2017 04:09:46] - |A| - [3994] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
[MD5.00000000000000000000000000000000] - [27/09/2016 17:33:56] - |D| - [3968] - C:\WINDOWS\System32\Tasks\AVAST Software
[MD5.3B0E5C51EFDDF83B7DD3C0FB0831DF39] - [27/09/2016 17:33:56] - |A| - [2392] - C:\WINDOWS\System32\Tasks\DeviceDetector : C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
[MD5.E98373D2013EBE19B6B30FA5BF162898] - [27/09/2016 17:33:56] - |A| - [3292] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.8795B838F14984B6087CFEFCF5D4BF11] - [27/09/2016 17:33:56] - |A| - [3416] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [16/07/2016 06:47:48] - |D| - [563642] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.64CBC5318CC94B24F6FA010F8FB2CCC0] - [27/09/2016 17:33:56] - |A| - [2168] - C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe : C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
[MD5.6FABD998EA3EBCECEB8F4E2460084522] - [27/09/2016 17:33:56] - |A| - [2166] - C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe : C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
[MD5.00000000000000000000000000000000] - [27/09/2016 17:33:57] - |D| - [0] - C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
[MD5.45C953B2DEC137B3AD009F4CA73ADCB2] - [27/09/2016 17:33:56] - |A| - [2824] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task : C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
[MD5.622E92B1054A4D996BE963985C351E14] - [06/12/2016 15:36:32] - |A| - [3276] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.FC7F4E653AA8340FD65678C9EECA0FE3] - [27/09/2016 17:33:56] - |A| - [2812] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1014905426-3769363605-1701117676-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.7CDFB50F4BD0CED6BE88474E73F94380] - [27/09/2016 17:33:56] - |A| - [2198] - C:\WINDOWS\System32\Tasks\RtHDVBg_LENOVO_MICPKEY : "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"
[MD5.88D68B15AB786B3DF7CF3E83E15E428B] - [27/09/2016 17:33:56] - |A| - [2174] - C:\WINDOWS\System32\Tasks\RTKCPL : "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
[MD5.FCFA83FF488AD429AC3A8121BA6EDA7A] - [27/09/2016 17:33:56] - |A| - [4008] - C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1468726664 : C:\Program Files\AVAST Software\SZBrowser\launcher.exe
[MD5.928BBE59AFEA7ACCE8F1361CF923BEC7] - [27/09/2016 17:33:56] - |A| - [3296] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6CFCB75E-A30D-4826-9A56-0BC571027065} : C:\WINDOWS\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [27/09/2016 17:33:58] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [16/07/2016 06:47:48] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
"Netlogon-NamedPipe-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD

A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"MDNS-In-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"MDNS-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"DeliveryOptimization-TCP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"{49A75FE9-C561-4677-8237-CBBBA6E4DDF7}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
"{4318DBDD-DDE1-463F-BCE7-258D6D028763}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
"{B883ABCE-DF1A-4A0B-ABAE-8CA27CB83D1D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
"{E3D39E12-16A5-4746-8B99-19BD74822B66}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|
"{560448D6-095C-4907-B046-AC7F710701A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{D6980480-941A-4DF6-AB81-3734ECD3D779}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{F64300AD-D559-4000-BD45-0997BCC8E70A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{9E3D57FC-7C37-4424-9352-4831E97D029D}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{152F2F8A-E265-4C9C-9BE0-4C8E7AEA69D4}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{38448C18-A688-49C7-8174-1B2BC24536EC}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=54925|Name=BrotherNetwork Scanner|
"{0FB634A8-6EA7-43B2-A769-45454BE438C0}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe|Name=FAXRX.EXE|
"{B3F40DE2-8388-4CAE-8638-D6A2B4EFF453}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe|Name=FAXRX.EXE|
"{BDC72FFF-6BF5-4EA4-A1C9-87615CF8650F}"=v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE|Name=CyberLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0|
"{E3A6ED74-81F5-446A-957D-10E530C43644}"=v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe|Name=CyberLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0|
"{6227C5EA-E5F9-4C60-8D66-32D77F2E16EE}"=v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector|
"{E7985E1D-C36F-4787-80A8-6350D07E9266}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{791DAA5F-4699-4632-A075-9E9E12A69E38}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=Check Point VPN|Desc=Check Point VPN|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=Check Point VPN|Platform=2:6:2|Platform2=GTEQ|
"{E0D6733F-F144-4ED0-BB39-1BCEBF3A4578}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=Check Point VPN|Desc=Check Point VPN|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=Check Point VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{992BA417-AB1E-48D6-985B-7286B6C2EE84}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=F5 VPN|Desc=F5 VPN|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=F5 VPN|Platform=2:6:2|Platform2=GTEQ|
"{0FE09839-BDCA-4451-83E0-FCAABFFF9DFD}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=F5 VPN|Desc=F5 VPN|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=F5 VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{60DFFD0B-6093-4928-BA82-3B1F1E23C1C4}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=Juniper Networks Junos Pulse|Desc=Juniper Networks Junos Pulse|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=Juniper Networks Junos Pulse|Platform=2:6:2|Platform2=GTEQ|
"{244B1068-FC71-49A5-A814-75FD55D42373}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=Juniper Networks Junos Pulse|Desc=Juniper Networks Junos Pulse|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=Juniper Networks Junos Pulse|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{E68BDD3D-66D0-42C1-8599-5BDA417A9922}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL Mobile Connect|Desc=SonicWALL Mobile Connect|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL Mobile Connect|Platform=2:6:2|Platform2=GTEQ|
"{F2CBF299-FDE2-40A9-B458-5F740F6856B1}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL Mobile Connect|Desc=SonicWALL Mobile Connect|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL Mobile Connect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"TCP Query User{4CB13AE9-7084-4A83-BC12-848522DF60E8}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe|Name=amazon music importer|Desc=amazon music importer|Defer=User|
"UDP Query User{D4799C1E-4693-4F64-B855-4DA5749DE500}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe|Name=amazon music importer|Desc=amazon music importer|Defer=User|
"{508C52B6-0B68-4628-A56A-BE375B2358B7}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{86456A7C-4008-43EA-B8FA-9D1D1114153F}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ|
"{F22331B4-691C-4F0C-8675-8A4BDF00E39D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome|
"{EC64A73F-9C15-4066-BBFC-80A58E246C2D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome|
"{7E54A6EE-FB66-4B87-AF21-0770E20C250E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5556|Name=Videostream Desktop Application|
"{375B3A70-0160-4DF6-970B-A89FF225ECCE}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5558|Name=Videostream Mobile Application|
"{82C503A6-E6FF-42F9-8124-A8448B1E8AD7}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{63429HDWProduction.AVCast_2015.729.2.62_neutral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|Desc=@{63429HDWProduction.AVCast_2015.729.2.62_neutral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1206494822-2154230163-57104287-3287776930-1937660456-2633082984-2402757740|EmbedCtxt=@{63429HDWProduction.AVCast_2015.729.2.62_neutral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|Platform=2:6:2|Platform2=GTEQ|
"{3E3A38E4-9940-4A06-9137-80CED1C6FB54}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{63429HDWProduction.AVCast_2015.729.2.62_neutral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|Desc=@{63429HDWProduction.AVCast_2015.729.2.62_neutral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1206494822-2154230163-57104287-3287776930-1937660456-2633082984-2402757740|EmbedCtxt=@{63429HDWProduction.AVCast_2015.729.2.62_neutral__vzjvkadhfn8tr?ms-resource://63429HDWProduction.AVCast/Resources/displayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{1D0BDDA3-7452-4E9F-A071-FC13D992FBF0}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|
"{51B8B173-D0AE-4131-AB6A-0D91D0E20208}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ|
"{9209A7A8-78D3-4A14-9C5D-5A93966EAAC7}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|
"{E38EB9B4-1B18-43A7-A965-0F56933968C6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|
"{FB14DDBC-222D-4D25-929F-74F491455DC4}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{464BD631-5C86-4724-B115-D092E08DE990}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{354D61B0-FD70-455C-A8B1-2D43EFC2EF09}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{09DFC57F-AA1D-4809-A2AD-A087C8942CC9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{62589703-4D8D-4D22-A059-9A1ACAA2BB9A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{27DEBC54-87CC-4831-84F4-21965B2CAD68}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{092FBE2E-086B-4681-A8C5-303FE97FD703}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|
"{B022D6AF-E5A1-4FA2-B716-85A5E255E509}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{72977B23-DE41-4C2C-8925-53B90CC2E185}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{74DBA38E-14FB-4AC8-A433-F84AE1202653}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|
"{F1C70004-D967-4D47-BDD8-627F5DF81153}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{CE3204CD-96E1-4D22-BC98-6532A1B17B22}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{E046963F.LenovoCompanion_3.72.1.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_3.72.1.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-1014905426-3769363605-1701117676-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_3.72.1.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|

---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}] : (USB Display Adapters) [] -> USB Display Adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem31.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b6a945de-134c-4279-9a66-61a63c6f0dc5}] : (Network Infrastructure Devices) [] -> @oem12.inf,%ClassName%;Network Infrastructure Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[19/03/2015 12:59:39] - (18.0.7.53) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
[19/03/2015 13:19:24] - (1.0.0.8) - (Lenovo - Lenovo Desktop BIOS Driver) - C:\WINDOWS\System32\Drivers\LBAI.sys
[12/11/2015 23:50:10] - (1.1.0.0) - (Western Digital Technologies, Inc. - Western Digital SCSI Architecture Model (SAM) driver) - C:\WINDOWS\System32\drivers\wdcsam64.sys
[05/08/2015 13:00:14] - (1.0.0.0) - (Samsung Electronics - Port Contention Driver) - C:\Windows\system32\Drivers\SSPORT.sys
[09/01/2016 10:19:08] - (1.0.2829.2626) - (CyberLink Corp. -) - C:\WINDOWS\system32\Drivers\rikvm_90970B6B.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> \SystemRoot\system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswKbd (aswKbd) -> \SystemRoot\system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True
S2 - [Kernel Driver] - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False
R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\system32\drivers\MBAMChameleon.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - SSPORT (SSPORT) -> \??\C:\Windows\system32\Drivers\SSPORT.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft Files whitelisted)

[MD5.EE1CCC54F75C24727A218F98FC5349DA] - [16/07/2016 06:41:53] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys
[MD5.49B9DB97AFC85DCCBDACDAB2E90085B7] - [16/07/2016 06:41:53] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys
[MD5.74FFBC43B4B899C9A8CA06A892F2CE73] - [16/07/2016 06:41:53] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys
[MD5.AAB0F1D8D7E54761ABAB13AF161F1680] - [16/07/2016 06:41:53] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys
[MD5.F91BAAC4237C40352A807000F3B716F9] - [16/07/2016 06:41:53] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys
[MD5.E6AB1F0B4C3D4E0D2A88332D76FECD03] - [16/07/2016 06:41:53] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys
[MD5.A7B57360535C2F651FD29017212BEE2C] - [08/02/2017 04:09:46] - (.Copyright (C) 2014 AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) - [300.52 Ko] - (17.3.2.64257) - C:\WINDOWS\System32\Drivers\aswbidsdrivera.sys
[MD5.E4EA423C630EEDCAEEFAD064C394C817] - [08/02/2017 04:09:46] - (.Copyright (C) 2014 AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) - [185.32 Ko] - (17.3.2.64257) - C:\WINDOWS\System32\Drivers\aswbidsha.sys
[MD5.E2A05D51AF0C017C66C6DA780E9D6049] - [08/02/2017 04:09:46] - (.Copyright (C) 2014 AVAST Software s.r.o. - Logging Driver.) - [326.26 Ko] - (17.3.2.64257) - C:\WINDOWS\System32\Drivers\aswbloga.sys
[MD5.A6ECFEDBFBF28DF8E4AF1415F8F96424] - [08/02/2017 04:09:46] - (.Copyright (C) 2014 AVAST Software s.r.o. - Universal Driver.) - [47.39 Ko] - (17.3.2.64257) - C:\WINDOWS\System32\Drivers\aswbuniva.sys
[MD5.F616A379AE5416B7B74D257C786E688E] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast HWID.) - [37.4 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswHwid.sys
[MD5.958F99D57A10FE3C1AED7E170335A8A7] - [16/07/2016 18:32:57] - (.Copyright (c) 2014 AVAST Software - Avast Keyboard Filter Driver.) - [31.84 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswKbd.sys
[MD5.9E121B7D43AD2CECBF84FD115ABCFEA8] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast File System Minifilter for Windows 2003/Vista.) - [124.13 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswMonFlt.sys
[MD5.B560D9446262FD66557540D270E8C0D0] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast WFP Redirect Driver.) - [98.78 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswRdr2.sys
[MD5.8DC8CDF5351601FB95D3288F88100ED6] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast Revert.) - [73.93 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswRvrt.sys
[MD5.48FDB04B2145582E21938C31CA7DFC50] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast Virtualization Driver.) - [981.49 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswSnx.sys
[MD5.601CB08742B96334DBA3629ECDD3E9ED] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast self protection module.) - [543.73 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswSP.sys
[MD5.9E70CF27A36A11462798255C2D7A5DC1] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Stream Filter.) - [160.22 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswStm.sys
[MD5.AEEF7494648FD2B4B9D9F6BEA7D25D20] - [04/08/2015 07:24:01] - (.Copyright (c) 2014 AVAST Software - Avast VM Monitor.) - [331.73 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\Drivers\aswVmm.sys
[MD5.3F5523DCEFE42B385659C5CB46A6B810] - [16/07/2016 06:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys
[MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [16/07/2016 06:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys
[MD5.7BA3A4FA7B051E70AF41B1A5AE7678DC] - [19/03/2015 12:57:35] - (.Copyright (C) 2013, Broadcom Corporation. - Broadcom SMBus Controller Driver.) - [39.21 Ko] - (1.1.0.2200) - C:\WINDOWS\System32\Drivers\bcmsmbsp.sys
[MD5.61BAC67048CA5C1D08C48FCC8012B613] - [16/07/2016 06:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic Gigabit Ethernet VBD.) - [521.34 Ko] - (7.12.31.105) - C:\WINDOWS\System32\Drivers\bxvbda.sys
[MD5.48BC8B59BF348BD8C8702B93171008F2] - [16/07/2016 06:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI Crash Dump Driver.) - [100.34 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4dx64.sys
[MD5.0AED948DA8D5F08B3D6F12E4E2089736] - [16/07/2016 06:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI VMiniport Driver.) - [338.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4sx64.sys
[MD5.0002A0FDE087C1657AB31CE73077539C] - [16/07/2016 06:41:53] - (.Copyright © 2010 Chelsio Communications. - Virtual Bus Driver for Chelsio ® T4 Chipset.) - [2054.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4vx64.sys
[MD5.83E4A14F851341C933C3235BFB882ECA] - [16/07/2016 06:41:54] - (.Copyright(C) 2013, Intel Corporation. - Intel(R) Gigabit Adapter NDIS 6.x driver.) - [512.5 Ko] - (12.15.22.6) - C:\WINDOWS\System32\Drivers\e1i63x64.sys
[MD5.7EC6FC0266D74BD47ABB130A328B70EC] - [16/07/2016 06:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic 10 GigE VBD.) - [3338.84 Ko] - (7.13.65.105) - C:\WINDOWS\System32\Drivers\evbda.sys
[MD5.F5CA18197B4646E04DB9EB2D6642CC4D] - [16/07/2016 06:41:53] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys
[MD5.C6B8743B213F06AA60943D8366FE968F] - [16/07/2016 06:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO GPIO Controller Driver.) - [32.5 Ko] - (604.10146.3023.12819) - C:\WINDOWS\System32\Drivers\iagpio.sys
[MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [16/07/2016 06:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys
[MD5.5A0E850F8CD17791A3E6A3CF81D0CA28] - [16/07/2016 06:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Driver v2.) - [63 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_GPIO2.sys
[MD5.7508F1096803385D6376BFD0BD473AC4] - [16/07/2016 06:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [172.25 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys
[MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [16/07/2016 06:41:52] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys
[MD5.EB82A11613326691508D9ED9A4FE29E7] - [16/07/2016 06:41:50] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys
[MD5.D62CBCD73F175C8A7F92CAFB6B6AF4DD] - [19/03/2015 12:57:52] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver - x64.) - [654.85 Ko] - (13.2.4.1000) - C:\WINDOWS\System32\Drivers\iaStorA.sys
[MD5.97E553D03219D3D51705C7235D9EAEBD] - [16/07/2016 06:41:53] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys
[MD5.8350FE3BCDE3428BC040877BB7E9EAEB] - [16/07/2016 06:41:53] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys
[MD5.3BA03F7C7700DDF4C383DDE9252F5817] - [16/07/2016 06:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [513.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ibbus.sys
[MD5.62F0CB0A54EAF37E15EC385300957BB8] - [01/07/2015 22:17:44] - (.Intel Corporation (C) 2015 - Intel(R) Wireless Bluetooth(R) Driver.) - [77.77 Ko] - (18.1.1525.1445) - C:\WINDOWS\System32\Drivers\ibtfltcoex.sys
[MD5.243A1CC37824CF3539BA6E6AEA3E7459] - [31/08/2015 21:43:50] - (.Copyright (c) 1998-2014 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [6129.76 Ko] - (10.18.15.4248) - C:\WINDOWS\System32\Drivers\igdkmd64.sys
[MD5.5F6F8E55DDB25BC41497DD11A85FC257] - [19/03/2015 12:57:55] - (.Intel(R) Corporation. - Intel(R) Display Audio Driver.) - [443.23 Ko] - (6.16.0.3150) - C:\WINDOWS\System32\Drivers\IntcDAud.sys
[MD5.5950F69F9B345952F3C2275C39EA393B] - [04/03/2015 16:18:26] - (.Copyright © 2010-2014, Intel Corporation. - Intel® WiDi Solution.) - [41.3 Ko] - (5.5.55.0) - C:\WINDOWS\System32\Drivers\intelaud.sys
[MD5.F980BC9EDC3BB844C6144351B8053581] - [19/03/2015 13:19:24] - (.Copyright (C) Lenovo. 1998-2013 - Lenovo Desktop BIOS Driver.) - [15.82 Ko] - (1.0.0.8) - C:\WINDOWS\System32\Drivers\LBAI.sys
[MD5.8E1B0946948CCC0BC1FA3CB70374A795] - [16/07/2016 06:41:53] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys
[MD5.4F68163FC04C973500DC4DA0946917B0] - [16/07/2016 06:41:53] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [103.34 Ko] - (2.0.79.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys
[MD5.E5AC5F2815938651CDCC27F425474673] - [16/07/2016 06:41:53] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [98.84 Ko] - (2.51.12.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys
[MD5.CCF6EC9FB9B8F18E05B4253E81013E48] - [16/07/2016 06:41:53] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys
[MD5.3BEC6134F1E45AEF5E971F69F0D38510] - [24/04/2017 14:31:49] - (.(C) Malwarebytes. - Malwarebytes Chameleon.) - [171.94 Ko] - (3.0.0.149) - C:\WINDOWS\System32\Drivers\MBAMChameleon.sys
[MD5.C3CDCCF07486BD2616A7B82946E07AC0] - [16/07/2016 06:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys
[MD5.2CF0CB2A0ED68C5455371E84C16F9627] - [14/10/2016 20:59:12] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [62.84 Ko] - (6.711.10.11) - C:\WINDOWS\System32\Drivers\MegaSas2i.sys
[MD5.FADB2FE017E69EECE0E1BA78661C2E8C] - [16/07/2016 06:41:53] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys
[MD5.FD60818B66B2E8A5415EA840E99A9D8F] - [16/07/2016 06:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [822.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys
[MD5.3D2C5B4995CA0751D32DEA0DE9FDFE44] - [16/07/2016 06:41:53] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys
[MD5.629CB21AC49C8867E0F29DF1C16DB7B4] - [16/07/2016 06:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [106.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys
[MD5.6C76780A01FC2B885BD6E957B5C36B02] - [16/07/2016 06:42:03] - (.-.) - [88.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\NetAdapterCx.sys
[MD5.99C24A7DC1F3D4845553B4BD189274A0] - [16/07/2016 06:41:50] - (.Copyright © Intel Corporation 2011 - Intel® Wireless WiFi Link Driver.) - [3265.5 Ko] - (15.16.0.2) - C:\WINDOWS\System32\Drivers\NETwew01.sys
[MD5.D261DF41F0840F734856A2B4F5E072C7] - [16/07/2016 06:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys
[MD5.23B702B555EB0436B9DAA0BC63DA65CE] - [16/07/2016 06:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys
[MD5.540116170E2135FCD5DDE77702166B67] - [16/07/2016 06:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.805.3.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys
[MD5.8356F87553BF49C703CF382033815898] - [16/07/2016 06:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [60.34 Ko] - (6.603.6.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys
[MD5.2A8D4FDD17CD77B2C90A1D1418D60263] - [09/01/2016 10:19:08] - (.Copyright (C) CyberLink Corp. 2009 -.) - [148.48 Ko] - (1.0.2829.2626) - C:\WINDOWS\System32\Drivers\rikvm_90970B6B.sys
[MD5.C44251AF46727BA1A4D2A703255C9071] - [19/03/2015 12:58:22] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [3932.46 Ko] - (6.0.1.7324) - C:\WINDOWS\System32\Drivers\RTKVHD64.sys
[MD5.A34CE1830E45DA98932295FDE4B7908A] - [16/07/2016 06:41:53] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys
[MD5.A7B5C670770E908DA5FEF5BF1136E933] - [16/07/2016 06:41:53] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys
[MD5.AF14CCEDA0CB1F509A3B7963B7B7A86C] - [19/03/2015 12:59:39] - (.Copyright (C) Synaptics Incorporated 1996-2014 - Synaptics SMBus Driver.) - [30.73 Ko] - (18.0.7.53) - C:\WINDOWS\System32\Drivers\Smb_driver_Intel.sys
[MD5.0211AB46B73A2623B86C1CFCB30579AB] - [05/08/2015 13:00:14] - (.Copyright (C) Samsung Corp. 1998-2005 - Port Contention Driver.) - [11.3 Ko] - (1.0.0.0) - C:\WINDOWS\System32\Drivers\SSPORT.SYS
[MD5.29D26E1347AE1BBD4201014E19880B2C] - [16/07/2016 06:41:53] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys
[MD5.9042E630FE102F1A2436EE05857CD139] - [19/03/2015 12:57:36] - (.Copyright © 2006-2014, Intel Corporation. - Intel(R) Management Engine Interface.) - [123 Ko] - (10.0.20.1258) - C:\WINDOWS\System32\Drivers\TeeDriverx64.sys
[MD5.F957092C63CD71D85903CA0D8370F473] - [10/06/2015 23:08:36] - (.© Apple, Inc. - Apple Mobile Device USB Driver.) - [53.5 Ko] - (1.67.0.0) - C:\WINDOWS\System32\Drivers\usbaapl64.sys
[MD5.FD9BCB8920973CEAD4D49DC7A6D8A618] - [16/07/2016 06:41:53] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys
[MD5.0C111F220798CCE80484026E06822379] - [16/07/2016 06:41:53] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS
[MD5.A556768CC1FA4F36022BEE2F0EDE2566] - [12/11/2015 23:50:10] - (.© 2006-2015 Western Digital Technologies, Inc. - Western Digital SCSI Architecture Model (SAM) driver.) - [26.25 Ko] - (1.1.0.0) - C:\WINDOWS\System32\Drivers\wdcsam64.sys
[MD5.F95DE20312ACCA7761446DE152BD1F7C] - [16/07/2016 06:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [31.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winmad.sys
[MD5.8B9AFF5F08E66A6F1F1063DEC9457FB6] - [16/07/2016 06:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [63.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winverbs.sys

---------- | Uninstall

[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CopyTrans Suite] : (CopyTrans Control Center Uninstall Only.-.WindSolutions) -> C:\Users\Owner\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0C03110B-25BE-4E98-853F-4AA6C902CEC3}] : (DisplayLink Graphics.-.DisplayLink Corp.) -> RunDll32.exe "%DisplayLinkConfigRoot%\InstallerApi.dll",dlRemoveProduct {78A36ACD-80D5-490f-B4C4-83D7FCC08391}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{22ED06F1-2432-4D16-B4DC-2DF4A7ACD54A}] : (DisplayLink Core Software.-.DisplayLink Corp.) -> MsiExec.exe /X{22ED06F1-2432-4D16-B4DC-2DF4A7ACD54A}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{587BCDD1-4F59-42A9-8E69-6A5E5F885063}] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}] : (PaperPort Image Printer 64-bit.-.Nuance Communications, Inc.) -> MsiExec.exe /X{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}] : (iTunes.-.Apple Inc.) -> MsiExec.exe /I{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}] : (iCloud.-.Apple Inc.) -> MsiExec.exe /I{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}] : (Apple Application Support (64-bit).-.Apple Inc.) -> MsiExec.exe /I{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C84F2CE8-4833-465E-90F4-CF38C99F0CAC}] : (DisplayLink Core Software.-.DisplayLink Corp.) -> MsiExec.exe /X{C84F2CE8-4833-465E-90F4-CF38C99F0CAC}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}] : (Bluetooth Stack for Windows by Toshiba.-.TOSHIBA CORPORATION) -> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe AIR] : (Adobe AIR.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Avast Antivirus] : (Avast Free Antivirus.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\com.amazon.music.uploader] : (Amazon Music Importer.-.Amazon Services LLC) -> msiexec /qb /x {3BAF1C25-33AA-AB09-0D89-1BAB227E5FB8}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\setup.exe" --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}] : (CyberLink Media Suite.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}] : (CyberLink WaveEditor.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}] : (CyberLink Power2Go.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}] : (SmartSound Quicktracks Plugin.-.SmartSound Software Inc) -> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}] : (CyberLink MediaShow.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}] : (CyberLink PowerBackup.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}] : (CyberLink PowerProducer.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}] : (CyberLink LabelPrint.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] : (CyberLink PowerDirector.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}] : (CyberLink PhotoNow.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{DA92A916-9238-4448-A876-276180E56FEA}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}] : (CyberLink PowerDVD 10.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}] : (CyberLink MediaEspresso.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}] : (CyberLink PowerDVD Copy.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\KeePass Password Safe_is1] : (KeePass Password Safe 1.32.-.Dominik Reichl) -> "D:\KeePass Password Safe\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SafeZone 3.55.2393.596] : (SafeZone Stable 3.55.2393.596.-.Avast Software) -> "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Samsung ML-1865W Series] : (Samsung ML-1865W Series.-.Samsung Electronics Co., Ltd.) -> "C:\Program Files (x86)\Samsung\Samsung ML-1865W Series\Setup\Setup.exe" /R
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Trendnet USBKVM Switcher_is1] : (Trendnet USBKVM Switcher.-.) -> "C:\Program Files (x86)\Trendnet\USBKVM Switcher\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0C8EBB00-4909-459C-8347-B2068B7F0319}] : (CyberLink DVD Menu Template Pack.-.CyberLink Corp.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0C8EBB00-4909-459C-8347-B2068B7F0319}\Setup.exe" -uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}] : (CyberLink Media Suite.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26356515-5821-40FA-9C3D-9785052A1062}] : (Apple Application Support (32-bit).-.Apple Inc.) -> MsiExec.exe /I{26356515-5821-40FA-9C3D-9785052A1062}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{31B9D218-FED2-4C6C-B19F-7294FFC130B0}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{31B9D218-FED2-4C6C-B19F-7294FFC130B0}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}] : (CyberLink WaveEditor.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3BAF1C25-33AA-AB09-0D89-1BAB227E5FB8}] : (Amazon Music Importer.-.Amazon Services LLC) -> MsiExec.exe /I{3BAF1C25-33AA-AB09-0D89-1BAB227E5FB8}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}] : (CyberLink Power2Go.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}] : (SmartSound Quicktracks Plugin.-.SmartSound Software Inc) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56EC47AA-5813-4FF6-8E75-544026FBEA83}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{56EC47AA-5813-4FF6-8E75-544026FBEA83}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7FE25256-B7C1-480D-B736-10A67A833AEA}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80E158EA-7181-40FE-A701-301CE6BE64AB}] : (CyberLink MediaShow.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ADD5DB49-72CF-11D8-9D75-000129760D75}] : (CyberLink PowerBackup.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B7A0CE06-068E-11D6-97FD-0050BACBF861}] : (CyberLink PowerProducer.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}] : (CyberLink LabelPrint.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1] : (LBAI.-.Lenovo Group Limited) -> "C:\Program Files (x86)\Lenovo\LBAI\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] : (CyberLink PowerDirector.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D36DD326-7280-11D8-97C8-000129760CBE}] : (CyberLink PhotoNow.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DD98C438-D769-4677-AA87-3481FA32D20C}] : (Brother MFL-Pro Suite MFC-J4510DW.-.Brother Industries, Ltd.) -> "C:\Program Files (x86)\InstallShield Installation Information\{DD98C438-D769-4677-AA87-3481FA32D20C}\Setup.exe" -runfromtemp -l0x0009 UNINSTALL Reg=BHS13 -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}] : (CyberLink PowerDVD 10.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E3739848-5329-48E3-8D28-5BBD6E8BE384}] : (CyberLink MediaEspresso.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E3D04529-6EDB-11D8-A372-0050BAE317E1}] : (CyberLink PowerDVD Copy.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

---------- | Ports

---------- | Installer

[HKCR\Installer\Products\098990BCF5D15D11E99A0005AB3E711E] : PowerDirector -> C:\Windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\09AB59D18F4FCE748A2844C1993DC0E1] : MSXML 4.0 SP3 Parser (KB2758694)
[HKCR\Installer\Products\1F60DE22234261D44BCDD24F7ACA5DA4] : DisplayLink Core Software -> C:\WINDOWS\Installer\{22ED06F1-2432-4D16-B4DC-2DF4A7ACD54A}\controlPanelIcon.exe
[HKCR\Installer\Products\1F764691F11C67F458B88521DA8CB349] : MSXML 4.0 SP3 Parser
[HKCR\Installer\Products\3551562C3AC622842B6ECBA4ACE6E02A] : Apple Application Support (64-bit) -> C:\WINDOWS\Installer\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}\WinInstall.ico
[HKCR\Installer\Products\38E1FB04BE028D11795C00905C206085] : Power2Go -> C:\Windows\Installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42C6FBF1Df1C10144AB2C065F4E9E897] : Media Suite -> C:\Windows\Installer\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\515653621285AF04C9D3795850A20126] : Apple Application Support (32-bit) -> C:\WINDOWS\Installer\{26356515-5821-40FA-9C3D-9785052A1062}\WinInstall.ico
[HKCR\Installer\Products\52C1FAB3AA3390BAD098B1BA22E7F58B] : Amazon Music Importer
[HKCR\Installer\Products\60EC0A7BE8606D1179DF0005ABBC8F16] : PowerProducer -> C:\Windows\Installer\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\623DD63D08278D11798C00109267C0EB] : PhotoNow -> C:\Windows\Installer\{D36DD326-7280-11D8-97C8-000129760CBE}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6A2FA4E2AE050624B94AE585D21178A9] : Apple Mobile Device Support -> C:\WINDOWS\Installer\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}\Installer.ico
[HKCR\Installer\Products\746BDFDA0C534524E96ED2C9B31740DB] : iCloud -> C:\WINDOWS\Installer\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}\ARP.ico
[HKCR\Installer\Products\812D9B132DEFC6C41BF92749FF1C030B] : Adobe AIR
[HKCR\Installer\Products\8489373E92353E84D882B5DBE6B83E48] : MediaEspresso -> C:\Windows\Installer\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8] : Bonjour -> C:\WINDOWS\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico
[HKCR\Installer\Products\8EC2F48C3384E564094FFC839CF9C0CA] : DisplayLink Core Software -> C:\WINDOWS\Installer\{C84F2CE8-4833-465E-90F4-CF38C99F0CAC}\controlPanelIcon.exe
[HKCR\Installer\Products\92540D3EBDE68D113A270005AB3E711E] : PowerDVD Copy -> C:\Windows\Installer\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
[HKCR\Installer\Products\94BD5DDAFC278D11D95700109267D057] : PowerBackup -> C:\Windows\Installer\{ADD5DB49-72CF-11D8-9D75-000129760D75}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\958FB4F94A3C6BA4DB1DC9D585815889] : iTunes -> C:\WINDOWS\Installer\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}\Installer.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\AA74CE6531856FF4E857450462BFAE38] : Apple Software Update -> C:\WINDOWS\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\Installer.ico
[HKCR\Installer\Products\AE851E081817EF047A1003C16EEB46BA] : MediaShow -> C:\Windows\Installer\{80E158EA-7181-40FE-A701-301CE6BE64AB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\BFB6BBEC807D99F46A33CB62000EE16F] : Bluetooth Stack for Windows by Toshiba -> C:\Windows\Installer\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C971C95CD8669A946BAE1012CCCF2134] : LabelPrint -> C:\Windows\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\CC67F423DD8D78D47BD74DFAE5A17A3B] : WaveEditor -> C:\Windows\Installer\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\CCAAC517B97513845A4F8AA3D83EFE2E] : PaperPort Image Printer 64-bit -> C:\Windows\Installer\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D4ADF7A47D4F94A439A460D6954AC3E7] : SmartSound Quicktracks Plugin -> C:\Windows\Installer\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DE532CED4A8571542A874CE1D8EABAB3] : PowerDVD -> C:\Windows\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe

---------- | ADS

@C:\WINDOWS\System32:Win32App_1
@C:\WINDOWS\Syswow64:Win32App_1

---------- | Drives

Disk: 0 Size=122G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 07-NTFS 350M Yes No 2,048 716,800
1 1 07-NTFS 121G No No 718,848 248,426,496
2 2 27-UNKNWN 450M No No 249,145,344 921,600

---------- | MBR

Windows Version: Professional
Windows Information: (build 9200), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 10AY0020US
Logical Drives Mask: 0x0000003c

Analysis of file "C:\QuickDiag\MBR.bin":
Windows 7 MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Faulting application name: mbamtray.exe, version: 3.0.0.849, time stamp: 0x583dca59
Faulting module name: mbamtray.exe, version: 3.0.0.849, time stamp: 0x583dca59
Exception code: 0xc0000005
Fault offset: 0x00055315
Faulting process id: 0xd50
Faulting application start time: 0x01d2bdf8cf80ac1c
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Report Id: 3ed666b4-c515-407c-b8fd-75dd03515177
Faulting package full name:
Faulting package-relative application ID:
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: b821f5ce-8cdf-4326-ae62-19d3235f1764
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 656c5ebd-92d8-42d7-b3a2-acb08e8013de
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 38dd5da3-1922-4423-a32a-4127f168c7db
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 6b5988bf-3d3d-4466-abfa-06072a8b1cad
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 07777e10-ee3c-425a-a304-73178a7d44ce
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: c54a5a35-e1da-4e82-8eeb-232403a41771
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 837b69e4-bf2c-4175-806b-d5ae7c6ff337
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 431ccd49-98eb-4a92-aa88-56207326c541
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 22e923a7-d3f4-46b0-a2b6-4117855fb9ff
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: ad644a05-1a5a-48e0-a56f-851cad121b0e
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 1dc57f13-5436-4319-8125-e331418f662f
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: a1179158-2cdd-47d1-a4ad-fe83ed04d625
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d2bd361dc2a09e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 0b06e4c2-0540-48f3-8965-5d662c6d8aa0
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a8c
Faulting application start time: 0x01d2bd361dba00a9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: de0c68d8-607e-440a-b924-a44af2a39ce6
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1ee0
Faulting application start time: 0x01d2bd360fd29dcd
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: cdb270af-4c67-4831-96e4-b947e1b69e79
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1ee0
Faulting application start time: 0x01d2bd360fd29dcd
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 939ead1b-cc33-4c68-8597-ddb51cf05bdc
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1ee0
Faulting application start time: 0x01d2bd360fd29dcd
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: f95a0050-96da-4095-ad88-23ecbace5adb
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1ee0
Faulting application start time: 0x01d2bd360fd29dcd
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: e053924b-ec7b-4b4e-aa88-4490e237ab28
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
------------

----------( EOF)---------- - 4023 | 14:31:10

g3n-h@ckm@n · Apr 25, 2017

Disable all your protections ,select and copy all this text :

Code:

Key::
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Run]|"GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267"
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|"userinit"|REG_SZ|userinit.exe,
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]|"Locked"|REG_DWORD|0

File::
C:\ProgramData\WindSolutions

CMD::
rd /s /q C:\WINDOWS\Temp\*
del /f /q C:\WINDOWS\Temp\*
sc delete diagtrack
sc delete dwmappushservice
###

ADS::
@C:\WINDOWS\System32
@C:\WINDOWS\Syswow64

Clean::
yes

Run QuickDiag and click on the « S » at the top of the interface.

A window will open with exactly the same text you selected before

Click « Script » button

A short time later another window will open with the results, copy/paste all the text in your answer.

Antoine · Apr 25, 2017

--------------- QuickScript | g3n-h@ckm@n | V3_23.04.17.2 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 25/04/2017 15:48:13

Updated 23/04/2017 | 18.25 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-06:00) Central Time (US & Canada)
[Owner (Administrator)] - [OWNER-PC] (S-1-5-21-1014905426-3769363605-1701117676-1001)

System: Microsoft Windows 10 Pro - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Pro|C:\WINDOWS|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: 10AY0020US - LENOVO - IdNumber: MJ014YG1 - UUID: 070DBBA0-0324-11E4-A01A-649804D41100
Processor : X64 - 2893 Mhz - Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
LENOVO BIOS Rev: FHKT48A 0.0 - en|US|iso8859-1 - LENOVO - S/N: MJ014YG1 - FHKT48AUS - LENOVO - 1300
CoreTemp : 29.8 Celsius

----------| Script

Registry saved : C:\QuickDiag\Save\Registry [25.04.2017 @ 15_48_14]

Value : [HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Software\Microsoft\Windows\CurrentVersion\Run]~[GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] Deleted Successfully
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, -> Set Successfully
[HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 0 -> Set Successfully
C:\ProgramData\WindSolutions Moved Successfully
Batch File Executed !
ADS : @C:\WINDOWS\Syswow64:Win32App_1 Deleted successfully

-------------- | CleanDisk :

FreeSpace : 88677
Cleaning.......
FreeSpace : 88717

----------(EOF)----------

g3n-h@ckm@n · Apr 25, 2017

ok it was generally just few corrections , not really infections
you're not infected

Antoine · Apr 25, 2017

and thus theres no chance that any external or thumbdrives have been infected or anyone maybe got on my wifi network somehow and infected it that way right.. because if anyone did send a virus to an external or thumb drive or access my pc though my wifi network then whatever they did wouldnt have planted itself on my main drive (c

since thats where the OS and all the files necessary to run any exploits are located right?

g3n-h@ckm@n · Apr 25, 2017

If there had been an infection I would have seen it in the report, how did you see that your banking information was compromised?

Antoine · Apr 25, 2017

g3n-h@ckm@n said:
If there had been an infection I would have seen it in the report, how did you see that your banking information was compromised?

Well according to the bank there ha been unauthorized access on my online banking and my transactions history shows very small (like less than a dollar) withdrawals and deposits kind of like the ones some websites (such as paypal) would do to test your account so you can see it and report the amounts to them that way it would verify or prove that the account belongs to you and I've never been to such websites or done such things sooo if I did not then SOMEONE must have

g3n-h@ckm@n · Apr 26, 2017

The bank can, at your request to block this kind of transactions .... is it still the same dealer who operates?

Antoine · Apr 26, 2017

well ive already had my accounts changed i just didnt wanna set up online banking for the new accounts if my pc was compromised and it was just gonna happen again. So I wanted to make sure before I did so

g3n-h@ckm@n · Apr 26, 2017

you can be

Antoine · Apr 27, 2017

I can be what >.>

g3n-h@ckm@n · Apr 27, 2017

hello you can be sure there's no problem on you machine

g3n-h@ckm@n · Apr 30, 2017

hello after all that :
use delfix to delete tools we used : https://toolslib.net/downloads/viewdownload/2-delfix

(click on button : "Télécharger" or " Download" I don't know if you'll be in an english or french page )
check all and run

====

install Unchecky it will uncheck unwanted programs added in the installation pack : https://unchecky.com/

====
perform a ccleaner cleaning files/folders and Registry As long as it finds errors at the anlysis
and make sure it starts up with windows

====

perform a scan with malwarebytes each week/month According to use that you do with your computer