Solved BSOD

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
Chkdsk started. Presently seems permanently on 12% complete.
Ah well, thank goodness for the tablet ;-)

Wow, still at 12%. Will need to let it run overnight then.

By the way, I'm aware ccleaner allows one to protect specific cookies, but the problem us one needs to know which and add them to the safe list individually. SAS was meant to know the sharing spying cookies without further knowledge/action by the user.
 
Last edited:
By the way, I'm aware ccleaner allows one to protect specific cookies, but the problem us one needs to know which and add them to the safe list individually. SAS was meant to know the sharing spying cookies without further knowledge/action by the user.


Ok, just reinstall SAS when done here. :)
 
I thought it'd be 20 to 30 minutes but it was hours. Well it must've done something (unsure what it found if anything) because I came down to MS telling me I have to check my privacy settings before they upgrade soon. I'll try the other thing now and update this post when I have something.

It was running behind another window but when I minimised the window it seems to have disappeared !
Can't see any report on the desktop. May have to run it again. Makes me nervous to have the AV off all this time.

Darn, just noticed that Zemana was still running. Exited it. But this QuickDiag seems to be stuck at 40%. I noted the icon flashing a red cross and the menu from it held little save for a pause instruction which was ticked (it always looks ticked ?!?!) so I clicked on that and the flashing red cross went; but I'm still waiting for it to progress past 40%. Ah, as I type, it seems to have decided to start again. ... Well I state that but it seems to be just flashing in yellow the same filename or reference (6AB85CE4-4E10-305C-2388-15B407E0E92C) in parentheses continually, mimicking progress, but staying at 40%.

This seems ridiculous. I'll give it another 10 minutes to do something, then I'll have to stop it. As usual I'm off later tomorrow, can't be running this forever for no progress. Typical. I type this, look back, and it's finally changed to C: drive path/filenames. At last !

Ok I notice it's closed. Pity it doesn't remain open to indicate finished. This time there is a file; attached.

Thanks for the help.


--------------- QuickDiag | g3n-h@ckm@n | V3_24.06.17.2 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 30/06/2017 09:21:02

Updated 24/06/2017 | 17.20 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+00:00) Dublin, Edinburgh, Lisbon, London
[Gary (Administrator)] - [HOME_PC] (S-1-5-21-3536061241-6043831-2542719734-1001)

System: Microsoft Windows 10 Pro - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0809) -> (1607)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Pro|C:\WINDOWS|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: System Product Name - System manufacturer - IdNumber: System Serial Number - UUID: 1F00C620-00C6-0300-498D-20CF305C4F2F
Processor : X64 - 2806 Mhz - Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz
BIOS Date: 08/06/12 09:44:07 Ver: 08.00.15 - en|US|iso8859-1 - American Megatrends Inc. - S/N: System Serial Number - 0803 - 080612 - 20120806
CoreTemp : ? Celsius

----------| Quick


---------- | SoundDevice

High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0889&SUBSYS_104383C0&REV_1000\4&24EAAE2F&0&0001
High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0010&SUBSYS_10DE0101&REV_1001\5&3279DAE2&0&0001
High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0010&SUBSYS_10DE0101&REV_1001\5&3279DAE2&0&0101
High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0010&SUBSYS_10DE0101&REV_1001\5&3279DAE2&0&0201
High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0010&SUBSYS_10DE0101&REV_1001\5&3279DAE2&0&0301

---------- | Video

NVIDIA GeForce GTX 470 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f578\nvd3dumx,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f578\nvwgf2umx,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f578\nvwgf2umx,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f578\nvwgf2umx,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f578\nvd3dum,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f578\nvwgf2um,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f578\nvwgf2um,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f578\nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_06CD&SUBSYS_115319DA&REV_A3\4&2F1C4782&0&0018 - AdapterCompatibility: NVIDIA - RAM: 1342177280
Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 470 - DriverVersion: 21.21.13.7872 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\rtvcvfw64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 246272 - Manufacturer: - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:26 %
CPU #2 value:7 %
CPU #3 value:7 %
CPU #4 value:26 %
CPU #5 value:63 %
CPU #6 value:1 %
CPU #7 value:44 %
CPU #8 value:1 %
Total Overall CPU Usage value:22 %

---------- | Network

Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.lan : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:22 bytes/sec, / RECEIVE Maximum:0 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Kaspersky Security Data Escort Adapter - Ethernet 802.3 - Kaspersky Security Data Escort Provider - Status: - PnPID : ROOT\NET\0000
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller - Ethernet 802.3 - Marvell - Status: - PnPID : PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&18ABAD59&0&00E2
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE
Microsoft ISATAP Adapter - - - Status: - PnPID :
WAN Miniport (SSTP) - - - Status: - PnPID :
WAN Miniport (IKEv2) - - - Status: - PnPID :
WAN Miniport (L2TP) - - - Status: - PnPID :
WAN Miniport (PPTP) - - - Status: - PnPID :
WAN Miniport (PPPOE) - - - Status: - PnPID :
WAN Miniport (IP) - - - Status: - PnPID :
WAN Miniport (IPv6) - - - Status: - PnPID :
WAN Miniport (Network Monitor) - - - Status: - PnPID :
Remote NDIS Compatible Device - - - Status: - PnPID :

---------- | Memory

RAM = Total (MB) : 25157 | Free (MB) : 19964
Pagefile = Total (MB) : 57925 | Free (MB) : 51279
Virtual = Total (MB) : 4194 | Free (MB) : 3925

Physical Memory 0 : Capacity: 4294967296 - DIMM0 - Posit.: - Manufacturer: Manufacturer00 - PartNumber: ModulePartNumber00 - S/N: SerNum00
Physical Memory 1 : Capacity: 4294967296 - DIMM1 - Posit.: - Manufacturer: Manufacturer01 - PartNumber: ModulePartNumber01 - S/N: SerNum01
Physical Memory 2 : Capacity: 4294967296 - DIMM2 - Posit.: - Manufacturer: Manufacturer02 - PartNumber: ModulePartNumber02 - S/N: SerNum02
Physical Memory 3 : Capacity: 4294967296 - DIMM3 - Posit.: - Manufacturer: Manufacturer03 - PartNumber: ModulePartNumber03 - S/N: SerNum03
Physical Memory 4 : Capacity: 4294967296 - DIMM4 - Posit.: - Manufacturer: Manufacturer04 - PartNumber: ModulePartNumber04 - S/N: SerNum04
Physical Memory 5 : Capacity: 4294967296 - DIMM5 - Posit.: - Manufacturer: Manufacturer05 - PartNumber: ModulePartNumber05 - S/N: SerNum05

---------- | SID Users

Administrator : [S-1-5-21-3536061241-6043831-2542719734-500]
DefaultAccount : [S-1-5-21-3536061241-6043831-2542719734-503]
Gary : [S-1-5-21-3536061241-6043831-2542719734-1001]
Guest : [S-1-5-21-3536061241-6043831-2542719734-501]
HomeGroupUser$ : [S-1-5-21-3536061241-6043831-2542719734-1002]
Access Control Assistance Operators : [S-1-5-32-579]
Administrators : [S-1-5-32-544]
Backup Operators : [S-1-5-32-551]
Cryptographic Operators : [S-1-5-32-569]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
Hyper-V Administrators : [S-1-5-32-578]
IIS_IUSRS : [S-1-5-32-568]
Network Configuration Operators : [S-1-5-32-556]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Power Users : [S-1-5-32-547]
Remote Desktop Users : [S-1-5-32-555]
Remote Management Users : [S-1-5-32-580]
Replicator : [S-1-5-32-552]
System Managed Accounts Group : [S-1-5-32-581]
Users : [S-1-5-32-545]
Debugger Users : [S-1-5-21-3536061241-6043831-2542719734-1003]
HomeUsers : [S-1-5-21-3536061241-6043831-2542719734-1000]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [] | Total : 930.97 Go | Free : 415.61 Go -> NTFS [ATA]
D:\ -> [CDROM] | [CDROM] | Total : 0.01 Go | Free : 0 Go -> CDFS [ATAPI]
E:\ -> [Fixed] | [drive partition 2] | Total : 244.14 Go | Free : 77.69 Go -> NTFS [ATA]
F:\ -> [Fixed] | [drive partition 3] | Total : 244.14 Go | Free : 26.58 Go -> NTFS [ATA]
H:\ -> [Fixed] | [drive partition 4] | Total : 244.14 Go | Free : 240 Go -> NTFS [ATA]
I:\ -> [Fixed] | [drive partition 5] | Total : 244.14 Go | Free : 1.99 Go -> NTFS [ATA]
J:\ -> [Fixed] | [drive partition 6] | Total : 176.57 Go | Free : 45.29 Go -> NTFS [ATA]
K:\ -> [Removable] | [STORE N GO] | Total : 14.42 Go | Free : 13.49 Go -> FAT32 [USB]
L:\ -> [Fixed] | [System Reserved] | Total : 0.1 Go | Free : 0.02 Go -> NTFS [ATA]
N:\ -> [Fixed] | [drive partition 1] | Total : 244.14 Go | Free : 244.01 Go -> NTFS [ATA]
O:\ -> [Fixed] | [drive partition 0] | Total : 0.01 Go | Free : 0 Go -> NTFS [ATA]

Disk Usage Information [3 total Physical Disks]

Physical Drive #1 [O:, N:, E:, F:, H:, I:, J:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Physical Drive #0 [L:, C:] : Read:0 bytes/sec, Written:5,179,371 bytes/sec Max Read:0 bytes/sec, Max Write:5,179,371 bytes/sec
Physical Drive #2 [K:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:5,179,371 bytes/sec

DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 7 Part. - PnPID : IDE\DISKST31500341AS____________________________CC1H____\6&18B26658&0&0.0.0
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : IDE\DISKHITACHI_HDS721010CLA332_________________JP4OA3EA\5&2AFB53D3&0&0.0.0
DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_PMAP\070B3B1A06A9ED30&0

---------- | Windows updates

Test 1 : Windows Is Activated

---------- | Browsers

IE : 11.0.14393.953 (© Microsoft Corporation.)
FF : 54.0.0.6368 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 59.0.3071.115 (Copyright 2016 Google Inc.)

Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url ""

---------- | FlashPlayer

FlashPlayer ActiveX : 26.0.0.120
FlashPlayer Plugin : 26.0.0.131

---------- | Security

AV : Malwarebytes Enabled
AS : Windows Defender Disabled
FW : Kaspersky Total Security Disabled
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

712 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 12:42:27] CPU Usage:0 %
944 | [Owner : SYSTEM | Parent : 928() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 12:42:27] CPU Usage:0 %
148 | [Owner : SYSTEM | Parent : 928() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 12:42:27] CPU Usage:0 %
796 | [Owner : SYSTEM | Parent : 1016() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 12:42:27] CPU Usage:0 %
900 | [Owner : SYSTEM | Parent : 1016() | 9.92 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.14393.1198) = C:\Windows\System32\winlogon.exe [11/05/2017 09:14:07] CPU Usage:0 %
948 | [Owner : SYSTEM | Parent : 148(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (10.0.14393.1198) = C:\Windows\System32\services.exe [11/05/2017 09:14:54] CPU Usage:0 %
1028 | [Owner : SYSTEM | Parent : 148(wininit.exe) | 15.65 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [08/02/2017 18:58:34] CPU Usage:0 %
1124 | [Owner : SYSTEM | Parent : 948(services.exe) | 27.57 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1188 | [Owner : NETWORK SERVICE | Parent : 948(services.exe) | 13.41 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1312 | [Owner : NETWORK SERVICE | Parent : 948(services.exe) | 24.79 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1332 | [Owner : DWM-1 | Parent : 900(winlogon.exe) | 55.02 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.14393.0) = C:\Windows\System32\dwm.exe [16/07/2016 12:42:23] CPU Usage:0 %
1388 | [Owner : SYSTEM | Parent : 948(services.exe) | 170.96 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:6 %
1404 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 26.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1432 | [Owner : SYSTEM | Parent : 948(services.exe) | 60.1 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1656 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 33.4 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1716 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 35.69 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
1772 | [Owner : SYSTEM | Parent : 948(services.exe) | 11 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [27/04/2017 16:27:54] CPU Usage:0 %
1780 | [Owner : LOCAL SERVICE | Parent : 1388(svchost.exe) | 8.65 Mo] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe [16/07/2016 12:42:35] CPU Usage:0 %
2204 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 10.31 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2276 | [Owner : SYSTEM | Parent : 948(services.exe) | 6.45 Mo] - (.Logitech, Inc. - Logitech Solar Service (UNICODE).) - (1.10.3.0) = C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [30/01/2013 18:52:10] CPU Usage:0 %
2356 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 12.09 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2460 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 12.21 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2528 | [Owner : SYSTEM | Parent : 948(services.exe) | 13.41 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2700 | [Owner : NETWORK SERVICE | Parent : 948(services.exe) | 7.18 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2708 | [Owner : SYSTEM | Parent : 948(services.exe) | 16.9 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.14393.953) = C:\Windows\System32\spoolsv.exe [15/03/2017 21:54:14] CPU Usage:0 %
2844 | [Owner : LOCAL SERVICE | Parent : 1388(svchost.exe) | 14.06 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe [08/02/2017 18:57:30] CPU Usage:0 %
2928 | [Owner : SYSTEM | Parent : 948(services.exe) | 9.33 Mo] - (.Cambridge Silicon Radio Limited - Csr Bluetooth Service.) - (1.0.15.0) = C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [26/05/2011 22:04:16] CPU Usage:0 %
2936 | [Owner : SYSTEM | Parent : 948(services.exe) | 11.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2948 | [Owner : SYSTEM | Parent : 948(services.exe) | 8.31 Mo] - (.Cambridge Silicon Radio Limited - Bluetooth OBEX Service.) - (1.0.15.0) = C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [26/05/2011 22:04:14] CPU Usage:0 %
2956 | [Owner : SYSTEM | Parent : 948(services.exe) | 28.11 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2964 | [Owner : SYSTEM | Parent : 948(services.exe) | 6.33 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterWebService.exe [03/08/2014 11:44:56] CPU Usage:0 %
2972 | [Owner : SYSTEM | Parent : 948(services.exe) | 15.71 Mo] - (.Foxit Software Inc. - Foxit Reader ConnectedPDF Windows Service..) - (8.2.0.1206) = C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [24/09/2016 12:15:23] CPU Usage:0 %
2980 | [Owner : SYSTEM | Parent : 948(services.exe) | 66.11 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (17.0.0.611) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [28/06/2016 01:54:28] CPU Usage:0 %
2988 | [Owner : SYSTEM | Parent : 948(services.exe) | 19.88 Mo] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) - (5.0.0.1) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [19/12/2016 23:29:02] CPU Usage:0 %
2996 | [Owner : SYSTEM | Parent : 948(services.exe) | 8.11 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterCaptureService.exe [03/08/2014 11:44:56] CPU Usage:0 %
2240 | [Owner : SYSTEM | Parent : 948(services.exe) | 289.09 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.479) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [24/06/2017 11:47:24] CPU Usage:0 %
2656 | [Owner : SYSTEM | Parent : 948(services.exe) | 11.63 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
2624 | [Owner : NETWORK SERVICE | Parent : 948(services.exe) | 13.52 Mo] - (.Microsoft Corporation - Message Queuing Service.) - (5.0.1.1) = C:\Windows\System32\mqsvc.exe [16/07/2016 12:43:08] CPU Usage:0 %
3336 | [Owner : SYSTEM | Parent : 948(services.exe) | 8.76 Mo] - (.Microsoft Corporation - Machine Debug Manager.) - (7.0.9466.0) = C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [20/06/2003 00:25:00] CPU Usage:0 %
3344 | [Owner : SYSTEM | Parent : 948(services.exe) | 6.51 Mo] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - (2.5.5.0) = C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [01/01/2015 14:16:58] CPU Usage:0 %
3368 | [Owner : SYSTEM | Parent : 948(services.exe) | 11.43 Mo] - (.- Wifi Service.) - (2.1.0.24) = C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [31/12/2014 10:21:31] CPU Usage:0 %
3376 | [Owner : SYSTEM | Parent : 948(services.exe) | 19.16 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
3384 | [Owner : SYSTEM | Parent : 948(services.exe) | 8.32 Mo] - (.RaMMicHaeL - Unchecky Service.) - (1.0.2.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [26/02/2014 09:48:18] CPU Usage:0 %
3400 | [Owner : SYSTEM | Parent : 948(services.exe) | 22.12 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.12777.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10/08/2015 08:17:24] CPU Usage:0 %
3836 | [Owner : SYSTEM | Parent : 948(services.exe) | 16.28 Mo] - (.Copyright 2017. - ZAM.) - (2.74.0.76) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [24/06/2017 12:59:20] CPU Usage:0 %
4164 | [Owner : LOCAL SERVICE | Parent : 948(services.exe) | 21.93 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.7.2053.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [17/06/2017 08:39:47] CPU Usage:0 %
4244 | [Owner : NETWORK SERVICE | Parent : 948(services.exe) | 14.66 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.7.2053.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [17/06/2017 08:39:47] CPU Usage:0 %
5392 | [Owner : SYSTEM | Parent : 948(services.exe) | 11.09 Mo] - (.Microsoft Corporation - Virtual Disk Service.) - (10.0.14393.1198) = C:\Windows\System32\vds.exe [11/05/2017 09:14:07] CPU Usage:0 %
5548 | [Owner : SYSTEM | Parent : 2988(Agent.exe) | 13.87 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe [19/12/2016 23:29:10] CPU Usage:0 %
6212 | [Owner : Gary | Parent : 1432(svchost.exe) | 23.55 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 12:42:09] CPU Usage:0 %
6224 | [Owner : Gary | Parent : 3400(TeamViewer_Service.exe) | 44.54 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.12777.0) = C:\Program Files (x86)\TeamViewer\TeamViewer.exe [10/08/2015 08:17:24] CPU Usage:0 %
6248 | [Owner : Gary | Parent : 948(services.exe) | 21.54 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
6352 | [Owner : Gary | Parent : 3384(unchecky_svc.exe) | 11.7 Mo] - (.RaMMicHaeL - Unchecky Background Process.) - (1.0.2.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [26/02/2014 09:48:18] CPU Usage:0 %
6368 | [Owner : Gary | Parent : 1432(svchost.exe) | 21.95 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 12:42:36] CPU Usage:0 %
6656 | [Owner : Gary | Parent : 1124(svchost.exe) | 38.49 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 12:42:05] CPU Usage:0 %
6780 | [Owner : Gary | Parent : 6756() | 115.18 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.14393.1198) = C:\Windows\explorer.exe [11/05/2017 09:14:11] CPU Usage:0 %
6964 | [Owner : SYSTEM | Parent : 3400(TeamViewer_Service.exe) | 7.23 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.12777.0) = C:\Program Files (x86)\TeamViewer\tv_w32.exe [10/08/2015 08:17:24] CPU Usage:0 %
6992 | [Owner : SYSTEM | Parent : 3400(TeamViewer_Service.exe) | 7.3 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.12777.0) = C:\Program Files (x86)\TeamViewer\tv_x64.exe [10/08/2015 08:17:24] CPU Usage:0 %
1204 | [Owner : Gary | Parent : 1124(svchost.exe) | 68.77 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [08/02/2017 18:57:59] CPU Usage:0 %
3504 | [Owner : Gary | Parent : 1124(svchost.exe) | 91.76 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.953) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [15/03/2017 21:53:34] CPU Usage:0 %
3516 | [Owner : SYSTEM | Parent : 6344() | 0.89 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe [28/04/2017 02:14:57] CPU Usage:0 %
7344 | [Owner : SYSTEM | Parent : 6344() | 0.82 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe [28/04/2017 02:14:57] CPU Usage:0 %
8188 | [Owner : SYSTEM | Parent : 948(services.exe) | 144.19 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.14393.1358) = C:\Windows\System32\SearchIndexer.exe [17/06/2017 08:18:29] CPU Usage:0 %
1560 | [Owner : Gary | Parent : 2980(avp.exe) | 4.52 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (17.0.0.643) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe [29/03/2017 03:21:00] CPU Usage:0 %
6620 | [Owner : Gary | Parent : 6780(explorer.exe) | 9.1 Mo] - (.Cambridge Silicon Radio Limited - Csr Bluetooth OSD Settings.) - (1.0.15.0) = C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [26/05/2011 22:04:46] CPU Usage:0 %
7152 | [Owner : Gary | Parent : 6780(explorer.exe) | 11 Mo] - (.Cambridge Silicon Radio Limited - Csr Harmony User Startup Application.) - (1.0.15.0) = C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [26/05/2011 22:04:32] CPU Usage:0 %
7372 | [Owner : Gary | Parent : 6780(explorer.exe) | 11.09 Mo] - (.Cambridge Silicon Radio Limited - HFP Skype Application.) - (1.0.15.0) = C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\HarmonyHFPSkypePlugin.exe [26/05/2011 22:02:18] CPU Usage:0 %
6760 | [Owner : Gary | Parent : 6780(explorer.exe) | 21.64 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1068) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [24/06/2017 11:47:21] CPU Usage:0 %
5556 | [Owner : Gary | Parent : 6780(explorer.exe) | 211.54 Mo] - (.Copyright 2017. - ZAM.) - (2.74.0.76) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [24/06/2017 12:59:20] CPU Usage:0 %
6300 | [Owner : Gary | Parent : 6780(explorer.exe) | 34.81 Mo] - (.- Netgear.) - (1.1.4.27) = C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe [31/12/2014 10:21:27] CPU Usage:0 %
8440 | [Owner : Gary | Parent : 6300(WNA3100M.exe) | 12.06 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.14393.0) = C:\Windows\System32\conhost.exe [16/07/2016 12:42:23] CPU Usage:0 %
7416 | [Owner : SYSTEM | Parent : 948(services.exe) | 6.47 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.611) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [28/06/2016 01:54:28] CPU Usage:0 %
1104 | [Owner : Gary | Parent : 7416(ksde.exe) | 4.46 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.643) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe [28/06/2016 01:51:00] CPU Usage:0 %
6160 | [Owner : Gary | Parent : 1124(svchost.exe) | 7.75 Mo] - (.-.) - (11.18.614.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe [21/06/2017 20:56:40] CPU Usage:0 %
11472 | [Owner : SYSTEM | Parent : 8188(SearchIndexer.exe) | 9.41 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.953) = C:\Windows\System32\SearchProtocolHost.exe [15/03/2017 21:54:43] CPU Usage:0 %
1044 | [Owner : NETWORK SERVICE | Parent : 1124(svchost.exe) | 8.61 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [16/07/2016 12:42:56] CPU Usage:0 %
9844 | [Owner : Gary | Parent : 6780(explorer.exe) | 1037.39 Mo] - (.Mozilla Corporation - Firefox.) - (54.0.0.6368) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [14/06/2017 21:20:53] CPU Usage:13 %
10764 | [Owner : LOCAL SERVICE | Parent : 2204(svchost.exe) | 12.41 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe [16/07/2016 12:42:22] CPU Usage:0 %
11140 | [Owner : Gary | Parent : 1124(svchost.exe) | 69.08 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.14393.1198) = C:\Windows\explorer.exe [11/05/2017 09:14:11] CPU Usage:0 %
1264 | [Owner : SYSTEM | Parent : 1772(NVDisplay.Container.exe) | 23.57 Mo] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.7872) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [27/04/2017 16:28:16] CPU Usage:0 %
6732 | [Owner : Gary | Parent : 1124(svchost.exe) | 22.58 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe [16/07/2016 12:42:40] CPU Usage:0 %
8908 | [Owner : Gary | Parent : 1124(svchost.exe) | 33.08 Mo] - (.-.) - (10.1705.1705.10001) = C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe [23/05/2017 00:31:50] CPU Usage:0 %
740 | [Owner : Gary | Parent : 6780(explorer.exe) | 35.66 Mo] - (.Helios Software Solutions - TextPad.) - (7.6.1.0) = C:\Program Files\TextPad 7\TextPad.exe [16/01/2016 20:07:56] CPU Usage:0 %
7120 | [Owner : SYSTEM | Parent : 900(winlogon.exe) | 3.33 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.1358) = C:\Windows\System32\fontdrvhost.exe [17/06/2017 08:18:07] CPU Usage:0 %
10604 | [Owner : Gary | Parent : 6780(explorer.exe) | 53.58 Mo] - (.Microsoft Corporation - Microsoft Office Excel.) - (11.0.8404.0) = C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [29/05/2013 10:08:26] CPU Usage:0 %
4072 | [Owner : Gary | Parent : 6780(explorer.exe) | 142.38 Mo] - (.Microsoft Corporation - Microsoft Office Outlook.) - (11.0.8326.0) = C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE [23/06/2010 18:17:12] CPU Usage:0 %
10056 | [Owner : Gary | Parent : 1124(svchost.exe) | 68.71 Mo] - (.Microsoft Corporation - Microsoft Office Word.) - (11.0.8411.0) = C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE [19/03/2014 21:45:08] CPU Usage:0 %
9492 | [Owner : Gary | Parent : 10056(WINWORD.EXE) | 10.39 Mo] - (.Microsoft Corporation - Print driver host for applications.) - (10.0.14393.351) = C:\Windows\splwow64.exe [08/02/2017 19:00:14] CPU Usage:0 %
5656 | [Owner : | Parent : 948(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 %
11072 | [Owner : Gary | Parent : 1124(svchost.exe) | 15.18 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.1198) = C:\Windows\System32\smartscreen.exe [11/05/2017 09:14:58] CPU Usage:0 %
12048 | [Owner : Gary | Parent : 6780(explorer.exe) | 39.88 Mo] - (.SosVirus - QuickDiag.) - (24.6.17.2) = C:\Users\Gary\Desktop\QuickDiag.exe [30/06/2017 07:52:47] CPU Usage:0 %
11172 | [Owner : SYSTEM | Parent : 8188(SearchIndexer.exe) | 6.5 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.953) = C:\Windows\System32\SearchFilterHost.exe [15/03/2017 21:54:34] CPU Usage:0 %
3052 | [Owner : SYSTEM | Parent : 1124(svchost.exe) | 8.77 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [16/07/2016 12:42:31] CPU Usage:0 %
9372 | [Owner : LogonSessionId_0_130032520 | Parent : 1124(svchost.exe) | 9.51 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [16/07/2016 12:42:56] CPU Usage:0 %

---------- | MD5

[MD5.679D17F8CDB938C7100D7A647953677E] - [11/05/2017 09:14:11] - (.© Microsoft Corporation. - Windows Explorer.) - [4564.8 Ko] - (10.0.14393.1198) : C:\WINDOWS\Explorer.exe
[MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 12:42:36] - (.© Microsoft Corporation. - Windows Command Processor.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe
[MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe
[MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.951FF70440427DA334B6579D71A19480] - [11/05/2017 09:14:08] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [684.51 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Kernel32.dll
[MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [08/02/2017 18:58:34] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe
[MD5.4A7015195E49A3BA7DB967B277B21E9D] - [11/05/2017 09:14:08] - (.© Microsoft Corporation. - Distributed COM Services.) - [869.5 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\rpcss.dll
[MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 12:42:42] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.9A3B47CD17283B299311013AD3D21D26] - [11/05/2017 09:14:54] - (.© Microsoft Corporation. - Services and Controller app.) - [442.91 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\services.exe
[MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe
[MD5.C46EA86BF0E7C96235E9064CBAD6ED26] - [08/02/2017 18:57:46] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1426.95 Ko] - (10.0.14393.576) : C:\WINDOWS\System32\user32.dll
[MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - Userinit Logon Application.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe
[MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe
[MD5.B2151FE002A8D3F41E2DF935F260E3A8] - [11/05/2017 09:14:07] - (.© Microsoft Corporation. - Windows Logon Application.) - [658 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Winlogon.exe
[MD5.323AA1953ED9C01E23F740FA891FE064] - [08/02/2017 18:58:47] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.4BC21E937E9F9F408672D2C2CBE4A153] - [15/03/2017 21:53:40] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [142 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 12:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 12:41:54] - (.© Microsoft Corporation. - i8042 Port Driver.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 12:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.D559FF28B1AD9B1E15A4186E785E61F6] - [15/03/2017 21:53:40] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [439.84 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.A530D0C58A657BCD1629816B887661CB] - [17/06/2017 08:18:26] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1153.34 Ko] - (10.0.14393.1358) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.8DB6A6B731CEC9046CD8CA0267EC5679] - [11/05/2017 09:14:10] - (.© Microsoft Corporation. - NT File System Driver.) - [2202.84 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - Parallel Port Driver.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 12:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 12:44:03] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.4ED37041ADB4BD4BEEB1279AFA5808A9] - [17/06/2017 08:18:26] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2472.84 Ko] - (10.0.14393.1358) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.A7C267671EDDF066E8CFBF897BC4B626] - [17/06/2017 08:18:24] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.14393.1358) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll
(.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 378.72.) - (21.21.13.7872) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f578\nvwgf2umx.dll
(.AO Kaspersky Lab.-.Shell Extension.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll
(.AO Kaspersky Lab.-.Helper Library.) - (1.7.106.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\remote_eka_prague_loader.dll
(.AO Kaspersky Lab.-.PR_REMOTE.) - (1.7.106.1) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\prremote.dll
(.AO Kaspersky Lab.-.Prague Core.) - (1.7.106.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\prcore.dll
(.AO Kaspersky Lab.-.Component service provider.) - (1.10.0.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\kl_service.dll
(.AO Kaspersky Lab.-.Proxy Stubs.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\pxstub.ppl
(.AO Kaspersky Lab.-.Structure Serializer.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\params.ppl
(.AO Kaspersky Lab.-.Kaspersky Product Info library.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll
(.AO Kaspersky Lab.-.Product Metainformation.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_metainfo.dll
(.TeamViewer GmbH.-.TeamViewer 12.) - (12.1.12777.0) -- C:\Program Files (x86)\TeamViewer\tv_x64.dll
(.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) -- C:\WINDOWS\system32\nvshext.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 378.72.) - (21.21.13.7872) -- C:\WINDOWS\system32\nvapi64.dll
(.Cambridge Silicon Radio Limited.-.Bluetooth Client Extension.) - (1.0.15.0) -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CSRBtShellExt.dll
(.Cambridge Silicon Radio Limited.-.Csr Bluetooth Proxy.) - (1.0.15.0) -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtProxy.DLL
(.Cambridge Silicon Radio Limited.-.Bluetooth File Transfer Wizard.) - (1.0.15.0) -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXProxy.DLL
(.Cambridge Silicon Radio Limited.-.Csr Icon Resource Library.) - (1.0.15.0) -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\IconResource.dll
(.Cambridge Silicon Radio Limited.-.Csr Bluetooth OBEX Proxy Stub.) - (1.0.15.0) -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXProxyPS.dll
(.Cambridge Silicon Radio Limited.-.Csr Bluetooth Proxy PS.) - (1.0.15.0) -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtProxyPS.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.1.0.0) -- C:\Program Files\WinRAR\rarext.dll
(..-.Windows Explorer context menu extension for TextPad.) - (2.2.0.0) -- C:\Program Files\TextPad 7\System\ShellExt64.dll
(.CHENGDU YIWO Tech Development Co.,Ltd.-.EaseUS Todo Backup Application.) - (3.0.0.1) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
(.Foxit Software Inc..-.ConvertToPDFShellExtension.) - (8.3.0.331) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll
(.Piriform Ltd.-.DefragglerShell.) - (2.19.0.982) -- C:\Program Files\Defraggler\DefragglerShell64.dll
(..-.CGUnlockerExtension Module.) - (1.0.0.3) -- C:\Program Files (x86)\CleanGenius 3\CGUnlockerExtension64.dll
(..-.ShellHandler for Notepad++ (64 bit).) - (0.1.0.0) -- C:\Program Files (x86)\Notepad++\NppShell_06.dll
(..-..) - (1.0.0.0) -- C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
(.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (8.17.13.7872) -- C:\WINDOWS\system32\nv3dappshext.dll
(..-..) - (0.0.0.0) -- : 11140
(.TeamViewer GmbH.-.TeamViewer 12.) - (12.1.12777.0) -- C:\Program Files (x86)\TeamViewer\tv_x64.dll
(.AO Kaspersky Lab.-.Shell Extension.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll
(.AO Kaspersky Lab.-.Helper Library.) - (1.7.106.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\remote_eka_prague_loader.dll
(.AO Kaspersky Lab.-.PR_REMOTE.) - (1.7.106.1) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\prremote.dll
(.AO Kaspersky Lab.-.Prague Core.) - (1.7.106.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\prcore.dll
(.AO Kaspersky Lab.-.Component service provider.) - (1.10.0.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\kl_service.dll
(.AO Kaspersky Lab.-.Proxy Stubs.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\pxstub.ppl
(.AO Kaspersky Lab.-.Structure Serializer.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\params.ppl
(.AO Kaspersky Lab.-.Kaspersky Product Info library.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll
(.AO Kaspersky Lab.-.Product Metainformation.) - (17.0.0.727) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_metainfo.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 378.72.) - (21.21.13.7872) -- C:\WINDOWS\system32\nvapi64.dll
(.AO Kaspersky Lab.-.NFIO.) - (1.7.106.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\nfio.ppl
(.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) -- C:\WINDOWS\system32\nvshext.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

NETGEAR WNA3100M Genie - (C:\PROGRA~2\NETGEAR\WNA3100M\WNA3100M.exe [Common Startup]) - User: Public
vksts - (C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [HKLM\SOFTWARE\...\Run]) - User: Public
HarmonyUserStartup - (C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [HKLM\SOFTWARE\...\Run]) - User: Public
HarmonyHFPSkypePlugin - (C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\HarmonyHFPSkypePlugin.exe [HKLM\SOFTWARE\...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public
ZAM - ("C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"DAEMON Tools Lite"=0x020000000000000000000000
"Visual Subst"=0x020000000000000000000000

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=regedit\1
"MRUList"=fgaedcb
"b"=explorer\1
"c"=control system.cpl\1
"d"=control sysdm.cpl\1
"e"=shell:Common Startup\1
"f"=gpedit.msc\1
"g"=devmgmt.msc\1

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Foxit Reader PDF Printer,winspool,Ne03:
"IsMRUEstablished"=0
"LegacyDefaultPrinterMode"=0

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"vksts"=C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [26/05/2011 22:04:46]
"HarmonyUserStartup"=C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [26/05/2011 22:04:32]
"HarmonyHFPSkypePlugin"=C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\HarmonyHFPSkypePlugin.exe [26/05/2011 22:02:18]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [24/06/2017 11:47:21]
"ZAM"="C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"NvBackend"=0x020000000000000000000000
"ShadowPlay"=0x020000000000000000000000
"vksts"=0x020000000000000000000000
"TrayApplication"=0x020000000000000000000000
"HarmonyUserStartup"=0x020000000000000000000000
"HarmonyHFPSkypePlugin"=0x020000000000000000000000
"Speedfan"=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"LWS"=0x020000000000000000000000
"Malwarebytes Anti-Exploit"=0x020000000000000000000000
"NUSB3MON"=0x020000000000000000000000
"EaseUS Cleanup"=0x020000000000000000000000
"EaseUS EPM tray"=0x020000000000000000000000
"EaseUS EPM Tray Agent"=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"AppInit_DLLs"=
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"DeviceNotSelectedTimeout"=15
"DwmInputUsesIoCompletionPort"=1
"EnableDwmInputProcessing"=7
"GDIProcessHandleQuota"=10000
"IconServiceLib"=IconCodecService.dll
"LoadAppInit_DLLs"=0
"NaturalInputHandler"=Ninput.dll
"ShutdownWarningDialogTimeout"=4294967295
"Spooler"=yes
"ThreadUnresponsiveLogTimeout"=500
"TransmissionRetryTimeout"=90
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
"Win32kLastWriteTime"=1D255C50DCC143C

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"AppInit_DLLs"=
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"DeviceNotSelectedTimeout"=15
"DwmInputUsesIoCompletionPort"=1
"EnableDwmInputProcessing"=7
"GDIProcessHandleQuota"=10000
"IconServiceLib"=IconCodecService.dll
"LoadAppInit_DLLs"=0
"NaturalInputHandler"=Ninput.dll
"ShutdownWarningDialogTimeout"=4294967295
"Spooler"=yes
"ThreadUnresponsiveLogTimeout"=500
"TransmissionRetryTimeout"=90
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}


---------- | Win.ini :



---------- | System.ini :



---------- | Tasks List

CCleanerSkipUAC
CreateExplorerShellUnelevatedTask
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
Microsoft_Hardware_Launch_ipoint_exe
Microsoft_Hardware_Launch_itype_exe
Microsoft_Hardware_Launch_mousekeyboardcenter_exe
Microsoft_MKC_Logon_Task_ipoint.exe
Microsoft_MKC_Logon_Task_itype.exe
OneDrive Standalone Update Task v2
User_Feed_Synchronization-{9CCE1708-B600-4932-8034-8692F7D4C5A2}
{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}

---------- | Startings up registry ¦ Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CleanGeniusTray] : "C:\Program Files (x86)\CleanGenius 3\CleanGeniusTray.exe" -startup
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Unified Remote v2] : C:\Program Files (x86)\Unified Remote\RemoteServer.exe

---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0
"DelayConMgrTimeout"=0
"DeleteTempDirsOnExit"=1
"fDenyTSConnections"=0
"fSingleSessionPerUser"=1
"NotificationTimeOut"=0
"PerSessionTempDir"=0
"ProductVersion"=5.1
"RCDependentServices"=CertPropSvc
SessionEnv
"SnapshotMonitors"=1
"StartRCM"=0
"TSUserEnabled"=0
"RailShowallNotifyIcons"=1
"RDPVGCInstalled"=1
"InstanceID"=12b465f2-c50b-4bc2-9657-2254ad1
"GlassSessionId"=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8
"BootExecute"=autocheck autochk *
"BootShell"=%SystemRoot%\system32\bootim.exe
"CriticalSectionTimeout"=2592000
"ExcludeFromKnownDlls"=
"GlobalFlag"=0
"HeapDeCommitFreeBlockThreshold"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapSegmentReserve"=0
"InitConsoleFlags"=0
"NumberOfInitialSessions"=2
"ObjectDirectories"=\Windows
\RPC Control
"ProcessorControl"=2
"ProtectionMode"=1
"ResourceTimeoutCount"=648000
"RunLevelExecute"=WinInit
ServiceControlManager
"RunLevelValidate"=ServiceControlManager
"SETUPEXECUTE"=

[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28
"CurrentUser"=USERNAME
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc
"PreshutdownOrder"=UsoSvc
gpsvc
trustedinstaller
"WaitToKillServiceTimeout"=200
"SystemStartOptions"= NOEXECUTE=OPTIN
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)
"LastBootSucceeded"=0
"LastBootShutdown"=0
"DirtyShutdownCount"=60

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0
"auditbaseobjects"=0
"Bounds"=0x0030000000200000
"crashonauditfail"=0
"fullprivilegeauditing"=0x00
"LimitBlankPasswordUse"=1
"NoLmHash"=1
"Notification Packages"=scecli
"Authentication Packages"=msv1_0
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"LsaPid"=1028
"ProductType"=6
"restrictanonymous"=0
"restrictanonymoussam"=1
"SecureBoot"=1
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u


---------- | .LNK with Arguments

e:\backup of 64g flash\backup c\old pc image\winnt\profiles\gary\start menu\programs\utils\aladdin expander 5.0\aladdin on the internet.lnk - Encrypted: False - Target: C:\Program Files\Plus!\Microsoft Internet\Iexplore.exe - Args: (hxxp://www.aladdinsys.com/register) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http---forms.real.com-(10ffdcf3e97fd7ba0918)-rndl-demonukpopup.html-f.lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: ( hxxp://forms.real.com/(10ffdcf3e97fd7ba0918)/rndl/demonUKpopup.html?filename=windows/RealPlayer10Beta.exe&code=10ffdcf3e97fd7ba0918) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http---www.cutiespankee.com-rms-cm_dr....lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.cutiespankee.com/rms/cm_drs_a.rm) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http---www.reikoreiko.com-video-carol....lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/carolinepromo.RAM) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http---www.reikoreiko.com-video-defai....lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/defaintdautprev_hi.ram) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http---www.reikoreiko.com-video-famil....lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/video/familyhike%20pv%20lo.ram) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\http---www.reikoreiko.com-video-misse....lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/missedchoresprev%20hi.ram) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\realnetworks customer support downloads.lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: ( hxxp://service.real.com/realplayer/downloads/) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\documents and settings\owner\application data\real\realplayer\history\realone player download.lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: ( hxxp://forms.real.com/real/realone/realone.html?dc=31131039&type=upgrade#demonUK) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\found.000\dir0000.chk\start menu\programs\freshdevices\freshui\get free registration code!!.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: ("hxxp://www.freshdevices.com/register.html") - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\found.000\dir0000.chk\start menu\programs\the master genealogist v5\frequently asked questions web site.lnk - Encrypted: False - Target: C:\Program Files\The Master Genealogist\goweb.exe - Args: (hxxp://www.whollygenes.com/faq.htm) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\found.000\dir0000.chk\start menu\programs\the master genealogist v5\register online.lnk - Encrypted: False - Target: C:\Program Files\The Master Genealogist\goweb.exe - Args: (hxxp://www.whollygenes.com/register.htm) - Hidden: False - Status: OK
e:\copy of duff disk after it became recognisable\found.000\dir0000.chk\start menu\programs\the master genealogist v5\technical support web site.lnk - Encrypted: False - Target: C:\Program Files\The Master Genealogist\goweb.exe - Args: (hxxp://www.whollygenes.com/support.htm) - Hidden: False - Status: OK
e:\move files from 64g\backup c\old pc image\winnt\profiles\gary\start menu\programs\utils\aladdin expander 5.0\aladdin on the internet.lnk - Encrypted: False - Target: C:\Program Files\Plus!\Microsoft Internet\Iexplore.exe - Args: (hxxp://www.aladdinsys.com/register) - Hidden: False - Status: OK
f:\salvage disk\documents and settings\owner\application data\real\realplayer\history\http---forms.real.com-(10ffdcf3e97fd7ba0918)-rndl-demonukpopup.html-f.lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: ( hxxp://forms.real.com/(10ffdcf3e97fd7ba0918)/rndl/demonUKpopup.html?filename=windows/RealPlayer10Beta.exe&code=10ffdcf3e97fd7ba0918) - Hidden: False - Status: OK
f:\salvage disk\documents and settings\owner\application data\real\realplayer\history\http---www.cutiespankee.com-rms-cm_dr....lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.cutiespankee.com/rms/cm_drs_a.rm) - Hidden: False - Status: OK
f:\salvage disk\documents and settings\owner\application data\real\realplayer\history\http---www.reikoreiko.com-video-carol....lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/carolinepromo.RAM) - Hidden: False - Status: OK
f:\salvage disk\documents and settings\owner\application data\real\realplayer\history\http---www.reikoreiko.com-video-defai....lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/defaintdautprev_hi.ram) - Hidden: False - Status: OK
f:\salvage disk\documents and settings\owner\application data\real\realplayer\history\http---www.reikoreiko.com-video-misse....lnk - Encrypted: False - Target: C:\Program Files\Real\RealPlayer\realplay.exe - Args: (/startpos:00:00:00.0 hxxp://www.reikoreiko.com/Video/missedchoresprev%20hi.ram) - Hidden: False - Status: OK
i:\from 32g pendrive\allan's pc backup\documents and settings\asmeyat\start menu\programs\sun microsystems\j2ee 1.4 sdk\admin console.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://localhost:4848/asadmin/index.html) - Hidden: False - Status: OK
i:\from 32g pendrive\allan's pc backup\documents and settings\asmeyat\start menu\programs\sun microsystems\j2ee 1.4 sdk\online documentation.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://java.sun.com/j2ee/1.4/docs/) - Hidden: False - Status: OK
i:\from 32g pendrive\allan's pc backup\documents and settings\asmeyat\start menu\programs\sun microsystems\j2ee 1.4 sdk\samples server admin console.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://localhost:4858/asadmin/index.html) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0
"BlockSendInputResets"=0
"CaretWidth"=2
"ClickLockTime"=1200
"CoolSwitchColumns"=7
"CoolSwitchRows"=3
"CursorBlinkRate"=530
"DockMoving"=1
"DragFromMaximize"=1
"DragFullWindows"=0
"DragHeight"=4
"DragWidth"=4
"FocusBorderHeight"=1
"FocusBorderWidth"=1
"FontSmoothing"=2
"FontSmoothingGamma"=1400
"FontSmoothingOrientation"=1
"FontSmoothingType"=2
"ForegroundFlashCount"=7
"ForegroundLockTimeout"=200000
"LeftOverlapChars"=3
"MenuShowDelay"=400
"MouseWheelRouting"=2
"PaintDesktopVersion"=0
"Pattern"=0
"RightOverlapChars"=3
"SnapSizing"=1
"TileWallpaper"=0
"WallPaper"=C:\Users\Gary\Pictures\tunnel-of-love-HD-Mania-Wallpaper.jpeg [21/01/2016 09:50:43]
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"WallpaperStyle"=2
"WheelScrollChars"=3
"WheelScrollLines"=3
"WindowArrangementActive"=0
"ScreenSaveActive"=1
"UserPreferencesMask"=0x9E3E078012000000
"Win32PrioritySeparation"=38
"WaitToKillAppTimeout"=200
"Max Cached Ico"=0
"Win8DpiScaling"=0
"DpiScalingVer"=4096
"MaxVirtualDesktopDimension"=3520
"MaxMonitorDimension"=1920
"TranscodedImageCount"=2
"LastUpdated"=4294967295
"PreferredUILanguages"=en-US
"TranscodedImageCache"=0x7AC3010053630D00E40C0000C4080000BE392ED02854D10143003A005C00550073006500720073005C0047006100720079005C00500069006300740075007200650073005C00740075006E006E0065006C002D006F0066002D006C006F00760065002D00480044002D004D0061006E00690061002D00570061006C006C00700061007000650072002E006A00700065006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"Pattern Upgrade"=TRUE
"AutoColorization"=0
"ImageColor"=2943791926
"ScreenSaverIsSecure"=0
"ScreenSaveTimeOut"=60

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiscSpaceChecks"=1
"NoLowDiskSpaceChecks"=1

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"EnableAutoTray"=0
"ShellState"=0x2400000033A8000000000000000000000000000001000000130000000000000062000000
"ExplorerStartupTraceRecorded"=1
"UserSignedIn"=1
"SlowContextMenuEntries"=0x89FAC93912707345A92DBFD1F8CA542DB6020200A05747A926026F42B4F14DF381C630D3751E000060B81DB4E464D2119906E49FADC173CA132400000114020000000000C000000000000046B60202004E3AAA90BA1C3342B8BB535773D484491E2A0000
"SIDUpdatedOnLibraries"=1
"LocalKnownFoldersMigrated"=1
"TelemetrySalt"=3
"GlobalAssocChangedCounter"=458
"AppReadinessLogonComplete"=1
"FirstRunTelemetryComplete"=1
"link"=0x16000000
"Browse For Folder Width"=318
"Browse For Folder Height"=333
"ScreenshotIndex"=2

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"ServerAdminUI"=0
"Hidden"=1
"ShowCompColor"=1
"HideFileExt"=0
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"SuperHidden"=1
"SeparateProcess"=1
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"StartMenuInit"=13
"TaskbarSizeMove"=0
"DisablePreviewDesktop"=1
"TaskbarSmallIcons"=0
"TaskbarGlomLevel"=0
"Start_PowerButtonAction"=2
"NavPaneShowAllFolders"=1
"NavPaneExpandToCurrentFolder"=1
"AlwaysShowMenus"=1
"HideDrivesWithNoMedia"=0
"ShowSuperHidden"=1
"FolderContentsInfoTip"=1
"ShowStatusBar"=1
"StoreAppsOnTaskbar"=1
"EnableStartMenu"=1
"ReindexedProfile"=1
"VirtualDesktopAltTabFilter"=0
"VirtualDesktopTaskbarFilter"=0
"TaskbarAppsVisibleInTabletMode"=1
"MMTaskbarEnabled"=1
"MMTaskbarMode"=0
"MMTaskbarGlomLevel"=0
"DontUsePowerShellOnWinX"=1
"TaskbarStateLastRun"=0x5795515900000000

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x0A00000006000000090000000800000007000000050000000400000003000000020000000100000000000000FFFFFFFF
"0"=0x5000720065006D00690075006D00200050006C0061007900650072000000
"1"=0x22005000720065006D00690075006D00200050006C00610079006500720022000000
"2"=0x6600720069006F000000
"3"=0x730069006C00760065007200730074006F006E0065000000
"4"=0x5A004F005400410043000000
"5"=0x76006D0074002E006C006F0067000000
"7"=0x6B0069006E0064003A003D0069006E007300740061006E00740020006D006500730073006100670065000000
"8"=0x4A003A005C004200410043004B00550050005C004F004C004400200049002000440052004900560045005C00570069006E0064006F00770073005C0044004100540041005C00500069006300740075007200650073002000460072006F006D0020005000690065007400650072007300200045006D00610069006C000000
"9"=0x6B0069006E0064003A003D0063006F006D006D0075006E00690063006100740069006F006E000000
"6"=0x6B0069006E0064003A003D0070006900630074007500720065000000
"10"=0x6900760072006400650076000000

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoRecentDocsHistory"=0
"NoDriveTypeAutoRun"=60

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"DefaultValue"=2
"HKeyRoot"=2147483649
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"ValueName"=Hidden

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0
"ActiveSetupTaskOverride"=1
"AsyncRunOnce"=1
"AsyncUpdatePCSettings"=1
"DisableAppInstallsOnFirstLogon"=1
"DisableResolveStoreCategories"=1
"DisableUpgradeCleanup"=1
"EarlyAppResolverStart"=1
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"FSIASleepTimeInMs"=60000
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"MachineOobeUpdates"=1
"NoWaitOnRoamingPayloads"=1
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}
"SmartScreenEnabled"=RequireAdmin
"GlobalAssocChangedCounter"=24
"MultipleInvokePromptMinimum"=10000

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1
"TaskbarSizeMove"=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoRecentDocsHistory"=0
"NoDriveTypeAutoRun"=60

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"DefaultValue"=2
"HKeyRoot"=2147483649
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"ValueName"=Hidden

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0
"ActiveSetupTaskOverride"=1
"AsyncRunOnce"=1
"AsyncUpdatePCSettings"=1
"DisableAppInstallsOnFirstLogon"=1
"DisableResolveStoreCategories"=1
"DisableUpgradeCleanup"=1
"EarlyAppResolverStart"=1
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"FSIASleepTimeInMs"=60000
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"MachineOobeUpdates"=1
"NoWaitOnRoamingPayloads"=1
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}
"GlobalAssocChangedCounter"=45

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1
"TaskbarSizeMove"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s


---------- | Winlogon

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders;AppData\Local\Microsoft\Outlook
"PUUActive"=0xFBD0EE790800000006003D0066350400F5360400D8A21000D10000005D006300D1B260348BA510008BA51000E912020032DF0100C242000000000000B6A310004F0A0000660100003A66045276F1D20130EE6800000000000100000000000000
"BuildNumber"=14393
"FirstLogon"=0
"ParseAutoexec"=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1
"Background"=0 0 0
"CachedLogonsCount"=10
"DebugServerCommand"=no
"DefaultDomainName"=
"DefaultUserName"=
"DisableBackButton"=1
"EnableSIHostIntegration"=1
"ForceUnlockLogon"=0
"LegalNoticeCaption"=
"LegalNoticeText"=
"PasswordExpiryWarning"=5
"PowerdownAfterShutdown"=0
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"ReportBootOk"=1
"Shell"=explorer.exe
"ShellCritical"=0
"ShellInfrastructure"=sihost.exe
"SiHostCritical"=0
"SiHostReadyTimeOut"=0
"SiHostRestartCountLimit"=0
"SiHostRestartTimeGap"=0
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"WinStationsDisabled"=0
"LastLogOffEndTimePerfCounter"=1238280997095
"ShutdownFlags"=7
"Userinit"=C:\Windows\system32\userinit.exe,
"scremoveoption"=0
"ShutdownWithoutLogon"=0
"DisableCad"=1
"EnableFirstLogonAnimation"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=
"DefaultUserName"=
"EnableSIHostIntegration"=1
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Shell"=explorer.exe
"ShellCritical"=0
"SiHostCritical"=0
"SiHostReadyTimeOut"=0
"SiHostRestartCountLimit"=0
"SiHostRestartTimeGap"=0
"Userinit"=C:\WINDOWS\system32\userinit.exe,


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\Classes\.com]
""=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.reg]
""=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\Classes\.scr]
""=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\Classes\.bat]
""=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.cmd]
""=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.pif]
""=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.inf]
""=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes\.url]
""=InternetShortcut

[HKLM\Software\Classes\.lnk]
""=lnkfile

[HKLM\Software\Classes\.hta]
""=htafile
"Content Type"=application/hta
"PerceivedType"=text

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"NeverShowExt"=
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internet Shortcut

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"BrowserFlags"=4096
"EditFlags"=4259840
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200

[HKLM\Software\Classes\Application.Reference]
""=Application Reference
"EditFlags"=131072
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201
"IsShortcut"=
"NeverShowExt"=

[HKLM\Software\Classes\Folder]
""=Folder
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile
"Content Type"=application/hta
"PerceivedType"=text

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"NeverShowExt"=
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internet Shortcut

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest
"BrowserFlags"=4096
"EditFlags"=4259840
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference
"EditFlags"=131072
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201
"IsShortcut"=
"NeverShowExt"=

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Clients\StartMenuInternet\Chromium.Q3TY6YDOBBTQYMN77BHUBGWTKA\Shell\open\Command]
""="C:\Users\Gary\AppData\Local\Chromium\Application\chrome.exe"
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Clients\StartMenuInternet\Chromium.Q3TY6YDOBBTQYMN77BHUBGWTKA\InstallInfo]
"ReinstallCommand"="C:\Users\Gary\AppData\Local\Chromium\Application\chrome.exe" --make-default-browser

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [15/03/2017 21:53:39]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [15/03/2017 21:53:39]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"SIGN.MEDIA=174FBED5 SETUP.EXE"=1
"C:\Windows.old\Users\Gary\Downloads\pure13.0.2.558en-gb(1).exe"=1
"C:\Users\Gary\AppData\Local\Temp\{B32079EF-89B4-4C8F-8D31-1B672C844760}\InstallFlashPlayer.exe"=1
"C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ0BUVG7\SUPERAntiSpyware[1].exe"=1
"C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDQSPRP5\mbam-setup-1.75.0.1300[1].exe"=1
"C:\Users\Gary\AppData\Local\Temp\Temp1_txpeng710.zip\setup.exe"=1
"C:\Users\Gary\Downloads\instsf449.exe"=1
"C:\Users\Gary\Downloads\InstallConverter_brie.exe"=1
"C:\Users\Gary\Downloads\KeePass-2.24-Setup.exe"=1
"C:\Users\Gary\Downloads\vlc-2.1.2-win32.exe"=1
"C:\Users\Gary\Downloads\ccsetup408.exe"=1
"C:\Users\Gary\Downloads\dfsetup216.exe"=1
"C:\Users\Gary\Downloads\rcsetup149.exe"=1
"C:\Users\Gary\Downloads\spsetup124.exe"=1
"C:\Users\Gary\AppData\Local\Temp\is-PGNF4.tmp\CountInstallation.exe"=1
"C:\Users\Gary\Downloads\FoxitReader611.1031_enu_Setup.exe"=1
"C:\Users\Gary\Downloads\DTLite4481-0347.exe"=1
"C:\Users\Gary\Downloads\Firefox Setup Stub 26.0.exe"=1
"SIGN.MEDIA=29FF23D autorun.exe"=1
"E:\copy of duff disk after it became recognisable\Download\xdate.exe"=1
"E:\copy of duff disk after it became recognisable\Download\xdate work around for excel date bug.exe"=1
"C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ0BUVG7\JavaSetup7u45[1].exe"=1
"C:\Users\Gary\Downloads\331.82-desktop-win8-win7-winvista-64bit-english-whql.exe"=1
"C:\Users\Gary\AppData\Local\Temp\Logitech\SolarApp_1\MSetup.exe"=1
"C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDQSPRP5\GoogleToolbarInstaller_en32_signed.exe"=1
"C:\Users\Gary\Downloads\DA Downloads\DragonAge1.05.exe"=1
"C:\Users\Gary\Downloads\npp.6.5.2.Installer.exe"=1
"C:\Games\Dragon Age\bin_ship\daupdater.exe"=1
"C:\Users\Gary\AppData\Local\Temp\Foxit Reader Updater.exe"=1
"C:\Users\Gary\Downloads\VSubst_1.0.6.exe"=1
"C:\Users\Gary\AppData\Local\Temp\Foxit Updater.exe"=1
"C:\Users\Gary\AppData\Local\Temp\is-S3QPT.tmp\CountInstallation.exe"=1
"C:\Users\Gary\Downloads\FreeFileSync_6.1_Windows_Setup.exe"=1
"C:\Users\Gary\Downloads\AQ14c.exe"=1
"C:\Users\Gary\Downloads\setup_ME_STANDARD_7_5_3_4200.exe"=1
"C:\Users\Gary\Downloads\drw_free.exe"=1
"C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NLA6M9T\install_flashplayer12x32au_gtba_chra_dy_aaa_aih.exe"=1
"C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64ADCY8T\adblockplusie-1.1.exe"=1
"SIGN.MEDIA=F8A3C06D Downloads\TeamViewer_Setup_en.exe"=1
"C:\Users\Gary\Downloads\badcopy-setup.exe"=1
"C:\Users\Gary\Downloads\cleangenius_trial.exe"=1
"C:\Users\Gary\Downloads\MyDefrag-v4.3.1.exe"=1
"C:\Users\Gary\Downloads\disk-defrag-setup.exe"=1
"C:\Users\Gary\Downloads\unchecky_setup.exe"=1
"C:\Users\Gary\Downloads\SysInfoTools-PST-Merge.exe"=1
"C:\Users\Gary\Downloads\UnstopCpy_5_2_Win2K_UP_Setup.exe"=1
"C:\Users\Gary\AppData\Local\Temp\is-R7I3L.tmp\CountInstallation.exe"=1
"C:\Users\Gary\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe"=1
"SIGN.MEDIA=45A526 Setup.exe"=1
"C:\Users\Gary\Downloads\FileFormatConverters.exe"=1
"C:\Users\Gary\Downloads\KiesSetup.exe"=1
"C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64ADCY8T\FileFormatConverters (1).exe"=1
"SIGN.MEDIA=3997F727 Setup.exe"=1
"C:\Users\Gary\Downloads\office_free_2013.exe"=1
"C:\Program Files\NVIDIA Corporation\Display\nvtray.exe"=512
"C:\Users\Gary\Downloads\npp.6.6.8.Installer.exe"=1
"C:\Users\Gary\AppData\Roaming\Kingsoft\office6\update\down\setup_ALL_mui_9.1.0.4746_AbroadFree.exe"=1
"C:\Users\Gary\AppData\Local\Temp\is-QO0AE.tmp\CountInstallation.exe"=1
"C:\Users\Gary\Downloads\streamwriter_setup.exe"=1
"C:\Users\Gary\Downloads\audacity-win-2.0.5.exe"=1
"C:\Users\Gary\Downloads\Rarmaradio_setup.exe"=1
"C:\Users\Gary\Downloads\advisorinstaller.exe"=1
"C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NLA6M9T\jre-8u25-windows-i586.com"=1
"C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENXE7XLX\jre-8u25-windows-i586.com"=1
"C:\Users\Gary\AppData\Local\Temp\is-48MQA.tmp\CountInstallation.exe"=1
"SIGN.MEDIA=7DD4621 AutoRun.exe"=1
"C:\Users\Gary\Downloads\GoogleEarthSetup.exe"=1
"C:\Users\Gary\Downloads\install_flashplayer16x32au_mssd_aaa_aih.exe"=1
"C:\Users\Gary\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe"=1
"C:\Users\Gary\Downloads\SkypeSetup.exe"=1
"C:\Users\Gary\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe"=1
"C:\Program Files\TextPad 7\TextPad.exe"=512
"C:\Users\Gary\Downloads\347.52-desktop-win8-win7-winvista-64bit-international-whql.exe"=1
"C:\Users\Gary\Downloads\SetPoint6.65.62_smart.exe"=1
"C:\Users\Gary\Desktop\tempinstall\AsusSetup.exe"=1
"E:\backup of 64G flash\Backup C\download\PAF5EnglishSetup.exe"=1
"C:\Users\Gary\Downloads\gimp-2.8.14-setup-1.exe"=1
"C:\Users\Gary\Downloads\mbae-setup-1.06.1.1019.exe"=1
"C:\Users\Gary\Downloads\FileFormatConverters(1).exe"=1
"C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe"=1
"C:\Users\Gary\Downloads\JavaSetup8u45.exe"=1
"C:\Users\Gary\Downloads\drivereasy.exe"=1
"C:\Users\Gary\Downloads\kts15.0.2.361en-gb.exe"=1
"C:\Users\Gary\Downloads\GeForce_Experience_v2.4.5.57.exe"=1
"C:\Users\Gary\AppData\Local\Temp\jre-8u51-windows-au.exe"=1
"C:\Users\Gary\Downloads\DriverEasy_Setup-4-9-3.exe"=1
"C:\Users\Gary\Downloads\kis16.0.0.614en_8210.exe"=1
"C:\Users\Gary\Downloads\dips64-setup.exe"=1
"C:\Users\Gary\Downloads\cpu-z_1.73-en.exe"=1
"C:\Users\Gary\AppData\Local\Temp\jre-8u60-windows-au.exe"=1
"C:\ProgramData\Origin\SelfUpdate\StagedUpdate\UpdateTool.exe"=1
"C:\Users\Gary\Downloads\CheatEngine64.exe"=1
"C:\Users\Gary\Downloads\aomwin110ea23us.exe"=1
"C:\Users\Gary\Downloads\Logitech C920 Webcam\lws251.exe"=1
"C:\Users\Gary\AppData\Local\Temp\jre-8u66-windows-au.exe"=1
"C:\Users\Gary\Downloads\Unigine_Heaven-4.0.exe"=1
"C:\Users\Gary\Downloads\FurMark_1.17.0.0_Setup.exe"=1
"C:\Users\Gary\AppData\Roaming\Kingsoft\office6\update\down\setup_XA_mui_10.1.0.5656_Free.exe"=1
"C:\Users\Gary\AppData\Local\Kingsoft\Kingsoft Office\10.1.0.5656\utility\uninst.exe"=1
"C:\Users\Gary\AppData\Local\Temp\wps\~1510a833\Au_.exe"=1
"C:\Users\Gary\AppData\Local\Temp\is-BI1D9.tmp\CountInstallation.exe"=1
"C:\Users\Gary\AppData\Local\Temp\is-HSQEK.tmp\CountInstallation.exe"=1
"C:\Users\Gary\AppData\Local\Temp\FoxitUpdater.exe"=1
"C:\Users\Gary\AppData\Local\Temp\is-1PUPQ.tmp\CountInstallation.exe"=1
"C:\Users\Gary\AppData\Local\Temp\is-LMLJJ.tmp\CountInstallation.exe"=1

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006A18030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Gary\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe"=0x534143500100000000000000070000002800000010A61400A6A914000100000000000000000001067122000033504C2B57DFD10100000080000000000200000028000000000000000000000000000000000000000000000000000000FFE2030000000000AA020000AA020000
"C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE"=0x534143500100000000000000070000002800000058FF0200426303000100000000000000000001067120000033504C2B57DFD1010000000100000000
"C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE"=0x534143500100000000000000070000002800000098129E00E09F9E000100000000000000000002067120000033504C2B57DFD1010000000100000000
"C:\Program Files (x86)\Inquisition\Dragon Age Inquisition\DragonAgeInquisition.exe"=0x5341435001000000000000000700000028000000D0370E04D2240F0401000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BABE8054000000000D0100000D010000
"C:\Users\Gary\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\et.exe"=0x5341435001000000000000000700000028000000680701017D7A01010100000000000000000003067102000019B4C529E312D10100000000000000000200000028000000000000000000001000000000000000000000000000000000BAAE0100000000000100000001000000
"C:\Program Files (x86)\Visual Subst\VSubst.exe"=0x53414350010000000000000007000000280000009821020009B502000100000000000000000000067120000019B4C529E312D101000000000000000002000000280000000000000000000000000200000000000000000000000000006DD30000000000000100000001000000
"C:\Users\Gary\Downloads\ccsetup513.exe"=0x534143500100000000000000070000002800000050D76700277F68000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000063620000000000000100000001000000
"C:\Users\Gary\Downloads\dfsetup219 (1).exe"=0x5341435001000000000000000700000028000000282A4500A92046000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000082480000000000000100000001000000
"C:\Users\Gary\Downloads\rcsetup152 (1).exe"=0x534143500100000000000000070000002800000088894300F21A44000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000055400000000000000100000001000000
"C:\Users\Gary\Downloads\spsetup129.exe"=0x5341435001000000000000000700000028000000C8FD4D0038FF4D000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000088420000000000000100000001000000
"C:\Program Files\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000058141400AA68140001000000000000000000020600010000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000400000000000000000000000000612484B000000003E0000003E000000
"C:\Program Files (x86)\Microsoft Office\OFFICE11\OIS.EXE"=0x534143500100000000000000070000002800000058630400680105000100000000000000000000067120000019B4C529E312D10100000000000000000200000028000000000000000000001000000000000000000000000000000000EC1A2F02000000000300000003000000
"C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE"=0x534143500100000000000000070000002800000098F4BB00FF0CBC000100000000000000000003067120000033504C2B57DFD1010000000100000000
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C01702006E31020001000000000000000000000A6122000019B4C529E312D10100000000000000000200000028000000000000000000001000000000000000000000000000000000D2961700000000000800000008000000
"C:\Users\Gary\Downloads\scarlett-solo-3.1.10-221.exe"=0x534143500100000000000000070000002800000058711B000E851B000100000000000000000002060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000005BAF0000000000000100000001000000
"C:\ProgramData\Ableton\Live 9 Lite\Resources\Extensions\WebConnector\Ableton Web Connector.exe"=0x5341435001000000000000000700000028000000C8E1820005D1830001000000000000000000000A7322000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000E3160000000000000100000001000000
"C:\ProgramData\Ableton\Live 9 Lite\Resources\Extensions\Index\Ableton Index.exe"=0x5341435001000000000000000700000028000000C835A40045A2A40001000000000000000000000A7322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000080EE8404000000000100000001000000
"C:\Users\Gary\Downloads\InstallGoldWave619.exe"=0x53414350010000000000000007000000280000007040C3005CFEC30001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000006E750000000000000100000001000000
"C:\Program Files\GoldWave\GoldWave.exe"=0x53414350010000000000000007000000280000007882300191BF300101000000000000000000000A7322000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F9B1A201000000000100000001000000
"C:\Program Files (x86)\SteelSoft\SteelSoft Radio(Free Internet Radio)\WebRadio.exe"=0x53414350010000000000000007000000280000000030000000000000010000000000000000000106F122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D0070000000000000100000001000000
"C:\Program Files (x86)\RarmaRadio\RarmaRadio.exe"=0x5341435001000000000000000700000028000000003A9800757998000100000000000000000003067122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000048065D01000000000100000001000000
"C:\Users\Gary\Downloads\audacity-win-2.1.2.exe"=0x5341435001000000000000000700000028000000F94E94010000000001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C651DA00000000000100000001000000
"C:\Users\Gary\AppData\Local\Temp\jre-8u71-windows-au.exe"=0x534143500100000000000000070000002800000060D609002C970A0001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000BFAF0200000000000100000001000000
"C:\Users\Gary\Downloads\Music\singt.exe"=0x534143500100000000000000070000002800000082011500000000000100000000000000000001057100000019B4C529E312D1010000000000000000020000002800000000000000000800400000000000000000000000000000000027C20000000000000100000001000000
"C:\Program Files (x86)\Inquisition\Origin.exe"=0x5341435001000000000000000700000028000000F08737003FA937000100000000000000000002060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000077010000000000000100000001000000
"C:\Users\Gary\Downloads\361.75-desktop-win10-64bit-international-whql.exe"=0x534143500100000000000000070000002800000098BB3D1747E03D170100000000000000000002060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000031D60900000000000200000002000000
"C:\Users\Gary\Downloads\GeForce_Experience_v2.9.1.35.exe"=0x5341435001000000000000000700000028000000B8737B02E1C47B020100000000000000000002060001000019B4C529E312D1010000000000000000
"C:\Users\Gary\Downloads\GeForce_Experience_v2.9.1.35(1).exe"=0x5341435001000000000000000700000028000000B8737B02E1C47B020100000000000000000002060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000007AB32900000000000100000001000000
"C:\Program Files\TextPad 7\TextPad.exe"=0x534143500100000000000000070000002800000080D86C00748B6D0001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000040000020000000000000000000000000000000003A08C496000000008500000085000000
"C:\NVIDIA\DisplayDriver\353.30\Win8_WinVista_Win7_64\International\setup.exe"=0x5341435001000000000000000700000028000000485106008786060001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000915F0400000000000100000001000000
"C:\NVIDIA\DisplayDriver\347.88\Win8_WinVista_Win7_64\International\setup.exe"=0x53414350010000000000000007000000280000009050060039E606000100000000000000000003060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000055AE3700000000000C0000000C000000
"SIGN.MEDIA=F8A3C06D Downloads\Unlocker1.9.2.exe"=0x53414350010000000000000007000000280000003F751000000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000503A0200000000000100000001000000
"C:\Program Files\Unlocker\Unlocker.exe"=0x534143500100000000000000070000002800000000E80100000000000100000000000000000002067322000059193B14E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000026210300000000000100000001000000
"C:\Program Files (x86)\CleanGenius 3\UnLocker.exe"=0x534143500100000000000000070000002800000060D90A00E8AF0B000100000000000000000002067122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000B1E90400000000000100000001000000
"C:\Program Files\Unlocker\uninst.exe"=0x5341435001000000000000000700000028000000FE7F0100000000000300000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C01C0000000000000100000001000000
"C:\Program Files\Common Files\Logishrd\SolarApp\LU\LULnchr.exe"=0x534143500100000000000000070000002800000050350500DAB705000100000000000000000001067122000019B4C529E312D10100000080000000000200000028000000000000000000000000000000000000000000000000000000C3110000000000000100000001000000
"C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"=0x534143500100000000000000070000002800000010AB3000691E310001000000000000000000000AF522000059193B14E312D1010000000000000000
"C:\Users\Gary\Downloads\DriverEasy_Setup.exe"=0x5341435001000000000000000700000028000000888D3900D2F039000100000000000000000003060001000019B4C529E312D1010000000000000000
"C:\Users\Gary\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver361.75\setup.exe"=0x534143500100000000000000070000002800000038720600CD8A060001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000C00000400000000000000000000000000000000024E80200000000000100000001000000
"C:\Program Files (x86)\Cheat Engine 6.4\cheatengine-x86_64.exe"=0x534143500100000000000000070000002800000018179900943D99000100000000000000000003066322000059193B14E312D1010000000000000000020000002800000000000000000000400210000000000000000000000000000096B2C527000000000700000007000000
"C:\Program Files (x86)\Audacity\audacity.exe"=0x534143500100000000000000070000002800000000B88D000000000001000000000000000000000A7122000019B4C529E312D1010000000000000000
"C:\Users\Gary\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-GB.exe"=0x5341435001000000000000000700000028000000E834F607000000000100000000000000000001067100000019B4C529E312D101000000000000000002000000280000000000000000080040000000000000000000000000000000007D090500000000000100000001000000
"C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600AE40960001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000100000000000000000000000000000000042310000000000000100000001000000
"C:\Program Files (x86)\Belarc\BelarcAdvisor\BelarcAdvisor.exe"=0x534143500100000000000000070000002800000088EC0100F29002000100000000000000000003060021000019B4C529E312D101000000000000000002000000280000000000000000000000020000000000000000000000000000008AC30100000000000100000001000000
"C:\Users\Gary\Downloads\347.88-desktop-win8-win7-winvista-64bit-international-whql.exe"=0x534143500100000000000000070000002800000070276D120C756D120100000000000000000002060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000D99C0400000000000100000001000000
"C:\Program Files\Microsoft Mouse and Keyboard Center\Setup.exe"=0x5341435001000000000000000100000004000000010000000700000028000000D0B22600E9A627000300000000000000000003060021000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000780000000000000000000020000082000000000000008000000000002F6300000000000002000000010000000000000000000060000082000000000000008000000000006E270000000000000100000000000000000000000000000000028200000000000000800000000000B7900000000000000100000000000000
"C:\Users\Gary\Downloads\MouseKeyboardCenter_64bit_ENG_2.3.188.exe"=0x5341435001000000000000000700000028000000D0F6FB024863FC020100000000000000000001057100000019B4C529E312D101000000000000000002000000280000000000000080010040000000000000000000000000000000001E020100000000000100000001000000
"C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000A815830095B5830001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000004C030000000000000100000001000000
"C:\Users\Gary\Downloads\HijackThis.exe"=0x534143500100000000000000070000002800000000EE0500000000000100000000000000000002067100000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008FCA0100000000000100000001000000
"C:\Program Files\Easeware\DriverEasy\unins000.exe"=0x5341435001000000000000000700000028000000700312007F5812000300000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D2110000000000000100000001000000
"C:\Program Files (x86)\FamilySearch\Paf5\pstart.exe"=0x534143500100000000000000070000002800000000500500000000000100000000000000000001057120000019B4C529E312D1010000000000000000020000002800000000000000000000000044000000000000000000000000000015676943000000000700000007000000
"C:\Program Files (x86)\Incline Software\Ancestral Quest 14\ancquest.exe"=0x5341435001000000000000000700000028000000000E1E0136D61E010100000000000000000002067100000033504C2B57DFD10100000000000000000200000028000000000000000000000000000200000000000000000000000000A9908C15000000000700000007000000
"SIGN.MEDIA=1B1A162 Launcher.exe"=0x5341435001000000000000000700000028000000407558009C8458000100000000000000000002067122000019B4C529E312D10100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000004000000000000000000000000000000000661C1600000000000100000001000000
"C:\Program Files (x86)\Notepad++\notepad++.exe"=0x534143500100000000000000070000002800000000B024003F6C22000100000000000000000003067122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000814F1500000000000300000003000000
"C:\Users\Gary\Downloads\instspeedfan451.exe"=0x534143500100000000000000070000002800000008DA2100FDE7210001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000797B0000000000000100000001000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006821030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000E0759700E487970001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A1CBF169000000001800000018000000
"C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x53414350010000000000000007000000280000006026D70160EBD7010100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000ABBDA600000000000100000001000000
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\Kaspersky Restore Utility\kasperskylab.pure.restoretool.exe"=0x534143500100000000000000070000002800000000ED01004E0D020001000000000000000000000A8021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000005C3F0D00000000000100000001000000
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe"=0x5341435001000000000000000700000028000000003B03002D75030001000000000000000000000A0021000019B4C529E312D1010000000000000000
"C:\Users\Gary\Downloads\Firefox Setup Stub 46.0.exe"=0x5341435001000000000000000700000028000000F0B103003E9E04000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006A1C9601000000000200000002000000
"C:\Users\Gary\Downloads\MSI_Kombustor_Setup_3.5.1.0_x64.exe"=0x5341435001000000000000000700000028000000729B2B01000000000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000555F1829000000000100000001000000
"C:\Users\Gary\Downloads\MicrosoftFixit50229.msi"=0x534143500100000000000000070000002800000000E400006BAB01000100000000000000000001050010000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000040000000000000000000000298C0200000000000100000001000000
"C:\Windows\SysWOW64\regedit.exe"=0x53414350010000000000000007000000280000000094040059E4040001000000010000000000000A7122000019B4C529E312D1010000000000000000
"C:\Users\Gary\Downloads\adguardInstaller.exe"=0x5341435001000000000000000700000028000000F89D0200CDDD020001000000000000000000000A7120000019B4C529E312D101000000000000000002000000280000000000000000080040000000000000000000000000000000003D580100000000000100000001000000
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"=0x534143500100000000000000070000002800000010936301304D640101000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C5010000000000000100000001000000
"C:\Users\Gary\Downloads\iconworkshop.exe"=0x534143500100000000000000070000002800000028F55A0233795B0201000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000BE0D0600000000000100000001000000
"C:\Program Files (x86)\Axialis\IconWorkshop\IconWorkshop.exe"=0x534143500100000000000000070000002800000008EBC2008CE6C30001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E4740F15000000000300000003000000
"C:\Users\Gary\Downloads\rcsetup153.exe"=0x534143500100000000000000070000002800000040855300457654000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000042720000000000000100000001000000
"C:\Program Files\Recuva\recuva64.exe"=0x5341435001000000000000000700000028000000D8A24B00213C4C0001000000000000000000000A7322000059193B14E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000F1040A00000000000100000001000000
"C:\Program Files (x86)\HexEdit\HexEdit.exe"=0x53414350010000000000000007000000280000000084200041E71F000100000000000000000001067122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000025B2E502000000000200000002000000
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe"=0x5341435001000000000000000700000028000000D8143800DA8238000100000000000000000002067102000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FF0A3F24000000000400000004000000
"C:\Users\Gary\Downloads\planmaker.exe"=0x5341435001000000000000000700000028000000B7AA1200000000000100000000000000000001057100000019B4C529E312D10100000000000000000100000004000000010000000200000050000000000000002008006000000000000000000000000000000000914C1C000000000001000000010000000000000000000000400400000000000040000000000000002B340100000000000100000000000000
"C:\Users\Gary\Downloads\FreeCAD-0.16.6704.oc449d7-WIN-x64_Installer-1.exe"=0x534143500100000000000000070000002800000078E5D30D000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000A4150800000000000100000001000000
"C:\Program Files\FreeCAD 0.16\bin\FreeCAD.exe"=0x5341435001000000000000000700000028000000002202000000000001000000000000000000000A7322000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D5310F00000000000100000001000000
"C:\Users\Gary\Downloads\paint_latest.exe"=0x5341435001000000000000000700000028000000B7C00700000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C2810000000000000100000001000000
"C:\Program Files (x86)\Paint XP\mspaint98.exe"=0x534143500100000000000000070000002800000000400500F9F805000100000000000000000001057120000019B4C529E312D1010000000000000000020000002800000000000000000000000044020000000000000000000000000052F21D00000000000100000001000000
"C:\Users\Gary\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe"=0x534143500100000000000000070000002800000000A508002A73090001000000000000000000000A7122000019B4C529E312D1010000008000000000020000002800000000000000000000400000000000000000000000000000000016990600000000000100000001000000
"C:\Users\Gary\AppData\Roaming\Kingsoft\office6\update\down\setup_XA_mui_10.1.0.5656_Free.exe"=0x534143500100000000000000070000002800000080271C05B5C31C0501000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000FCB0A00000000000100000001000000
"C:\Users\Gary\AppData\Local\Kingsoft\Kingsoft Office\10.1.0.5656\utility\uninst.exe"=0x5341435001000000000000000700000028000000C8DD0D00AA650E0003000000000000000000000A0021000019B4C529E312D1010000000000000000
"C:\Users\Gary\AppData\Local\Kingsoft\Kingsoft Office\10.1.0.5656\office6\wpscenter.exe"=0x5341435001000000000000000700000028000000007902007328030001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000010000000000000000100000001000000
"C:\Users\Gary\Downloads\epm.exe"=0x5341435001000000000000000700000028000000E08BF902852FFA0201000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000070A90D00000000000100000001000000
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe"=0x5341435001000000000000000700000028000000A85B03004EC0030001000000000000000000000A0021000019B4C529E312D1010000000000000000
"C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\CleanUpUI.exe"=0x5341435001000000000000000700000028000000C00413003B87130001000000000000000000000A7122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000F28E4511000000000700000001000000000000000000000000000000000000000000000000000000242E0000000000000200000000000000
"C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\EPMStartLoader.exe"=0x5341435001000000000000000700000028000000C0B4040092F5040001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000087B0100000000000200000002000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Gary\Downloads\InstallMyDriveConnect.exe"=0x534143500100000000000000070000002800000048353D02A51C3E020100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000008CAC0000000000000100000001000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Gary\Downloads\kts17.0.0.611en-gb_full.exe"=0x534143500100000000000000070000002800000028D8980AB7DD980A01000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000095810300000000000100000001000000
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe"=0x5341435001000000000000000700000028000000D8690300411F040001000000000000000000000A0021000033504C2B57DFD1010000000000000000
"E:\copy of duff disk after it became recognisable\Program Files\Firaxis Games\Sid Meier's Alpha Centauri\terran.exe"=0x534143500100000000000000070000002800000000C02C00000000000100000000000000000001057120000033504C2B57DFD10100000000000000000200000050000000000000000080002000000040000000000000000000000000E33E0403000000004000000040000000000000000000000000000040000000000000000000000000317CD40100000000020000000000000006000000080000000000004000000000
"C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe"=0x5341435001000000000000000700000028000000408B08004EE008000100000000000000000002067102000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000636F7102000000000400000004000000
"C:\Program Files (x86)\LibreOffice 5\program\scalc.exe"=0x5341435001000000000000000700000028000000680001005CDE010001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009C7E0200000000000100000001000000
"C:\Program Files (x86)\LibreOffice 5\program\swriter.exe"=0x534143500100000000000000070000002800000068FC0000145E010001000000000000000000000A7122000033504C2B57DFD1010000000000000000
"C:\Users\Gary\Downloads\DOSBox0.74-win32-installer.exe"=0x5341435001000000000000000700000028000000691B1600000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000017450000000000000100000001000000
"C:\Program Files (x86)\DOSBox-0.74\DOSBox.exe"=0x534143500100000000000000070000002800000000E03800B5C939000100000000000000000001067120000033504C2B57DFD1010000000000000000020000002800000000000000000000100000000000000000000000000000000070807024000000001F0000001F000000
"C:\Program Files (x86)\Microsoft Office\OFFICE11\MSACCESS.EXE"=0x5341435001000000000000000700000028000000583F6600A6F766000100000000000000000001067120000033504C2B57DFD1010000001100000000
"C:\Users\Gary\Downloads\free-sqlite-viewer.exe"=0x534143500100000000000000070000002800000090ECD400CCBBD5000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000026560500000000000100000001000000
"E:\copy of duff disk after it became recognisable\Program Files\Synkronizer XL 8.0\syxl80_install.exe"=0x5341435001000000000000000700000028000000006000004B0101000100000000000000000001057120000033504C2B57DFD10100000000000000000100000004000000010000000500000010000000000000000000000000030105000800000200000050000000000301050008006000102000000000000000200000000000BD050000000000000100000001000000000000000008004000102000000000000000200000000000870E0000000000000100000000000000
"SIGN.MEDIA=2D6 INSTALL.BAT"=0x5341435001000000000000000700000028000000008E0300E25F040001000000000000000000010500300000D5B3B31A57DFD1010000000000000000
"C:\Users\Gary\AppData\Roaming\Notepad++\plugins\config\plugin_install_temp\plugin1\updater\gpup.exe"=0x5341435001000000000000000700000028000000002A040058E5040001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000002F000000000000000100000001000000
"C:\Users\Gary\Downloads\epm(1).exe"=0x534143500100000000000000070000002800000060CCF40267C7F50201000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000009C699006000000000600000006000000
"C:\Users\Gary\Downloads\revosetup.exe"=0x5341435001000000000000000700000028000000B8566C00150E6D0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005AE91D00000000000100000001000000
"C:\Users\Gary\Downloads\EaseUS_DiskCopy_Home.exe"=0x534143500100000000000000070000002800000010D5B502A5C7B6020100000000000000000001067102000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000271C6C06000000000100000001000000
"C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe"=0x5341435001000000000000000700000028000000C0F8120046DD130001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000050000000000000000000004000000000000000000000000000000000FE60A801000000000800000006000000000000000000000000000000000000000000000000000000E5350000000000000100000000000000
"C:\Users\Gary\Downloads\tbbMeterSetup.exe"=0x534143500100000000000000070000002800000040945E001D795F000100000000000000000000067102000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004F710500000000000100000001000000
"C:\Users\Gary\AppData\Local\Temp\VSDEDD9.tmp\DotNetFX\dotnetchk.exe"=0x534143500100000000000000070000002800000000580100911902000100000000000000000000067102000033504C2B57DFD1010000000000000000020000002800000000000000000000100000000000000000000000000000000010000000000000000100000001000000
"SIGN.MEDIA=F8A3C06D Downloads\tb_free.exe"=0x534143500100000000000000070000002800000050512E0758622E0701000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000F786707F000000000100000001000000
"C:\Program Files (x86)\Paint XP\mspaint.exe"=0x5341435001000000000000000700000028000000003C05008E2406000100000000000000000001057120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D5B0360F000000000200000002000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Gary\Downloads\FoxitReader82_enu_Setup_Prom.exe"=0x5341435001000000000000000700000028000000407D3A0325813A0301000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000021970300000000000200000002000000
"C:\Users\Gary\Downloads\Windows10Upgrade9252.exe"=0x5341435001000000000000000700000028000000889B5700794C580001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000063920200000000000300000003000000
"C:\Games\Dragon Age\bin_ship\daorigins.exe"=0x53414350010000000000000007000000280000006087980060E898000100000000000000000001067120000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004B560700000000000100000001000000
"C:\Games\Dragon Age\DAOriginsLauncher.exe"=0x5341435001000000000000000700000028000000E8041300E1B413000100000000000000000000067100000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000061DE4508000000002300000023000000
"C:\Users\Gary\Downloads\MediaCreationTool.exe"=0x5341435001000000000000000700000028000000D06017017B88170101000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000008446502000000000200000002000000
"C:\Users\Gary\Downloads\AutoHotkey_1.1.24.05_setup.exe"=0x5341435001000000000000000700000028000000AA7A2F00F367010001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000557B8314000000000100000001000000
"C:\Program Files\AutoHotkey\AutoHotkey.exe"=0x5341435001000000000000000700000028000000007412000000000001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C3040000000000000100000001000000
"SIGN.MEDIA=695B70 setup.exe"=0x5341435001000000000000000700000028000000C03A01005188010001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000DAA21D00000000000100000001000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Gary\Desktop\script_Tab_Toggles_F12.exe"=0x534143500100000000000000070000002800000029350C00000000000100000000000000000001067102000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002DD9332C000000000300000003000000
"C:\Program Files (x86)\Auto Clicker\AutoClicker.exe"=0x534143500100000000000000070000002800000000A00000000000000100000000000000000001067120000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008D8A7124000000000400000004000000
"C:\Users\Gary\Downloads\DAII Downloads\try new folder for editor\daosavegame.exe"=0x534143500100000000000000070000002800000000E200003D2F01000100000000000000000000067102000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000598E6C17000000000300000003000000
"C:\Users\Gary\Downloads\DAII Downloads\try new folder for editor\editor larger pyGFF one.exe"=0x5341435001000000000000000700000028000000003001003D2F01000100000000000000000000067102000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000012CB621C000000000800000008000000
"C:\Games\Dragon Age 2\bin_ship\DragonAge2.exe"=0x534143500100000000000000070000002800000070BDB9005097BA000100000000000000000001067102000033504C2B57DFD10100000000000000000200000028000000000001060000002000100000000000000000000000000000D78BB71B000000000F0000000F000000
"C:\Program Files (x86)\LibreOffice 5\program\sdraw.exe"=0x534143500100000000000000070000002800000068060100D67C010001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D44F4024000000000100000001000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000E0783801622F390101000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Gary\Downloads\GeForce_Experience_v3.4.0.70.exe"=0x53414350010000000000000007000000280000003878BD04F659BE040100000000000000000002060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000CDBD0100000000000200000002000000
"C:\Users\Gary\Downloads\JavaSetup8u121.exe"=0x534143500100000000000000070000002800000040480B00ABBC0B0001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004B9D0300000000000100000001000000
"C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0960C005DE50C0001000000010000000000000A00210000D5B3B31A57DFD1010000000000000000
"C:\Users\Gary\Downloads\spsetup130.exe"=0x5341435001000000000000000700000028000000C0066000843560000100000000000000000001060001000033504C2B57DFD1010000000000000000
"C:\NVIDIA\DisplayDriver\314.22\Win8_WinVista_Win7_64\English\setup.exe"=0x5341435001000000000000000700000028000000202D0600B76106000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000099501200000000000200000002000000
"C:\NVIDIA\DisplayDriver\331.82\Win8_WinVista_Win7_64\English\setup.exe"=0x5341435001000000000000000700000028000000204D06009AD006000100000000000000000003060021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000652D0400000000000100000001000000
"C:\NVIDIA\DisplayDriver\340.52\Win8_WinVista_Win7_64\English\setup.exe"=0x534143500100000000000000070000002800000020510600B00E07000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000413C0600000000000200000002000000
"C:\Program Files\Speccy\Speccy64.exe"=0x5341435001000000000000000700000028000000D8C46C0089006D0001000000000000000000000A73220000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000081634529000000000B0000000B000000
"C:\Program Files (x86)\Inquisition\legacyPM\OriginLegacyCLI.exe"=0x534143500100000000000000070000002800000070AD0C00F9F30C000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BC000000000000000500000005000000
"C:\Users\Gary\Downloads\DAII Downloads\try new folder for editor\g2da.exe"=0x534143500100000000000000070000002800000000620000164D00000100000000000000000000067102000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000096010000000000000200000002000000
"C:\Users\Gary\Downloads\DAI Downloads\DAIToolsSuite_Loader\DAIToolsSuite_Loader.exe"=0x5341435001000000000000000700000028000000009400000000000001000000000000000000000AF522000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C45EB600000000000100000001000000
"C:\Users\Gary\Downloads\DAI Downloads\Folder For DAI ModManager\DAIModManager.exe"=0x534143500100000000000000070000002800000000A201000000000001000000000000000000000AF522000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000455A0000000000000100000001000000
"C:\Users\Gary\Downloads\FoxitReader821_enu_Setup_Prom.exe"=0x5341435001000000000000000700000028000000C8093E03F88B3E0301000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000428C0A00000000000100000001000000
"C:\Users\Gary\Downloads\DDU v17.0.6.1\DDU v17.0.6.1.exe"=0x53414350010000000000000007000000280000003DA411000000000001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A1140000000000000100000001000000
"C:\Users\Gary\Downloads\DDU v17.0.6.1\Display Driver Uninstaller.exe"=0x534143500100000000000000070000002800000000A616000000000001000000000000000000000AF5220000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000D9A70000000000000100000001000000
"C:\Users\Gary\Downloads\instspeedfan452.exe"=0x534143500100000000000000070000002800000068192F008906300001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000007E680000000000000100000001000000
"C:\Program Files (x86)\SpeedFan\speedfan.exe"=0x5341435001000000000000000700000028000000889C7C0033627D0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000438E2330000000000700000007000000
"C:\Users\Gary\Downloads\378.92-desktop-win10-64bit-international-whql.exe"=0x5341435001000000000000000700000028000000A8E82C1846902D180100000000000000000002060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A2103300000000000300000003000000
"C:\Users\Gary\Downloads\dxwebsetup.exe"=0x5341435001000000000000000700000028000000587504004CBE04000100000000000000000001057100000033504C2B57DFD101000000800000000002000000280000000000000000080040000000000000000000000000000000002D580100000000000100000001000000
"C:\Users\Gary\Downloads\SlimDrivers-setup.exe"=0x5341435001000000000000000700000028000000386E10000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000
"C:\Users\Gary\Downloads\setuprst.exe"=0x5341435001000000000000000700000028000000781AD000455ED00001000000000000000000000A0021000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000003310000000000000100000001000000
"C:\NVIDIA\DisplayDriver\Zotac\378.92\Win10_64\International\setup.exe"=0x5341435001000000000000000700000028000000387606009195060001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000ECBF0500000000000300000003000000
"C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe"=0x5341435001000000000000000700000028000000C8DA08000FFA080001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004D220000000000000100000001000000
"C:\Users\Gary\Downloads\whocrashedSetup.exe"=0x534143500100000000000000070000002800000048A84B0046E44B0001000000000000000000000A0021000033504C2B57DFD1010000000000000000
"C:\Users\Gary\Downloads\bluescreenview_setup.exe"=0x5341435001000000000000000700000028000000282A0200307A02000100000000000000000000067102000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DE170000000000000100000001000000
"C:\Program Files\WhoCrashed\WhoCrashedEx.exe"=0x5341435001000000000000000700000028000000F0174D00691F4D0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004DE2DD05000000000100000001000000
"C:\Program Files (x86)\NirSoft\BlueScreenView\BlueScreenView.exe"=0x534143500100000000000000070000002800000060EE0000732E010001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000F309DC05000000000100000001000000
"C:\Users\Gary\Downloads\Unigine_Valley-1.0.exe"=0x5341435001000000000000000700000028000000F9185A15000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003A750100000000000100000001000000
"C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\valley.bat"=0x5341435001000000000000000700000028000000008E0300E25F040001000000000000000000010500100000D5B3B31A57DFD1010000000000000000
"C:\Users\Gary\Downloads\Firefox Setup Stub 53.0.exe"=0x534143500100000000000000070000002800000028C10300209D040001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000031FE4402000000000200000002000000
"C:\Users\Gary\Downloads\gimp-2.8.20-setup.exe"=0x5341435001000000000000000700000028000000B89B9F046D6DA00401000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000038D60400000000000100000001000000
"C:\Program Files\GIMP 2\bin\gimp-2.8.exe"=0x534143500100000000000000070000002800000040EF53008DC4540001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000003A8AF05000000000100000001000000
"C:\Users\Gary\Downloads\kavremvr.exe"=0x53414350010000000000000007000000280000004865DB00208CDB0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000017DF4D03000000000100000001000000
"C:\Program Files\Windows Defender\MSASCui.exe"=0x534143500100000000000000070000002800000000D61300BB0B140001000000010000000000000A00210000D5B3B31A57DFD1010000000000000000
"C:\Users\Gary\Downloads\kts17.0.0.611en-gb_full(1).exe"=0x534143500100000000000000070000002800000070C8AD0B9CCFAD0B01000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000035FA0200000000000200000002000000
"C:\Users\Gary\AppData\Local\Temp\Rar$EXa0.893\DDU v17.0.6.3.exe"=0x534143500100000000000000070000002800000002AA11000000000001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000581B0000000000000100000001000000
"C:\Users\Gary\AppData\Local\Temp\Rar$EXa0.893\Display Driver Uninstaller.exe"=0x534143500100000000000000070000002800000000B416000000000001000000000000000000000AF5220000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004FE00300000000000100000001000000
"C:\Users\Gary\Downloads\378.72-desktop-notebook-win10-64bit-international.hf.exe"=0x5341435001000000000000000700000028000000A8EAC617DFC1C7170100000000000000000002060001000033504C2B57DFD1010000000000000000
"C:\NVIDIA\DisplayDriver\378.72\Win10_64\International\setup.exe"=0x5341435001000000000000000700000028000000C07106005142070001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000059370400000000000300000003000000
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe"=0x5341435001000000000000000700000028000000D8530700882C080001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000009010000000000000100000001000000
"C:\Users\Gary\Downloads\OCCTPT4.5.0.exe"=0x5341435001000000000000000700000028000000B32C7C000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000066B37B26000000000100000001000000
"C:\Users\Gary\Downloads\FurMark_1.19.0.0_Setup.exe"=0x53414350010000000000000007000000280000003A706B000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000087990200000000000100000001000000
"C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe"=0x534143500100000000000000070000002800000000F831000000000001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000228D2D11000000000100000001000000
"C:\Users\Gary\AppData\Local\TomTom\HOME3\Updates\InstallMyDriveConnect_4_1_4_3089.exe"=0x534143500100000000000000070000002800000078B6BD03CBDCBD030100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000EBCB0000000000000100000001000000
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"=0x5341435001000000000000000700000028000000A04179001C3D7A0001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BFF9D712000000000100000001000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Gary\Downloads\winiso.exe"=0x5341435001000000000000000700000028000000F0837800306479000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000000CB0000000000000100000001000000
"C:\Program Files (x86)\WinISO\bin\winiso.exe"=0x5341435001000000000000000700000028000000005412000000000001000000000000000000000A6122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000014820600000000000100000001000000
"C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe"=0x5341435001000000000000000700000028000000C8524B031DDA4B0301000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000001000000000000000000000000000000000FE7C9B22000000000300000003000000
"C:\Users\Gary\AppData\Local\TomTom\HOME3\Updates\InstallMyDriveConnect_4_1_5_3181.exe"=0x53414350010000000000000007000000280000002870DB03E0FFDB030100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000F3B50000000000000100000001000000
"C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe"=0x5341435001000000000000000700000028000000E8461D0008821D0001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000CAD73F37000000000100000001000000
"C:\Program Files (x86)\Inquisition\OriginClientService.exe"=0x534143500100000000000000070000002800000090EB2000A4CD21000100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000A3040000000000000100000001000000
"C:\Program Files (x86)\Inquisition\OriginWebHelperService.exe"=0x534143500100000000000000070000002800000098B72F00F79930000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000011050000000000000100000001000000
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000C8F307005894080001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Gary\Desktop\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080FD2900D0812A000100000000000000000003060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000041070101000000000100000001000000
"C:\Users\Gary\Desktop\HiJackThis.exe"=0x534143500100000000000000070000002800000050C611006B63120001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000D8B5FA13000000000200000002000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x534143500100000000000000070000002800000058471200C993120001000000000000000000000A00210000D5B3B31A57DFD1010000000100000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D05E9301F3E9930101000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A7120000033504C2B57DFD1010000000100000000
"C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.exe"=0x534143500100000000000000070000002800000018EC1E0085A81F0003000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000F1BD0000000000000100000001000000
"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8B0481A9A34D47CD.exe"=0x534143500100000000000000070000002800000070DA10000D0211000300000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007AD10300000000000100000001000000
"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"=0x5341435001000000000000000700000028000000D5FC0A000000000003000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000AD410000000000000100000001000000
"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"=0x5341435001000000000000000700000028000000188D0800B58E08000300000000000000000003067102000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000048570000000000000100000001000000
"C:\Users\Gary\Desktop\setup.exe"=0x534143500100000000000000070000002800000050BF1C0291271D0201000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000E8866F00000000000100000001000000
"C:\Users\Gary\Desktop\JRT.exe"=0x5341435001000000000000000700000028000000B862190060FC19000100000000000000000001067102000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001C5A0C00000000000100000001000000
"C:\Users\Gary\Desktop\adwcleaner_6.047.exe"=0x5341435001000000000000000700000028000000C8B73E0077C63E0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001D2E0500000000000100000001000000
"C:\Users\Gary\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe"=0x5341435001000000000000000700000028000000101ED4031B39D40301000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000D8730000000000000100000001000000
"C:\Users\Gary\Desktop\ZHPFix(2).exe"=0x534143500100000000000000070000002800000051BC35000000000001000000000000000000000A4122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000ED7A0000000000000100000001000000
"C:\Program Files (x86)\ZHPFix\ZHPhep.exe"=0x534143500100000000000000070000002800000000421D00000000000100000000000000000002067122000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000041CB1000000000000100000001000000
"C:\Users\Gary\Downloads\Zemana.AntiMalware.Setup.exe"=0x5341435001000000000000000700000028000000908D640002A15A3B01000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E2DF5200000000000100000001000000
"C:\Users\Gary\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000002047003C74470001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000005D163000000000000100000001000000


---------- | IFEO


---------- | Mountpoints2

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{618f9aa4-c891-11e3-b7fe-20cf305c4f2f}] : "Y:\autorun.exe" (AutoRun)
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{618f9ca2-c891-11e3-b7fe-20cf305c4f2f}] : "Z:\autorun.exe" (AutoRun)
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{ff77c7dc-67e0-11e3-8b70-00081bc00c7e}] : "X:\setup.exe" (AutoRun)

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"Beep"=#USR:Control Panel\Sound
"CoolSwitch"=USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SwapMouseButtons"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"Beep"=#USR:Control Panel\Sound
"CoolSwitch"=USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SwapMouseButtons"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows Defender]
"UIFirstRun"=0
"LastKnownGoodProxy"=1

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131310314750822373

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"DisableAntiSpyware"=1
"ProductType"=2
"InstallTime"=0x3043C9235E38D101
"ManagedDefenderProductType"=0
"OOBEInstallTime"=0xD58B33705E38D101
"ProductStatus"=0
"DisableAntiVirus"=1
"PassiveMode"=0
"InstallLocation"=C:\Program Files\Windows Defender\
"OneTimeSqmDataSent"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts

# unchecky_begin
# These rules were added by the Unchecky program in order to block advertising software modules
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
[61] More lines

---------- | Ping

Pinging google.com [216.58.201.46] with 32 bytes of data:
Reply from 216.58.201.46: bytes=32 time=35ms TTL=51
Reply from 216.58.201.46: bytes=32 time=35ms TTL=51
Reply from 216.58.201.46: bytes=32 time=36ms TTL=51
Reply from 216.58.201.46: bytes=32 time=35ms TTL=51

Ping statistics for 216.58.201.46:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 36ms, Average = 35ms

---------- | @

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Disable Script Debugger"=no
"Cache_Update_Frequency"=Once_Per_Session
"Local Page"=C:\Windows\system32\blank.htm
"NoUpdateCheck"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=https://www.google.co.uk/
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C00000002000000030000000083FFFF0083FFFFFFFFFFFFFFFFFFFF00000000910100001E030000A9030000
"IE8RunOnceLastShown"=1
"IE8RunOnceLastShown_TIMESTAMP"=0x5740826BEDFBCE01
"IE8TourShown"=1
"IE8TourShownTime"=0x43E1306FEDFBCE01
"NotifyDownloadComplete"=yes
"Start Page Redirect Cache_TIMESTAMP"=0x250AB2B5E8FCCE01
"Start Page Redirect Cache AcceptLangs"=en-GB
"Use FormSuggest"=yes
"IE9RunOncePerInstallCompleted"=1
"IE9RunOnceCompletionTime"=0x58A9EDF8E8FCCE01
"IE9TourShown"=1
"IE9TourShownTime"=0xB80AF0F8E8FCCE01
"IconCache"=7e1mlre
"OperationalData"=13
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x7261E64D32A2D201
"IE10TourShown"=1
"IE10TourShownTime"=0x7261E64D32A2D201
"ImageStoreRandomFolder"=aho0556
"DoNotTrack"=1
"DefSpellLang"=en-GB
"DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD00000007A000000500300005A020000
"AutoHide"=yes
"UseThemes"=0
"SmoothScroll"=0
"FormSuggest Passwords"=yes
"EdgeSwitchingOSBuildNumber"=10586.th2_release.160802-1857
"ApplicationTileImmersiveActivation"=0
"AssociationActivationMode"=2
"Start Page_TIMESTAMP"=0x79A36A585798D201
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"SecureProtocols"=2688
"CertificateRevocation"=1
"PrivacyAdvanced"=0
"EnableNegotiate"=1
"MaxConnectionsPer1_0Server"=10
"MaxConnectionsPerServer"=8
"MigrateProxy"=1
"ProxyEnable"=0
"SyncMode5"=4
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"ZonesSecurityUpgrade"=0x7261E64D32A2D201
"WarnonZoneCrossing"=0
"EnableAutodial"=0
"NoNetAutodial"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Check_Associations"=yes

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | Proxy


[HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies]

---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify


---------- | Execution FileExts





[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kml]
"Application"=googleearth.exe
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kmz]
"Application"=googleearth.exe






---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [16/07/2016 12:42:17]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=


---------- | Toolbar

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x1300000000000000000000003000000010000300360000000100000001070000C1020000060000000101000000000000070000004001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1C218236549D4119B18009027A5CD4F9D473F092E71CD469E0662E734A05F6800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=0xB1C218236549D4119B18009027A5CD4F
"ITBar7Layout64"=0x13000000000000000000000004000000100003000000000001000000000000005E010000060000000101000000000000070000004001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1C218236549D4119B18009027A5CD4F9D473F092E71CD469E0662E734A05F6800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ITBar7Height"=28
"{093F479D-712E-46CD-9E06-62E734A05F68}"=0x9D473F092E71CD469E0662E734A05F68

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={97D8EAAE-7BF2-44BF-ABDF-69ABCBA14CE0}
"DownloadRetries"=0
"KnownProvidersUpgradeTime"=0x7261E64D32A2D201
"Version"=5
"UpgradeTime"=0x7261E64D32A2D201
"DefaultPackCorrection"=1
"DefaultPackNTCorrection"=1

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{093F479D-712E-46CD-9E06-62E734A05F68}"=

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={6A1806CD-94D4-4689-BA73-E35EA1EA9990}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{093F479D-712E-46CD-9E06-62E734A05F68}"=

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={6A1806CD-94D4-4689-BA73-E35EA1EA9990}


---------- | Extensions

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () - []

---------- | SearchScopes

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 :
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{97D8EAAE-7BF2-44BF-ABDF-69ABCBA14CE0}] - (Google) - https://www.google.com/search?q={searchTerms} :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [29/03/2017 03:21:02]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}] -> (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [22/09/2015 18:14:22]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [29/03/2017 03:21:02]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [08/03/2017 22:58:18]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [08/03/2017 22:58:17]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}] -> (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [22/09/2015 18:14:22]

---------- | Chrome

C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\dkpejdfnpdkhifgbancbammdijojoffk = : Buttery-smooth scrolling for Logitech mice and touchpads. - Logitech Smooth Scrolling - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\fhoibnponjcgjgcnfacekaijdbbplhib = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__ - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl = : Quickly access Skype for Web and Share on Skype through your browser - Skype - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\nopoafngjcbddhhbepebefngiioncigi = : Autofill web-pages with stored passwords in Password Manager - Kaspersky Password Manager plugin - https://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]

---------- | Opera


---------- | Firefox

C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\Extensions\en-gb@flyingtophat.co.uk : : British English Dictionary (Updated) -
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\Extensions\{53152e75-fd90-472f-9d30-5cba3679eab9}.xpi
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[HKLM\Software\mozilla\Firefox\Extensions]
"light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"=C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
"light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.131 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.131 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\Prefs.js

user_pref("browser.startup.homepage", "http://www.google.co.uk/");
user_pref("browser.startup.homepage_override.buildID", "20170608105825");
user_pref("browser.startup.homepage_override.mstone", "54.0");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-button\",\"history-panelmenu\",\"fullscreen-button\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\",\"sync-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"urlbar-container\",\"search-container\",\"webrtc-status-button\",\"bookmarks-menu-button\",\"pocket-button\",\"youtubehighdefinition-toolbarbutton\",\"youtubeflashvideoplayer-toolbarbutton\",\"downloads-button\",\"home-button\",\"social-share-button\",\"abp-toolbarbutton\",\"widget:skype_ff_extension@jetpack-c2c-options-button\",\"loop-button-throttled\",\"loop-button\",\"kpmCaptionButton\",\"toolbar_virtual_keyboard_icon\",\"toggle-button--light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1dekasperskycom-kl-light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1dekasperskycom-plugin-button\",\"action-button--skype_ff_extensionjetpack-c2c-options-button\",\"action-button--82af8dca-6de9-405d-bd5e-43525bdad38a-skypeutton\",\"toggle-button--light_plugin_acf0e80077c511e59ded005056c00008kasperskycom-kl-light_plugin_acf0e80077c511e59ded005056c00008kasperskycom-plugin-button\",\"toggle-button--jid1-snl73vci4ub0fwjetpack-flashctrlbtn\",\"toggle-button--light_plugin_f6f079488b53499db99380a7e11a93f6kasperskycom-kl-light_plugin_f6f079488b53499db99380a7e11a93f6kasperskycom-plugin-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\",\"tabs-closebutton\"],\"toolbar-menubar\":[\"menubar-items\"]},\"seen\":[\"abp-toolbarbutton\",\"toggle-button--light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1dekasperskycom-kl-light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1dekasperskycom-plugin-button\",\"action-button--skype_ff_extensionjetpack-c2c-options-button\",\"youtubeflashvideoplayer-toolbarbutton\",\"loop-button\",\"pocket-button\",\"action-button--82af8dca-6de9-405d-bd5e-43525bdad38a-skypeutton\",\"toggle-button--light_plugin_acf0e80077c511e59ded005056c00008kasperskycom-kl-light_plugin_acf0e80077c511e59ded005056c00008kasperskycom-plugin-button\",\"developer-button\",\"toggle-button--jid1-snl73vci4ub0fwjetpack-flashctrlbtn\",\"toggle-button--light_plugin_f6f079488b53499db99380a7e11a93f6kasperskycom-kl-light_plugin_f6f079488b53499db99380a7e11a93f6kasperskycom-plugin-button\",\"youtubehighdefinition-toolbarbutton\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\",\"PanelUI-contents\",\"addon-bar\"],\"currentVersion\":6,\"newElementCount\":0}");
user_pref("extensions.adblockplus.currentVersion", "2.9.1");
user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1498812156190,\"softExpiration\":1498847348717,\"hardExpiration\":1498931169275,\"data\":{\"notifications\":[],\"version\":\"201706291744-2/0\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"shown\":[\"antiadblock\"],\"downloadCount\":819}");
user_pref("extensions.blocklist.pingCountTotal", 1213);
user_pref("extensions.blocklist.pingCountVersion", 15);
user_pref("extensions.bootstrappedAddons", "{\"en-gb@flyingtophat.co.uk\":{\"version\":\"1.19.6\",\"type\":\"dictionary\",\"descriptor\":\"C:\\\\Users\\\\Gary\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vc6qe3r0.default\\\\extensions\\\\en-gb@flyingtophat.co.uk\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"jid1-sNL73VCI4UB0Fw@jetpack\":{\"version\":\"2.1.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Gary\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vc6qe3r0.default\\\\extensions\\\\jid1-sNL73VCI4UB0Fw@jetpack.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"{53152e75-fd90-472f-9d30-5cba3679eab9}\":{\"version\":\"48.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Gary\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vc6qe3r0.default\\\\extensions\\\\{53152e75-fd90-472f-9d30-5cba3679eab9}.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.9.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Gary\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vc6qe3r0.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":true},\"{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}\":{\"version\":\"52.0.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Gary\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vc6qe3r0.default\\\\extensions\\\\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.50\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@getpocket.com\":{\"version\":\"1.0.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"webcompat@mozilla.org\":{\"version\":\"1.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"aushelper@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"screenshots@mozilla.org\":{\"version\":\"6.6.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com\":{\"version\":\"5.0.141-4-20161031140250\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Total Security 17.0.0\\\\FFExt\\\\light_plugin_firefox\\\\addon.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}");
user_pref("extensions.databaseSchema", 19);
user_pref("extensions.e10s.rollout.blocklist", "");
user_pref("extensions.e10s.rollout.hasAddon", false);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", true);
user_pref("extensions.e10sMultiBlockedByAddons", true);
user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0");
user_pref("extensions.getAddons.cache.lastUpdate", 1498805649);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.jid1-sNL73VCI4UB0Fw@jetpack.sdk.baseURI", "resource://jid1-snl73vci4ub0fw-at-jetpack/");
user_pref("extensions.jid1-sNL73VCI4UB0Fw@jetpack.sdk.domain", "jid1-snl73vci4ub0fw-at-jetpack");
user_pref("extensions.jid1-sNL73VCI4UB0Fw@jetpack.sdk.load.reason", "startup");
user_pref("extensions.jid1-sNL73VCI4UB0Fw@jetpack.sdk.rootURI", "jar:file:///C:/Users/Gary/AppData/Roaming/Mozilla/Firefox/Profiles/vc6qe3r0.default/extensions/jid1-sNL73VCI4UB0Fw@jetpack.xpi!/");
user_pref("extensions.jid1-sNL73VCI4UB0Fw@jetpack.sdk.version", "2.1.4");
user_pref("extensions.lastAppVersion", "54.0");
user_pref("extensions.lastPlatformVersion", "54.0");
user_pref("extensions.light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com.sdk.baseURI", "resource://light_plugin_acf0e80077c511e59ded005056c00008-at-kaspersky-dot-com/");
user_pref("extensions.light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com.sdk.domain", "light_plugin_acf0e80077c511e59ded005056c00008-at-kaspersky-dot-com");
user_pref("extensions.light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com.sdk.load.reason", "startup");
user_pref("extensions.light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com.sdk.rootURI", "jar:file:///C:/Program%20Files%20(x86)/Kaspersky%20Lab/Kaspersky%20Total%20Security%2016.0.1/FFExt/light_plugin_firefox/addon.xpi!/");
user_pref("extensions.light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com.sdk.version", "4.6.3-9");
user_pref("extensions.light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com.sdk.baseURI", "resource://light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1de-at-kaspersky-dot-com/");
user_pref("extensions.light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com.sdk.domain", "light_plugin_d772dc8d6faf43a29b25c4ebaa5ad1de-at-kaspersky-dot-com");
user_pref("extensions.light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com.sdk.load.reason", "startup");
user_pref("extensions.light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com.sdk.rootURI", "file:///C:/Program%20Files%20(x86)/Kaspersky%20Lab/Kaspersky%20Internet%20Security%2016.0.0/FFExt/light_plugin_firefox/");
user_pref("extensions.light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com.sdk.version", "4.6.2-40");
user_pref("extensions.light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com.sdk.baseURI", "resource://light_plugin_f6f079488b53499db99380a7e11a93f6-at-kaspersky-dot-com/");
user_pref("extensions.light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com.sdk.domain", "light_plugin_f6f079488b53499db99380a7e11a93f6-at-kaspersky-dot-com");
user_pref("extensions.light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com.sdk.load.reason", "startup");
user_pref("extensions.light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com.sdk.rootURI", "jar:file:///C:/Program%20Files%20(x86)/Kaspersky%20Lab/Kaspersky%20Total%20Security%2017.0.0/FFExt/light_plugin_firefox/addon.xpi!/");
user_pref("extensions.light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com.sdk.version", "5.0.141-4-20161031140250");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.sdk-widget-inserted.widget:skype_ff_extension@jetpack-c2c-options-button", true);
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.ui.dictionary.hidden", false);
user_pref("extensions.ui.experiment.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://list/plugin");
user_pref("extensions.ui.locale.hidden", true);
user_pref("extensions.virtual_keyboard.firstrun", false);
user_pref("extensions.webextensions.uuids", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"6eb24d83-e277-45b4-9abe-2fe54cb97357\"}");
user_pref("extensions.xpiState", "{\"app-profile\":{\"en-gb@flyingtophat.co.uk\":{\"d\":\"C:\\\\Users\\\\Gary\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vc6qe3r0.default\\\\extensions\\\\en-gb@flyingtophat.co.uk\",\"e\":true,\"v\":\"1.19.6\",\"st\":1420538494541,\"mt\":1420538494493},\"jid1-sNL73VCI4UB0Fw@jetpack\":{\"d\":\"C:\\\\Users\\\\Gary\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vc6qe3r0.default\\\\extensions\\\\jid1-sNL73VCI4UB0Fw@jetpack.xpi\",\"e\":true,\"v\":\"2.1.4\",\"st\":1473872941326},\"{53152e75-fd90-472f-9d30-5cba3679eab9}\":{\"d\":\"C:\\\\Users\\\\Gary\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vc6qe3r0.default\\\\extensions\\\\{53152e75-fd90-472f-9d30-5cba3679eab9}.xpi\",\"e\":true,\"v\":\"48.3\",\"st\":1474721302635},\"{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}\":{\"d\":\"C:\\\\Users\\\\Gary\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vc6qe3r0.default\\\\extensions\\\\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi\",\"e\":true,\"v\":\"52.0.3\",\"st\":1498031027133},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\Gary\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vc6qe3r0.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.9.1\",\"st\":1496909867553}},\"app-system-defaults\":{\"aushelper@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1497471665109},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.50\",\"st\":1497471665082},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.5\",\"st\":1497471665054},\"screenshots@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"e\":true,\"v\":\"6.6.0\",\"st\":1497471665338},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.1\",\"st\":1497471665010}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"54.0\",\"st\":1497471665118}},\"winreg-app-global\":{\"{F003DA68-8256-4b37-A6C4-350FA04494DF}\":{\"d\":\"C:\\\\Program Files\\\\Logitech\\\\SetPointP\\\\LogiSmoothFirefoxExt\",\"e\":false,\"v\":\"6.5\",\"st\":1454609129558,\"mt\":1440547208000},\"light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Total Security 17.0.0\\\\FFExt\\\\light_plugin_firefox\\\\addon.xpi\",\"e\":true,\"v\":\"5.0.141-4-20161031140250\",\"st\":1490754060000}}}");
user_pref("extensions.youtubeflashvideoplayer.currentversion", "54.0");
user_pref("extensions.youtubeflashvideoplayer.currentvideoplayer", "html5");
user_pref("extensions.youtubeflashvideoplayer.installdate", "1453407209576");
user_pref("extensions.youtubeflashvideoplayer.tbplaced", true);
user_pref("extensions.youtubehighdefinition.currentversion", "52.0.3");
user_pref("extensions.youtubehighdefinition.tbplaced", true);
user_pref("extensions.ytvideoplayerpreview.currentversion", "48.3");
user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.baseURI", "resource://82af8dca-6de9-405d-bd5e-43525bdad38a/");
user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.domain", "82af8dca-6de9-405d-bd5e-43525bdad38a");
user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.load.reason", "startup");
user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.rootURI", "jar:file:///C:/Program%20Files%20(x86)/Mozilla%20Firefox/browser/extensions/%7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D.xpi!/");
user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.version", "8.3.0.9150");


[Profile0] - Name=default -> Profiles/vc6qe3r0.default

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{30c0c4af-68ad-4472-8b83-95a959c3032c}]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{bf1d8b8b-74d2-44aa-864c-69921be5c862}]
"DhcpNameServer"=192.168.0.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{30c0c4af-68ad-4472-8b83-95a959c3032c}]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{bf1d8b8b-74d2-44aa-864c-69921be5c862}]
"DhcpNameServer"=192.168.0.1

---------- | Applications

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Classes\Applications\editor.exe.log] : "C:\Users\Gary\Downloads\DAII Downloads\try new folder for editor\editor.exe.log" %1
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Classes\Applications\EXCEL.EXE] : "C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE" "%1"
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Classes\Applications\notepad++.exe] : "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Classes\Applications\WinRAR.exe] : "C:\Program Files\WinRAR\WinRAR.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\OFFICE11\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\TextPad.exe] : "C:\Program Files\TextPad 7\TextPad.exe" -s "%1"
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\OFFICE11\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\TextPad.exe] : "C:\Program Files\TextPad 7\TextPad.exe" -s "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DeviceInstall
SystemEventsBroker
DcomLaunch
"Camera"=FrameS
"smbsvcs"=lanmanserver
browser
"PeerDist"=PeerDistSvc
"iissvcs"=w3svc
was

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DeviceInstall
DcomLaunch
"smbsvcs"=lanmanserver
"iissvcs"=w3svc
was


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Ableton]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\AdblockPlus]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Amigabit]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\AppDataLow]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Audacity]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Axialis]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Belarc]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Cambridge Silicon Radio]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Cheat Engine]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Chromium]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Clients]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\CodeGear]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Compelson]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Disc Soft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\EaseUS]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\ECSoftware]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Electronic Arts]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\EpmNewsInfo]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Foxit Software]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\FreeCAD]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Google]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Hewlett-Packard]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\IM Providers]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Incline Software]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\JavaSoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\JufSoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\KasperskyLab]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Kingsoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\KLive]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\LDS Church]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Leadertech]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\LogiShrd]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Logitech]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Macromedia]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Malwarebytes]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Malwarebytes' Anti-Malware]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\McAfee]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\mistake.ws]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Mozilla]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\MozillaPlugins]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\MSI]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\MurGee.com]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\MyDefrag]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\NEC Electronics]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\NETGEAR]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Netscape]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\ODBC]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\OpenOffice]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Piriform]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Policies]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\QtProject]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\RadioSure]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Raimasoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Redemption]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Resplendence Sp]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Richter]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Roadkil]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Samsung]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Skype]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\SpeedFan]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\SUPERAntiSpyware.com]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Sysinternals]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\TeamViewer]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\techPowerUp]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\The Document Foundation]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\TomTom]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Tracker Software]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Trolltech]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Unchecky]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Unwinder]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\VB and VBA Program Settings]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\VideoLAN]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\VS Revo Group]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\WinRAR]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Wow6432Node]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\ZebHelpProcess Helper]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Zemana]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\ZHP]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Adblock Plus for IE]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Alienware]
[HKLM\Software\ASIO]
[HKLM\Software\ASUS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AutoHotkey]
[HKLM\Software\Cambridge Silicon Radio]
[HKLM\Software\Canon]
[HKLM\Software\CanonBJ]
[HKLM\Software\Clients]
[HKLM\Software\Foxit Software]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Helios]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IM Providers]
[HKLM\Software\InfoWatch]
[HKLM\Software\Intel]
[HKLM\Software\JreMetrics]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Khronos]
[HKLM\Software\Logishrd]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\NETGEAR]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Propellerhead Software]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAMSUNG]
[HKLM\Software\Sonic]
[HKLM\Software\SUPERAntiSpyware.com]
[HKLM\Software\sysinternals]
[HKLM\Software\Tracker Software]
[HKLM\Software\TrendMicro]
[HKLM\Software\Volatile]
[HKLM\Software\WinImage]
[HKLM\Software\WinRAR]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Zemana]
[HKLM\Software\ZmnGlobalSDK]
[HKLM\Software\{95902D8D-CEA6-4c8d-B504-5944E674D299}]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\DWM]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adguard]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Alexander Avdonin]
[HKLM\Software\WOW6432Node\Amigabit]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\ASIO]
[HKLM\Software\WOW6432Node\ASUS]
[HKLM\Software\WOW6432Node\Axialis]
[HKLM\Software\WOW6432Node\Belarc]
[HKLM\Software\WOW6432Node\BioWare]
[HKLM\Software\WOW6432Node\BitMeterOS]
[HKLM\Software\WOW6432Node\Compelson]
[HKLM\Software\WOW6432Node\Disc Soft]
[HKLM\Software\WOW6432Node\EASEUS]
[HKLM\Software\WOW6432Node\EaseUS Todo Backup]
[HKLM\Software\WOW6432Node\ECSoftware]
[HKLM\Software\WOW6432Node\Electronic Arts]
[HKLM\Software\WOW6432Node\Foxit Software]
[HKLM\Software\WOW6432Node\FreeFileSync]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Helios]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\InstallShield]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\KasperskyLab]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Kingsoft]
[HKLM\Software\WOW6432Node\L&H]
[HKLM\Software\WOW6432Node\LibreOffice]
[HKLM\Software\WOW6432Node\logishrd]
[HKLM\Software\WOW6432Node\Logitech]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Malwarebytes Anti-Exploit]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\MSI]
[HKLM\Software\WOW6432Node\Mutator]
[HKLM\Software\WOW6432Node\NETGEAR]
[HKLM\Software\WOW6432Node\Notepad++]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OpenOffice]
[HKLM\Software\WOW6432Node\Origin]
[HKLM\Software\WOW6432Node\Origin Games]
[HKLM\Software\WOW6432Node\RecordDISCXXX]
[HKLM\Software\WOW6432Node\RtWLan]
[HKLM\Software\WOW6432Node\SERCOMM]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\Softgogo]
[HKLM\Software\WOW6432Node\SpeedFan]
[HKLM\Software\WOW6432Node\TeamViewer]
[HKLM\Software\WOW6432Node\The Church of Jesus Christ of Latter-day Saints]
[HKLM\Software\WOW6432Node\The Document Foundation]
[HKLM\Software\WOW6432Node\TomTom]
[HKLM\Software\WOW6432Node\TrendMicro]
[HKLM\Software\WOW6432Node\TVInstallTemp]
[HKLM\Software\WOW6432Node\Unchecky]
[HKLM\Software\WOW6432Node\Unwinder]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\Volatile]
[HKLM\Software\WOW6432Node\WinISO]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\WSWNA3100M]
[HKLM\Software\WOW6432Node\Yahoo]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives


D:


E:


F:


H:


I:


J:


K:

[28/07/2023 00:08:29] - |A| - (.Copyright © 1997-2011 Simon Tatham. - SSH, Telnet and Rlogin client.) - [483328] - (0.62.0.0) - K:\putty.exe

L:


N:


O:


---------- | C:

[14/07/2009 04:18:56] - |SHD| - [1475] - C:\$Recycle.Bin
[25/01/2017 14:38:47] - |HD| - [1274845] - C:\$SysReset
[MD5.DD1C7CEB4C92653A696B7907A4DD4DF1] - [20/04/2011 18:38:34] - || - (.-.) - [2] - (0.0.0.0) - C:\$UpgDrv$
[03/02/2017 21:59:22] - |HD| - [637300] - C:\$Windows.~WS
[15/03/2012 21:51:12] - |D| - [200752] - C:\34fb5e777cfae65aef3a204032
[24/06/2017 11:14:22] - |D| - [58450829] - C:\AdwCleaner
[11/11/2016 21:51:47] - |D| - [96777084] - C:\ASCEND
[21/11/2010 19:21:23] - |HD| - [425722060] - C:\ASUS.000
[21/11/2010 19:20:56] - |HD| - [902347692] - C:\ASUS.SYS
[03/08/2012 08:05:13] - |D| - [1862368744] - C:\BACK UP
[24/09/2012 12:33:34] - |RD| - [433450147] - C:\Backup
[04/03/2016 20:25:42] - |D| - [0] - C:\BluetoothExchangeFolder
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 09:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[31/01/2011 21:49:42] - |D| - [916] - C:\CPQSYSTEM
[MD5.94E389DC4AA94D946E536480D84A822A] - [01/06/2013 15:09:29] - |A| - (.-.) - [89] - (0.0.0.0) - C:\data
[14/07/2009 06:08:56] - |SHD| - [2833275082149] - C:\Documents and Settings
[02/02/2016 19:21:52] - |D| - [54612609] - C:\Drivers
[21/11/2010 19:21:45] - |HD| - [77] - C:\dvmexp
[MD5.4940BA735116D51D1D49188C52AD35AD] - [21/11/2010 19:31:49] - |H| - (.-.) - [177] - (0.0.0.0) - C:\dvmexp.idx
[03/02/2017 22:02:28] - |D| - [0] - C:\ESD
[31/07/2012 20:04:42] - |D| - [36615701899] - C:\Games
[MD5.685602B41A4F10FC55884E4632280221] - [16/10/2013 20:48:16] - |A| - (.-.) - [109296] - (0.0.0.0) - C:\GDIPFONTCACHEV1.DAT
[08/02/2017 20:57:26] - |D| - [3011251] - C:\inetpub
[14/02/2017 22:21:47] - |D| - [8742] - C:\MATS
[23/11/2010 20:01:02] - |RHD| - [294513104] - C:\MSOCache
[19/12/2016 23:35:27] - |D| - [0] - C:\My Backups
[21/11/2010 18:35:25] - |D| - [8258655153] - C:\NVIDIA
[15/04/2013 08:29:47] - |D| - [8754] - C:\NVIDIA Corporation
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [20/04/2017 20:57:13] - |ASH| - (.-.) - [33554432000] - (0.0.0.0) - C:\pagefile.sys
[16/07/2016 12:47:47] - |D| - [0] - C:\PerfLogs
[16/07/2016 07:04:24] - |RD| - [4369757022] - C:\Program Files
[16/07/2016 07:04:24] - |RD| - [43558202258] - C:\Program Files (x86)
[16/07/2016 12:47:48] - |HD| - [2750250624294] - C:\ProgramData
[30/06/2017 07:53:33] - |D| - [262052] - C:\QuickDiag
[MD5.EB76CB6C98D76E48C1E29EE2300AE72E] - [30/06/2017 07:53:51] - |A| - (.-.) - [234664] - (0.0.0.0) - C:\QuickDiag.txt
[30/07/2016 09:00:02] - |D| - [683252736] - C:\RECOVERED MAIL FILES
[08/02/2017 13:44:50] - |SHD| - [0] - C:\Recovery
[07/06/2014 11:56:33] - |D| - [20308316] - C:\reports
[MD5.D302F79EEE08C062630BE2F5F1477FDB] - [04/11/2011 21:46:26] - |A| - (.-.) - [68772] - (0.0.0.0) - C:\shared.log
[MD5.5A928679097C448A4BD3469AD9B9F000] - [26/11/2009 18:41:18] - |H| - (.-.) - [68] - (0.0.0.0) - C:\splash.idx
[12/04/2016 11:47:58] - |D| - [0] - C:\SUPERDelete
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/04/2017 14:38:52] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[22/11/2010 10:02:44] - |SHD| - [0] - C:\System Volume Information
[21/11/2010 19:21:45] - |HD| - [58840992] - C:\temp
[20/09/2011 09:30:08] - |D| - [565788574] - C:\TEMP BUP
[16/07/2016 07:04:24] - |RD| - [3072740073450] - C:\Users
[MD5.1E4D4A454BCE1445EC4998308333D236] - [01/03/2010 18:40:44] - |AH| - (.-.) - [17232] - (0.0.0.0) - C:\version
[16/07/2016 07:04:24] - |D| - [23728564279] - C:\Windows
[26/01/2017 11:55:44] - |D| - [15918573] - C:\Windows10Upgrade

---------- | C:\WINDOWS

[16/07/2016 12:47:48] - |D| - [802] - C:\WINDOWS\addins
[16/07/2016 12:47:48] - |D| - [24921703] - C:\WINDOWS\appcompat
[16/07/2016 12:47:48] - |D| - [12422862] - C:\WINDOWS\AppPatch
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\AppReadiness
[16/07/2016 12:47:47] - |RD| - [1496431403] - C:\WINDOWS\assembly
[16/07/2016 12:47:48] - |D| - [325008] - C:\WINDOWS\bcastdvr
[MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 12:42:16] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe
[16/07/2016 15:29:36] - |SHD| - [591899] - C:\WINDOWS\BitLockerDiscoveryVolumeContents
[16/07/2016 12:47:48] - |D| - [38115435] - C:\WINDOWS\Boot
[MD5.4A926D5A094C131AD209806ED5D9642C] - [08/02/2017 13:11:54] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[16/07/2016 12:47:48] - |D| - [3715096] - C:\WINDOWS\Branding
[16/07/2016 12:36:22] - |D| - [0] - C:\WINDOWS\CbsTemp
[14/07/2009 08:46:13] - |D| - [0] - C:\WINDOWS\CSC
[16/07/2016 12:47:48] - |D| - [8970858] - C:\WINDOWS\Cursors
[16/07/2016 12:47:48] - |D| - [1228574] - C:\WINDOWS\debug
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [08/02/2017 13:42:31] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[16/07/2016 12:47:48] - |D| - [4494460] - C:\WINDOWS\diagnostics
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [08/02/2017 13:42:31] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[16/07/2016 15:14:00] - |D| - [0] - C:\WINDOWS\DigitalLocker
[16/07/2016 12:47:48] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[14/07/2009 08:46:19] - |D| - [0] - C:\WINDOWS\ehome
[16/07/2016 12:47:48] - |HD| - [72848] - C:\WINDOWS\ELAMBKUP
[16/07/2016 15:14:00] - |D| - [105984] - C:\WINDOWS\en-US
[MD5.679D17F8CDB938C7100D7A647953677E] - [11/05/2017 09:14:11] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [4674360] - (10.0.14393.1198) - C:\WINDOWS\explorer.exe
[16/07/2016 12:47:48] - |RSD| - [452980392] - C:\WINDOWS\Fonts
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[16/07/2016 12:47:48] - |D| - [27494735] - C:\WINDOWS\Globalization
[16/07/2016 12:47:48] - |D| - [71758229] - C:\WINDOWS\Help
[MD5.E8B796A523D2B63A9C7BB0576DFE793E] - [17/06/2017 08:18:09] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [975872] - (10.0.14393.1358) - C:\WINDOWS\HelpPane.exe
[MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 12:42:21] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe
[16/07/2016 12:47:48] - |D| - [173574440] - C:\WINDOWS\IME
[16/07/2016 12:47:48] - |RD| - [6841392] - C:\WINDOWS\ImmersiveControlPanel
[16/07/2016 12:45:54] - |D| - [173357472] - C:\WINDOWS\INF
[16/07/2016 12:47:48] - |D| - [1089238871] - C:\WINDOWS\InfusedApps
[16/07/2016 12:47:48] - |D| - [36285422] - C:\WINDOWS\InputMethod
[16/07/2016 12:47:48] - |SHDC| - [2825693980] - C:\WINDOWS\Installer
[16/07/2016 12:47:48] - |D| - [89407] - C:\WINDOWS\L2Schemas
[MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - [25/04/2015 10:25:57] - |A| - (.-.) - [1769] - (0.0.0.0) - C:\WINDOWS\Language_trs.ini
[16/07/2016 12:47:48] - |D| - [737728236] - C:\WINDOWS\LiveKernelReports
[16/07/2016 07:04:29] - |D| - [41061732] - C:\WINDOWS\Logs
[MD5.BBF1106FEF85FD9049506FA8AD454D75] - [23/01/2014 18:31:12] - |A| - (.Copyright (C) 2003-2006, (주)마크애니 - KTMusic Download ActiveX Module.) - [90112] - (1.7.2009.1116) - C:\WINDOWS\MAMCityDownload.ocx
[MD5.F9FCD1220E1B880111258C03D1650994] - [23/01/2014 18:31:12] - |A| - (.Copyright 2004 - (주)마크애니 ContentSAFER 설치 마법사.) - [330240] - (1.4.2012.508) - C:\WINDOWS\MASetupCaller.dll
[16/07/2016 12:47:48] - |RSD| - [27807331] - C:\WINDOWS\Media
[MD5.95DC9DBE357E8041E175FF2D65DAC9B4] - [01/11/2016 12:30:45] - |A| - (.-.) - [1538908186] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 12:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[16/07/2016 12:47:47] - |RD| - [762362047] - C:\WINDOWS\Microsoft.NET
[16/07/2016 12:47:48] - |D| - [2938] - C:\WINDOWS\Migration
[08/03/2017 23:23:10] - |D| - [14020936] - C:\WINDOWS\Minidump
[16/07/2016 12:47:48] - |RD| - [484593] - C:\WINDOWS\MiracastView
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 03:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\WINDOWS\msdfmap.ini
[28/04/2016 18:38:21] - |HD| - [0] - C:\WINDOWS\msdownld.tmp
[MD5.35783FF1CCAB7CFBFE799EF8D6476C0D] - [23/01/2014 18:31:12] - |A| - (.Copyright (C) 2007 - NYEDownload MFC 응용 프로그램.) - [30568] - (1.0.2007.927) - C:\WINDOWS\MusiccityDownload.exe
[MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 12:43:51] - |A| - (.© Microsoft Corporation. - Notepad.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [16/04/2017 08:14:24] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat
[16/07/2016 15:15:09] - |D| - [219754] - C:\WINDOWS\OCR
[MD5.E8311CD2B156F82A44AA485E5FC40F6B] - [18/12/2013 13:33:18] - |A| - (.-.) - [487] - (0.0.0.0) - C:\WINDOWS\ODBC.INI
[MD5.EED5AF05321D396481BA6DDEE55DAC03] - [18/01/2014 12:42:55] - |A| - (.-.) - [167] - (0.0.0.0) - C:\WINDOWS\ODBCINST.INI
[16/07/2016 12:47:48] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[08/02/2017 21:05:31] - |DC| - [211262337] - C:\WINDOWS\Panther
[06/04/2017 20:54:15] - |D| - [0] - C:\WINDOWS\PCHEALTH
[16/07/2016 12:47:48] - |D| - [33307644] - C:\WINDOWS\Performance
[MD5.7CF451D1A4AFE7198D594918091A3AB0] - [13/04/2017 16:30:50] - |A| - (.-.) - [28794] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[16/07/2016 12:47:48] - |D| - [1121835] - C:\WINDOWS\PLA
[16/07/2016 12:47:48] - |D| - [6188281] - C:\WINDOWS\PolicyDefinitions
[08/02/2017 13:10:49] - |D| - [8795665] - C:\WINDOWS\Prefetch
[16/07/2016 12:47:48] - |RD| - [2037042] - C:\WINDOWS\PrintDialog
[MD5.4ACE1A172D35E492443D29527441BB30] - [16/07/2016 15:30:48] - |A| - (.-.) - [33882] - (0.0.0.0) - C:\WINDOWS\Professional.xml
[16/07/2016 12:47:48] - |D| - [1423310] - C:\WINDOWS\Provisioning
[31/07/2015 14:35:16] - |D| - [54272] - C:\WINDOWS\pss
[MD5.BF5D30514FEA913E25CCC9E546257088] - [15/03/2017 21:53:06] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [320512] - (10.0.14393.953) - C:\WINDOWS\regedit.exe
[16/07/2016 12:47:48] - |D| - [1117148] - C:\WINDOWS\Registration
[16/07/2016 15:29:36] - |D| - [0] - C:\WINDOWS\RemotePackages
[16/07/2016 12:47:48] - |D| - [5381448] - C:\WINDOWS\rescache
[16/07/2016 12:47:48] - |D| - [3661206] - C:\WINDOWS\Resources
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\SchCache
[16/07/2016 12:47:48] - |D| - [121229] - C:\WINDOWS\schemas
[16/07/2016 12:47:48] - |D| - [7565042] - C:\WINDOWS\security
[08/02/2017 20:59:29] - |D| - [45905279] - C:\WINDOWS\ServiceProfiles
[16/07/2016 07:04:24] - |D| - [203730836] - C:\WINDOWS\servicing
[16/07/2016 12:49:46] - |D| - [42] - C:\WINDOWS\Setup
[MD5.8AB364BA80F20DBBC063B95051E8AB53] - [27/05/2014 15:47:51] - |A| - (.Copyright (c) 1987-1998 Microsoft Corporation - Visual Basic 6.0 Setup Toolkit.) - [262144] - (6.0.0.8169) - C:\WINDOWS\Setup1.exe
[MD5.133F0476E7526DD7D41F8014ECAAF29D] - [13/04/2017 16:14:01] - |A| - (.-.) - [7038] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/04/2017 16:14:01] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[16/07/2016 12:47:48] - |D| - [31196672] - C:\WINDOWS\ShellExperiences
[30/10/2015 10:07:42] - |D| - [148292] - C:\WINDOWS\ShellNew
[16/07/2016 15:14:36] - |D| - [3757408] - C:\WINDOWS\SKB
[14/11/2016 16:40:20] - |D| - [220092192] - C:\WINDOWS\SoftwareDistribution
[MD5.9CD83753E2159E134432890E75F56995] - [23/01/2016 12:30:18] - |A| - (.-.) - [150] - (0.0.0.0) - C:\WINDOWS\Song_w.ini
[16/07/2016 12:47:48] - |D| - [107844594] - C:\WINDOWS\Speech
[16/07/2016 12:47:48] - |D| - [55814448] - C:\WINDOWS\Speech_OneCore
[MD5.BCDB205132974EC3AB6F5C01DD93489B] - [08/02/2017 19:00:14] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe
[MD5.EA4E2BA0D35EEADEE23B0C1397C71367] - [27/05/2014 15:47:49] - |A| - (.Copyright © 1987-2000 Microsoft Corp. - Visual Basic Setup Toolkit Uninstaller.) - [73216] - (6.0.97.82) - C:\WINDOWS\ST6UNST.EXE
[16/07/2016 12:47:48] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 03:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[16/07/2016 07:04:24] - |D| - [4683170258] - C:\WINDOWS\System32
[16/07/2016 12:47:48] - |D| - [145561690] - C:\WINDOWS\SystemApps
[16/07/2016 12:47:48] - |D| - [17453661] - C:\WINDOWS\SystemResources
[16/07/2016 07:04:27] - |D| - [1504952128] - C:\WINDOWS\SysWOW64
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\TAPI
[16/07/2016 12:47:48] - |D| - [220] - C:\WINDOWS\Tasks
[16/07/2016 12:47:48] - |D| - [113305350] - C:\WINDOWS\Temp
[16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\tracing
[16/07/2016 12:47:48] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 12:43:52] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[17/06/2017 13:54:43] - |SD| - [6394488] - C:\WINDOWS\UpdateAssistantV2
[16/07/2016 12:47:48] - |D| - [12420] - C:\WINDOWS\Vss
[16/07/2016 12:47:48] - |D| - [15729830] - C:\WINDOWS\Web
[MD5.B1333C7A61106FCC28C60BE9CAC7EF39] - [14/07/2009 03:34:57] - |A| - (.-.) - [499] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 12:42:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [13/04/2017 16:30:57] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 12:42:48] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe
[16/07/2016 07:04:24] - |D| - [6709765056] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 12:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 12:42:39] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe
[MD5.3F013C8D4761CFB29BD9594EFAC711DB] - [24/06/2017 12:59:30] - |A| - (.-.) - [2222988] - (0.0.0.0) - C:\WINDOWS\ZAM.krnl.trace
[MD5.AB1CCE1A47D67478578579FB07AF5958] - [24/06/2017 12:59:29] - |A| - (.-.) - [297847] - (0.0.0.0) - C:\WINDOWS\ZAM_Guard.krnl.trace

---------- | C:\WINDOWS\System32\GroupPolicy

[MD5.609C36FA5665162FA915FABBAA7C040C] - [21/01/2016 22:13:38] - |A| - (.-.) - [165] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\gpt.ini
[21/01/2016 22:13:38] - |D| - [1178] - C:\WINDOWS\System32\GroupPolicy\Machine
[21/01/2016 22:13:38] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[29/01/2017 02:08:43] - C:\WINDOWS\Installer\11b0a69a.msi : (Google Earth - Google) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/07/2012 05:00:00] - C:\WINDOWS\Installer\155ad876.msi : (HexEdit Installer - Expert Commercial Software Pty Ltd) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/01/2014 21:37:44] - C:\WINDOWS\Installer\17073aa2.msi : ( - COMPELSON Laboratories) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/02/2016 19:32:26] - C:\WINDOWS\Installer\172005.msi : (TextPad 64-bit - Helios) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/03/2017 22:57:35] - C:\WINDOWS\Installer\173033.msi : (Java SE Runtime Environment 8 Update 121 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/03/2017 22:57:21] - C:\WINDOWS\Installer\17304c.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/12/2013 01:45:38] - C:\WINDOWS\Installer\1748f0.msi : (Ancestral Quest 14 - Incline Software, LC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/01/2007 23:04:08] - C:\WINDOWS\Installer\1748ff.msi : (Ancestral Quest Collaboration Support for Win 98/NT/2000/ME/XP - Incline Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/04/2015 10:26:08] - C:\WINDOWS\Installer\197e12bf.msi : (USB 3.0 Host Controller Driver - NEC Electronics Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/04/2017 02:14:56] - C:\WINDOWS\Installer\1f6b682.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/10/2015 16:03:44] - C:\WINDOWS\Installer\22042cc.msi : (OpenOffice 4.1.2 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/10/2015 13:25:17] - C:\WINDOWS\Installer\2386380f.msi : (Adblock Plus for IE - Eyeo GmbH) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/12/2014 22:58:57] - C:\WINDOWS\Installer\25e2794.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/06/2015 08:49:52] - C:\WINDOWS\Installer\25e894a.msi : (System Requirements Lab Detection - Husdawg, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/09/2016 09:33:58] - C:\WINDOWS\Installer\295fc7d.msi : (Kaspersky Secure Connection - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/05/2014 09:00:00] - C:\WINDOWS\Installer\2c54864b.msi : (Blank Project Template - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/11/2014 06:53:16] - C:\WINDOWS\Installer\330c42b4.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/02/2016 19:22:11] - C:\WINDOWS\Installer\3e80765.msi : (CSR Bluetooth Stack - Cambridge Silicon Radio Limited.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/06/2012 00:10:00] - C:\WINDOWS\Installer\4e14dde.msi : ( - SteelSoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 15:06:21] - C:\WINDOWS\Installer\5b930f8.msi : (Kaspersky Total Security - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/07/2016 11:31:46] - C:\WINDOWS\Installer\948e15d.msi : ( - TomTom) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 00:34:20] - C:\WINDOWS\Installer\94a228a.msi : (LWS Help_main - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:18] - C:\WINDOWS\Installer\94a2297.msi : (LWS Webcam Software - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:16] - C:\WINDOWS\Installer\94a22a4.msi : (CameraHelperMsi - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 00:46:08] - C:\WINDOWS\Installer\94a22b1.msi : (Logitech eReg 1.12 merge module-to-MSI converter - Logitech, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/07/2012 23:15:18] - C:\WINDOWS\Installer\94a22be.msi : (LWS Facebook - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/09/2012 23:19:08] - C:\WINDOWS\Installer\94a22cb.msi : (LWS Gallery - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 00:36:58] - C:\WINDOWS\Installer\94a22d8.msi : (LWS Launcher - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:12] - C:\WINDOWS\Installer\94a22e5.msi : (LWS Motion Detection - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:22] - C:\WINDOWS\Installer\94a22f2.msi : (LWS Pictures And Video - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/07/2011 03:51:16] - C:\WINDOWS\Installer\94a22ff.msi : (LWS Twitter - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/06/2011 04:26:48] - C:\WINDOWS\Installer\94a230c.msi : (LWS WLM Plugin - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/11/2011 23:14:28] - C:\WINDOWS\Installer\94a2319.msi : (LWS YouTube Plugin - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[16/07/2016 12:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[08/02/2017 13:16:59] - [1280994] - C:\WINDOWS\System32\PerfStringBackup.INI
[16/07/2016 12:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[16/07/2016 12:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[16/07/2016 12:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[07/01/2003 16:05:08] - [2695] - C:\WINDOWS\Syswow64\OUTLPERF.INI
[08/02/2017 13:16:51] - [968848] - C:\WINDOWS\Syswow64\PerfStringBackup.INI
[16/07/2016 12:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64
[MD5.B7C476BBE4F001F4F33C04D9ABC33DC8] - |A| - [16/07/2016 12:42:17] - (.-.) - [14.52 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
[MD5.8BE31B88D8523648580AFAFB92B78A30] - |A| - [15/03/2017 21:53:25] - (.-.) - [540.84 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
[MD5.12297D7145B939711EED5245E03EB14C] - |A| - [31/07/2015 14:35:16] - (.-.) - [28 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup
[MD5.74E8B3D90B953A85A6E4949419981180] - |ASH| - [31/07/2015 14:35:16] - (.-.) - [25 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [31/07/2015 14:35:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG1
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [31/07/2015 14:35:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG2
[MD5.00000000000000000000000000000000] - |D| - [02/06/2017 23:08:16] - [0 Ko] - C:\WINDOWS\Temp\084C2705-711F-EDB5-4B28-C4CF86B7EC37
[MD5.00000000000000000000000000000000] - |D| - [14/06/2017 17:52:42] - [0 Ko] - C:\WINDOWS\Temp\08A023B4-7FB8-9DEF-9197-2F989176D32B
[MD5.00000000000000000000000000000000] - |D| - [15/04/2017 15:34:21] - [0 Ko] - C:\WINDOWS\Temp\0FD6B391-B504-0065-E8BF-1650ACD8D34B
[MD5.00000000000000000000000000000000] - |D| - [10/06/2017 08:38:58] - [13342.22 Ko] - C:\WINDOWS\Temp\18E5672F-E71C-F9CE-E06A-31C17C82DB25
[MD5.00000000000000000000000000000000] - |D| - [25/05/2017 15:05:31] - [0 Ko] - C:\WINDOWS\Temp\1A7A9CBB-DC11-F562-BCBF-EAAEA00AC1AA
[MD5.00000000000000000000000000000000] - |D| - [24/06/2017 23:16:07] - [0 Ko] - C:\WINDOWS\Temp\1C151345-4BB6-6D5C-E47C-8EA1F3C5FCA9
[MD5.00000000000000000000000000000000] - |D| - [27/05/2017 14:53:40] - [0 Ko] - C:\WINDOWS\Temp\1E3DB601-9FFB-9243-895C-DC3AF36C7BCA
[MD5.00000000000000000000000000000000] - |D| - [21/06/2017 16:03:09] - [0 Ko] - C:\WINDOWS\Temp\20EC404C-A649-9CA8-5A33-5216BACF6FF8
[MD5.00000000000000000000000000000000] - |D| - [29/06/2017 15:54:17] - [0 Ko] - C:\WINDOWS\Temp\29A0C49A-3E01-58FE-D012-79A54063A768
[MD5.00000000000000000000000000000000] - |D| - [23/05/2017 16:46:32] - [0 Ko] - C:\WINDOWS\Temp\2E720918-0C77-18FE-A08B-9C004C1DF24E
[MD5.00000000000000000000000000000000] - |D| - [09/05/2017 00:12:07] - [0 Ko] - C:\WINDOWS\Temp\317E7435-AD21-440D-CF24-4822476104F2
[MD5.00000000000000000000000000000000] - |D| - [13/05/2017 15:10:26] - [0 Ko] - C:\WINDOWS\Temp\33FA4131-610A-EE50-9D56-3409DCE2AA5C
[MD5.00000000000000000000000000000000] - |D| - [06/05/2017 15:36:50] - [0 Ko] - C:\WINDOWS\Temp\3ABC2BF5-2266-138E-1A3D-68B3CD7E88F3
[MD5.00000000000000000000000000000000] - |D| - [14/04/2017 20:22:42] - [0 Ko] - C:\WINDOWS\Temp\42EACB14-9AD7-3C21-1DF9-25A0EAABA4B2
[MD5.00000000000000000000000000000000] - |D| - [24/06/2017 09:03:49] - [874.27 Ko] - C:\WINDOWS\Temp\46EF6E51-1F1E-4059-B363-93ADAA63F89D235c.1d2ecc069659fe7
[MD5.00000000000000000000000000000000] - |D| - [17/06/2017 09:27:46] - [0 Ko] - C:\WINDOWS\Temp\4A3B4405-1F6A-622C-4CBB-B5D275C5ED05
[MD5.00000000000000000000000000000000] - |D| - [27/04/2017 17:06:12] - [0 Ko] - C:\WINDOWS\Temp\4A5347D5-D907-3F22-919F-089E10997B1F
[MD5.00000000000000000000000000000000] - |D| - [01/05/2017 16:04:54] - [0 Ko] - C:\WINDOWS\Temp\4A62A709-C40D-980A-BAB2-0D4EABB97F12
[MD5.00000000000000000000000000000000] - |D| - [13/06/2017 04:53:36] - [0 Ko] - C:\WINDOWS\Temp\4DE0B86A-3A38-F471-A66E-88AAA4A107F5
[MD5.00000000000000000000000000000000] - |D| - [06/04/2017 14:30:49] - [0 Ko] - C:\WINDOWS\Temp\50C85651-3F15-9B88-CC8D-DCA2501134AB
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 19:12:24] - [0 Ko] - C:\WINDOWS\Temp\515AAEEF-6BA3-CB1F-8BF9-11780532400A
[MD5.00000000000000000000000000000000] - |D| - [23/06/2017 19:56:55] - [13367.51 Ko] - C:\WINDOWS\Temp\567B3BD7-ACEC-0B25-9B00-820225D14C0F
[MD5.00000000000000000000000000000000] - |D| - [15/06/2017 20:04:57] - [0 Ko] - C:\WINDOWS\Temp\56EC8019-F8F7-19BE-AE03-03BCE9AB8A0A
[MD5.00000000000000000000000000000000] - |D| - [19/04/2017 17:01:20] - [0 Ko] - C:\WINDOWS\Temp\59D2FCED-7540-C396-7C7C-38C881F31BAE
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 15:26:03] - [0 Ko] - C:\WINDOWS\Temp\63B3B66B-90F1-4E0B-52D1-3C0C3C3B285A
[MD5.00000000000000000000000000000000] - |D| - [08/06/2017 15:24:48] - [0 Ko] - C:\WINDOWS\Temp\640365C8-4A7D-9F3E-C71F-1CFF27714336
[MD5.00000000000000000000000000000000] - |D| - [27/06/2017 00:26:32] - [0 Ko] - C:\WINDOWS\Temp\6502B2E5-3D0C-9E3D-8B07-F0A16256B8F7
[MD5.00000000000000000000000000000000] - |D| - [20/06/2017 15:14:32] - [0 Ko] - C:\WINDOWS\Temp\65F5DC6B-83F7-6BB2-579A-0746661A1837
[MD5.00000000000000000000000000000000] - |D| - [28/04/2017 23:18:41] - [0 Ko] - C:\WINDOWS\Temp\69F1E149-99F7-672C-69FC-9F5C95520B3C
[MD5.00000000000000000000000000000000] - |D| - [26/05/2017 15:37:11] - [0 Ko] - C:\WINDOWS\Temp\6F06C0B6-F8A4-80F1-72B1-5BA9B40D3DB8
[MD5.00000000000000000000000000000000] - |D| - [07/06/2017 17:37:17] - [0 Ko] - C:\WINDOWS\Temp\709798ED-FD8F-6D19-3D41-82C2527758AF
[MD5.00000000000000000000000000000000] - |D| - [10/06/2017 15:12:40] - [0 Ko] - C:\WINDOWS\Temp\75DAD52F-4ACD-A65C-0ACF-0E3088002C64
[MD5.00000000000000000000000000000000] - |D| - [31/05/2017 01:02:27] - [0 Ko] - C:\WINDOWS\Temp\79CE4B86-6E83-C556-BD0C-AD10E2E31531
[MD5.00000000000000000000000000000000] - |D| - [03/05/2017 17:16:26] - [0 Ko] - C:\WINDOWS\Temp\819A7D11-D1FC-470E-9B15-C0823211BBBB
[MD5.00000000000000000000000000000000] - |D| - [11/05/2017 15:12:03] - [0 Ko] - C:\WINDOWS\Temp\82BF2A3B-B97B-7E16-40BE-0313C52CEC96
[MD5.00000000000000000000000000000000] - |D| - [06/05/2017 00:20:43] - [0 Ko] - C:\WINDOWS\Temp\83E3FF09-4B21-F4A1-7732-537DBD702194
[MD5.00000000000000000000000000000000] - |D| - [13/04/2017 16:09:42] - [0 Ko] - C:\WINDOWS\Temp\878834E1-5D2A-BC71-B800-7C14C40C8D5C
[MD5.00000000000000000000000000000000] - |D| - [27/06/2017 16:09:08] - [0 Ko] - C:\WINDOWS\Temp\8A1C4635-8CCC-4A9A-4A53-BFDFA55E24EF
[MD5.00000000000000000000000000000000] - |D| - [08/04/2017 09:29:27] - [0 Ko] - C:\WINDOWS\Temp\92AADA39-05DB-7CB6-06D6-673D9BD52D02
[MD5.00000000000000000000000000000000] - |D| - [28/06/2017 16:01:07] - [0 Ko] - C:\WINDOWS\Temp\93397864-3E00-D6E4-2949-5B67A58F41F0
[MD5.00000000000000000000000000000000] - |D| - [25/04/2017 00:24:42] - [0 Ko] - C:\WINDOWS\Temp\937896BE-B82A-D7B1-9B4E-B6FFC9008A33
[MD5.00000000000000000000000000000000] - |D| - [14/05/2017 14:55:51] - [0 Ko] - C:\WINDOWS\Temp\95F89A56-EE75-3672-5E77-5B70F6D32E18
[MD5.00000000000000000000000000000000] - |D| - [22/04/2017 16:43:18] - [0 Ko] - C:\WINDOWS\Temp\97A49954-4C47-8A10-1E5D-9E250BDF2207
[MD5.00000000000000000000000000000000] - |D| - [19/04/2017 16:56:34] - [13144.12 Ko] - C:\WINDOWS\Temp\99B28B76-7AC2-B974-E394-8B09B9979E19
[MD5.00000000000000000000000000000000] - |D| - [16/04/2017 16:12:06] - [0 Ko] - C:\WINDOWS\Temp\9BB4393D-FF7B-85FE-9333-4F2B9EDA7AFF
[MD5.00000000000000000000000000000000] - |D| - [17/06/2017 14:57:14] - [0 Ko] - C:\WINDOWS\Temp\9CB19679-E66E-32EE-74CC-9CB93C640DF5
[MD5.00000000000000000000000000000000] - |D| - [26/04/2017 12:11:06] - [1276.77 Ko] - C:\WINDOWS\Temp\9DD6FB8C-4F8D-4D4D-AE4A-F5F24A57A281267c.1d2be7dcd172ac6
[MD5.00000000000000000000000000000000] - |D| - [30/04/2017 16:40:59] - [0 Ko] - C:\WINDOWS\Temp\9DDC1B4C-77D5-EEE5-9AD0-5BCCD77DCBE7
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 00:06:17] - [0 Ko] - C:\WINDOWS\Temp\A217986A-DEA5-2FEC-2099-6BC8A3768CD5
[MD5.00000000000000000000000000000000] - |D| - [17/04/2017 14:58:38] - [0 Ko] - C:\WINDOWS\Temp\A461241E-74E5-7926-DA2C-B8736A73ABBA
[MD5.00000000000000000000000000000000] - |D| - [05/05/2017 00:37:01] - [13144.12 Ko] - C:\WINDOWS\Temp\A4E712E6-B0B3-AD0F-A4DB-033EA7A94C99
[MD5.00000000000000000000000000000000] - |D| - [23/05/2017 00:54:44] - [0 Ko] - C:\WINDOWS\Temp\A7F876BE-608A-D847-528C-3C1A8395028D
[MD5.00000000000000000000000000000000] - |D| - [09/05/2017 16:05:46] - [0 Ko] - C:\WINDOWS\Temp\AF7B1AB2-FD92-E8D1-E4B1-F0D7A9DB3B53
[MD5.00000000000000000000000000000000] - |D| - [21/04/2017 22:31:20] - [0 Ko] - C:\WINDOWS\Temp\B1444C68-55CE-D67C-D5AB-7CD37FF3F4A2
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 21:57:50] - [0 Ko] - C:\WINDOWS\Temp\BCB09E35-8969-9CDC-1916-1B7F5D286636
[MD5.00000000000000000000000000000000] - |D| - [24/05/2017 15:48:03] - [0 Ko] - C:\WINDOWS\Temp\BDADF5D3-776E-C121-52FC-6096F2EF1C5E
[MD5.00000000000000000000000000000000] - |D| - [20/06/2017 00:27:39] - [0 Ko] - C:\WINDOWS\Temp\BFA5522C-30E3-8CF7-CC22-51ADEC11994A
[MD5.00000000000000000000000000000000] - |D| - [22/06/2017 15:36:04] - [0 Ko] - C:\WINDOWS\Temp\C50D8DC1-E41B-7A64-28FF-35DFC349B0C7
[MD5.00000000000000000000000000000000] - |D| - [10/05/2017 22:09:34] - [0 Ko] - C:\WINDOWS\Temp\C5E8F634-3A8C-C62E-D8F5-992C244AD933
[MD5.00000000000000000000000000000000] - |D| - [03/06/2017 15:14:42] - [0 Ko] - C:\WINDOWS\Temp\CFB00A51-9C83-6025-964A-8E98D05190BD
[MD5.8493CC7464F6E15239CC913CE936E10B] - |A| - [23/05/2017 00:20:53] - (.-.) - [58.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log
[MD5.00000000000000000000000000000000] - |D| - [04/04/2017 00:08:23] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [26/06/2017 23:21:23] - [1722.33 Ko] - C:\WINDOWS\Temp\CR_47A63.tmp
[MD5.00000000000000000000000000000000] - |D| - [24/06/2017 09:03:17] - [0 Ko] - C:\WINDOWS\Temp\D72F8054-3CDB-4E63-8ECE-4285EE97A3C8-Sigs
[MD5.00000000000000000000000000000000] - |D| - [29/03/2017 09:22:05] - [0 Ko] - C:\WINDOWS\Temp\DE78F3A5-876B-09D9-90B7-8D72FFA46EDA
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 00:14:56] - [0 Ko] - C:\WINDOWS\Temp\DFEE74EF-8868-D7BE-EF58-3C267684008C
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/04/2017 16:53:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DMIE86F.tmp
[MD5.00000000000000000000000000000000] - |D| - [08/04/2017 10:10:37] - [0 Ko] - C:\WINDOWS\Temp\E16317F4-9B23-DC6C-2E20-E88964D4BD40
[MD5.00000000000000000000000000000000] - |D| - [31/05/2017 16:28:14] - [0 Ko] - C:\WINDOWS\Temp\E2DD2D50-4F64-571E-A597-6E92AA012196
[MD5.00000000000000000000000000000000] - |D| - [13/06/2017 16:41:29] - [0 Ko] - C:\WINDOWS\Temp\E9289261-E893-B077-91AF-E0EA4D767C82
[MD5.00000000000000000000000000000000] - |D| - [01/06/2017 15:03:05] - [0 Ko] - C:\WINDOWS\Temp\E9365FB2-00BD-28D6-DA7A-3448899172B6
[MD5.00000000000000000000000000000000] - |D| - [12/04/2017 17:08:11] - [0 Ko] - C:\WINDOWS\Temp\E960EF2F-BD1B-A03D-B3CA-6C7C209A3409
[MD5.00000000000000000000000000000000] - |D| - [26/04/2017 11:30:27] - [13144.12 Ko] - C:\WINDOWS\Temp\EB87AB2F-EE10-13A3-CEAD-E9799A337511
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 11:31:25] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_38MM0ZF4zAhMJsy
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 20:42:08] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_6dTTXLx35wQXaDs
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [25/04/2017 14:39:18] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_6hpd6a7xvXdMLzr
[MD5.EDA9A7AE2507BDA20BA81E0E89AB3D19] - |AHT| - [18/04/2017 08:55:43] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_75ifKi4f9K38Bdi
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 18:59:52] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_7U3UtB1OIuCaxj5
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [20/04/2017 15:32:54] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_8jIgwJroq1mLsQF
[MD5.C2F480660526B7D64085A24320B5801B] - |AHT| - [14/04/2017 09:44:08] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_8SytNPRC3hE0tqx
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/04/2017 10:51:27] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_8TVueni1b4VTYPd
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [29/06/2017 23:36:58] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_9egzpEABDxBlFAv
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 17:36:21] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_9XyuBGO8kbda2GZ
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [13/04/2017 16:31:19] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_alxenXCfTmtAHdT
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [30/06/2017 09:44:18] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_aSxcfOQbXkAKBw0
[MD5.08FCBCE38BD2FF5C59087153C7B43F6A] - |AHT| - [14/04/2017 16:18:06] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_B4BG95qZLx2mgBC
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [27/04/2017 16:16:38] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_bfLsmAaJZrpkWCL
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 20:42:08] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_C8sNz1GFvWlPSCp
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [20/04/2017 21:09:51] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_cB28cTahEgcKYBT
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 21:53:35] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_drg5bhHa1NjjW1u
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 06:28:24] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_ecsr4jcerZYc45s
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [19/04/2017 10:51:27] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_eSKTBQvj9IHEm4r
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 08:55:43] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_eUK8woSksyGiy6g
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [27/04/2017 16:16:38] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_f4pwT3JfgfI7qnn
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 19:49:22] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_f6D8YB1fVr9vdzz
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 09:44:08] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_fdQEfGXrnmS9tGQ
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [20/04/2017 21:09:51] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Foj12ail4qm1ffh
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 12:53:21] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_fSXckMeVKsBgRxL
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 20:07:01] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_fZbx7UCAWpWSibc
[MD5.9E789DAC8239C56141B6B87CDAB4F535] - |AHT| - [14/04/2017 18:59:52] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_g7UPYJdxXF9COW0
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 18:25:35] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_gdbqxJn6NV2qZVd
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 13:19:16] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_GHVlS0abrjkeote
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [20/04/2017 10:03:56] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_gKxKgv47cJVC8Ef
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [20/04/2017 15:32:54] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_hb7QYXLmxYP7RQj
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 20:56:59] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_hevV0rDSTzpOWZK
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/04/2017 22:20:30] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_hGElzNPN5icoQsY
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 20:22:37] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_hJi9GGBK26zYaGD
[MD5.E48723CF8C2A3FD3E7B7BD25529CC297] - |AHT| - [16/04/2017 15:57:37] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_HS6YJR5dYnMHpBq
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [27/05/2017 09:44:17] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_hyEW6GSgJqPbumF
[MD5.DDB8FD2826406C16C0AD7CE8ECF405A3] - |AHT| - [16/04/2017 09:04:38] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_iblagLdyfqxf8rf
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [25/04/2017 15:23:31] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_iQhCZ6kEtXhgf5W
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [27/05/2017 11:10:42] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_J0f7Z0wZ3wqjHK5
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [16/04/2017 15:57:38] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_JGvtzLQPvzWogjR
[MD5.55DEE7A5B95E74D8E46828C37EB0772A] - |AHT| - [14/04/2017 18:25:35] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Jqg8MfgwGzoTRtx
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [23/05/2017 00:13:04] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_k6R6lgWyoezOrby
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [19/04/2017 21:31:41] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_l4GcBVdM2MrozH5
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 09:44:06] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_l8va7Oiadf89Xa1
[MD5.EBD04A23C6C65E0BB1FFBA034B63ECF8] - |AHT| - [17/04/2017 22:11:31] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_lYgL9CUYJudNDJh
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [14/04/2017 19:54:14] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_m3uorjwqYGDzfsN
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [27/05/2017 09:44:17] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_mymh82hq7DXr2uk
[MD5.10C7611BE98332D823567FF0C2C395FC] - |AHT| - [13/04/2017 22:56:18] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_ndYSBfCGlFExs6x
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [20/04/2017 10:03:56] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_OiL3YkeBcbtKFyQ
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [30/06/2017 09:44:18] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Oy2R9lhYWRpAoPr
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 21:53:35] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_P3qkYrNgkjHqPI5
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [16/04/2017 09:04:38] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_PDooXYpVB6iuL0r
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 13:19:16] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_PNAY0BEKCwJPC5p
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 19:49:22] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_qq6brpftVcBQA0h
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [29/06/2017 23:36:58] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_R1wsah7tWwvA8hd
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [13/04/2017 22:56:18] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_rChIfFV2Gl7WbkS
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 16:18:06] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Rcicb3MKQzrNfDD
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [17/04/2017 22:11:31] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_rgsR68P0Cjs6ofq
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [19/04/2017 13:18:49] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_rqjrLMyWRyxLSvt
[MD5.1C0A570AD8CFE2134FE22DFE196BD07A] - |AHT| - [14/04/2017 11:31:25] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Rwsg3Edz8sye6oO
[MD5.299BE55353F9011E2A4D6E7D16823848] - |AHT| - [18/04/2017 09:44:06] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_rZlV0NYz6ZRjPLe
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [14/04/2017 06:28:24] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_s7MWwFKlzrLJepX
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/04/2017 13:18:48] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_STtYZvZAzdxNhbh
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 14:19:01] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_TLlddyEh6BSS7jh
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 17:59:53] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_TmFvZUBjOTyaJne
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 20:56:59] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_TpzWg64Qr495Tn9
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 19:54:15] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_TtkVrjMydIkUcQC
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [19/04/2017 22:20:30] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_U3dzJhu6eEYZ3oM
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/04/2017 21:31:41] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_U8znFvySg2X1org
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 20:22:37] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Uiv9IY8gfaND10l
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [25/04/2017 14:39:18] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_uj5pJXS3UyfskA5
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [27/05/2017 11:10:42] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_URHLu2IsjDpOO8K
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 17:59:53] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_uyij40rocOM3IQ3
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 17:36:21] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_vPiAyY0ultwODDy
[MD5.8474D2B17095DEFFE4445CD90C896FD3] - |AHT| - [14/04/2017 12:53:21] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_VUoyL0FQHOHMuWB
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [18/04/2017 14:19:01] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_VWCikxIkO6o9sW3
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [20/04/2017 20:37:56] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_VWPsgJPHSHzvfcA
[MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [18/04/2017 20:07:01] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_wQXbXQbK9K4buE1
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [25/04/2017 15:23:31] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_xPgfpDfv5d1aLtD
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [23/05/2017 00:13:04] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_Yl5gn2OMlJD6EdS
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [13/04/2017 16:31:19] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_YPVhbQzkrUMg17a
[MD5.F50F60155CA772E0B5E7C526F1707C59] - |AHT| - [14/04/2017 12:27:54] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_z2eePRjP8TObQVx
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [20/04/2017 20:37:56] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_ZjXRnLCSS44gAzO
[MD5.AF3363DF179CF9D3EE7740A2E3DD14B9] - |AHT| - [14/04/2017 12:27:54] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\etilqs_zycSiGzd0McdZCX
[MD5.00000000000000000000000000000000] - |D| - [23/06/2017 23:12:21] - [0 Ko] - C:\WINDOWS\Temp\F832F545-80DD-7D3F-F65C-87DC38D6932B
[MD5.00000000000000000000000000000000] - |D| - [23/05/2017 00:45:47] - [13341.72 Ko] - C:\WINDOWS\Temp\FA923BA6-3BFB-89DB-AFD9-6BBC4C530FAD
[MD5.00000000000000000000000000000000] - |D| - [05/05/2017 00:45:15] - [0 Ko] - C:\WINDOWS\Temp\FAD84EEE-ED11-8B59-27C0-B4D711F5F744
[MD5.00000000000000000000000000000000] - |D| - [18/04/2017 15:01:55] - [0 Ko] - C:\WINDOWS\Temp\FC81FAA4-D588-B4F9-78B1-608F28423139
[MD5.00000000000000000000000000000000] - |D| - [12/05/2017 15:36:13] - [0 Ko] - C:\WINDOWS\Temp\FCE7AC50-AB9C-0B51-D3F3-E829134B5F22
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/04/2017 12:38:47] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/04/2017 12:38:46] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.D0CFF5F6CB5E8D09BA40676892C77FC3] - |A| - [25/04/2017 20:14:41] - (.-.) - [1506.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\kavremvr-srvc 2017-04-25 20-14-41 (pid 1120).log
[MD5.3832FD2E70CBA9D6C8E3B984B4C23681] - |A| - [13/04/2017 16:50:29] - (.-.) - [131.88 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.A5684E68297E7DE5AED2CA0CEFA1171C] - |A| - [26/04/2017 12:10:32] - (.-.) - [33.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.00000000000000000000000000000000] - |D| - [27/04/2017 15:11:43] - [0 Ko] - C:\WINDOWS\Temp\MPTelemetrySubmit
[MD5.00000000000000000000000000000000] - |D| - [10/02/2017 23:18:45] - [0 Ko] - C:\WINDOWS\Temp\MRT
[MD5.273D37FC22C7059503B31BD6A2E0B53A] - |A| - [27/04/2017 15:14:34] - (.-.) - [1802.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI7d94.LOG
[MD5.52D8BC6E2E5D1FE593725B88F94146ED] - |A| - [27/04/2017 15:15:06] - (.-.) - [715.38 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI7d95.LOG
[MD5.00000000000000000000000000000000] - |D| - [27/04/2017 16:28:41] - [20 Ko] - C:\WINDOWS\Temp\NVIDIA Corporation
[MD5.00000000000000000000000000000000] - |D| - [27/04/2017 16:27:39] - [27.26 Ko] - C:\WINDOWS\Temp\NvidiaLogging
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2017 10:28:54] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu10A9.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2017 10:28:54] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu10AA.tmp
[MD5.6C5697EE9BB91645EAB0463DF615591E] - |A| - [14/04/2017 10:28:54] - (.-.) - [355.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu1128.tmp
[MD5.6C5697EE9BB91645EAB0463DF615591E] - |A| - [14/04/2017 10:28:54] - (.-.) - [355.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu1157.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/04/2017 14:51:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu1FCD.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/04/2017 14:51:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu20A9.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/04/2017 14:51:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2107.tmp
[MD5.BA593DC0ECBB8E01C530A7A682E4EDD2] - |A| - [19/04/2017 14:51:58] - (.-.) - [3.77 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2128.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 19:51:50] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2399.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2017 16:10:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2673.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/05/2017 20:34:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2685.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2017 16:10:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu26E1.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2017 16:10:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2721.tmp
[MD5.3822FB56F17CF73BC2C80BA984B1ADF9] - |A| - [21/04/2017 16:10:24] - (.-.) - [3.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2741.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2017 19:02:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu28F4.tmp
[MD5.B98A43787E5CEA857208DCCAA4184A41] - |A| - [14/04/2017 18:27:35] - (.-.) - [122.82 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu29C3.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 19:51:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2AFD.tmp
[MD5.DE06CC479D28CB861928921EA4422A8E] - |A| - [14/04/2017 18:27:36] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2D3F.tmp
[MD5.DD27A44517A1545EC830C117DAC0F949] - |A| - [14/04/2017 19:02:52] - (.-.) - [353.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2D4A.tmp
[MD5.05C9FC711C2C0753D7D4FA65DD895FBB] - |A| - [18/04/2017 19:51:53] - (.-.) - [354.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu2DDC.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/04/2017 16:33:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu3F34.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/04/2017 07:58:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu422F.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/04/2017 07:58:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu425F.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/04/2017 07:58:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu427F.tmp
[MD5.C50CE2FFBF104AA0A845086D4932CC1A] - |A| - [15/04/2017 07:58:22] - (.-.) - [3.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu42FD.tmp
[MD5.23BA60BE591618AEF1F5A31D6365104F] - |A| - [14/04/2017 06:29:56] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu477D.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/04/2017 12:31:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu4949.tmp
[MD5.CCC41BD24114634E71FB877928612C7B] - |A| - [19/04/2017 12:31:19] - (.-.) - [354.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu4A06.tmp
[MD5.49B3C378C8BC0FADE407955CAB8571D7] - |A| - [14/04/2017 19:56:25] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu4D68.tmp
[MD5.EC93F4AAE287DB34ECC4CF8A79709D6D] - |A| - [18/04/2017 13:19:58] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu5AD1.tmp
[MD5.E63F433ED806A0BD3F7D928F79670A5C] - |A| - [18/04/2017 13:19:59] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu5CE5.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/04/2017 16:33:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu63F3.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2017 12:38:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu6988.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2017 12:38:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu6A15.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2017 12:38:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu6A64.tmp
[MD5.C488580C4014795E7D03F806880BE040] - |A| - [20/04/2017 12:38:42] - (.-.) - [3.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu6A94.tmp
[MD5.04EBC54C4F80DAC0F68F389C6534E148] - |A| - [16/04/2017 15:58:53] - (.-.) - [7.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu7E4.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/04/2017 16:33:29] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu7ECF.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2017 08:05:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8030.tmp
[MD5.9D6C9E50144EAD155B20BEE60B2F382F] - |A| - [20/04/2017 08:05:41] - (.-.) - [354.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu80CD.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2017 21:04:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu82D6.tmp
[MD5.3B5D5FD9CBABD7D6980A1550710F36B0] - |A| - [18/04/2017 20:58:53] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8323.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2017 08:49:32] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu871C.tmp
[MD5.A3346756E9421A11B9D1B41916BADE5D] - |A| - [21/04/2017 08:49:32] - (.-.) - [3.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu873C.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/04/2017 16:33:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu88F2.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/04/2017 23:58:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8B93.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/04/2017 15:59:27] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8BCA.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/04/2017 23:58:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8CBD.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/04/2017 23:58:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8D4A.tmp
[MD5.8243932642C9420E2ADAEF3FC1202AA1] - |A| - [24/04/2017 23:58:14] - (.-.) - [3.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8D9A.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2017 06:30:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu8E1C.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2017 06:30:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu92FF.tmp
[MD5.D9989057331BDEB5667E652F79C0E718] - |A| - [18/04/2017 17:38:23] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu94A8.tmp
[MD5.CEFCC3B30D370ACDFDC27EC421A99F5F] - |A| - [14/04/2017 06:30:16] - (.-.) - [352.79 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9765.tmp
[MD5.0BA6AA6EAB779501E5565AA406B7D2DA] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9D62.tmp
[MD5.BAF484EE83DB8EACCD9D63B2FC3C78BD] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9D82.tmp
[MD5.7367111837BB050FB6043D8ECC70DEC7] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9D93.tmp
[MD5.4E7355D9BE50794AF9DFAA631997A42A] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9DD2.tmp
[MD5.EDD36D7E61831219724350C3111FAFF1] - |A| - [18/04/2017 18:01:39] - (.-.) - [6.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9DFE.tmp
[MD5.1D922BA62FDB2B9F73826C22181873B4] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9E8F.tmp
[MD5.1F73A507CEC6335F6543E418E4018A9D] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9E9F.tmp
[MD5.89FD5C34546C32935C9DEB42DEC143C4] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9EB0.tmp
[MD5.C83032FD790196CB913C610F9A734F3F] - |A| - [19/04/2017 10:53:22] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obu9ED0.tmp
[MD5.248DE7345E8E02558FE0736045350FBB] - |A| - [19/04/2017 21:33:44] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA040.tmp
[MD5.880327FF8EB2EC6804E1C1E307F75D6F] - |A| - [19/04/2017 21:33:44] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA0AF.tmp
[MD5.23E578AB684E5D1064FB8FA02FE8DC23] - |A| - [19/04/2017 21:33:44] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA0B0.tmp
[MD5.B25FBE566AA91032C6B00829E31FB3E7] - |A| - [19/04/2017 21:33:44] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA0E0.tmp
[MD5.8450F155E0121B3A51280DF992B329DA] - |A| - [19/04/2017 21:33:44] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA15E.tmp
[MD5.B44576901C1C5CE4EF27224A3C9587AC] - |A| - [13/04/2017 16:33:15] - (.-.) - [184.74 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA7A3.tmp
[MD5.1A703DEEE323D1EC8BA75FACAD389415] - |A| - [14/04/2017 11:33:12] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuA830.tmp
[MD5.F0C1934D037FBA8FF7F87D7E677AB7CB] - |A| - [13/04/2017 16:33:15] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuAA73.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 14:51:03] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuAB54.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 14:51:03] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuAB65.tmp
[MD5.929A50B34B375D8EE2C3E267261042AF] - |A| - [18/04/2017 14:51:03] - (.-.) - [354.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuABF2.tmp
[MD5.929A50B34B375D8EE2C3E267261042AF] - |A| - [18/04/2017 14:51:03] - (.-.) - [354.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuAC51.tmp
[MD5.B875FC88DA2B294AB569F81F672C539A] - |A| - [16/04/2017 15:59:36] - (.-.) - [352.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuAD0F.tmp
[MD5.0F76D676078EBD727A0F248E47F241EB] - |A| - [20/04/2017 20:39:50] - (.-.) - [7.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuB37A.tmp
[MD5.1FE593330A9F9686ADF17F70546CD324] - |A| - [23/05/2017 00:14:33] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuB6D6.tmp
[MD5.1EE8E14F58F7900AE4C978A38F605F36] - |A| - [18/04/2017 21:55:30] - (.-.) - [7.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuB9C4.tmp
[MD5.5AB898EFF25E18D0D1B77E5277B34D85] - |A| - [18/04/2017 20:44:01] - (.-.) - [4.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuBA21.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 20:44:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuBD01.tmp
[MD5.7ABFB3AD404BB2C2324445EFC755304B] - |A| - [17/04/2017 22:13:37] - (.-.) - [5093.85 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuBE77.tmp
[MD5.D1E2F9EEB53E8AC51C4F4E6D9EBD7483] - |A| - [17/04/2017 22:13:37] - (.-.) - [533.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuBF52.tmp
[MD5.A458642654B85B81A15FD1CF6C8DBE90] - |A| - [18/04/2017 20:44:03] - (.-.) - [352.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuBFFF.tmp
[MD5.BA1FB357B28AA67BE02D954A6168E6C7] - |A| - [18/04/2017 08:57:37] - (.-.) - [5096.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC1B3.tmp
[MD5.B39CCBB6AAEBDC1EDFC9F38DC4277890] - |A| - [18/04/2017 08:57:38] - (.-.) - [533.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC2AE.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/04/2017 21:55:33] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC2AF.tmp
[MD5.A2012685B890BA1293651E6FE7DC329C] - |A| - [18/04/2017 08:57:38] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC2BE.tmp
[MD5.C50111C4194F826637CBC95696811F01] - |A| - [27/04/2017 16:18:29] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC31A.tmp
[MD5.B29E0E6DB2AD8069AE5447935B244118] - |A| - [27/04/2017 16:18:29] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC3A8.tmp
[MD5.F59562B97FD3EE35998FCBF7D95F85DC] - |A| - [27/04/2017 16:18:29] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC3D8.tmp
[MD5.1A1C733B3E30221DE7326C728EB325DE] - |A| - [18/04/2017 21:55:34] - (.-.) - [351.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuC83D.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/05/2017 11:12:26] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuD87E.tmp
[MD5.18E49F1425572ABA78313C098DA5C1C2] - |A| - [27/05/2017 11:12:27] - (.-.) - [350.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuDB3F.tmp
[MD5.C90692E2420F0AA0347E4BDAA6093029] - |A| - [16/04/2017 09:06:42] - (.-.) - [5086.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuEE03.tmp
[MD5.EB52C879B06E80EA3ACE707908C238AF] - |A| - [16/04/2017 09:06:42] - (.-.) - [16.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\obuEF4C.tmp
[MD5.B370E12EAAF8889D62DCEF03FFCE1C1B] - |A| - [24/06/2017 10:26:16] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\teredo.txt
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 00:07:23] - [0 Ko] - C:\WINDOWS\Temp\tw6B30.tmp
[MD5.00000000000000000000000000000000] - |D| - [08/04/2017 09:29:41] - [0 Ko] - C:\WINDOWS\Temp\twE231.tmp
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 00:10:47] - [0 Ko] - C:\WINDOWS\Temp\VulkanRT
[MD5.54484BE7652BAD00723EA87198A37DA4] - |A| - [14/04/2017 15:29:17] - (.-.) - [49.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1042.tmp.csv
[MD5.90ED1769F153AD2C53E07F2E3180C878] - |A| - [14/04/2017 15:29:17] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER10A1.tmp.txt
[MD5.ACA63392761BAB2DA73A8A7B893C43A2] - |A| - [14/04/2017 15:29:17] - (.-.) - [49.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER10F0.tmp.csv
[MD5.9A33587CD9877CEDE79E6519EB7FE068] - |A| - [14/04/2017 15:29:17] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1110.tmp.txt
[MD5.E07976DA4B62D04F067BBA6F969E98A3] - |A| - [25/04/2017 15:36:55] - (.-.) - [43.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER19FC.tmp.csv
[MD5.593BF712C018AC9649B125DA9C3E7BC4] - |A| - [25/04/2017 15:36:56] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1AB9.tmp.txt
[MD5.7C4AF7CEB229036220FC683CA63FD250] - |A| - [14/04/2017 16:21:12] - (.-.) - [42.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1CDB.tmp.csv
[MD5.078F38196C4C89C4AD87F77AFFC24F3D] - |A| - [14/04/2017 16:21:12] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1CEB.tmp.txt
[MD5.622F8570E8470CAE2D230915AED679C1] - |A| - [14/04/2017 06:35:05] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER38.tmp.txt
[MD5.E58B19298855B960A63277DB0ACDAFA2] - |A| - [18/04/2017 18:06:43] - (.-.) - [47.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER4023.tmp.csv
[MD5.9429EC2B4E69FD9D397F99B56A0AA130] - |A| - [18/04/2017 18:06:43] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER40C1.tmp.txt
[MD5.1A75CAFD1AA08ED8E56231E17AE7BC83] - |A| - [14/04/2017 15:04:27] - (.-.) - [44.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5306.tmp.csv
[MD5.838876A226FCCC3B40B54CDFF6861410] - |A| - [14/04/2017 15:04:27] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER5316.tmp.txt
[MD5.4754C9816CE68F42AEFB42CEBC4710C5] - |A| - [14/04/2017 01:48:24] - (.-.) - [44.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER55CB.tmp.csv
[MD5.E47E404C754A90B4936D40712DB016F7] - |A| - [14/04/2017 01:48:24] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER55FB.tmp.txt
[MD5.CCB0614A042CFA948DF95F609910D609] - |A| - [14/04/2017 12:39:01] - (.-.) - [45.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER6F1F.tmp.csv
[MD5.F070F391453D9EE867CDD03E0010064D] - |A| - [14/04/2017 12:39:01] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER6F40.tmp.txt
[MD5.A81A363030158A0B818F646A40794B69] - |A| - [14/04/2017 10:29:19] - (.-.) - [48.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER718E.tmp.csv
[MD5.53459705BB5B343E8ADF6ACB76B0AE2B] - |A| - [14/04/2017 10:29:19] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER719F.tmp.txt
[MD5.74A7AAD15AA92FAFD4BF7F59168ED0BB] - |A| - [13/04/2017 22:58:08] - (.-.) - [38.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER7456.tmp.csv
[MD5.EAF52C385D0DAACD0CDC484833E0CBBD] - |A| - [13/04/2017 22:58:08] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER7486.tmp.txt
[MD5.A6FCA5B96D6AD049EBC8FA8E7B4A679B] - |A| - [25/04/2017 19:24:31] - (.-.) - [54.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER7826.tmp.csv
[MD5.ECE6E5073902C0ACB50AE74BFFE06F0C] - |A| - [25/04/2017 19:24:31] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER797F.tmp.txt
[MD5.836765996D3377B63E2DB5A4F2A9BD31] - |A| - [19/04/2017 12:31:33] - (.-.) - [47.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER80B9.tmp.csv
[MD5.CC566F991A805857F1EB3C2EF0BE56C5] - |A| - [19/04/2017 12:31:33] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8202.tmp.txt
[MD5.71702F29550C0766180907A7C3857B22] - |A| - [24/06/2017 14:32:49] - (.-.) - [34.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER86AA.tmp.csv
[MD5.157A34B15457FED510A51824E5ECA35E] - |A| - [14/04/2017 12:30:23] - (.-.) - [41.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER86D5.tmp.csv
[MD5.EB6A77B5040A31944045B4D9F6DDDDD7] - |A| - [24/06/2017 14:32:49] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8757.tmp.txt
[MD5.DB5670269A05B4D24102AF2BC8863B8C] - |A| - [14/04/2017 12:30:23] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER87FE.tmp.txt
[MD5.CBF7556E191FD1A67BA745926635BC1A] - |A| - [24/06/2017 11:43:12] - (.-.) - [42.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER98FC.tmp.csv
[MD5.ACD3C591B955D7536D051115E2E70910] - |A| - [24/06/2017 11:43:13] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER9A16.tmp.txt
[MD5.8766D6B087F32C01FEB331990273BEA5] - |A| - [14/04/2017 10:29:30] - (.-.) - [48.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER9F66.tmp.csv
[MD5.D8FAB919D2768794CBB2E43C55168D7C] - |A| - [14/04/2017 10:29:30] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER9F77.tmp.txt
[MD5.10EF544E0F1E703C049DAE9352DF75FC] - |A| - [18/04/2017 19:53:28] - (.-.) - [42.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA247.tmp.csv
[MD5.4516E149EE1410C1EEE30E0EC07BF7E6] - |A| - [18/04/2017 19:53:29] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA313.tmp.txt
[MD5.B9A183B151FCE4756F1E2F529CA60E9B] - |A| - [18/04/2017 18:02:47] - (.-.) - [43.06 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA4DC.tmp.csv
[MD5.8DF6ACF8DBAB6F7D06DFA1710C16F2E8] - |A| - [18/04/2017 18:02:47] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA683.tmp.txt
[MD5.00A11386C150FC502D746CEFA1C3342B] - |A| - [18/04/2017 23:24:12] - (.-.) - [46.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA8B9.tmp.csv
[MD5.492F7C3B3B039D8896ADDEB17BC7953B] - |A| - [18/04/2017 23:24:12] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERA985.tmp.txt
[MD5.B21AB1CE61C24B1CD0C441820A17F1DC] - |A| - [27/04/2017 17:17:04] - (.-.) - [44.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERABD7.tmp.csv
[MD5.D7915FE9500AC7DEED014881CCF25307] - |A| - [27/04/2017 17:17:05] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERAD11.tmp.txt
[MD5.F50C0F55CB492297D24023073801F494] - |A| - [25/04/2017 19:24:45] - (.-.) - [54.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERAD32.tmp.csv
[MD5.AE9C4D2B51FA041ABE58B7EA68563D58] - |A| - [25/04/2017 19:24:45] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERAE5C.tmp.txt
[MD5.CB52A96335ACFDD1452DBADB7850B5F6] - |A| - [20/04/2017 08:05:54] - (.-.) - [45.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERB508.tmp.csv
[MD5.B21827EFBDB8CCA8911ADAB6E7F388D3] - |A| - [20/04/2017 08:05:54] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERB5D4.tmp.txt
[MD5.44F0EFF1FD23D62CAB7D5B430D851355] - |A| - [18/04/2017 14:51:10] - (.-.) - [47.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERC939.tmp.csv
[MD5.1B9E604D1A035A05B0E11D1911A5271C] - |A| - [18/04/2017 14:51:10] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERCA15.tmp.txt
[MD5.C1BA1F2B2DA0C636937E2967550AD879] - |A| - [18/04/2017 14:51:16] - (.-.) - [47.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERE157.tmp.csv
[MD5.591D6332B77ECA1BA3596728A349CE1A] - |A| - [18/04/2017 14:51:17] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERE233.tmp.txt
[MD5.E3CF5B0C5ABA88BCAB3BCAE576402938] - |A| - [14/04/2017 15:29:08] - (.-.) - [48.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WEREE31.tmp.csv
[MD5.E45516A8058D129CE42D63D6AED4198C] - |A| - [14/04/2017 15:29:08] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WEREE42.tmp.txt
[MD5.BD09009274B38ADFA5A2DDDC0757FD6E] - |A| - [13/04/2017 23:07:24] - (.-.) - [46.79 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERF0F2.tmp.csv
[MD5.1C7D759BBD81029002112084E43D865B] - |A| - [13/04/2017 23:07:24] - (.-.) - [12.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERF141.tmp.txt
[MD5.BBCCB34E53C4C4B98694B932D5594F17] - |A| - [14/04/2017 06:35:05] - (.-.) - [40.84 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERFF0E.tmp.csv
[MD5.00000000000000000000000000000000] - |D| - [15/03/2017 22:04:50] - [0 Ko] - C:\WINDOWS\Temp\{224E7D29-03CD-4B7B-820D-34B72F0E6CFC}
[MD5.00000000000000000000000000000000] - |D| - [21/03/2017 01:15:27] - [0 Ko] - C:\WINDOWS\Temp\{3BD12E63-B890-42FE-A689-885A880C03FF}
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 15:45:10] - [0 Ko] - C:\WINDOWS\Temp\{9DAC6512-5DA6-4056-BC39-D5B19C8D2F92}
[MD5.00000000000000000000000000000000] - |D| - [28/03/2017 00:10:52] - [0 Ko] - C:\WINDOWS\Temp\{B2327EAB-46D2-428B-B7FF-B4512FC5FAA1}
[MD5.00000000000000000000000000000000] - |D| - [22/03/2017 20:57:48] - [0 Ko] - C:\WINDOWS\Temp\{F51459B3-55E5-4557-A864-B6A31329CD54}
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:00] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.0BE2744B6993CA636D0777ABC20C44B6] - |AH| - [14/07/2009 05:45:49] - (.-.) - [20.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.0BE2744B6993CA636D0777ABC20C44B6] - |AH| - [14/07/2009 05:45:49] - (.-.) - [20.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 12:42:35] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [16/07/2016 12:42:05] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 12:42:38] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [16/07/2016 12:42:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [16/07/2016 12:42:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 12:42:38] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [16/07/2016 12:42:38] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.58B6CB6A8528BA1B267CFAE325E6B834] - |A| - [16/07/2016 12:42:23] - (.-.) - [20.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:29] - [3176.34 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.1E53DBCFBA49AB327BF00CC7E0759B6C] - |A| - [15/03/2017 21:54:33] - (.-.) - [437.78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [11/07/2015 08:16:34] - [0 Ko] - C:\WINDOWS\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [2487.23 Ko] - C:\WINDOWS\System32\appraiser
[MD5.F94192B47ACA96AFFEBC1073891EBB42] - |A| - [16/07/2016 12:43:20] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AppVStreamingUX.exe.config
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [272 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 20:57:27] - [82.76 Ko] - C:\WINDOWS\System32\BestPractices
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [247.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4451.37 Ko] - C:\WINDOWS\System32\Boot
[MD5.0F98A58AD88377E93770212F5BBE5581] - |A| - [12/11/2016 11:51:50] - (.-.) - [3761.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BootMan.exe
[MD5.31ABC8C02F1CCE0DA39550D763384184] - |A| - [16/07/2016 12:42:12] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:24] - [83892.26 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [43970.9 Ko] - C:\WINDOWS\System32\catroot2
[MD5.11955E07D8B9EB2C537918DB14A97563] - |A| - [22/01/2014 23:37:27] - (.Copyright (c) 2002-2011. Nokia. - Nokia Connectivity Cable WU uninstaller.) - [163 Ko] - (7.1.32.71) - C:\WINDOWS\System32\ccdcmbwux64.dll
[MD5.7655EB239E44FF3C0144BEE459C76DD3] - |A| - [14/07/2009 02:40:20] - (.Copyright CANON INC. 2006-2008 All Rights Reserved - Canon Inkjet Printer Driver.) - [206.5 Ko] - (0.3.1536.1) - C:\WINDOWS\System32\CNBLM3_2.DLL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [2077.97 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [360 Ko] - C:\WINDOWS\System32\Com
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:24] - [385809.4 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [47.64 Ko] - C:\WINDOWS\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [297 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.7485F49BD9D56F2771BD573ED011334B] - |A| - [26/05/2011 22:03:16] - (.Copyright © Cambridge Silicon Radio Limited, 2010Cambridge Silicon Radio Limited - Bluetooth control Panel helper.) - [98.12 Ko] - (1.0.15.0) - C:\WINDOWS\System32\CsrCplHelper.exe
[MD5.013E887C9098B96FD8E0791F88431D6B] - |A| - [26/05/2011 19:49:34] - (.Copyright © Cambridge Silicon Radio Limited, 2010Cambridge Silicon Radio Limited - HCR Client Monitor DLL.) - [69 Ko] - (1.0.15.0) - C:\WINDOWS\System32\csrportmon.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [293 Ko] - C:\WINDOWS\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [177.63 Ko] - C:\WINDOWS\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [329 Ko] - C:\WINDOWS\System32\de-DE
[MD5.306B90493D00011EB635E161C6C024B8] - |A| - [16/07/2016 12:42:22] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [16/07/2016 12:47:52] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [642 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.8B5F7B8C2EFE38CA571FBE24658DF11F] - |A| - [16/07/2016 12:42:36] - (.-.) - [90.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:27] - [7578.09 Ko] - C:\WINDOWS\System32\Dism
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:27] - [1116.16 Ko] - C:\WINDOWS\System32\downlevel
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:24] - [80520.6 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:24] - [1043917.36 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [18/12/2013 13:44:38] - [0 Ko] - C:\WINDOWS\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [149.5 Ko] - C:\WINDOWS\System32\dsc
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [325 Ko] - C:\WINDOWS\System32\el-GR
[MD5.72D5DD7E5C37D3817FF8A2171489269E] - |A| - [17/12/2015 01:00:45] - (.-.) - [22.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:01] - [3445.5 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [236 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [42482.32 Ko] - C:\WINDOWS\System32\en-US
[MD5.DB6C3DBF15DCFE149E247B44FEA6AD46] - |A| - [12/11/2016 11:51:50] - (.-.) - [23.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\epmntdrv.sys
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [318 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [257.5 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [232 Ko] - C:\WINDOWS\System32\et-EE
[MD5.B69A265AD9328E2027C18D84C3D49959] - |A| - [12/11/2016 11:51:50] - (.-.) - [17.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EuEpmGdi.dll
[MD5.08C997734B2CECE882656BB2855E6E76] - |A| - [12/11/2016 11:51:50] - (.-.) - [10.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EuGdiDrv.sys
[MD5.00000000000000000000000000000000] - |D| - [21/12/2013 09:34:36] - [154.5 Ko] - C:\WINDOWS\System32\EventProviders
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [25837.16 Ko] - C:\WINDOWS\System32\F12
[MD5.3C7D1E4786522EA69600111D7A7135EB] - |A| - [19/12/2016 23:29:22] - (.Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. - EaseUS Todo Backup Application.) - [23.54 Ko] - (3.0.0.1) - C:\WINDOWS\System32\fbnative.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [297 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.D90EF7AD8439412B64487027423FC2B2] - |A| - [08/02/2017 13:10:29] - (.-.) - [412.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [264 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [326 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [16/07/2016 12:42:12] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |HD| - [14/07/2009 04:20:11] - [1.31 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [259.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.E80A3D76B6645F0FF96CE865220A927A] - |A| - [17/12/2015 08:13:27] - (.Copyright (C) 1999 - LanguageMonitor.) - [127 Ko] - (61.63.249.0) - C:\WINDOWS\System32\hpz3l4v2.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [241.5 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [300.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.2A571B7728F23E83A800527879105180] - |A| - [16/07/2016 12:42:04] - (.-.) - [44.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.DD3E44126680D1DD8F5BA71E1D36D6A9] - |A| - [26/05/2011 20:49:56] - (.Copyright © Cambridge Silicon Radio Limited, 2010Cambridge Silicon Radio Limited - Csr Icon Resource Library.) - [6816 Ko] - (1.0.15.0) - C:\WINDOWS\System32\IconResource.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.8898B09A8D08E138F238224648DF0739] - |A| - [16/07/2016 12:42:35] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [25924.17 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [5265.25 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.22059DB12DB70AA7AF834227955CCA83] - |A| - [01/05/2017 12:39:47] - (.-.) - [19.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Info.txt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4803 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.5EA855B4A875E08AD93FF901B5D9E275] - |A| - [16/07/2016 12:42:09] - (.-.) - [226 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [323 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [237.5 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [27/04/2017 15:07:54] - (.Copyright © Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\WINDOWS\System32\klfphc.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [235 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [16/07/2016 12:42:22] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 22:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [73.41 Ko] - C:\WINDOWS\System32\Licenses
[MD5.3A990028C3616E00E7CA95A10408B80C] - |A| - [02/03/2016 17:08:22] - (.(C) 1998-2015 Logitech. - Logitech KMDF Co-Installer (UNICODE).) - [1810.64 Ko] - (5.90.38.0) - C:\WINDOWS\System32\LkmdfCoInst.dll
[MD5.C6FA07D254B8A0A3CFC41616B460E9BB] - |A| - [19/03/2014 01:24:42] - (.(C) 1998-2013 Logitech. - Logitech Bluetooth Co-Installer (UNICODE).) - [51.77 Ko] - (5.80.3.0) - C:\WINDOWS\System32\LMouFiltCoInst.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [11964.55 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [20/09/2012 17:02:06] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [237 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [238.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.4EF6769EE36DD9717A5B6C6001332C48] - |A| - [12/11/2015 16:25:58] - (.-.) - [9.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoinst.log
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [58796.59 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [16/07/2016 12:44:03] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [0 Ko] - C:\WINDOWS\System32\manifeststore
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [16/07/2016 12:42:22] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 20:59:29] - [17.92 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [7441.23 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [47558.48 Ko] - C:\WINDOWS\System32\migwiz
[MD5.00000000000000000000000000000000] - |D| - [18/12/2013 17:54:50] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4228.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 20:57:27] - [12304.66 Ko] - C:\WINDOWS\System32\msmq
[MD5.18403DE4979A328F21279DECB2E4298F] - |A| - [16/07/2016 12:43:08] - (.-.) - [3.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqpub.mof
[MD5.E0640DE5407EEE4C6E16D839243B71F9] - |A| - [16/07/2016 12:43:08] - (.-.) - [8.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqtrc.mof
[MD5.3ED9AC3EE11EE2C16E2E41F0DC4BAD42] - |A| - [16/07/2016 12:43:08] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqtrcRemove.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [6 Ko] - C:\WINDOWS\System32\MUI
[MD5.849946AD8A164ED1460B2C5F3D957500] - |A| - [22/02/2014 15:42:53] - (.Freeware - MyDefrag Script Interpreter.) - [1120.5 Ko] - (4.3.1.0) - C:\WINDOWS\System32\MyDefragScreenSaver_v4.3.1.exe
[MD5.FB76AB9B8C9869882EA8EFF133FB0F37] - |A| - [22/02/2014 15:42:53] - (.Freeware - MyDefrag Script Interpreter.) - [474 Ko] - (4.3.1.0) - C:\WINDOWS\System32\MyDefragScreenSaver_v4.3.1.scr
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [288 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [1024 Ko] - C:\WINDOWS\System32\NDF
[MD5.EE7010410C0E8155FD2D93918C14239F] - |A| - [08/02/2017 13:10:43] - (.-.) - [44.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [16/07/2016 12:42:12] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [102 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [308 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.11E3B7CE5CC1C5421BE1A075B6EB816F] - |A| - [22/01/2014 23:38:10] - (.Copyright (c) 2002,2003,2004,2005. Nokia. - Wireless Communication Device Class Installer.) - [67.5 Ko] - (7.1.30.51) - C:\WINDOWS\System32\nmwcdclsx64.dll
[MD5.530C14375D42BA5A0CDB0B360C93A93C] - |A| - [22/01/2014 23:37:27] - (.Copyright (c) 2002-2011. Nokia. - Wireless Communication Device Class Co-Installer.) - [625 Ko] - (7.1.32.71) - C:\WINDOWS\System32\nmwcdcoclsx64.dll
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
[MD5.2BF0CEEDCF4C5581E199FC4A265B3F71] - |A| - [27/04/2017 16:25:59] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json
[MD5.B118600075AA8BD0596510F44D9F4274] - |A| - [27/04/2017 16:28:16] - (.-.) - [7608.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin
[MD5.D6B802667DFEF58A249C725633CC9C10] - |A| - [27/04/2017 16:25:59] - (.-.) - [42.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb
[MD5.F54598052A618ADC0231853D870A22BE] - |A| - [16/07/2016 12:47:53] - (.-.) - [15.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [16/07/2016 12:42:11] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [12630.2 Ko] - C:\WINDOWS\System32\oobe
[MD5.42D2360079B1DF3230024AE920737367] - |A| - [16/07/2016 12:42:22] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.775D376E089CE8AB91A9F6EF76CBF740] - |A| - [16/07/2016 12:49:31] - (.-.) - [415.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [16/07/2016 12:49:35] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.3617A516BD67DB0F0A1EEF5662096F93] - |A| - [16/07/2016 12:49:31] - (.-.) - [1335.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.E4076A474987FD5EE3DECE68EB120E80] - |A| - [08/02/2017 13:16:59] - (.-.) - [1250.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [306 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [559.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [413.88 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [16/07/2016 12:42:31] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [308 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [303.5 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.FB0267CE1DD06E428C9BFFA0AE42FF47] - |A| - [18/01/2014 12:42:16] - (.Copyright © 2002-2006 by Tracker Software - PDF-XChange Port Monitor.) - [6.5 Ko] - (3.50.0.98) - C:\WINDOWS\System32\pxc35pm.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.5D9616D2A76F38EF94866248CA4EDB2C] - |A| - [16/07/2016 12:43:18] - (.Copyright (C) 2009 - RemoteFX Helper.) - [106 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [2.05 Ko] - C:\WINDOWS\System32\Recovery
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [16/07/2016 12:42:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.D67CDB8D2584AAC165A77488C5A7A987] - |A| - [16/07/2016 12:42:37] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.4FE9CE56EFA89779D81B988698D2454C] - |A| - [16/07/2016 12:42:37] - (.-.) - [8.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [243.5 Ko] - C:\WINDOWS\System32\ro-RO
[MD5.AF47D6660569DFA46BC4E1CD21E1624B] - |A| - [28/09/2012 20:45:16] - (.-.) - [240.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rtvcvfw64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [300 Ko] - C:\WINDOWS\System32\ru-RU
[MD5.212E30726DAF3567E4F689B84743E3E2] - |A| - [21/01/2016 21:43:32] - (.Copyright (c) 2012-2014 Focusrite Audio Engineering Limited. - Focusrite Scarlett Family Audio Driver.) - [1084.5 Ko] - (3.1.10.221) - C:\WINDOWS\System32\Scarlett_UAC2PropertyPage.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [16/07/2016 12:43:50] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [16/07/2016 12:42:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.4B91350942AA13F7566277CC6899E142] - |A| - [12/11/2016 11:51:50] - (.-.) - [99.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\setupempdrvx64.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [245 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [240.5 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 13:10:39] - [29648 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [45.92 Ko] - C:\WINDOWS\System32\slmgr
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [16/07/2016 12:42:22] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:24] - [13641.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [7576.34 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [8566.38 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [179673.86 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [9926.77 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [21/12/2013 09:36:58] - [1775.5 Ko] - C:\WINDOWS\System32\SPReview
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [243.5 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [244 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [16/07/2016 12:42:16] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [33176 Ko] - C:\WINDOWS\System32\sru
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [293.5 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [16/07/2016 12:43:20] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:27] - [1624.64 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [912.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [587.56 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [629.76 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [16/07/2016 12:42:39] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [227.5 Ko] - C:\WINDOWS\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [289.5 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.C8F2952DAE3971614DBD0C509F35BE93] - |A| - [16/07/2016 12:42:38] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [16/07/2016 12:42:38] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [16/07/2016 12:43:20] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config
[MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [16/07/2016 12:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [240 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [17/06/2017 08:27:20] - [2137.72 Ko] - C:\WINDOWS\System32\UNP
[MD5.E7482D1D449217C8641762F5C38E157C] - |A| - [16/07/2016 12:42:12] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VpnSohDesktop.dll
[MD5.F5AA1CD090726ED32C0026FBD023FCF7] - |A| - [26/01/2017 01:09:16] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [315 Ko] - (1.0.39.1) - C:\WINDOWS\System32\vulkan-1-1-0-39-1.dll
[MD5.F5AA1CD090726ED32C0026FBD023FCF7] - |A| - [27/04/2017 16:32:34] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [315 Ko] - (1.0.39.1) - C:\WINDOWS\System32\vulkan-1.dll
[MD5.6D2AD21CD6674F1B66CCB8C4C433A4E1] - |A| - [26/01/2017 01:09:50] - (.-.) - [115.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-39-1.exe
[MD5.6D2AD21CD6674F1B66CCB8C4C433A4E1] - |A| - [27/04/2017 16:32:34] - (.-.) - [115.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [19/12/2013 19:20:15] - [0 Ko] - C:\WINDOWS\System32\Wat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [85906.63 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [56413.07 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [16/07/2016 12:42:11] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\WINDOWS\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [1.1 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [42585.77 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [9878.88 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [158264 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4228.5 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [100.11 Ko] - C:\WINDOWS\System32\winrm
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [16/07/2016 12:42:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [16/07/2016 12:42:27] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [210 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [202.5 Ko] - C:\WINDOWS\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [204.5 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [21/12/2013 15:15:49] - [0.08 Ko] - C:\WINDOWS\SysWOW64\%Report%
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.00EC541EA46F1CFF806E5DC3458D9CB0] - |A| - [23/01/2014 18:31:08] - (.-.) - [140 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\3DAudio.ax
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 12:43:00] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 12:43:02] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 12:43:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:30] - [2141.84 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [250 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.212F87EE837B4E35E43A93BBFC44E7A7] - |A| - [08/07/2014 21:42:14] - (.Copyright (C) 2004 - AsIO DLL.) - [24 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\AsIO.dll
[MD5.00000000000000000000000000000000] - |D| - [08/02/2017 20:57:27] - [12.45 Ko] - C:\WINDOWS\SysWOW64\BestPractices
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [222 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.779757290A9BF117CFB9936A88DD52DE] - |A| - [12/11/2016 11:51:50] - (.-.) - [2867.69 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\BootMan.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot2
[MD5.209FDF5096AFD1312B98527B8B7B852E] - |A| - [23/01/2014 18:31:08] - (.-.) - [952 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\cis-2.4.dll
[MD5.76BDA2CA70F62390D0D0BFCD4915EDA1] - |A| - [22/02/2014 11:31:42] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CleanGenius3Trial.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [318 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [57.89 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [47.64 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [267.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [264.5 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [298.5 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [19 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [14/04/2017 10:33:05] - [0 Ko] - C:\WINDOWS\SysWOW64\directx
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:27] - [6007.05 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:04:27] - [1068.16 Ko] - C:\WINDOWS\SysWOW64\downlevel
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [3434.24 Ko] - C:\WINDOWS\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:02] - [3108.5 Ko] - C:\WINDOWS\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [213 Ko] - C:\WINDOWS\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [34669.87 Ko] - C:\WINDOWS\SysWOW64\en-US
[MD5.3EE5337BCC0027FDBEE0150FB8EDBF17] - |A| - [12/11/2016 11:51:50] - (.-.) - [243 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\epmntdrv.pdb
[MD5.5F2D1F871FF277EDE5FAEB971D8335ED] - |A| - [12/11/2016 11:51:50] - (.-.) - [20.99 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\epmntdrv.sys
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [287.5 Ko] - C:\WINDOWS\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [231.5 Ko] - C:\WINDOWS\SysWOW64\es-MX
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [209 Ko] - C:\WINDOWS\SysWOW64\et-EE
[MD5.980F2EEDACFEBD6C371A165046FD6237] - |A| - [12/11/2016 11:51:50] - (.-.) - [20.59 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\EuEpmGdi.dll
[MD5.886CDC85E0B6C9AC2547F919E5B224A3] - |A| - [12/11/2016 11:51:50] - (.-.) - [9.97 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\EuGdiDrv.sys
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [21626.66 Ko] - C:\WINDOWS\SysWOW64\F12
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [267.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [237 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [294 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [238.5 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.A4001C78F2806662B3BD91ACB44E6330] - |A| - [18/12/2013 17:38:29] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\initdebug.nfo
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [201 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.D8D6FA22135619B3C3B32441571B3C4F] - |A| - [23/01/2014 18:31:08] - (.-.) - [80 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_bs-2.3.dll
[MD5.18DB794E8C223A248671D4A9409AED23] - |A| - [23/01/2014 18:31:08] - (.-.) - [64 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_pe-2.3.dll
[MD5.F7D4D358EE74ADF1ECDEEFBA35765D22] - |A| - [23/01/2014 18:31:08] - (.-.) - [56 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_se-2.3.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.F4C8B34A60CB26D40036CDC39F37336B] - |A| - [17/02/2014 23:12:42] - (.-.) - [5.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
[MD5.03FBE0CC9DE23172E774AC4FC365966A] - |A| - [30/05/2014 08:00:01] - (.-.) - [4.33 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
[MD5.92D5703393512609AE46448F528AA387] - |A| - [15/10/2014 08:19:54] - (.-.) - [4.2 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\jupdate-1.7.0_71-b14.log
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [212.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [73.41 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [213.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [50038.65 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.8901A0803B5601DC1DF5ECC99339C09B] - |A| - [23/01/2014 18:31:10] - (.Copyright (C) 2003-2004, (주) 마크애니 - 클라이언트 프로토콜 라이브러리.) - [44 Ko] - (1.2.2005.128) - C:\WINDOWS\SysWOW64\MACXMLProto.dll
[MD5.C2CDFD61447D278C96B441C13F8F71BE] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2003 - MaDRM DLL.) - [116 Ko] - (3.0.2004.1011) - C:\WINDOWS\SysWOW64\MaDRM.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.B5B76E18B10724CF0D88CCC9B1F4FB37] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2003, (주) 마크애니 - MaJGUILib DLL.) - [48 Ko] - (1.0.2004.301) - C:\WINDOWS\SysWOW64\MaJGUILib.dll
[MD5.9B2F9CC5BD4D266A2E76DBFECDDB0122] - |A| - [23/01/2014 18:31:08] - (.Copyright ⓒ 2004 MarkAny Inc. - 마크애니 MAC 주소 추출 DLL.) - [44.26 Ko] - (1.0.2009.930) - C:\WINDOWS\SysWOW64\MAMACExtract.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\WINDOWS\SysWOW64\manifeststore
[MD5.2C16CF611C87FAB86B287CFFBA91B647] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2004 - (주)마크애니 ContentSAFER Cleaner.) - [24 Ko] - (3.0.2006.925) - C:\WINDOWS\SysWOW64\MASetupCleaner.exe
[MD5.AD2454F9D19FDCA0FF26F48E809F5361] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2003-2004, (주) 마크애니 - MaXMLProto DLL.) - [44 Ko] - (1.0.2004.602) - C:\WINDOWS\SysWOW64\MaXMLProto.dll
[MD5.6C5F63ED6968F6874B9541CC50489B2A] - |A| - [22/02/2014 10:18:05] - (.-.) - [72.95 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mfc45.dat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [3774.89 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [821.34 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.01FB39AD6F00AEF968372027259E8F13] - |A| - [23/01/2014 18:31:08] - (.Copyright ⓒ 2004 - MK_Lyric.) - [56 Ko] - (1.0.1124.1) - C:\WINDOWS\SysWOW64\MK_Lyric.dll
[MD5.422D36A4743BF9CC2A787A68D9C9A988] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2005 Teruten Inc. - MSCLib DLL.) - [240 Ko] - (1.0.0.8) - C:\WINDOWS\SysWOW64\MSCLib.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc
[MD5.99089A2B318765568F2745BBF1A4F870] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2005 Teruten Inc. - MSFLib DLL.) - [152 Ko] - (1.0.0.7) - C:\WINDOWS\SysWOW64\MSFLib.dll
[MD5.18403DE4979A328F21279DECB2E4298F] - |A| - [16/07/2016 12:44:01] - (.-.) - [3.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqpub.mof
[MD5.E0640DE5407EEE4C6E16D839243B71F9] - |A| - [16/07/2016 12:44:01] - (.-.) - [8.88 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqtrc.mof
[MD5.3ED9AC3EE11EE2C16E2E41F0DC4BAD42] - |A| - [16/07/2016 12:44:01] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqtrcRemove.mof
[MD5.CF25249C36368124E0FF9E6B68194460] - |A| - [23/01/2014 18:31:08] - (.Copyright (C) 2001 Telechips Inc., - USB Dynamic Link Library for TCC730.) - [40 Ko] - (1.9.4.2) - C:\WINDOWS\SysWOW64\MTTELECHIP.dll
[MD5.E8558EFAD97B3D10A73E8DC9426E4DCA] - |A| - [23/01/2014 18:31:08] - (.Copyright 2004 Marktek Inc. - MTXSYNCICON Module.) - [56 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\MTXSYNCICON.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.8CB1DDC3EAC6B60213C75B21DAE06FF5] - |A| - [23/01/2014 18:31:10] - (.Copyright Musiccity Co.Ltd. - AOD Sourcer Filter.) - [132 Ko] - (1.0.0.60410) - C:\WINDOWS\SysWOW64\muzaf1.dll
[MD5.4F9BD5F58F631920BBAAEB9D9960286D] - |A| - [23/01/2014 18:31:08] - (.Copyright 2003 - MUZAoDAppCtrl Module.) - [480 Ko] - (1.3.9.303) - C:\WINDOWS\SysWOW64\muzapp.dll
[MD5.A12FB1A9FC4433CD64C77A7250821A02] - |A| - [23/01/2014 18:31:08] - (.Copyright Musiccity Co.Ltd. - MUZAoDApp Module.) - [168 Ko] - (1.0.9.222) - C:\WINDOWS\SysWOW64\muzapp.exe
[MD5.C763946CD9EDB212ADE1930E7B1F4037] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) 2002 - 2007, PeeringPortal - PCube Audio Decoder Filter.) - [556 Ko] - (1.0.0.60207) - C:\WINDOWS\SysWOW64\muzdecode.ax
[MD5.A198190A504C60B1F9BEE4B32AD843B4] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) 2002 - 2007, (c) PeeringPortal - P3AudioEffect Filter.) - [120 Ko] - (1.0.0.60210) - C:\WINDOWS\SysWOW64\muzeffect.ax
[MD5.92B0830A8EED421ECFE454747379A13C] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) PeeringPortal - P3MP4Splitter Filter.) - [108 Ko] - (1.0.0.60210) - C:\WINDOWS\SysWOW64\muzmp4sp.ax
[MD5.D93808F389158531CAE0766FE51E9D8E] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) 2002 - 2007, (c) PeeringPortal - PCube MPEG Splitter Filter.) - [128 Ko] - (1.1.7.911) - C:\WINDOWS\SysWOW64\muzmpgsp.ax
[MD5.1B84845FB7372D457B3CBC3CE518F997] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) 2004 SK TELECOM. - OGG Splitter.) - [252 Ko] - (1.0.0.60207) - C:\WINDOWS\SysWOW64\muzoggsp.ax
[MD5.0A2003F4CFD58C350C7B2E2D9807D12D] - |A| - [23/01/2014 18:31:08] - (.Copyright (c) PeeringPortal All rights reserved - P3WMTSplitter Filter.) - [196 Ko] - (1.0.0.60208) - C:\WINDOWS\SysWOW64\muzwmts.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [260.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [278 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 12:47:48] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.E256CF02FDF09732C42AF1C7AB9521DD] - |A| - [27/04/2017 16:25:59] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json
[MD5.BC71FF7DA14ECA943FA0AD815F72B8CB] - |A| - [07/01/2003 16:05:06] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OUTLPERF.H
[MD5.509A7197AE66401D1DA76F4BAC1DD0A8] - |A| - [07/01/2003 16:05:08] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OUTLPERF.INI
[MD5.0331ED0CEE624BDC9CB02702F35D427B] - |A| - [08/02/2017 13:16:51] - (.-.) - [946.14 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [275.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:03] - [413.88 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [278.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [273.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0.76 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.A64711C9CF690718EADA750370EC5EB2] - |A| - [23/05/2014 09:01:53] - (.Copyright (c) 2000 - 2010 Dmitry Streblechenko - Outlook Redemption COM library.) - [4550.5 Ko] - (4.8.0.1184) - C:\WINDOWS\SysWOW64\Redemption.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [218.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.03944ABAE856DC164BD167526E07E953] - |A| - [28/09/2012 20:45:06] - (.-.) - [241.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\rtvcvfw32.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [270.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU
[MD5.7753FC56F9CAC4B5AFDA3196DB654F21] - |A| - [23/05/2014 09:01:54] - (.Copyright © 2004-2010 MAPILab Ltd. & Add-in Express Ltd. - Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard.) - [141.27 Ko] - (3.0.0.0) - C:\WINDOWS\SysWOW64\secman.dll
[MD5.0CA49026F2DA1F2D3BEE9CD779AA806D] - |A| - [12/11/2016 11:51:50] - (.-.) - [86.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\setupempdrv03.exe
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [219 Ko] - C:\WINDOWS\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:03] - [45.92 Ko] - C:\WINDOWS\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4199.34 Ko] - C:\WINDOWS\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [6323.17 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
[MD5.0FFE35F0B0CD5A324BBE22F02569AE3B] - |A| - [29/12/2012 21:59:38] - (.Copyright © Almico Software 2001-2013 - SpeedFan x64 Driver.) - [27.99 Ko] - (2.3.11.0) - C:\WINDOWS\SysWOW64\speedfan.sys
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [1677.83 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [31.88 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.EE68B052A08FEC0F574F2DAE2003DF27] - |A| - [28/07/2014 10:29:38] - (.http://www.sqlite.org/copyright.html - SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - [635.47 Ko] - (3.8.5.0) - C:\WINDOWS\SysWOW64\sqlite3.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [223 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [219.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [265.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [205 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [261.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [16/07/2016 12:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.C758EBC719C0D07B1B0E251C77F11BFD] - |A| - [05/01/1999 18:30:02] - (.Copyright © 1998, VideoSoft - vsFlex3 ActiveX Controls.) - [220 Ko] - (3.0.0.36) - C:\WINDOWS\SysWOW64\VSFLEX3.OCX
[MD5.4287C9D06A1086CDF75C697A494BE4B7] - |A| - [26/01/2017 01:12:46] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [319 Ko] - (1.0.39.1) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
[MD5.4287C9D06A1086CDF75C697A494BE4B7] - |A| - [27/04/2017 16:32:34] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [319 Ko] - (1.0.39.1) - C:\WINDOWS\SysWOW64\vulkan-1.dll
[MD5.BB0B3644D206847B9E39745E7A25BC64] - |A| - [26/01/2017 01:13:16] - (.-.) - [101.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
[MD5.BB0B3644D206847B9E39745E7A25BC64] - |A| - [27/04/2017 16:32:34] - (.-.) - [101.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [19/12/2013 19:20:15] - [0 Ko] - C:\WINDOWS\SysWOW64\Wat
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [16743.71 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [8876.16 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [4228.5 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 15:14:03] - [100.11 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.1CD08C0FA0C5BD53450E332F35304381] - |A| - [06/10/2009 08:16:02] - (.-.) - [800 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xvidcore.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [190.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
"AppData"=C:\Users\Gary\AppData\Roaming [08/02/2017 13:17:56]
"Local AppData"=C:\Users\Gary\AppData\Local [08/02/2017 13:17:56]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Libraries [18/12/2013 13:21:30]
"My Video"=C:\Users\Gary\Videos [18/12/2013 13:20:59]
"My Pictures"=C:\Users\Gary\Pictures [18/12/2013 13:20:59]
"Desktop"=C:\Users\Gary\Desktop [18/12/2013 13:20:59]
"History"=C:\Users\Gary\AppData\Local\Microsoft\Windows\History [18/12/2013 13:20:59]
"NetHood"=C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Network Shortcuts [08/02/2017 13:17:56]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Gary\Contacts [18/12/2013 13:21:14]
"{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Gary\AppData\Local\Microsoft\Windows\RoamingTiles [17/12/2015 01:04:20]
"Cookies"=C:\Users\Gary\AppData\Local\Microsoft\Windows\INetCookies [18/12/2013 13:20:59]
"Favorites"=C:\Users\Gary\Favorites [18/12/2013 13:20:59]
"SendTo"=C:\Users\Gary\AppData\Roaming\Microsoft\Windows\SendTo [08/02/2017 13:17:56]
"Start Menu"=C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu [08/02/2017 13:17:56]
"My Music"=C:\Users\Gary\Music [18/12/2013 13:20:59]
"Programs"=C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [08/02/2017 13:17:56]
"Recent"=C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Recent [18/12/2013 13:20:59]
"CD Burning"=C:\Users\Gary\AppData\Local\Microsoft\Windows\Burn\Burn [08/02/2017 13:49:56]
"PrintHood"=C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [08/02/2017 13:17:56]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Gary\Searches [18/12/2013 13:21:30]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Gary\Downloads [18/12/2013 13:20:59]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Gary\AppData\LocalLow [18/12/2013 13:20:59]
"Startup"=C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [18/12/2013 13:21:30]
"Administrative Tools"=C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/12/2013 13:21:30]
"Personal"=C:\Users\Gary\Documents [18/12/2013 13:20:59]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Gary\Links [18/12/2013 13:20:59]
"Cache"=C:\Users\Gary\AppData\Local\Microsoft\Windows\INetCache [08/02/2017 13:17:56]
"Templates"=C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Templates [08/02/2017 13:17:56]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Gary\Saved Games [18/12/2013 13:20:59]
"Fonts"=C:\WINDOWS\Fonts [16/07/2016 12:47:48]

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming
"Desktop"=%USERPROFILE%\Desktop
"Favorites"=%USERPROFILE%\Favorites
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History
"Local AppData"=%USERPROFILE%\AppData\Local
"My Music"=%USERPROFILE%\Music
"My Pictures"=%USERPROFILE%\Pictures
"My Video"=%USERPROFILE%\Videos
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
"Personal"=%USERPROFILE%\Documents
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads
"Cache"=C:\Users\Gary\AppData\Local\Microsoft\Windows\INetCache [08/02/2017 13:17:56]
"Cookies"=C:\Users\Gary\AppData\Local\Microsoft\Windows\INetCookies [18/12/2013 13:20:59]
"CD Burning"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Burn\Burn

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/07/2016 12:47:48]
"Common AppData"=C:\ProgramData [16/07/2016 12:47:48]
"Common Desktop"=C:\Users\Public\Desktop [14/07/2009 04:20:08]
"Common Documents"=C:\Users\Public\Documents [14/07/2009 04:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 12:47:48]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 12:47:48]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 12:47:48]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 04:20:08]
"CommonMusic"=C:\Users\Public\Music [14/07/2009 04:20:08]
"CommonPictures"=C:\Users\Public\Pictures [14/07/2009 04:20:08]
"CommonVideo"=C:\Users\Public\Videos [14/07/2009 04:20:08]
"OEM Links"=C:\ProgramData\OEM\Links

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates
"CommonMusic"=%PUBLIC%\Music
"CommonPictures"=%PUBLIC%\Pictures
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/07/2016 12:47:48]
"Common AppData"=C:\ProgramData [16/07/2016 12:47:48]
"Common Desktop"=C:\Users\Public\Desktop [14/07/2009 04:20:08]
"Common Documents"=C:\Users\Public\Documents [14/07/2009 04:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 12:47:48]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 12:47:48]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 12:47:48]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 04:20:08]
"CommonMusic"=C:\Users\Public\Music [14/07/2009 04:20:08]
"CommonPictures"=C:\Users\Public\Pictures [14/07/2009 04:20:08]
"CommonVideo"=C:\Users\Public\Videos [14/07/2009 04:20:08]
"OEM Links"=C:\ProgramData\OEM\Links
"Personal"=C:\Users\Gary\Documents\ [// ::]

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates
"CommonMusic"=%PUBLIC%\Music
"CommonPictures"=%PUBLIC%\Pictures
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads


---------- | [Gary]

[08/02/2017 13:17:56] - |D| - [143923757906] - C:\Users\Gary\AppData\Local
[18/12/2013 13:20:59] - |D| - [563224426] - C:\Users\Gary\AppData\LocalLow
[08/02/2017 13:17:56] - |D| - [1014164731] - C:\Users\Gary\AppData\Roaming
[17/12/2015 01:08:05] - |D| - [0] - C:\Users\Gary\AppData\Local\ActiveSync
[01/11/2014 11:10:29] - |D| - [0] - C:\Users\Gary\AppData\Local\Adobe
[08/02/2017 13:17:56] - |SHD| - [132126876464] - C:\Users\Gary\AppData\Local\Application Data
[18/12/2013 13:40:01] - |D| - [0] - C:\Users\Gary\AppData\Local\Apps
[18/12/2013 13:40:57] - |A| - [96088] - C:\Users\Gary\AppData\Local\ars (2).cache
[18/12/2013 13:41:24] - |A| - [96088] - C:\Users\Gary\AppData\Local\ars (3).cache
[18/12/2013 13:39:56] - |A| - [96088] - C:\Users\Gary\AppData\Local\ars.cache
[22/01/2016 15:22:12] - |D| - [4874744] - C:\Users\Gary\AppData\Local\Audacity
[01/07/2016 18:42:10] - |D| - [76616682] - C:\Users\Gary\AppData\Local\Axialis
[08/03/2017 22:45:57] - |D| - [0] - C:\Users\Gary\AppData\Local\CEF
[18/12/2013 13:40:57] - |A| - [9384331] - C:\Users\Gary\AppData\Local\census (2).cache
[18/12/2013 13:41:24] - |A| - [9384331] - C:\Users\Gary\AppData\Local\census (3).cache
[18/12/2013 13:39:56] - |A| - [9384331] - C:\Users\Gary\AppData\Local\census.cache
[04/08/2016 23:00:09] - |D| - [388166720] - C:\Users\Gary\AppData\Local\Chromium
[17/12/2015 01:23:46] - |D| - [20996120] - C:\Users\Gary\AppData\Local\Comms
[21/09/2016 16:29:15] - |D| - [2114128] - C:\Users\Gary\AppData\Local\ConnectedDevicesPlatform
[04/02/2016 10:33:06] - |D| - [322878283] - C:\Users\Gary\AppData\Local\CrashDumps
[20/10/2015 12:08:25] - |D| - [629] - C:\Users\Gary\AppData\Local\DAI
[20/10/2015 12:06:48] - |D| - [645] - C:\Users\Gary\AppData\Local\DAIToolsSuite_Loader
[18/12/2013 13:40:01] - |D| - [0] - C:\Users\Gary\AppData\Local\Diagnostics
[18/12/2013 13:40:01] - |D| - [32919] - C:\Users\Gary\AppData\Local\DOSBox
[18/12/2013 13:40:01] - |D| - [1307462610] - C:\Users\Gary\AppData\Local\Downloaded Installations
[18/12/2013 13:40:07] - |D| - [0] - C:\Users\Gary\AppData\Local\ElevatedDiagnostics
[19/11/2014 23:05:42] - |SHD| - [0] - C:\Users\Gary\AppData\Local\EmieBrowserModeList
[20/04/2014 15:26:30] - |SHD| - [0] - C:\Users\Gary\AppData\Local\EmieSiteList
[20/04/2014 15:26:30] - |SHD| - [0] - C:\Users\Gary\AppData\Local\EmieUserList
[09/12/2015 19:52:29] - |A| - [2370560] - C:\Users\Gary\AppData\Local\file__0.localstorage
[18/12/2013 13:40:07] - |D| - [0] - C:\Users\Gary\AppData\Local\FLT
[29/05/2015 12:30:22] - |D| - [5968036] - C:\Users\Gary\AppData\Local\fontconfig
[25/01/2017 21:56:02] - |D| - [193940] - C:\Users\Gary\AppData\Local\Foxit Reader
[27/09/2016 00:20:51] - |A| - [110600] - C:\Users\Gary\AppData\Local\GDIPFONTCACHEV1.DAT
[29/05/2015 12:30:16] - |D| - [660] - C:\Users\Gary\AppData\Local\gegl-0.2
[18/12/2013 13:40:07] - |D| - [775846037] - C:\Users\Gary\AppData\Local\Google
[29/05/2015 12:40:36] - |D| - [207] - C:\Users\Gary\AppData\Local\gtk-2.0
[22/06/2015 20:20:54] - |D| - [71] - C:\Users\Gary\AppData\Local\GWX
[08/02/2017 13:17:56] - |SHD| - [580] - C:\Users\Gary\AppData\Local\History
[18/12/2013 13:40:58] - |A| - [36] - C:\Users\Gary\AppData\Local\housecall.guid (2).cache
[18/12/2013 13:41:25] - |A| - [36] - C:\Users\Gary\AppData\Local\housecall.guid (3).cache
[18/12/2013 13:39:57] - |A| - [36] - C:\Users\Gary\AppData\Local\housecall.guid.cache
[18/12/2013 13:40:01] - |AH| - [3268555] - C:\Users\Gary\AppData\Local\IconCache (2).db
[18/12/2013 13:40:59] - |AH| - [3268555] - C:\Users\Gary\AppData\Local\IconCache (3).db
[18/12/2013 13:41:25] - |AH| - [3268555] - C:\Users\Gary\AppData\Local\IconCache (4).db
[31/03/2017 20:06:07] - |AH| - [80326] - C:\Users\Gary\AppData\Local\IconCache.db
[11/01/2014 10:13:07] - |AH| - [4096] - C:\Users\Gary\AppData\Local\keyfile3.drm
[16/06/2014 19:54:02] - |D| - [14989161] - C:\Users\Gary\AppData\Local\Kingsoft
[12/11/2015 16:31:12] - |D| - [2914129] - C:\Users\Gary\AppData\Local\Logitech® Webcam Software
[18/12/2013 23:34:46] - |D| - [0] - C:\Users\Gary\AppData\Local\Macromedia
[08/02/2017 13:17:56] - |D| - [1399060340] - C:\Users\Gary\AppData\Local\Microsoft
[18/12/2013 16:34:30] - |D| - [335404] - C:\Users\Gary\AppData\Local\Microsoft Games
[06/01/2016 00:56:10] - |D| - [82095] - C:\Users\Gary\AppData\Local\MicrosoftEdge
[13/03/2015 20:01:34] - |D| - [588] - C:\Users\Gary\AppData\Local\Mod_Manager
[18/12/2013 20:20:55] - |D| - [367354457] - C:\Users\Gary\AppData\Local\Mozilla
[05/05/2017 12:13:07] - |D| - [41247] - C:\Users\Gary\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
[26/11/2014 21:30:43] - |D| - [79631289] - C:\Users\Gary\AppData\Local\Origin
[17/12/2015 01:04:16] - |D| - [540464706] - C:\Users\Gary\AppData\Local\Packages
[19/12/2015 03:56:19] - |D| - [0] - C:\Users\Gary\AppData\Local\PeerDistRepub
[18/12/2013 14:25:10] - |D| - [0] - C:\Users\Gary\AppData\Local\Programs
[17/12/2015 01:06:35] - |D| - [0] - C:\Users\Gary\AppData\Local\Publishers
[18/12/2013 18:30:03] - |D| - [11930312] - C:\Users\Gary\AppData\Local\RadioSure
[12/05/2017 22:10:10] - |A| - [5187] - C:\Users\Gary\AppData\Local\recently-used.xbel
[04/08/2016 22:58:56] - |D| - [1058362] - C:\Users\Gary\AppData\Local\rote
[23/05/2014 09:05:44] - |D| - [61510] - C:\Users\Gary\AppData\Local\Samsung
[18/12/2014 22:59:47] - |D| - [4887745] - C:\Users\Gary\AppData\Local\Skype
[10/08/2015 08:18:48] - |D| - [40] - C:\Users\Gary\AppData\Local\TeamViewer
[24/06/2017 12:44:23] - |D| - [4292850] - C:\Users\Gary\AppData\Local\Temp
[08/02/2017 13:17:56] - |SHD| - [53130933] - C:\Users\Gary\AppData\Local\Temporary Internet Files
[17/12/2015 01:04:06] - |D| - [15622144] - C:\Users\Gary\AppData\Local\TileDataLayer
[30/08/2016 09:27:10] - |D| - [6277180492] - C:\Users\Gary\AppData\Local\TomTom
[29/06/2017 23:37:26] - |D| - [0] - C:\Users\Gary\AppData\Local\UNP
[18/12/2013 13:21:12] - |D| - [5793483] - C:\Users\Gary\AppData\Local\VirtualStore
[23/02/2016 12:45:27] - |D| - [17408] - C:\Users\Gary\AppData\Local\webkit
[18/12/2013 13:40:59] - |A| - [17408] - C:\Users\Gary\AppData\Local\WebpageIcons (2).db
[18/12/2013 13:41:25] - |A| - [17408] - C:\Users\Gary\AppData\Local\WebpageIcons (3).db
[18/12/2013 13:40:01] - |A| - [17408] - C:\Users\Gary\AppData\Local\WebpageIcons.db
[16/02/2015 09:17:14] - |D| - [24040] - C:\Users\Gary\AppData\Local\WindowsUpdate
[31/05/2017 18:20:00] - |D| - [13525808] - C:\Users\Gary\AppData\Local\WinISO Computing
[24/06/2017 12:58:48] - |D| - [57767858] - C:\Users\Gary\AppData\Local\Zemana
[20/06/2017 10:27:51] - |D| - [434964] - C:\Users\Gary\AppData\Local\ZHP
[18/12/2013 13:40:01] - |A| - [0] - C:\Users\Gary\AppData\Local\{259F73BA-24B0-4D1A-9F92-5B087D8B988A}
[18/12/2013 13:41:00] - |A| - [0] - C:\Users\Gary\AppData\Local\{259F73BA-24B0-4D1A-9F92-5B087D8B988A} (2)
[18/12/2013 13:41:25] - |A| - [0] - C:\Users\Gary\AppData\Local\{259F73BA-24B0-4D1A-9F92-5B087D8B988A} (3)
[04/08/2016 22:58:58] - |D| - [257043] - C:\Users\Gary\AppData\Local\{6AB85CE4-4E10-305C-2388-15B407E0E92C}
[31/01/2014 23:47:45] - |AD| - [21309512] - C:\Users\Gary\AppData\LocalLow\Adblock Plus for IE
[19/11/2014 23:05:40] - |SHD| - [0] - C:\Users\Gary\AppData\LocalLow\EmieBrowserModeList
[20/04/2014 14:44:35] - |SHD| - [0] - C:\Users\Gary\AppData\LocalLow\EmieSiteList
[20/04/2014 15:26:52] - |SHD| - [0] - C:\Users\Gary\AppData\LocalLow\EmieUserList
[27/11/2014 19:26:29] - |D| - [359042590] - C:\Users\Gary\AppData\LocalLow\Google
[18/12/2013 13:28:47] - |SD| - [8076618] - C:\Users\Gary\AppData\LocalLow\Microsoft
[15/11/2016 23:41:20] - |D| - [0] - C:\Users\Gary\AppData\LocalLow\Mozilla
[15/10/2014 08:57:08] - |D| - [94494720] - C:\Users\Gary\AppData\LocalLow\Oracle
[19/12/2013 15:11:51] - |D| - [80300986] - C:\Users\Gary\AppData\LocalLow\Sun
[18/12/2013 13:54:25] - |SD| - [0] - C:\Users\Gary\AppData\LocalLow\Temp
[21/01/2016 22:13:33] - |D| - [4148552] - C:\Users\Gary\AppData\Roaming\Ableton
[18/12/2013 14:15:32] - |D| - [42390] - C:\Users\Gary\AppData\Roaming\Adobe
[13/01/2015 13:31:03] - |D| - [5920] - C:\Users\Gary\AppData\Roaming\AstroGrep
[24/08/2014 11:34:33] - |D| - [5034] - C:\Users\Gary\AppData\Roaming\Audacity
[01/07/2016 18:42:31] - |D| - [839793] - C:\Users\Gary\AppData\Roaming\Axialis
[18/12/2013 20:25:36] - |D| - [2843462] - C:\Users\Gary\AppData\Roaming\DAEMON Tools Lite
[04/02/2014 13:39:30] - |D| - [300264] - C:\Users\Gary\AppData\Roaming\ECSoftware
[13/11/2016 18:30:56] - |D| - [63] - C:\Users\Gary\AppData\Roaming\epm
[24/09/2016 12:15:36] - |D| - [12] - C:\Users\Gary\AppData\Roaming\Foxit AgentInformation
[18/12/2013 18:49:16] - |D| - [240589523] - C:\Users\Gary\AppData\Roaming\Foxit Software
[22/07/2016 21:16:24] - |D| - [15256] - C:\Users\Gary\AppData\Roaming\FreeCAD
[17/01/2014 18:28:30] - |D| - [108719] - C:\Users\Gary\AppData\Roaming\FreeFileSync
[22/01/2016 11:40:51] - |D| - [197830] - C:\Users\Gary\AppData\Roaming\GoldWave
[19/12/2013 20:13:20] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Google
[18/12/2013 17:05:27] - |D| - [97573] - C:\Users\Gary\AppData\Roaming\Helios
[18/12/2013 13:21:17] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Identities
[18/01/2014 12:43:42] - |D| - [3924] - C:\Users\Gary\AppData\Roaming\Incline Software
[31/12/2014 10:20:51] - |D| - [0] - C:\Users\Gary\AppData\Roaming\InstallShield
[16/06/2014 19:51:46] - |D| - [1036579] - C:\Users\Gary\AppData\Roaming\Kingsoft
[12/11/2015 16:26:18] - |D| - [345] - C:\Users\Gary\AppData\Roaming\Leadertech
[07/08/2015 10:29:25] - |D| - [2962862] - C:\Users\Gary\AppData\Roaming\LibreOffice
[19/12/2013 18:14:10] - |D| - [346838] - C:\Users\Gary\AppData\Roaming\Logishrd
[19/12/2013 18:14:10] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Logitech
[18/12/2013 14:15:33] - |D| - [32432] - C:\Users\Gary\AppData\Roaming\Macromedia
[18/12/2013 14:25:45] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Malwarebytes
[18/12/2013 13:20:59] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Media Center Programs
[08/02/2017 13:17:56] - |SD| - [183242628] - C:\Users\Gary\AppData\Roaming\Microsoft
[22/01/2014 23:42:20] - |D| - [1254478] - C:\Users\Gary\AppData\Roaming\MOBILedit
[18/12/2013 20:20:55] - |D| - [298601163] - C:\Users\Gary\AppData\Roaming\Mozilla
[19/12/2013 21:50:57] - |D| - [502811] - C:\Users\Gary\AppData\Roaming\Notepad++
[28/04/2017 13:42:35] - |D| - [17973] - C:\Users\Gary\AppData\Roaming\NVIDIA
[27/01/2015 19:23:11] - |D| - [102414394] - C:\Users\Gary\AppData\Roaming\OpenOffice
[26/11/2014 21:30:45] - |D| - [19070] - C:\Users\Gary\AppData\Roaming\Origin
[24/08/2014 12:21:01] - |D| - [9751264] - C:\Users\Gary\AppData\Roaming\RaimaRadioPro
[23/05/2014 09:05:41] - |D| - [118426452] - C:\Users\Gary\AppData\Roaming\Samsung
[14/01/2014 22:32:48] - |D| - [9384331] - C:\Users\Gary\AppData\Roaming\Skype
[24/08/2014 12:14:04] - |D| - [878064] - C:\Users\Gary\AppData\Roaming\streamWriter
[30/08/2015 13:02:27] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Sun
[14/05/2014 22:28:21] - |D| - [7270] - C:\Users\Gary\AppData\Roaming\TeamViewer
[13/10/2014 19:07:46] - |D| - [17685] - C:\Users\Gary\AppData\Roaming\Unified Remote
[18/12/2013 18:03:19] - |D| - [87910] - C:\Users\Gary\AppData\Roaming\vlc
[31/05/2017 18:20:00] - |D| - [672] - C:\Users\Gary\AppData\Roaming\WinISO Computing
[18/12/2013 23:31:14] - |D| - [12] - C:\Users\Gary\AppData\Roaming\WinRAR
[20/06/2017 10:27:52] - |D| - [35981183] - C:\Users\Gary\AppData\Roaming\ZHP
[18/12/2013 13:21:30] - |ASH| - [174] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[08/02/2017 13:17:56] - |RD| - [77386] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[21/01/2016 22:11:39] - |A| - [847] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Lite.lnk
[08/02/2017 13:17:56] - |RD| - [3888] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[08/02/2017 13:17:56] - |RD| - [4227] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[18/12/2013 13:21:30] - |RD| - [174] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[01/07/2016 18:42:38] - |D| - [3953] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Axialis Software
[04/08/2016 23:00:32] - |A| - [1233] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
[08/02/2017 13:46:59] - |ASH| - [174] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[20/12/2013 22:13:47] - |A| - [1093] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigiGuide TV Guide.lnk
[22/01/2016 11:40:48] - |D| - [2408] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldWave
[22/07/2016 10:08:41] - |D| - [1127] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grey Olltwit's Software
[08/02/2017 13:17:56] - |D| - [170] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[28/04/2016 18:37:32] - |D| - [7668] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[17/04/2017 21:14:00] - |D| - [3911] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[19/12/2013 21:51:02] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[05/05/2017 12:16:16] - |D| - [2991] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT
[17/12/2015 01:10:44] - |A| - [2393] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[17/12/2015 01:09:29] - |A| - [1043] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
[18/12/2013 18:30:04] - |D| - [1150] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RadioSure
[28/04/2016 18:38:09] - |D| - [8118] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
[23/01/2016 12:30:19] - |D| - [5331] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Singing Tutor 4.5.1
[18/12/2013 17:38:33] - |D| - [4437] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[18/12/2013 13:21:30] - |RD| - [174] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[08/02/2017 13:17:56] - |RD| - [5318] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[09/12/2015 19:15:10] - |D| - [3799] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[07/03/2015 22:48:15] - |A| - [1022] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
[29/06/2017 15:54:13] - |A| - [1248] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
[08/02/2017 13:17:56] - |RD| - [7238] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[31/05/2017 18:19:54] - |D| - [2251] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinISO
[18/12/2013 18:38:55] - |D| - [0] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[18/12/2013 13:21:30] - |ASH| - [174] - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]


---------- | C:\ProgramData

[21/01/2016 22:11:43] - |D| - [1376740978] - C:\ProgramData\Ableton
[22/02/2014 11:31:42] - |D| - [11757810] - C:\ProgramData\Amigabit
[08/02/2017 13:44:51] - |SHD| - [2522582358155] - C:\ProgramData\Application Data
[19/12/2013 17:57:42] - |D| - [83486] - C:\ProgramData\BioWare
[22/11/2016 11:36:43] - |D| - [2438647] - C:\ProgramData\BitMeterOS
[04/06/2015 21:47:38] - |D| - [0] - C:\ProgramData\boost_interprocess
[06/11/2015 13:19:01] - |HD| - [156830] - C:\ProgramData\CanonBJ
[16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\Comms
[18/12/2013 20:24:39] - |D| - [1842] - C:\ProgramData\DAEMON Tools Lite
[08/02/2017 13:44:51] - |SHD| - [68967] - C:\ProgramData\Desktop
[08/02/2017 13:44:51] - |SHD| - [17707067315] - C:\ProgramData\Documents
[08/05/2014 23:50:34] - |D| - [0] - C:\ProgramData\EA Core
[08/05/2014 23:50:33] - |D| - [2396] - C:\ProgramData\Electronic Arts
[08/02/2017 13:44:51] - |SHD| - [0] - C:\ProgramData\Favorites
[24/09/2016 12:15:36] - |D| - [29] - C:\ProgramData\Foxit ContentPlatform
[24/09/2016 12:15:39] - |D| - [16384] - C:\ProgramData\Foxit Software
[19/12/2013 20:12:37] - |D| - [531424] - C:\ProgramData\Google
[11/02/2014 23:15:30] - |D| - [52764] - C:\ProgramData\Hewlett-Packard
[22/02/2014 10:18:04] - |D| - [365] - C:\ProgramData\iolo
[18/12/2013 13:43:58] - |D| - [716549815] - C:\ProgramData\Kaspersky Lab
[16/06/2014 19:52:38] - |D| - [0] - C:\ProgramData\Kingsoft
[19/12/2013 18:14:31] - |D| - [23931988] - C:\ProgramData\LogiShrd
[24/03/2015 10:13:42] - |D| - [1339] - C:\ProgramData\Logitech
[18/12/2013 14:25:34] - |D| - [174753404] - C:\ProgramData\Malwarebytes
[06/06/2015 09:04:24] - |D| - [7423840] - C:\ProgramData\Malwarebytes Anti-Exploit
[18/12/2013 22:24:11] - |D| - [64290] - C:\ProgramData\McAfee
[18/12/2013 22:04:34] - |D| - [918] - C:\ProgramData\Media Center Programs
[16/07/2016 12:47:48] - |SD| - [207112460671] - C:\ProgramData\Microsoft
[08/02/2017 13:50:11] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[19/12/2013 12:32:46] - |A| - [148] - C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[18/12/2013 20:20:16] - |D| - [38052] - C:\ProgramData\Mozilla
[26/04/2017 11:35:55] - |A| - [8192] - C:\ProgramData\ntuser.dat
[26/04/2017 11:35:55] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG1
[26/04/2017 11:35:55] - |ASH| - [0] - C:\ProgramData\ntuser.dat.LOG2
[26/04/2017 11:35:55] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{019859b2-29c4-11e7-abd5-20cf305c4f2f}.TM.blf
[26/04/2017 11:35:55] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{019859b2-29c4-11e7-abd5-20cf305c4f2f}.TMContainer00000000000000000001.regtrans-ms
[26/04/2017 11:35:55] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{019859b2-29c4-11e7-abd5-20cf305c4f2f}.TMContainer00000000000000000002.regtrans-ms
[21/01/2016 22:13:39] - |RASH| - [874] - C:\ProgramData\ntuser.pol
[27/04/2017 16:27:54] - |D| - [8352] - C:\ProgramData\NVIDIA
[27/04/2017 16:27:40] - |D| - [2747631] - C:\ProgramData\NVIDIA Corporation
[19/12/2013 15:15:13] - |D| - [82551982] - C:\ProgramData\Oracle
[26/11/2014 21:25:52] - |D| - [348558802] - C:\ProgramData\Origin
[31/01/2014 23:47:16] - |D| - [31794824] - C:\ProgramData\Package Cache
[16/07/2016 12:47:48] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft
[16/01/2016 20:07:54] - |A| - [10218] - C:\ProgramData\regid.2015-05.exe.textpad_83F5EF12-C2F9-4C11-A5C5-57A7B2D7AD25.swidtag
[24/06/2017 08:55:48] - |D| - [718903] - C:\ProgramData\RogueKiller
[23/05/2014 09:01:19] - |D| - [12220769] - C:\ProgramData\Samsung
[14/01/2014 22:32:21] - |D| - [50761728] - C:\ProgramData\Skype
[16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[08/02/2017 13:44:51] - |SHD| - [379246] - C:\ProgramData\Start Menu
[19/12/2013 15:15:05] - |D| - [294] - C:\ProgramData\Sun
[08/02/2017 13:44:51] - |SHD| - [31386] - C:\ProgramData\Templates
[11/09/2014 13:16:07] - |D| - [4524] - C:\ProgramData\Unchecky
[16/07/2016 12:47:48] - |D| - [2431] - C:\ProgramData\USOPrivate
[08/02/2017 13:45:17] - |D| - [3198976] - C:\ProgramData\USOShared

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[16/07/2016 12:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[18/12/2013 13:32:42] - |A| - [2615] - C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
[18/12/2013 13:32:42] - |A| - [2625] - C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
[16/07/2016 12:47:48] - |RD| - [373832] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[27/05/2014 15:48:29] - |D| - [3720] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3G Super GSM Reader II v2.8.10
[16/07/2016 12:47:48] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[16/07/2016 12:47:48] - |RD| - [17432] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[16/07/2016 12:47:48] - |RD| - [23012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[18/01/2014 12:41:58] - |D| - [14690] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ancestral Quest 14
[08/07/2014 21:42:25] - |D| - [5256] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[24/08/2014 11:34:22] - |A| - [1084] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[04/02/2017 12:18:49] - |D| - [6002] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[08/02/2014 00:29:17] - |D| - [5369] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BadCopy Pro
[23/09/2014 08:15:36] - |A| - [2128] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[22/11/2016 11:36:43] - |D| - [112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter OS
[08/01/2016 11:04:38] - |D| - [963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[28/09/2015 14:41:38] - |D| - [8903] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
[22/02/2014 11:31:03] - |D| - [2172] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanGenius 3
[15/08/2015 09:47:04] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
[18/12/2013 20:25:40] - |D| - [3245] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[18/12/2013 18:19:13] - |D| - [3476] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[16/07/2016 12:47:50] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[19/10/2016 21:07:07] - |D| - [14048] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[26/11/2014 22:22:40] - |D| - [6269] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
[18/12/2013 22:04:28] - |D| - [5244] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Origins
[18/01/2014 12:30:51] - |D| - [4996] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 7.0
[12/11/2016 11:51:58] - |D| - [3010] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 11.9
[19/12/2016 23:31:38] - |D| - [2710] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2
[26/05/2015 19:59:43] - |D| - [1136] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch
[01/06/2017 21:43:59] - |D| - [2900] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[22/07/2016 21:08:39] - |D| - [2040] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.16
[17/01/2014 18:27:48] - |A| - [948] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
[19/12/2013 12:30:16] - |A| - [2667] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeInternetRadio.lnk
[14/07/2009 06:32:38] - |RD| - [1064] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[09/12/2015 19:17:58] - |D| - [3067] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
[29/05/2015 12:29:44] - |A| - [939] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[23/01/2014 10:06:54] - |A| - [2272] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[29/01/2017 02:09:03] - |D| - [8954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[04/02/2014 13:39:31] - |D| - [6568] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexEdit
[16/07/2016 12:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[15/10/2014 08:20:27] - |D| - [6962] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[24/09/2016 09:36:41] - |D| - [5861] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
[27/04/2017 15:08:42] - |D| - [6734] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
[18/12/2013 17:52:10] - |A| - [1113] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[25/05/2017 08:21:24] - |SD| - [9526] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.3
[19/12/2013 18:14:32] - |D| - [3397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[16/07/2016 12:47:48] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[24/06/2017 11:47:29] - |D| - [4038] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[18/12/2013 13:32:41] - |D| - [39877] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[13/08/2015 00:15:04] - |D| - [2338] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[16/07/2016 12:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[22/01/2014 23:33:24] - |D| - [1096] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILedit!
[18/12/2013 20:20:20] - |A| - [1224] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[28/04/2016 18:39:22] - |D| - [2289] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 3
[22/02/2014 15:42:53] - |D| - [6851] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
[25/04/2015 10:27:24] - |D| - [2533] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
[31/12/2014 10:21:27] - |D| - [3449] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100M Genie
[19/12/2013 21:51:02] - |D| - [1065] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[18/03/2016 14:31:11] - |SD| - [7350] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
[26/11/2014 21:28:34] - |D| - [3214] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[22/07/2016 21:46:03] - |D| - [3364] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint XP
[18/01/2014 12:42:15] - |D| - [5333] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
[16/07/2016 12:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[24/08/2014 12:21:04] - |D| - [2125] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RarmaRadio
[17/01/2014 18:27:48] - |A| - [924] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
[18/12/2013 18:19:42] - |D| - [3652] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[12/11/2016 10:30:36] - |D| - [3567] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[24/06/2017 08:55:33] - |D| - [917] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
[23/05/2014 09:01:56] - |D| - [6345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[21/01/2016 21:43:32] - |D| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scarlett
[18/12/2014 22:59:22] - |D| - [2137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[08/01/2016 11:06:08] - |D| - [935] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[18/12/2013 17:38:33] - |D| - [4134] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[25/10/2016 13:36:37] - |D| - [1272] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQLite Forensic Explorer
[16/07/2016 12:47:48] - |RD| - [1317] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[24/08/2014 12:13:23] - |D| - [1169] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\streamWriter
[22/02/2014 12:57:17] - |D| - [5209] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysInfoTools PST Merge x32(Demo) v3.0
[16/07/2016 12:47:48] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[21/03/2017 01:18:16] - |A| - [1040] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
[05/02/2016 19:33:43] - |D| - [3905] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextPad 7
[30/08/2016 09:27:08] - |D| - [2299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[26/02/2014 09:48:22] - |D| - [1942] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
[09/12/2015 19:52:17] - |D| - [9885] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[16/03/2014 14:20:49] - |D| - [1032] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnstopCpy
[18/12/2013 17:58:15] - |D| - [7164] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[07/01/2014 18:51:03] - |D| - [2941] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Subst
[22/03/2016 18:03:39] - |D| - [2474] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
[19/12/2013 12:30:16] - |A| - [2667] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebRadio.lnk
[17/04/2017 21:09:37] - |D| - [905] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[26/01/2017 11:55:44] - |A| - [731] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
[08/02/2017 13:27:41] - |A| - [1519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[18/12/2013 18:38:55] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[24/06/2017 12:59:21] - |D| - [1231] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[24/06/2017 12:40:48] - |D| - [1932] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[16/07/2016 12:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[31/12/2014 10:21:29] - |A| - [1143] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk

---------- | C:\Program Files (x86)

[13/01/2015 13:28:50] - |D| - [407001] - C:\Program Files (x86)\AstroGrep
[08/07/2014 21:42:04] - |D| - [2882716] - C:\Program Files (x86)\ASUS
[24/08/2014 11:34:11] - |AD| - [65476241] - C:\Program Files (x86)\Audacity
[19/12/2013 22:46:06] - |D| - [768309] - C:\Program Files (x86)\Auto Clicker
[01/07/2016 18:42:31] - |D| - [24279545] - C:\Program Files (x86)\Axialis
[23/09/2014 08:15:36] - |D| - [6624572] - C:\Program Files (x86)\Belarc
[28/09/2015 14:41:30] - |AD| - [32543094] - C:\Program Files (x86)\Cheat Engine 6.4
[05/11/2015 13:03:57] - |D| - [354805] - C:\Program Files (x86)\ChipGenius_v4_00_1024_0047
[22/02/2014 11:30:55] - |AD| - [41412996] - C:\Program Files (x86)\CleanGenius 3
[22/11/2016 11:36:02] - |D| - [1517008] - C:\Program Files (x86)\Codebox
[16/07/2016 07:04:24] - |D| - [462155577] - C:\Program Files (x86)\Common Files
[22/01/2014 23:34:49] - |D| - [109806] - C:\Program Files (x86)\COMPELSON Labs
[02/02/2016 19:23:27] - |D| - [648328] - C:\Program Files (x86)\CSR
[18/12/2013 20:25:35] - |D| - [28033103] - C:\Program Files (x86)\DAEMON Tools Lite
[16/07/2016 12:47:50] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[20/12/2013 22:13:19] - |D| - [229492345] - C:\Program Files (x86)\DigiGuide TV Guide
[19/10/2016 21:07:07] - |D| - [4507970] - C:\Program Files (x86)\DOSBox-0.74
[18/01/2014 12:30:50] - |D| - [722213674] - C:\Program Files (x86)\EaseUS
[26/05/2015 19:59:43] - |D| - [8831286] - C:\Program Files (x86)\FamilySearch
[09/01/2014 22:39:47] - |D| - [175834910] - C:\Program Files (x86)\Foxit Software
[09/12/2015 19:17:57] - |D| - [11048903] - C:\Program Files (x86)\Geeks3D
[18/12/2013 14:27:55] - |D| - [517989752] - C:\Program Files (x86)\Google
[09/12/2015 19:15:09] - |D| - [1924066] - C:\Program Files (x86)\GPU-Z
[04/02/2014 13:39:30] - |AD| - [7520225] - C:\Program Files (x86)\HexEdit
[18/01/2014 12:41:57] - |D| - [33077318] - C:\Program Files (x86)\Incline Software
[26/11/2014 21:28:07] - |AD| - [37215033976] - C:\Program Files (x86)\Inquisition
[18/01/2014 12:42:30] - |HD| - [30331595] - C:\Program Files (x86)\InstallShield Installation Information
[16/07/2016 12:47:48] - |D| - [1988467] - C:\Program Files (x86)\Internet Explorer
[22/02/2014 10:18:04] - |D| - [0] - C:\Program Files (x86)\iolo
[19/12/2013 15:14:10] - |D| - [164989821] - C:\Program Files (x86)\Java
[08/02/2014 00:28:54] - |D| - [835742] - C:\Program Files (x86)\Jufsoft
[13/08/2015 21:22:58] - |D| - [258622927] - C:\Program Files (x86)\Kaspersky Lab
[18/12/2013 17:52:09] - |AD| - [5708017] - C:\Program Files (x86)\KeePass Password Safe 2
[16/06/2014 19:52:05] - |D| - [0] - C:\Program Files (x86)\Kingsoft
[05/11/2015 15:36:39] - |D| - [410322] - C:\Program Files (x86)\Lexars Bootit
[25/05/2017 08:19:49] - |AD| - [413069045] - C:\Program Files (x86)\LibreOffice 5
[12/11/2015 16:24:52] - |D| - [38884251] - C:\Program Files (x86)\Logitech
[23/05/2014 12:34:15] - |D| - [2530872] - C:\Program Files (x86)\MarkAny
[18/12/2013 13:32:27] - |AD| - [208979] - C:\Program Files (x86)\Microsoft ActiveSync
[16/02/2015 09:47:37] - |D| - [1670519] - C:\Program Files (x86)\Microsoft ASP.NET
[18/12/2013 13:31:33] - |AD| - [367688133] - C:\Program Files (x86)\Microsoft Office
[13/08/2015 00:13:57] - |AD| - [42884494] - C:\Program Files (x86)\Microsoft Silverlight
[18/12/2013 13:32:11] - |D| - [14904] - C:\Program Files (x86)\Microsoft Visual Studio
[18/12/2013 13:32:13] - |D| - [4368271] - C:\Program Files (x86)\Microsoft Works
[16/07/2016 12:47:48] - |D| - [339327] - C:\Program Files (x86)\Microsoft.NET
[22/01/2014 23:33:09] - |AD| - [100401293] - C:\Program Files (x86)\MOBILedit!
[14/06/2017 21:20:52] - |AD| - [93006146] - C:\Program Files (x86)\Mozilla Firefox
[18/12/2013 20:20:16] - |D| - [306087] - C:\Program Files (x86)\Mozilla Maintenance Service
[08/02/2017 20:57:26] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[12/05/2014 12:38:46] - |D| - [39692586] - C:\Program Files (x86)\MSECache
[28/04/2016 18:37:23] - |D| - [42171161] - C:\Program Files (x86)\MSI Afterburner
[30/08/2016 09:26:43] - |AD| - [80537100] - C:\Program Files (x86)\MyDrive Connect
[25/04/2015 10:27:23] - |D| - [978278] - C:\Program Files (x86)\NEC Electronics
[31/12/2014 10:21:27] - |D| - [20252848] - C:\Program Files (x86)\NETGEAR
[17/04/2017 21:14:00] - |D| - [145738] - C:\Program Files (x86)\NirSoft
[19/12/2013 21:50:57] - |D| - [16034519] - C:\Program Files (x86)\Notepad++
[27/04/2017 16:27:34] - |D| - [212257324] - C:\Program Files (x86)\NVIDIA Corporation
[05/05/2017 12:16:07] - |D| - [91986961] - C:\Program Files (x86)\OCCTPT
[27/01/2015 19:20:25] - |AD| - [326123325] - C:\Program Files (x86)\OpenOffice 4
[26/11/2014 21:34:43] - |D| - [9092813] - C:\Program Files (x86)\Origin Games
[22/07/2016 21:46:03] - |AD| - [1407301] - C:\Program Files (x86)\Paint XP
[22/07/2016 10:11:39] - |D| - [5564722] - C:\Program Files (x86)\Plan Maker
[24/08/2014 12:21:00] - |AD| - [17492624] - C:\Program Files (x86)\RarmaRadio
[08/02/2017 20:57:26] - |D| - [36962049] - C:\Program Files (x86)\Reference Assemblies
[28/04/2016 18:38:05] - |D| - [56892070] - C:\Program Files (x86)\RivaTuner Statistics Server
[23/05/2014 09:01:19] - |D| - [257909785] - C:\Program Files (x86)\Samsung
[23/01/2016 12:30:18] - |D| - [1852984] - C:\Program Files (x86)\Singing Tutor
[18/12/2014 22:59:21] - |RD| - [46215968] - C:\Program Files (x86)\Skype
[18/12/2013 17:38:32] - |D| - [9438704] - C:\Program Files (x86)\SpeedFan
[25/10/2016 13:36:35] - |AD| - [26689334] - C:\Program Files (x86)\SQLite Forensic Explorer
[19/12/2013 12:30:16] - |D| - [18149296] - C:\Program Files (x86)\SteelSoft
[24/08/2014 12:13:23] - |AD| - [7069580] - C:\Program Files (x86)\streamWriter
[20/02/2014 00:13:56] - |D| - [2118975] - C:\Program Files (x86)\Synkronizer 9.1
[22/02/2014 12:57:17] - |AD| - [13703788] - C:\Program Files (x86)\SysInfoTools PST Merge x32(Demo) v3.0
[17/06/2015 08:51:08] - |AD| - [645193] - C:\Program Files (x86)\SystemRequirementsLab
[17/02/2014 09:44:31] - |AD| - [94632805] - C:\Program Files (x86)\TeamViewer
[22/11/2016 11:25:56] - |D| - [951709] - C:\Program Files (x86)\thinkbroadband.com
[30/08/2016 09:27:02] - |D| - [22486] - C:\Program Files (x86)\TomTom International B.V
[26/02/2014 09:48:18] - |AD| - [5876396] - C:\Program Files (x86)\Unchecky
[09/12/2015 19:52:13] - |D| - [765865529] - C:\Program Files (x86)\Unigine
[08/02/2017 13:13:02] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[16/03/2014 14:20:49] - |AD| - [844256] - C:\Program Files (x86)\UnstopCpy
[27/05/2014 15:48:21] - |D| - [11900823] - C:\Program Files (x86)\USB 3G Super GSM Reader II v2.8.10
[18/12/2013 17:57:44] - |D| - [133553011] - C:\Program Files (x86)\VideoLAN
[07/01/2014 18:51:03] - |AD| - [179849] - C:\Program Files (x86)\Visual Subst
[27/04/2017 16:32:33] - |D| - [833354] - C:\Program Files (x86)\VulkanRT
[16/07/2016 12:47:48] - |D| - [1922560] - C:\Program Files (x86)\Windows Defender
[16/07/2016 12:47:48] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail
[16/07/2016 12:47:48] - |D| - [3264664] - C:\Program Files (x86)\Windows Media Player
[16/07/2016 12:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform
[16/07/2016 12:47:48] - |D| - [7466690] - C:\Program Files (x86)\Windows NT
[16/07/2016 12:47:48] - |D| - [5418176] - C:\Program Files (x86)\Windows Photo Viewer
[16/07/2016 12:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices
[16/07/2016 12:47:48] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[16/07/2016 12:47:48] - |D| - [2160901] - C:\Program Files (x86)\WindowsPowerShell
[31/05/2017 18:19:52] - |D| - [27216675] - C:\Program Files (x86)\WinISO
[18/12/2013 22:31:55] - |D| - [88979] - C:\Program Files (x86)\xdate
[24/06/2017 12:59:20] - |AD| - [18403825] - C:\Program Files (x86)\Zemana AntiMalware
[24/06/2017 12:40:47] - |AD| - [7233255] - C:\Program Files (x86)\ZHPFix

---------- | C:\Program Files

[31/01/2014 23:47:43] - |AD| - [7333437] - C:\Program Files\Adblock Plus for IE
[04/02/2017 12:18:48] - |D| - [10511564] - C:\Program Files\AutoHotkey
[08/01/2016 11:04:37] - |AD| - [18324752] - C:\Program Files\CCleaner
[16/07/2016 07:04:24] - |D| - [86587872] - C:\Program Files\Common Files
[22/01/2014 23:37:27] - |AD| - [10101834] - C:\Program Files\Compiled Driver Disk (Nokia)
[22/01/2014 23:38:06] - |AD| - [37218608] - C:\Program Files\Compiled Driver Disk (Samsung)
[02/02/2016 19:23:18] - |D| - [39438311] - C:\Program Files\CSR
[18/12/2013 18:19:11] - |AD| - [13615776] - C:\Program Files\Defraggler
[16/07/2016 12:47:50] - |ASH| - [174] - C:\Program Files\desktop.ini
[13/08/2015 22:44:12] - |D| - [159811] - C:\Program Files\DIPS64
[14/07/2009 06:32:38] - |D| - [0] - C:\Program Files\DVD Maker
[22/07/2016 21:05:24] - |D| - [551334997] - C:\Program Files\FreeCAD 0.16
[17/01/2014 18:27:46] - |D| - [39979197] - C:\Program Files\FreeFileSync
[29/05/2015 12:28:37] - |AD| - [326761803] - C:\Program Files\GIMP 2
[22/01/2016 11:40:47] - |D| - [37529530] - C:\Program Files\GoldWave
[19/12/2013 20:12:58] - |D| - [0] - C:\Program Files\Google
[16/07/2016 12:47:47] - |D| - [2581342] - C:\Program Files\Internet Explorer
[19/12/2013 18:14:22] - |D| - [39490002] - C:\Program Files\Logitech
[24/06/2017 11:47:21] - |D| - [137639400] - C:\Program Files\Malwarebytes
[14/07/2009 06:32:38] - |D| - [184] - C:\Program Files\Microsoft Games
[24/05/2014 11:13:42] - |AD| - [3731586] - C:\Program Files\Microsoft Mouse and Keyboard Center
[13/08/2015 00:13:57] - |AD| - [55714702] - C:\Program Files\Microsoft Silverlight
[13/03/2015 19:57:56] - |D| - [303645] - C:\Program Files\Mod Manager DAII
[08/02/2017 20:57:26] - |D| - [25757] - C:\Program Files\MSBuild
[28/04/2016 18:39:19] - |AD| - [54719671] - C:\Program Files\MSI Kombustor 3
[22/02/2014 15:42:53] - |AD| - [3470951] - C:\Program Files\MyDefrag v4.3.1
[27/04/2017 16:21:26] - |D| - [766323593] - C:\Program Files\NVIDIA Corporation
[22/01/2014 23:37:23] - |AD| - [19129768] - C:\Program Files\Phone Drivers Downloader
[18/12/2013 18:19:41] - |AD| - [10928904] - C:\Program Files\Recuva
[08/02/2017 20:57:26] - |D| - [34621097] - C:\Program Files\Reference Assemblies
[24/06/2017 08:55:28] - |AD| - [83171149] - C:\Program Files\RogueKiller
[21/01/2016 21:43:32] - |D| - [3525671] - C:\Program Files\Scarlett
[08/01/2016 11:06:07] - |AD| - [15197840] - C:\Program Files\Speccy
[18/12/2013 14:27:37] - |AD| - [384] - C:\Program Files\SUPERAntiSpyware
[05/02/2016 19:33:42] - |D| - [13445203] - C:\Program Files\TextPad 7
[18/01/2014 12:42:14] - |D| - [18390314] - C:\Program Files\Tracker Software
[14/07/2009 06:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information
[06/02/2016 14:17:32] - |D| - [12352] - C:\Program Files\Unlocker
[17/06/2017 08:27:20] - |AD| - [6450444] - C:\Program Files\UNP
[12/11/2016 10:30:34] - |D| - [22247879] - C:\Program Files\VS Revo Group
[17/04/2017 21:09:37] - |AD| - [13492726] - C:\Program Files\WhoCrashed
[16/07/2016 12:47:47] - |RD| - [14859418] - C:\Program Files\Windows Defender
[16/07/2016 15:29:36] - |D| - [6281288] - C:\Program Files\Windows Defender Advanced Threat Protection
[16/07/2016 12:47:47] - |D| - [6181888] - C:\Program Files\Windows Mail
[16/07/2016 12:47:47] - |D| - [4971196] - C:\Program Files\Windows Media Player
[16/07/2016 12:47:47] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform
[16/07/2016 12:47:47] - |D| - [7730370] - C:\Program Files\Windows NT
[16/07/2016 12:47:47] - |D| - [6216896] - C:\Program Files\Windows Photo Viewer
[16/07/2016 12:47:47] - |D| - [37784] - C:\Program Files\Windows Portable Devices
[16/07/2016 12:47:47] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[16/07/2016 12:47:47] - |HD| - [1830365683] - C:\Program Files\WindowsApps
[16/07/2016 12:47:47] - |D| - [2408113] - C:\Program Files\WindowsPowerShell
[18/12/2013 18:09:49] - |D| - [1393696] - C:\Program Files\WinImage
[18/12/2013 18:38:43] - |AD| - [5760676] - C:\Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[18/12/2013 21:31:10] - |D| - [1401416] - C:\Program Files (x86)\Common Files\BioWare
[18/12/2013 13:32:14] - |AD| - [86016] - C:\Program Files (x86)\Common Files\DESIGNER
[26/11/2014 22:22:31] - |HD| - [6365606] - C:\Program Files (x86)\Common Files\EAInstaller
[18/01/2014 12:40:44] - |D| - [2863093] - C:\Program Files (x86)\Common Files\InstallShield
[08/03/2017 22:58:43] - |D| - [1941064] - C:\Program Files (x86)\Common Files\Java
[18/12/2013 13:32:36] - |AD| - [2742349] - C:\Program Files (x86)\Common Files\L&H
[12/11/2015 16:24:52] - |AD| - [90453739] - C:\Program Files (x86)\Common Files\LogiShrd
[16/07/2016 12:47:48] - |AD| - [216992359] - C:\Program Files (x86)\Common Files\Microsoft Shared
[16/07/2016 12:47:48] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[18/12/2014 22:59:21] - |AD| - [2399872] - C:\Program Files (x86)\Common Files\Skype
[08/02/2017 13:21:32] - |D| - [112931322] - C:\Program Files (x86)\Common Files\SpeechEngines
[16/07/2016 12:47:48] - |AD| - [23976039] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[24/09/2016 09:35:31] - |D| - [1838934] - C:\Program Files\Common files\AV
[05/11/2015 18:35:32] - |D| - [317262] - C:\Program Files\Common files\Canon
[19/12/2013 18:14:20] - |D| - [32604503] - C:\Program Files\Common files\Logishrd
[16/07/2016 12:47:47] - |D| - [38515148] - C:\Program Files\Common files\microsoft shared
[21/01/2016 22:13:33] - |D| - [2507776] - C:\Program Files\Common files\Propellerhead Software
[16/07/2016 12:47:47] - |D| - [2702] - C:\Program Files\Common files\Services
[08/02/2017 13:21:22] - |D| - [599040] - C:\Program Files\Common files\SpeechEngines
[16/07/2016 12:47:47] - |D| - [10202507] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.FBC8C23E3E51EB0E3F65BA359CD7329C] - [29/03/2017 11:26:58] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [08/02/2017 13:39:27] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.B4D1A0421FA7212A1E146AB5E265AB0D] - [08/02/2017 13:39:24] - |A| - [2214] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.DAEFA83125A10F21BC32C5DB2C80DA4D] - [29/03/2017 11:24:02] - |A| - [3638] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask : C:\WINDOWS\Explorer.EXE
[MD5.00000000000000000000000000000000] - [08/02/2017 13:39:24] - |D| - [0] - C:\WINDOWS\System32\Tasks\Event Viewer Tasks
[MD5.5DE9B53B9C48585E231D269A4249D796] - [08/02/2017 13:39:24] - |A| - [3292] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.3FB6966F68CF899ED3675B9E7058F892] - [08/02/2017 13:39:24] - |A| - [3416] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.A7EA2DECBC686478698CE2D82BA1DFAB] - [27/04/2017 15:08:27] - |A| - [3240] - C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} : C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
[MD5.00000000000000000000000000000000] - [16/07/2016 12:47:48] - |D| - [565664] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.53A3F11431FBED3238FC439E869EC671] - [08/02/2017 13:39:27] - |A| - [2338] - C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe : c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
[MD5.B48355E16E731879C96C392CC762D2BA] - [08/02/2017 13:39:27] - |A| - [2336] - C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe : c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
[MD5.C885D4290D6E8E2175FC7B510F5D4AB3] - [08/02/2017 13:39:27] - |A| - [2364] - C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe : c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
[MD5.445A75E51DC8C62D7457484FAB6BF42E] - [08/02/2017 13:39:27] - |A| - [2378] - C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe : c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
[MD5.44E6DD1AF37E8CAA657E6A3BFF5DE249] - [08/02/2017 13:39:27] - |A| - [2376] - C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe : c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
[MD5.989135CDF197C40C6314B689BEA16542] - [08/02/2017 13:39:27] - |A| - [2766] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.5497D3D0130D15239E8A00E4BD5A1EF1] - [08/02/2017 13:39:27] - |A| - [3286] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9CCE1708-B600-4932-8034-8692F7D4C5A2} : C:\Windows\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [08/02/2017 13:39:27] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD
[MD5.BED8D0E2120FDF3DC9FE513933C0D04C] - [08/02/2017 13:39:27] - |A| - [2354] - C:\WINDOWS\System32\Tasks\{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972} : C:\WINDOWS\system32\pcalua.exe
[MD5.00000000000000000000000000000000] - [16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
"Netlogon-NamedPipe-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"MDNS-In-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"MDNS-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"IIS-WebServerRole-HTTP-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30500|Desc=@%windir%\system32\inetsrv\iisres.dll,-30510|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30501|
"IIS-WebServerRole-HTTPS-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=443|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30502|Desc=@%windir%\system32\inetsrv\iisres.dll,-30512|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30503|
"WCF-NetTcpActivator-In-TCP-64bit"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=808|Svc=NetTcpActivator|Name=@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll,-2000|Desc=@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll,-2001|EmbedCtxt=@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll,-2002|
"{17E47875-A1C1-4C9A-AE33-26D584C4A7C3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=EaseUS_SMART|
"{E85CCD5C-1CC4-4745-99BF-4E238946677C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=EaseUS_SMART|
"{C1596A42-12A7-45FA-9919-5E2ABEAA7470}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=Local TodoBackupService.exe|
"{419076E2-FF0C-4827-9342-C742D8AA63E0}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=Local TodoBackupService.exe|
"{99D896C1-7438-45BB-8EDE-A82D2858B9E5}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe|Name=Local TBConsoleUI.exe|
"{C0E15C5E-D477-479A-BA1F-23C0F91E2D96}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe|Name=Local TBConsoleUI.exe|
"{1B48C320-9F45-4BCD-914D-99A362B13783}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe|Name=TbService.exe|
"{CCBB0F63-804D-45F1-86A8-EC31606A2273}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe|Name=TbService.exe|
"{028DB6EA-34B2-4575-B5FE-EE156DE9CFCC}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{592A5094-6B4A-4F09-8E91-C95D49FD002F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name='Firefox' (C:\Program Files (x86)\Mozilla Firefox)|
"{979EED3B-D279-46D0-92F0-042EAF9BA7D6}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name='Firefox' (C:\Program Files (x86)\Mozilla Firefox)|
"{70331B05-7BA1-4FA3-95AD-07DD13F82DCB}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Games\Dragon Age 2\bin_ship\DragonAge2.exe|Name=Dragon Age™ II|
"{4D0BE842-1C7A-4A6B-AC18-D093FDC28518}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Games\Dragon Age 2\bin_ship\DragonAge2.exe|Name=Dragon Age™ II|
"{E992101C-F4E5-45B0-9B0E-6C438E2CAE4C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)|
"{EB4CF5C1-B1BA-4557-BDFF-877E13CC19C1}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)|
"{94501EC9-BCDC-4534-9C22-CA351CAA494A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Games\Dragon Age 2\DragonAge2Launcher.exe|Name=Dragon Age II Launcher|
"{D2D8E18A-815B-4542-8583-C497179E642C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Games\Dragon Age 2\DragonAge2Launcher.exe|Name=Dragon Age II Launcher|
"{0FF72E02-15D7-4073-B40E-F9DF24DFE21F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Games\Dragon Age 2\bin_ship\DragonAge2.exe|Name=Dragon Age II|
"{8C7031AA-9C68-48DC-ABC9-06BC705BB730}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Games\Dragon Age 2\bin_ship\DragonAge2.exe|Name=Dragon Age II|
"{0B64A595-CED5-48EC-9C84-85512F6DB548}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe|Name=Dragon Age Origins Updater|
"{DA6C2BCC-B80A-4FD0-8F35-44B4617876FE}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe|Name=Dragon Age Origins Updater|
"{FCEA842D-C6CB-4875-AA23-7D75A352AFE5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Skype\Phone\Skype.exe|Name=Skype|
"{A740F33F-BBFD-4024-849E-72ECB37800E2}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002|
"{A2FCADF7-018C-42EF-BAEC-EB6DBB0D4629}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe|Name=Dragon Age Origins Updater|
"{5FD29ACB-0560-4812-9B46-A087982988F2}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe|Name=Dragon Age Origins Updater|
"{60118917-38F7-4539-A32C-D9F4E3566CAD}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Games\Dragon Age\DAOriginsLauncher.exe|Name=Dragon Age Origins Launcher|
"{0E3D01D5-D97E-47C7-886E-3F0761DF8A65}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Games\Dragon Age\DAOriginsLauncher.exe|Name=Dragon Age Origins Launcher|
"{9AD07DDA-B17B-4224-9708-915E495F0ED6}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Games\Dragon Age\bin_ship\daorigins.exe|Name=Dragon Age Origins Game|
"{A4A424A3-60E1-488C-A7DF-CDF31E090845}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Games\Dragon Age\bin_ship\daorigins.exe|Name=Dragon Age Origins Game|
"{84215F7C-B1F6-45B5-B789-55CA7CC9802E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{EEDBE52F-F485-4842-A15B-2473DB31C44A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{4E7A5678-7753-49F2-9EC5-A115F1229AC8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Inquisition\Dragon Age Inquisition\DragonAgeInquisition.exe|Name=Dragon Age™: Inquisition (x64)|
"{8F8AEF4E-37A1-4D83-9675-47A938FA4637}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Inquisition\Dragon Age Inquisition\DragonAgeInquisition.exe|Name=Dragon Age™: Inquisition (x64)|
"{25815136-C285-4C08-B605-5C4946A1440A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Gary\AppData\Local\Chromium\Application\chrome.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=Chromium|
"{D0D4083E-0295-43D7-9F2F-703AFBAE1FDD}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{537867F1-9DCD-48C5-ACE8-66F24842BC0B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ|
"DeliveryOptimization-TCP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"{5E41A288-57DC-4329-B19E-B5251FB6C465}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{18130995-564B-471C-9005-8689D8CACE95}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{E8C4730A-A799-49DB-856C-6A380C4B607F}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{0029B609-F6E7-4C2B-A577-8B316AC038EE}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{5C1A6DDB-B9B5-4198-9A7D-514C01EC9587}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{51983114-8C37-44B0-A13D-B7F4811D3799}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{371DCB26-06D2-4BA3-A0AD-79D523EB6ACB}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{47CCE595-C8A8-478C-B298-03EEB26FBF01}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{D1D2E891-9A4A-4E17-B5CB-4FAEBAD86597}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{66AF85DD-83B9-46AC-BC4F-BA3051E10375}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{54056FB5-9843-4740-B595-E52A7C530288}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|
"{2916BA92-25C5-43AA-AD78-42507D53BE90}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|
"{B0BC937A-D360-4E00-AA7A-20412D1FBD6E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|
"{F8C7398D-109D-4A5B-9180-398FB37E3FDB}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{B9891EE4-2F41-41E3-B9B0-B4CA9AD2343A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ|
"{AA9DAC08-92CB-46A7-A155-386517ACF475}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{BA956CC2-C60C-428D-9911-90705EA0834F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3536061241-6043831-2542719734-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{091BC97E-2352-4362-A539-10A6D8FF7596}] : (RDPDR) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem39.inf,%ClassName%;SAMSUNG Android Phone
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{473a6b1d-3407-400e-b91a-f991c5a39dc3}] : (Bluetooth) [] -> @oem4.inf,%ClassName%;Bluetooth Radios
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4f919108-4adf-11d5-882d-00b0d02fe381}] : (Wireless Communication Devices) [] -> @oem61.inf,%WMCClassName%;Wireless Communication Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{57465043-616c-6c6f-7574-5f636c617373}] : (WFPCALLOUTS) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}] : (dtsoftbus01) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CC41EBA2-AB57-4F4E-8C3D-1BC33B1E74E3}] : (RDPDR) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem40.inf,%ClassName%;ADB Interface
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[27/04/2017 15:14:13] - (1.12.3.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Monitor) - C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys
[10/06/2016 06:41:26] - (4.0.74.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\WINDOWS\system32\DRIVERS\cm_km.sys
[07/06/2016 23:33:14] - (12.0.0.6) - (AO Kaspersky Lab - Backup Disk Filter [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys
[27/04/2017 15:14:14] - (10.6.1.0) - (AO Kaspersky Lab - Kaspersky Lab Boot Guard Driver) - C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys
[02/06/2016 03:43:38] - (6.8.0.67) - (AO Kaspersky Lab - Kaspersky Unified Driver) - C:\WINDOWS\system32\DRIVERS\kl1.sys
[19/12/2016 23:31:42] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\EUBKMON.sys
[19/12/2016 23:31:45] - (1.0.1.0) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver) - C:\WINDOWS\system32\drivers\eubakup.sys
[18/12/2013 20:25:39] - (4.47.1.282) - (Disc Soft Ltd - DAEMON Tools Virtual Bus Driver) - C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[27/04/2017 15:06:50] - (12.0.120.62) - (AO Kaspersky Lab - klhk [fre_win8_x64]) - C:\WINDOWS\System32\drivers\klhk.sys
[15/06/2016 00:23:44] - (12.0.0.8) - (AO Kaspersky Lab - Backup File Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klbackupflt.sys
[27/04/2017 15:06:50] - (12.0.31.0) - (AO Kaspersky Lab - Filter Core [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klflt.sys
[27/04/2017 15:06:50] - (12.0.217.0) - (AO Kaspersky Lab - Core System Interceptors [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klif.sys
[31/05/2016 23:31:20] - (12.0.0.6) - (AO Kaspersky Lab - Format Recognizer [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\klpd.sys
[18/06/2016 01:36:24] - (12.0.0.11) - (AO Kaspersky Lab - WFP Network Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klwfp.sys
[29/03/2017 03:21:00] - (13.0.0.8) - (AO Kaspersky Lab - Packet Network Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klim6.sys
[29/03/2017 03:21:00] - (12.0.0.39) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klwtp.sys
[24/06/2017 12:59:24] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\WINDOWS\System32\drivers\zamguard64.sys
[24/06/2017 12:59:24] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\WINDOWS\System32\drivers\zam64.sys
[14/06/2016 17:47:52] - (12.0.0.22) - (AO Kaspersky Lab - Network Processor [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\kneps.sys
[19/12/2016 23:31:45] - (1.0.0.1) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver) - C:\WINDOWS\system32\drivers\EuFdDisk.sys
[19/12/2016 23:31:45] - (1.2.0.1) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver) - C:\WINDOWS\system32\drivers\eudskacs.sys
[08/07/2014 21:42:14] - (0.0.0.0) - ( -) - C:\WINDOWS\SysWow64\drivers\AsIO.sys
[07/06/2016 01:31:06] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\WINDOWS\System32\drivers\kltap.sys
[27/04/2017 16:25:59] - (21.21.13.7872) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 378.72) - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0c385245f4e4f578\nvlddmkm.sys
[16/07/2016 12:41:53] - (12.10.13.3) - (Marvell - NDIS6.30 Miniport Driver for Marvell Yukon Ethernet Controller) - C:\WINDOWS\System32\drivers\yk63x64.sys
[17/05/2013 12:13:26] - (1043.6.0.0) - ( - ATK0110 ACPI Utility) - C:\WINDOWS\system32\DRIVERS\ASACPI.sys
[19/05/2016 00:57:36] - (12.0.0.1) - (AO Kaspersky Lab - Keyboard Device Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
[07/06/2015 01:52:56] - (10.0.0.11) - (Kaspersky Lab ZAO - Mouse Device Filter [fre_win8_x64]) - C:\WINDOWS\system32\DRIVERS\klmouflt.sys
[17/06/2017 08:18:07] - (5.1.2.252) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\WINDOWS\System32\ATMFD.DLL
[31/05/2016 23:24:06] - (12.0.0.1) - (AO Kaspersky Lab - Virtual Disk [fre_wnet_x64]) - C:\WINDOWS\system32\DRIVERS\kldisk.sys
[29/12/2012 21:59:38] - (2.3.11.0) - (Almico Software - SpeedFan x64 Driver) - C:\WINDOWS\SysWOW64\speedfan.sys
[31/05/2017 18:19:55] - (3.6.0.0) - (WinISO.com - WinISO Virtual CD Drive) - C:\WINDOWS\system32\drivers\WinisoCDBus.sys
[27/04/2017 15:09:32] - (0.0.0.46) - (AO Kaspersky Lab - Kernel heuristics engine) - C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys
[27/04/2017 15:14:13] - (5.12.3.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Engine) - C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys
[27/04/2017 15:15:25] - (3.6.1.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit) - C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) -> system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EUBAKUP (EUBAKUP) -> system32\drivers\eubakup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - EUBKMON (EUBKMON) -> system32\drivers\EUBKMON.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - kl1 (kl1) -> system32\DRIVERS\kl1.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) -> system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - klelam (klelam) -> system32\DRIVERS\klelam.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - klupd_klif_arkmon () -> System32\Drivers\klupd_klif_arkmon.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - klupd_klif_klbg () -> System32\Drivers\klupd_klif_klbg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - dtsoftbus01 (@oem102.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver) -> \SystemRoot\System32\drivers\dtsoftbus01.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - EUDSKACS (EUDSKACS) -> \??\C:\WINDOWS\system32\drivers\eudskacs.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - EUFDDISK (EUFDDISK) -> \??\C:\WINDOWS\system32\drivers\EuFdDisk.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) -> system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klhk (@oem33.inf,%klhkDisplayName%;Kaspersky Lab service driver) -> \SystemRoot\System32\drivers\klhk.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) -> system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - KLIM6 (@oem3.inf,%KLIM6_Desc%;Kaspersky Anti-Virus NDIS 6 Filter) -> \SystemRoot\system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) -> system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klwfp (klwfp) -> \SystemRoot\system32\DRIVERS\klwfp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Klwtp (KLwtp - WFP callout traffic inspector) -> \SystemRoot\system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - kneps (kneps) -> \SystemRoot\system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM (ZAM Helper Driver) -> \??\C:\WINDOWS\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) -> \??\C:\WINDOWS\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - kldisk (kldisk) -> \SystemRoot\system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - speedfan (speedfan) -> \??\C:\WINDOWS\SysWOW64\speedfan.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - WinisoCDBus (WinISO Virtual CD Drive) -> system32\drivers\WinisoCDBus.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.78488AF2AB2111D67B3C4044707A519B] - [12/04/2016 10:35:37] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [187.71 Ko] - (0.3.0.4) - C:\WINDOWS\System32\Drivers\1089229B.sys
[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - [08/07/2014 21:42:04] - (.-.) - [9.98 Ko] - (0.0.0.0) - C:\WINDOWS\Syswow64\Drivers\AsInsHelp32.sys
[MD5.EDAA17CE771C696655B6585F7CAD2100] - [08/07/2014 21:42:04] - (.-.) - [11.55 Ko] - (0.0.0.0) - C:\WINDOWS\Syswow64\Drivers\AsInsHelp64.sys
[MD5.68726474C69B738EAC3A62E06B33ADDC] - [08/07/2014 21:42:14] - (.-.) - [13.05 Ko] - (0.0.0.0) - C:\WINDOWS\Syswow64\Drivers\AsIO.sys
[MD5.524D8D450622DB4A7875B111C299A76B] - [11/08/2015 16:19:05] - (.Zaitsev Oleg, Copyright (C) 2004-2006 - AVZ Driver.) - [7 Ko] - (1.2.0.0) - C:\WINDOWS\Syswow64\Drivers\utm2odcz.sys

---------- | Uninstall

[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Chromium] : (Chromium.-.Chromium) -> "C:\Users\Gary\AppData\Local\Chromium\Application\51.0.2683.0\Installer\setup.exe" --uninstall
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Dragon Age Redesigned©] : (Dragon Age Redesigned©.-.) -> C:\Users\Gary\Documents\BioWare\Dragon Age\packages\core\override\Uninstall Recommended settings.exe
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\f509cdacb248ec690d546778a66720c4] : (.-.) ->
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\RadioSure] : (RadioSure.-.) -> C:\Users\Gary\AppData\Local\RadioSure\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\8B3D7924-ED89-486B-8322-E8594065D5CB_is1] : (RogueKiller version 12.11.3.0.-.Adlice Software) -> "C:\Program Files\RogueKiller\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AutoHotkey] : (AutoHotkey 1.1.24.05.-.Lexikos) -> "C:\Program Files\AutoHotkey\AutoHotkey.exe" "C:\Program Files\AutoHotkey\Installer.ahk"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CANONIJINBOXADDON100] : (Canon Inkjet Printer Driver Add-On Module.-.) -> C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Defraggler] : (Defraggler.-.Piriform) -> "C:\Program Files\Defraggler\uninst.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Focusrite Scarlett Family Audio Driver_is1] : (Focusrite Scarlett Family Audio Driver 3.1.10.-.Focusrite Audio Engineering Limited.) -> "C:\Program Files\Scarlett\USB 2.0 Audio Driver\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\FreeCAD 0.16] : (FreeCAD 0.16 - A free open source CAD system.-.Juergen Riegel) -> "C:\Program Files\FreeCAD 0.16\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GIMP-2_is1] : (GIMP 2.8.20.-.The GIMP Team) -> "C:\Program Files\GIMP 2\uninst\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GoldWave v6.19] : (GoldWave v6.19.-.GoldWave Inc.) -> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v6.19" "C:\Program Files\GoldWave\unstall.log"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MyDefrag v4.3.1_is1] : (MyDefrag v4.3.1.-.J.C. Kessels) -> "C:\Program Files\MyDefrag v4.3.1\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PDF-XChange 3_is1] : (PDF-XChange 3.-.Tracker Software) -> "C:\Program Files\Tracker Software\PDF-XChange 3\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Recuva] : (Recuva.-.Piriform) -> "C:\Program Files\Recuva\uninst.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SolarApp] : (Logitech Solar App 1.10.-.Logitech) -> C:\Program Files\Common Files\LogiShrd\SolarApp_Uninstall\setup.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Speccy] : (Speccy.-.Piriform) -> "C:\Program Files\Speccy\uninst.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.39.1] : (Vulkan Run Time Libraries 1.0.39.1.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.39.1\UninstallVulkanRT.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WhoCrashed_is1] : (WhoCrashed 5.53.-.Resplendence Software Projects Sp.) -> "C:\Program Files\WhoCrashed\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinImage] : (WinImage.-.) -> "C:\Program Files\WinImage\winimage.exe" /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.01 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0F347A49-E36C-4639-8D2E-003AD408B8B2}] : (Adblock Plus for IE (32-bit and 64-bit).-.Eyeo GmbH) -> MsiExec.exe /X{0F347A49-E36C-4639-8D2E-003AD408B8B2}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.1.2.1733.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3DCF00F5-04A5-4543-A088-705480811205}_is1] : (Compiled Driver Disk (Nokia) 1.0.-.COMPELSON Labs) -> "C:\Program Files\Compiled Driver Disk (Nokia)\Setup\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3DCF00F5-04A5-4543-A088-705480811206}_is1] : (Compiled Driver Disk (Samsung) 1.0.-.COMPELSON Labs) -> "C:\Program Files\Compiled Driver Disk (Samsung)\Setup\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6A86F18E-5464-449D-A82D-667974747F38}] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9130C3A8-3BEA-4A24-88F9-50EFB036F999}] : (Ableton Live 9 Lite.-.Ableton) -> MsiExec.exe /X{9130C3A8-3BEA-4A24-88F9-50EFB036F999}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1] : (MSI Kombustor 3.5.1.-.MSI Co., LTD) -> "C:\Program Files\MSI Kombustor 3\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1] : (Revo Uninstaller 2.0.1.-.VS Revo Group, Ltd.) -> "C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) ->
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (NVIDIA Control Panel 378.72.-.NVIDIA Corporation) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Graphics Driver 378.72.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA PhysX System Software 9.16.0318.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) ->
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) ->
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}] : (Nokia Connectivity Cable Driver.-.) -> RUNDLL32.EXE ccdcmbwux64.dll,WuUninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BD290B7C-E023-4364-87D4-2B00DE2ED5A7}] : (TextPad 7.-.Helios) -> MsiExec.exe /X{BD290B7C-E023-4364-87D4-2B00DE2ED5A7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}_is1] : (Phone Drivers Downloader 1.1.-.COMPELSON Labs) -> "C:\Program Files\Phone Drivers Downloader\Setup\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CAF754D7-AD99-409B-A594-C63DB5A51BC2}] : (CSR Harmony Wireless Software Stack.-.Cambridge Silicon Radio Limited.) -> MsiExec.exe /X{CAF754D7-AD99-409B-A594-C63DB5A51BC2}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}] : (SAMSUNG USB Driver for Mobile Phones.-.SAMSUNG Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 26 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_Plugin.exe -maintain plugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Afterburner] : (MSI Afterburner 4.2.0.-.MSI Co., LTD) -> "C:\Program Files (x86)\MSI Afterburner\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Audacity_is1] : (Audacity 2.0.5.-.Audacity Team) -> "C:\Program Files (x86)\Audacity\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Audacity®_is1] : (Audacity 2.1.2.-.Audacity Team) -> "C:\Program Files (x86)\Audacity\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\BadCopy Pro] : (BadCopy Pro.-.) -> C:\PROGRA~2\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~2\Jufsoft\BadCopy\INSTALL.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Belarc Advisor] : (Belarc Advisor 8.4.-.Belarc Inc.) -> "C:\Program Files (x86)\Belarc\BelarcAdvisor\Uninstall.exe" "C:\Program Files (x86)\Belarc\BelarcAdvisor\INSTALL.LOG"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\BitMeterOS] : (BitMeter OS.-.) -> "C:\Program Files (x86)\Codebox\BitMeterOS\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Cheat Engine 6.4_is1] : (Cheat Engine 6.4.-.Cheat Engine) -> "C:\Program Files (x86)\Cheat Engine 6.4\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DAEMON Tools Lite] : (DAEMON Tools Lite.-.Disc Soft Ltd) -> C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DigiGuide TV Guide] : (DigiGuide TV Guide.-.GipsyMedia Limited) -> "C:\Program Files (x86)\DigiGuide TV Guide\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\dips64] : (Desktop Icon Position Saver (64-bit).-.) -> "C:\Program Files\DIPS64\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Dragon Age 2 - LEGACY 1.03] : (Dragon Age 2 - LEGACY 1.03.-.) -> C:\Games\Dragon Age 2\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EaseUS Data Recovery Wizard 7.0_is1] : (EaseUS Data Recovery Wizard 7.0.-.EaseUS) -> "C:\Program Files (x86)\EaseUS\EaseUS Data Recovery Wizard\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EaseUS Partition Master_is1] : (EaseUS Partition Master 11.9.-.EaseUS) -> "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EaseUS Todo Backup_is1] : (EaseUS Todo Backup Free 9.2.-.CHENGDU YIWO Tech Development Co., Ltd) -> "C:\Program Files (x86)\EaseUS\Todo Backup\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Foxit Reader_is1] : (Foxit Reader.-.Foxit Software Inc.) -> "C:\Program Files (x86)\Foxit Software\Foxit Reader\unins001.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FreeFileSync] : (FreeFileSync 6.1.-.Zenju) -> "C:\Program Files\FreeFileSync\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\setup.exe" --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Grey Olltwit's Plan Maker] : (Grey Olltwit's Plan Maker.-.) -> C:\PROGRAM FILES (X86)\Plan Maker\planmkrunin.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IconWorkshop] : (Axialis IconWorkshop 6.90.-.Axialis Software) -> C:\Program Files (x86)\Axialis\IconWorkshop\UnInstall.exe "IconWorkshop" "IconWorkshop.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}] : (Ancestral Quest Collaboration Support.-.Incline Software) -> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}] : (Samsung Kies.-.Samsung Electronics Co., Ltd.) -> "C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}] : (NEC Electronics USB 3.0 Host Controller Driver.-.NEC Electronics Corporation) -> "C:\Program Files (x86)\InstallShield Installation Information\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}\setup.exe" -runfromtemp -l0x0409 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{F5A3D0C9-DAE3-4FA0-935B-F02678079FCC}] : (Ancestral Quest 14.-.Incline Software, LC) -> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F5A3D0C9-DAE3-4FA0-935B-F02678079FCC}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{1CF84962-50F8-48CA-9082-B70F3A02C686} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (Kaspersky Total Security.-.Kaspersky Lab) -> MsiExec.exe /I{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\KeePassPasswordSafe2_is1] : (KeePass Password Safe 2.24.-.Dominik Reichl) -> "C:\Program Files (x86)\KeePass Password Safe 2\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 54.0 (x86 en-US)] : (Mozilla Firefox 54.0 (x86 en-US).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MyDriveConnect] : (TomTom MyDrive Connect 4.1.5.3181.-.TomTom) -> C:\Program Files (x86)\MyDrive Connect\Uninstall TomTom MyDrive Connect.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NirSoft BlueScreenView] : (NirSoft BlueScreenView.-.) -> "C:\Program Files (x86)\NirSoft\BlueScreenView\uninst.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Notepad++] : (Notepad++.-.Notepad++ Team) -> C:\Program Files (x86)\Notepad++\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OCCT] : (OCCT 4.5.0.-.Ocbase.com) -> C:\Program Files (x86)\OCCTPT\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Origin] : (Origin.-.Electronic Arts, Inc.) -> C:\Program Files (x86)\Inquisition\OriginUninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RarmaRadio_is1] : (RarmaRadio 2.69.1.-.RaimerSoft) -> "C:\Program Files (x86)\RarmaRadio\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RTSS] : (RivaTuner Statistics Server 6.4.1.-.Unwinder) -> "C:\Program Files (x86)\RivaTuner Statistics Server\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Singing Tutor] : (Singing Tutor.-.) -> C:\PROGRA~2\SINGIN~1\UNWISE.EXE C:\PROGRA~2\SINGIN~1\INSTALL.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SpeedFan] : (SpeedFan (remove only).-.) -> "C:\Program Files (x86)\SpeedFan\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ST6UNST #1] : (USB 3G Super GSM Reader II v2.8.10.-.) -> C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\USB 3G Super GSM Reader II v2.8.10\ST6UNST.LOG"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\streamWriter_is1] : (streamWriter.-.) -> "C:\Program Files (x86)\streamWriter\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TeamViewer] : (TeamViewer 12.-.TeamViewer) -> "C:\Program Files (x86)\TeamViewer\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TechPowerUp GPU-Z] : (TechPowerUp GPU-Z.-.TechPowerUp) -> "C:\Program Files (x86)\GPU-Z\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Unchecky] : (Unchecky v1.0.2.-.RaMMicHaeL) -> "C:\Program Files (x86)\Unchecky\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Unigine Heaven Benchmark (Basic Edition)_is1] : (Heaven Benchmark version 4.0.-.Unigine Corp.) -> "C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Unigine Valley Benchmark_is1] : (Unigine Valley Benchmark version 1.0.-.Unigine Corp.) -> "C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Visual Subst] : (Visual Subst.-.NTWind Software) -> C:\Program Files (x86)\Visual Subst\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WinISO] : (WinISO.-.WinISO Computing Inc.) -> "C:\Program Files (x86)\WinISO\uninst.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ZHPFix_is1] : (ZHPFix 2015.-.Nicolas Coolman) -> "C:\Program Files (x86)\ZHPFix\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{083EF76E-0760-4D7A-9508-0B88A3AF1889}] : (HexEdit.-.Expert Commercial Software Pty Ltd) -> MsiExec.exe /I{083EF76E-0760-4D7A-9508-0B88A3AF1889}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}] : (LWS Pictures And Video.-.Logitech) -> MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}] : (CameraHelperMsi.-.Logitech) -> MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}] : (LWS Help_main.-.Logitech) -> MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{174A3B31-4C43-43DD-866F-73C9DB887B48}] : (LWS Twitter.-.Logitech) -> MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A834332-A9EE-440C-9505-2D07F445F05A}] : (MOBILedit! Support Libraries.-.COMPELSON Labs) -> MsiExec.exe /I{1A834332-A9EE-440C-9505-2D07F445F05A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}] : (Cool & Quiet.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1CF84962-50F8-48CA-9082-B70F3A02C686}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{1CF84962-50F8-48CA-9082-B70F3A02C686}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1F13D8B2-94E1-4502-A922-737548AEEABB}] : (System Requirements Lab Detection.-.Husdawg, LLC) -> MsiExec.exe /X{1F13D8B2-94E1-4502-A922-737548AEEABB}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}] : (LWS YouTube Plugin.-.Logitech) -> MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1] : (Paint XP version 1.5.-.MSPAINTXP.COM) -> "C:\Program Files (x86)\Paint XP\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1] : (Geeks3D FurMark 1.19.0.0.-.Geeks3D) -> "C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] : (Skype™ 7.0.-.Skype Technologies S.A.) -> MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217060FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180121F0}] : (Java 8 Update 121.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180121F0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217051FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218066F0}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218071F0}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{278318E2-89F5-43A0-BC54-20E9302244F8}_is1] : (SysInfoTools PST Merge x32(Demo) v3.0.-.SysInfoTools) -> "C:\Program Files (x86)\SysInfoTools PST Merge x32(Demo) v3.0\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{32FD738E-D5C6-4F8A-9C93-278859948DD6}] : (SteelSoft Radio(Free Internet Radio).-.SteelSoft) -> MsiExec.exe /I{32FD738E-D5C6-4F8A-9C93-278859948DD6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}] : (erLT.-.Logitech, Inc.) -> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4412F224-3849-4461-A3E9-DEEF8D252790}] : (Visual Studio C++ 10.0 Runtime.-.TomTom International B.V.) -> MsiExec.exe /I{4412F224-3849-4461-A3E9-DEEF8D252790}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{47C1AE40-7ED8-4743-83C3-C76F76C754A9}_is1] : (CleanGenius 3.2.2.-.Amigabit, Inc.) -> "C:\Program Files (x86)\CleanGenius 3\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1] : (MOBILedit! ver. 7.5.3.4200.-.COMPELSON Labs) -> "C:\Program Files (x86)\MOBILedit!\Setup\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D565319-8B91-41CB-961C-0DDC86101AC5}] : (Dragon Age™ II.-.Electronic Arts) -> "C:\Program Files (x86)\Common Files\EAInstaller\Dragon Age 2\Cleanup.exe" uninstall_game -autologging
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}] : (Ancestral Quest Collaboration Support.-.Incline Software) -> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}] : (OpenOffice 4.1.2.-.Apache Software Foundation) -> MsiExec.exe /I{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{683E4F0D-5A86-48BC-BD93-4751849028A8}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}] : (LWS Gallery.-.Logitech) -> MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{70828B2E-C97B-4107-BE35-1273211919B5}_is1] : (SQLite Forensic Explorer version 2.0.-.Acquire Forensic) -> "C:\Program Files (x86)\SQLite Forensic Explorer\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}] : (LWS Motion Detection.-.Logitech) -> MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{758C8301-2696-4855-AF45-534B1200980A}] : (Samsung Kies.-.Samsung Electronics Co., Ltd.) -> MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}] : (LWS Launcher.-.Logitech) -> MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{86F2B095-3998-41D5-833D-1C5075300950}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}] : (LWS Webcam Software.-.Logitech) -> MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1] : (Zemana AntiMalware.-.Zemana Ltd.) -> "C:\Program Files (x86)\Zemana AntiMalware\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}] : (LWS WLM Plugin.-.Logitech) -> MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1] : (Roadkil's Unstoppable Copier Version 5.2.-.Roadkil.Net) -> "C:\Program Files (x86)\UnstopCpy\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AEC81925-9C76-4707-84A9-40696C613ED3}] : (Dragon Age: Origins.-.Electronic Arts, Inc.) -> C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C7C4A0C6-8483-4065-851D-CBE5DC17D046}] : (LibreOffice 5.3.3.2.-.The Document Foundation) -> MsiExec.exe /I{C7C4A0C6-8483-4065-851D-CBE5DC17D046}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D3580358-0F78-402A-BE53-2E9D06383E04}] : (NETGEAR WNA3100M N300 Wireless USB Adapter.-.NETGEAR) -> C:\Program Files (x86)\InstallShield Installation Information\{D3580358-0F78-402A-BE53-2E9D06383E04}\setup.exe -runfromtemp -l0x0009 -removeonly -PanelRemove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D40EB009-0499-459c-A8AF-C9C110766215}] : (Logitech Webcam Software.-.Logitech Inc.) -> "C:\Program Files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=ENU /guid="{D40EB009-0499-459c-A8AF-C9C110766215}"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}] : (NEC Electronics USB 3.0 Host Controller Driver.-.NEC Electronics Corporation) -> MsiExec.exe /I{D7BF9739-8A68-4335-BBEE-37752AD9E86B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D94A8E22-DF2B-4107-9E51-608A60A7671D}] : (Personal Ancestral File 5.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}] : (Dragon Age™: Inquisition.-.Electronic Arts) -> "C:\Program Files (x86)\Common Files\EAInstaller\Dragon Age Inquisition\Cleanup.exe" uninstall_game -autologging
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}] : (Kaspersky Total Security.-.Kaspersky Lab) -> MsiExec.exe /I{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F2E23139-3404-4E3C-9855-7724415D62A5}] : (Dragon Age II.-.Electronic Arts, Inc.) -> "C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age 2.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F5A3D0C9-DAE3-4FA0-935B-F02678079FCC}] : (Ancestral Quest 14.-.Incline Software, LC) -> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F5A3D0C9-DAE3-4FA0-935B-F02678079FCC}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F6430171-B86B-4639-839E-374913E7911D}] : (Google Earth.-.Google) -> MsiExec.exe /I{F6430171-B86B-4639-839E-374913E7911D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{fd97d1e2-368a-4cd9-af63-8eeff938044a}] : (Adblock Plus for IE.-.) -> "C:\ProgramData\Package Cache\{fd97d1e2-368a-4cd9-af63-8eeff938044a}\adblockplusie-1.1.exe" /uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}] : (LWS Facebook.-.Logitech) -> MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}

---------- | Ports


---------- | Installer

[HKCR\Installer\Products\00002109020090400000000000F01FEC] : Compatibility Pack for the 2007 Office system -> C:\Windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
[HKCR\Installer\Products\0AB19942EE0FDA44C98CE55CA0CE6F7B] : Skype™ 7.0 -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
[HKCR\Installer\Products\1038C85769625584FA5435B4210089A0] : Samsung Kies -> C:\Windows\Installer\{758C8301-2696-4855-AF45-534B1200980A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\10743651ECAB9444B8525176ADC8F93D] : CameraHelperMsi
[HKCR\Installer\Products\13B3A47134C4DD3468F6379CBD88B784] : LWS Twitter
[HKCR\Installer\Products\1710346FB68B936438E97394317E19D1] : Google Earth -> C:\WINDOWS\Installer\{F6430171-B86B-4639-839E-374913E7911D}\MainIcon.ico
[HKCR\Installer\Products\233438A1EE9AC0445950D2704F540FA5] : MOBILedit! Support Libraries -> C:\Windows\Installer\{1A834332-A9EE-440C-9505-2D07F445F05A}\_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\26948FC18F05AC8409287BF0A3206C68] : Kaspersky Secure Connection -> C:\WINDOWS\Installer\{1CF84962-50F8-48CA-9082-B70F3A02C686}\setup2.ico
[HKCR\Installer\Products\2B8D31F11E4920549A22375784EAAEBB] : System Requirements Lab Detection -> C:\Windows\Installer\{1F13D8B2-94E1-4502-A922-737548AEEABB}\icon.ico
[HKCR\Installer\Products\422F2144948316443A9EEDFED8527209] : Visual Studio C++ 10.0 Runtime
[HKCR\Installer\Products\472D7398182C4E24C8BD0A2BFD791998] : LWS Webcam Software
[HKCR\Installer\Products\4920FD12D9B61474BAF62BBABF2D83E7] : LWS YouTube Plugin
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110120F] : Java 8 Update 121 -> C:\Program Files (x86)\Java\jre1.8.0_121\\bin\javaws.exe
[HKCR\Installer\Products\591761FF4EE90C64C87DBF3A54E788BA] : LWS Facebook
[HKCR\Installer\Products\6C0A4C7C3848560458D1BC5ECD710D64] : LibreOffice 5.3.3.2 -> C:\WINDOWS\Installer\{C7C4A0C6-8483-4065-851D-CBE5DC17D046}\soffice.ico
[HKCR\Installer\Products\7CBCC2E4FBB67094A9333CBB77638636] : Ancestral Quest Collaboration Support -> C:\Windows\Installer\{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7D457FAC99DAB9045A496CD35B5AB12C] : CSR Harmony Wireless Software Stack -> C:\WINDOWS\Installer\{CAF754D7-AD99-409B-A594-C63DB5A51BC2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\89201680EA92B5443BD7FEEB50089276] : LWS Pictures And Video
[HKCR\Installer\Products\8A3C0319AEB342A4889F05FE0B639F99] : Ableton Live 9 Lite
[HKCR\Installer\Products\9002F3925410B0544BAA60D334BF63C8] : Windows 10 Update and Privacy Settings
[HKCR\Installer\Products\9379FB7D86A85334BBEE7357A29D8EB6] : NEC Electronics USB 3.0 Host Controller Driver -> C:\Windows\Installer\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
[HKCR\Installer\Products\94A743F0C63E9364D8E200A34D808B2B] : Adblock Plus for IE (32-bit and 64-bit) -> C:\Windows\Installer\{0F347A49-E36C-4639-8D2E-003AD408B8B2}\program_icon
[HKCR\Installer\Products\9C0D3A5F3EAD0AF439B50F628770F9CC] : Ancestral Quest 14 -> C:\Windows\Installer\{F5A3D0C9-DAE3-4FA0-935B-F02678079FCC}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\B67AEAD9F05E27245A5910428E6255D3] : LWS WLM Plugin
[HKCR\Installer\Products\B7D1B72E43B32A34F90C89825DFD642E] : Kaspersky Total Security -> C:\WINDOWS\Installer\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}\setup2.ico
[HKCR\Installer\Products\B8BC69E4E4443AE4E84F6260B0B014F1] : OpenOffice 4.1.2 -> C:\WINDOWS\Installer\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}\soffice.ico
[HKCR\Installer\Products\C3AF8C38AE4F4C6438293DEC5373836D] : LWS Launcher
[HKCR\Installer\Products\C3CE67F61B43E63479BF845CD8B7DEDC] : LWS Gallery
[HKCR\Installer\Products\C7B092DB320E4634784DB200EDE25D7A] : TextPad 7 -> C:\WINDOWS\Installer\{BD290B7C-E023-4364-87D4-2B00DE2ED5A7}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D139E7FE48CDB174D86B8A3385904547] :
[HKCR\Installer\Products\E6121561DA7E0524291ABFE86D31199C] : LWS Help_main
[HKCR\Installer\Products\E67FE3800670A7D45980B0883AFA8198] : HexEdit
[HKCR\Installer\Products\E837DF236C5DA8F4C93972889549D86D] : SteelSoft Radio(Free Internet Radio)
[HKCR\Installer\Products\F3D66E17900ABA447848572E18B94AAB] : LWS Motion Detection
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater

---------- | ADS

@C:\Program Files (x86)\Common Files\System:Win32App_1

---------- | Drives

Disk: 0 Size=954G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 07-NTFS 100M Yes No 2,048 204,800
1 1 07-NTFS 953G No No 206,848 952,393,216
2 2 27-UNKNWN 450M No No 952,600,064 921,600

---------- | MBR

Windows Version: Professional
Windows Information: (build 9200), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x03806fbc

Analysis of file "C:\QuickDiag\MBR.bin":
Windows 7 MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Faulting application name: nvxdsync.exe, version: 8.17.13.7872, time stamp: 0x58a53ec9
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f5b9
Faulting process id: 0x7ec
Faulting application start time: 0x01d2f12803e05298
Faulting application path: C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 71b44ae0-4a81-45a3-bcc0-54d716d6c5bd
Faulting package full name:
Faulting package-relative application ID:
------------

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.
------------

The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 8a0
Start Time: 01d2eceeb790da4f
Termination Time: 62
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: fb30976c-5ac0-11e7-abe4-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

------------

The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
------------

Faulting application name: nvxdsync.exe, version: 8.17.13.7872, time stamp: 0x58a53ec9
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f5b9
Faulting process id: 0x7a8
Faulting application start time: 0x01d2ecee0e30b208
Faulting application path: C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f4254337-2347-4184-88c9-9035d924634e
Faulting package full name:
Faulting package-relative application ID:
------------

The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 25ac
Start Time: 01d2ecea9a43c624
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 19adbf83-58de-11e7-abe3-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

------------

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet
------------

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.
------------

The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 23b8
Start Time: 01d2ecd5e601845d
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: a82dd1cb-58cf-11e7-abe2-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

------------

Faulting application name: nvxdsync.exe, version: 8.17.13.7872, time stamp: 0x58a53ec9
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f5b9
Faulting process id: 0x7c4
Faulting application start time: 0x01d2ecd551215d37
Faulting application path: C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f269d6da-1794-4b86-972d-dee07a8d18c0
Faulting package full name:
Faulting package-relative application ID:
------------

The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3438
Start Time: 01d2ecd1c3fd5572
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: d2e8f6d1-58c5-11e7-abe1-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

------------

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet
------------

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.
------------

Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: NetEventPacketCapture.dll, version: 10.0.14393.953, time stamp: 0x58ba5f01
Exception code: 0xc0000005
Fault offset: 0x00000000000160d3
Faulting process id: 0x2ac0
Faulting application start time: 0x01d2eccbedd58517
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\system32\wbem\NetEventPacketCapture.dll
Report Id: b3c6be28-9130-4da4-9330-364ddf7ea414
Faulting package full name:
Faulting package-relative application ID:
------------

The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2428
Start Time: 01d2ecbf4e6f4b9c
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: bef0ac76-58b2-11e7-abe1-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

------------

The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2210
Start Time: 01d2ecbd890397b2
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 41778048-58b2-11e7-abe1-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

------------

The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
------------

The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
------------

The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 29e0
Start Time: 01d2e9ac3c74f3db
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 52325e2f-5669-11e7-abe0-20cf305c4f2f
Faulting package full name:
Faulting package-relative application ID:

------------


----------( EOF)---------- - 5190 | 10:51:49

[/SPOILER

]
 

Attachments

Last edited by a moderator:
This log will take some time to look over, I will have a reply for you tomorrow. How is the machine running now?
 
Thanks. In general use there's no change, it's running ok as usual. I'll have to go back to the graphics intensive game to check if it still crashes. May find time today, otherwise it'd be next week. I'll update on how it goes.
 
Quick Diag Fix.



First please create a restore point!
Right click in Quick Diag Run as Admin.
Copy the content of the code box below to your clipboard.
Click on the S within the User Interface of the program.
Then click on Script.
Allow completion.
Post the log created in your next reply.

Code:
File::

C:\Program Files (x86)\CleanGenius 3
C:\Program Files (x86)\Unified Remote
C:\Users\Gary\AppData\Roaming\Unified Remote
C:\Users\Gary\Downloads\cleangenius_trial.exe
C:\Users\Gary\Downloads\drivereasy.exe
C:\Users\Gary\Downloads\DriverEasy_Setup-4-9-3.exe
C:\Program Files\Easeware
C:\ProgramData\Amigabit
C:\Users\Gary\AppData\Roaming\uTorrent
C:\Program Files (x86)\Google\Google Toolbar
C:\34fb5e777cfae65aef3a204032
C:\WINDOWS\SysWOW64\Redemption.dll
C:\Program Files (x86)\MarkAny
C:\WINDOWS\MASetupCaller.dll
C:\WINDOWS\MAMCityDownload.ocx
C:\WINDOWS\Installer\94a22be.msi
C:\WINDOWS\System32\gatherNetworkInfo.vbs
C:\WINDOWS\SysWOW64\CleanGenius3Trial.dll
C:\WINDOWS\SysWOW64\MACXMLProto.dll
C:\WINDOWS\SysWOW64\MaDRM.dll
C:\WINDOWS\SysWOW64\MaJGUILib.dll
C:\WINDOWS\SysWOW64\MAMACExtract.dll
C:\WINDOWS\SysWOW64\MASetupCleaner.exe
C:\WINDOWS\SysWOW64\MaXMLProto.dll
C:\Users\Gary\AppData\Local\GWX
C:\ProgramData\iolo
C:\ProgramData\McAfee
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanGenius 3
C:\Program Files (x86)\iolo
C:\Program Files\Phone Drivers Downloader
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
C:\WINDOWS\Syswow64\Drivers\utm2odcz.sys


Key::

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}_is1]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CleanGeniusTray]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Unified Remote v2]
[HKLM\Software\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib]
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Amigabit]
[HKU\S-1-5-21-3536061241-6043831-2542719734-1001\Software\McAfee]
[HKLM\Software\WOW6432Node\Adguard]
[HKLM\Software\WOW6432Node\Amigabit]
[HKLM\Software\WOW6432Node\Yahoo]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MarkAny]


ADS::

@C:\Program Files (x86)\Common Files\System:Win32App_1

CMD::

rd /s /q C:\Windows\Temp\*
del /f /q C:\Windows\Temp\*
###

Clean::
yes


SystemLook Inquiry.



Please download SystemLook from one of the links below and save it to your Desktop.

SystemLook (32-bit)
SystemLook (64-bit)

If you are not sure if your system is 32 or 64 bit please go HERE.
  • Once downloaded to your desktop right click the icon and select run as administrator to open it.
  • Should you receive any security or antivirus warnings when SystemLook runs you can safely ignore them and allow the program to run.
  • copy the contents of the following box and paste it into the main blank box of SystemLook. Be sure to include the colons.
Code:
 :regfind
{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}
{259F73BA-24B0-4D1A-9F92-5B087D8B988A}
{6AB85CE4-4E10-305C-2388-15B407E0E92C}
  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Note: The log can also be found on your Desktop titled SystemLook.txt

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (XP Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
C:\dvmexp;virustotal
C:\dvmexp.idx;virustotal
C:\TEMP BUP;virustotal
standardsearch;
filesrcm;
services-list;
startupall;
autoclean;


Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
 
"Please Enter A Valid Message"
I'll download SystemLook Inquiry now.

SystemLook 04.09.10 by jpshortstuff
Log created at 09:56 on 04/07/2017 by Gary
Administrator - Elevation successful
No Context: :regfind
No Context: {A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}
No Context: {259F73BA-24B0-4D1A-9F92-5B087D8B988A}
No Context: {6AB85CE4-4E10-305C-2388-15B407E0E92C}
-= EOF =-


SecurityCheck by glax24 & Severnyj v.1.4.0.51 [13.06.17]
WebSite: www.safezone.cc
DateLog: 04.07.2017 12:57:44
Path starting: C:\Users\Gary\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Gary
VersionXML: 4.46is-01.07.2017
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Professional Release: 1607 Lang: English(0409)
Installation date OS: 08.02.2017 12:45:16
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [931 Gb] Used: [523.6 Gb] Free: [407.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.1358.14393.0
User Account Control enabled
Notify before download
Notify before download
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service is running
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2003 v.11.0.8173.0
---------------------------- [ Antivirus_WMI ] ----------------------------
Kaspersky Total Security (enabled and up to date)
Windows Defender (disabled and up to date)
Malwarebytes (enabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Kaspersky Total Security (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Kaspersky Total Security (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Kaspersky Secure Connection v.17.0.0.611
Kaspersky Total Security v.17.0.0.611
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.1.2.1733 v.3.1.2.1733
Unchecky v1.0.2 v.1.0.2
Zemana AntiMalware v.2.74.0.76
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.01 (64-bit) v.5.01.0 Warning! Download Update
Microsoft Silverlight v.5.1.41212.0 Warning! Download Update
Foxit Reader v.8.3.0.14878
KeePass Password Safe 2.24 v.2.24
TeamViewer 12 v.12.0.78716
VLC media player v.2.2.6
OpenOffice 4.1.2 v.4.12.9782 Warning! Download Update
LibreOffice 5.3.3.2 v.5.3.3.2 Warning! Download Update
TeamViewer 12 (TeamViewer) - The service is running
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.0 v.7.0.102 Warning! Download Update
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 121 v.8.0.1210.13 Warning! Download Update
Uninstall old version and install new one (jre-8u131-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 26 NPAPI v.26.0.0.131
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 54.0.1 (x86 en-US) v.54.0.1
Google Chrome v.59.0.3071.115
Mozilla Firefox 54.0 (x86 en-US) v.54.0 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.54.0.1.6388
------------------ [ AntivirusFirewallProcessServices ] -------------------
Kaspersky Anti-Virus Service 17.0.0 (AVP17.0.0) - The service is running
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe v.17.0.0.611
klvssbrigde64 (klvssbrigde64) - The service has stopped
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe v.17.0.0.643
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe v.17.0.0.611
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe v.17.0.0.643
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1068
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.479
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.74.0.76
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
 

Attachments

Last edited by a moderator:
You asked how the machine was running now. Retried the graphic intensive game, it didn't take long to create this.
 

Attachments

I've analyzed your dump file. It's caused by the Nvidia driver. It has a bug check code of 0x119, which refers to VIDEO_SCHEDULER_INTERNAL_ERROR. It has a parameter of 1, which means the driver has reported an invalid fence ID.

Are you graphics drivers up-to-date?
 
Keeping the drivers up to date messes the thing up "big time". You may check the thread linked to in my original post. The PC is currently using the modified one to overcome a known issue. But without total success it seems. I was trying to ascertain if the continuing issue was the same as that in the previous thread, and whether I was now left with no other option with having to buy a new graphics card (and maybe advice on that) or whether it was a different problem and there was still something that could be done.
 
Can you re-run this for me please.

SystemLook Inquiry.


Please download SystemLook from one of the links below and save it to your Desktop.

SystemLook (32-bit)
SystemLook (64-bit)

If you are not sure if your system is 32 or 64 bit please go HERE.
  • Once downloaded to your desktop right click the icon and select run as administrator to open it.
  • Should you receive any security or antivirus warnings when SystemLook runs you can safely ignore them and allow the program to run.
  • copy the contents of the following box and paste it into the main blank box of SystemLook. Be sure to include the colons.
Code:
:regfind
{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}
{259F73BA-24B0-4D1A-9F92-5B087D8B988A}
{6AB85CE4-4E10-305C-2388-15B407E0E92C}

  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Note: The log can also be found on your Desktop titled SystemLook.txt
 
Just noticed the warning pasted further up. I'll check them when I can, but they ought not be running when I have the game playing. Not even sure how I got a Skype toolbar or even where it is, or which browser.

I have the systemlook from earlier; I'll run the script now and see what happens.


SystemLook 04.09.10 by jpshortstuff
Log created at 18:11 on 07/07/2017 by Gary
Administrator - Elevation successful
========== regfind ==========
Searching for "{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EC72574-3B22-4927-8F45-63E15D9FD91D}]
"Path"="\{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EC72574-3B22-4927-8F45-63E15D9FD91D}]
"URI"="{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}]

Searching for "{259F73BA-24B0-4D1A-9F92-5B087D8B988A}"
No data found.

Searching for "{6AB85CE4-4E10-305C-2388-15B407E0E92C}"
 
Last edited:
File Search.

Get the Everything Search Engine
Install Program, Right Click Run As Admin. Type C:\Windows\System32\Tasks into to search window.
Then Click Edit.
Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard. >>>>> Paste content of clipboard, here in your next reply.
 
Parts of Mcafee antivirus still seem to be running on your machine.

fffff803`ec930000 fffff803`ec9be000 mcupdate mcupdate.dll

Please run the Mcafee removal tool, and make sure and delete this file.

mcupdate.dll
 
That's strange for I can't recall McAfee ever being installed. Will check it out Tuesday. Thanks.

Come to think of it, it may have been put on unrequested as a PUP when installing other things. If so, it would've been on momentarily only.

C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\.NET Framework
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Active Directory Rights Management Services Client
C:\Windows\System32\Tasks\Microsoft\Windows\AppID
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppID
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Application Experience
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ApplicationData
C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppxDeploymentClient
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Autochk
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Bluetooth
C:\Windows\System32\Tasks\Microsoft\Windows\UNP\Campaigns
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient
C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Chkdsk
C:\Windows\System32\Tasks\Microsoft\Windows\Clip
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Clip
C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CloudExperienceHost
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Customer Experience Improvement Program
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Data Integrity Scan
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Defrag
C:\Windows\System32\Tasks\Microsoft\Windows\Device Information
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Device Information
C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Device Setup
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Diagnosis
C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskCleanup
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskDiagnostic
C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskFootprint
C:\Windows\System32\Tasks\Microsoft\Windows\DUSM
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DUSM
C:\Windows\System32\Tasks\Microsoft\Windows\EDP
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\EDP
C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\EnterpriseMgmt
C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ErrorDetails
C:\Windows\System32\Tasks\Event Viewer Tasks
C:\Windows\System32\Tasks_Migrated\Event Viewer Tasks
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\Extender
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\Extender
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Feedback
C:\Windows\System32\Tasks\Microsoft\Windows\File Classification Infrastructure
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\File Classification Infrastructure
C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\FileHistory
C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\LanguageComponentsInstaller
C:\Windows\System32\Tasks\Microsoft\Windows\License Manager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\License Manager
C:\Windows\System32\Tasks\Microsoft\Windows\Live
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Live
C:\Windows\System32\Tasks\Microsoft\Windows\Location
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Location
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Maintenance
C:\Windows\System32\Tasks\Microsoft\Windows\Management
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Management
C:\Windows\System32\Tasks\Microsoft\Windows\Maps
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Maps
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MemoryDiagnostic
C:\Windows\System32\Tasks\Microsoft
C:\Windows\System32\Tasks_Migrated\Microsoft
C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Mobile Broadband Accounts
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MobilePC
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MUI
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Multimedia
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\NetTrace
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\NetworkAccessProtection
C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\NlaSvc
C:\Windows\System32\Tasks\Microsoft\Windows\Offline Files
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Offline Files
C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PerfTrack
C:\Windows\System32\Tasks\Microsoft\Windows\PI
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PI
C:\Windows\System32\Tasks\Microsoft\Windows\PLA
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PLA
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Plug and Play
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Power Efficiency Diagnostics
C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Management\Provisioning
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RAC
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Ras
C:\Windows\System32\Tasks\Microsoft\Windows\RecoveryEnvironment
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RecoveryEnvironment
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Registry
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RemoteApp and Desktop Connections Update
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RemoteAssistance
C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RemovalTools
C:\Windows\System32\Tasks\Microsoft\Windows\RetailDemo
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RetailDemo
C:\Windows\System32\Tasks\Microsoft\Windows\Live\Roaming
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Live\Roaming
C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Servicing
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SettingSync
C:\Windows\System32\Tasks\Microsoft\Windows\Setup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Setup
C:\Windows\System32\Tasks\Microsoft\Windows\SharedPC
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SharedPC
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SideShow
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Feedback\Siuf
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SoftwareProtectionPlatform
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SpacePort
C:\Windows\System32\Tasks\Microsoft\Windows\Speech
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Speech
C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Storage Tiers Management
C:\Windows\System32\Tasks\Microsoft\Windows\Subscription
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Subscription
C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SyncCenter
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Sysmain
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PLA\System
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SystemRestore
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Task Manager
C:\Windows\System32\Tasks
C:\Windows\System32\Tasks_Migrated
C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TaskScheduler
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Tcpip
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TextServicesFramework
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Time Synchronization
C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Time Zone
C:\Windows\System32\Tasks\Microsoft\Windows\TPM
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TPM
C:\Windows\System32\Tasks\Microsoft\Windows\UNP
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UPnP
C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\User Profile Service
C:\Windows\System32\Tasks\Microsoft\Windows\WCM
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WCM
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WDI
C:\Windows\System32\Tasks\Microsoft\Windows
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Activation Technologies
C:\Windows\System32\Tasks\Microsoft\Windows Defender
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows Defender
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Defender
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Error Reporting
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Filtering Platform
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Media Sharing
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsBackup
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsColorSystem
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Wininet
C:\Windows\System32\Tasks\Microsoft\Windows\WOF
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WOF
C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Work Folders
C:\Windows\System32\Tasks\Microsoft\Windows\Workplace Join
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Workplace Join
C:\Windows\System32\Tasks\WPD
C:\Windows\System32\Tasks_Migrated\WPD
C:\Windows\System32\Tasks\Microsoft\Windows\WS
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WS
C:\Windows\System32\Tasks\Microsoft\XblGameSave
C:\Windows\System32\Tasks_Migrated\Microsoft\XblGameSave
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
C:\Windows\System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SharedPC\Account Cleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\ActivateWindowsSearch
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
C:\Windows\System32\Tasks_Migrated\Adobe Flash Player Updater
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ApplicationData\appuriverifierdaily
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ApplicationData\appuriverifierinstall
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate\Automatic App Update
C:\Windows\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Workplace Join\Automatic-Device-Join
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\AutoWake
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SideShow\AutoWake
C:\Windows\System32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Offline Files\Background Synchronization
C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SettingSync\BackgroundUploadTask
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SettingSync\BackupTask
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet\CacheTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Wininet\CacheTask
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsColorSystem\Calibration Loader
C:\Windows\System32\Tasks\CCleanerSkipUAC
C:\Windows\System32\Tasks_Migrated\CCleanerSkipUAC
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ApplicationData\CleanupTemporaryState
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\ConfigureInternetTimeService
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost\CreateObjectTask
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CloudExperienceHost\CreateObjectTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\CreateObjectTask
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
C:\Windows\System32\Tasks\Microsoft\Windows\Device Information\Device
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Device Information\Device
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Plug and Play\Device Install Group Policy
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Plug and Play\Device Install Reboot Required
C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskFootprint\Diagnostics
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\DispatchRecoveryTasks
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Feedback\Siuf\DmClient
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ApplicationData\DsSvcCleanup
C:\Windows\System32\Tasks\Microsoft\Windows\DUSM\dusmtask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DUSM\dusmtask
C:\Windows\System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\EDP\EDP App Launch Task
C:\Windows\System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\EDP\EDP Auth Task
C:\Windows\System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppID\EDP Policy Manager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\ehDRMInit
C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
C:\Windows\System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Subscription\EnableLicenseAcquisition
C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\FamilySafetyMonitor
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\FamilySafetyRefreshTask
C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\FileHistory\File History (maintenance mode)
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SideShow\GadgetManager
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\NetTrace\GatherNetworkInfo
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\User Profile Service\HiveUploadTask
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC\HotStart
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MobilePC\HotStart
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\LanguageComponentsInstaller\Installation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\InstallPlayReady
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager\Interactive
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Task Manager\Interactive
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Tcpip\IpAddressConflict1
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Tcpip\IpAddressConflict2
C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
C:\Windows\System32\Tasks_Migrated\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
C:\Windows\System32\Tasks\Microsoft\Windows\Clip\License Validation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Clip\License Validation
C:\Windows\System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Subscription\LicenseAcquisition
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Management\Provisioning\Logon
C:\Windows\System32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Offline Files\Logon Synchronization
C:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MUI\LPRemove
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Maintenance Install
C:\Windows\System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Maps\MapsToastTask
C:\Windows\System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Maps\MapsUpdateTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\mcupdate
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\mcupdate_scheduled
C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\MediaCenterRecoveryTask
C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Device Setup\Metadata Refresh
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
C:\Windows\System32\Tasks_Migrated\Microsoft_Hardware_Launch_ipoint_exe
C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
C:\Windows\System32\Tasks_Migrated\Microsoft_Hardware_Launch_itype_exe
C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
C:\Windows\System32\Tasks_Migrated\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
C:\Windows\System32\Tasks_Migrated\Microsoft_MKC_Logon_Task_ipoint.exe
C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
C:\Windows\System32\Tasks_Migrated\Microsoft_MKC_Logon_Task_itype.exe
C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
C:\Windows\System32\Tasks\Microsoft\Windows\Ras\MobilityManager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Ras\MobilityManager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows Defender\MP Scheduled Scan
C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RemovalTools\MRT_HB
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SettingSync\NetworkStateChangeTask
C:\Windows\System32\Tasks\Microsoft\Windows\Location\Notifications
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Location\Notifications
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\OCURActivate
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\OCURDiscovery
C:\Windows\System32\Tasks_Migrated\OneDrive Standalone Update Task
C:\Windows\System32\Tasks_Migrated\OneDrive Standalone Update Task v2
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\PBDADiscovery
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\PBDADiscoveryW1
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\PBDADiscoveryW2
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\PeriodicScanRetry
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Policy Install
C:\Windows\System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppID\PolicyConverter
C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Chkdsk\ProactiveScan
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
C:\Windows\System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk\Proxy
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Autochk\Proxy
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\PvrRecoveryTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\PvrScheduleTask
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Error Reporting\QueueReporting
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Reboot
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\RecordingRestart
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Refresh Settings
C:\Windows\System32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Registry\RegIdleBackup
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\RegisterSearch
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\ReindexSearchRoot
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
C:\Windows\System32\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Sysmain\ResPriStaticDbSync
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Resume On Boot
C:\Windows\System32\Tasks\Microsoft\Windows\UNP\RunCampaignManager
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Diagnosis\Scheduled
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate\Scheduled Start
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Defrag\ScheduledDefrag
C:\Windows\System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PI\Secure-Boot-Update
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SideShow\SessionAgent
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\sih
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate\sih
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate\sihboot
C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskCleanup\SilentCleanup
C:\Windows\System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppID\SmartScreenSpecific
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SpacePort\SpaceAgentTask
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SpacePort\SpaceManagerTask
C:\Windows\System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Speech\SpeechModelDownloadTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\SqlLiteRecoveryTask
C:\Windows\System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PI\Sqm-Tasks
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore\SR
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SystemRestore\SR
C:\Windows\System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Servicing\StartComponentCleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\StartRecording
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Application Experience\StartupAppTask
C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskFootprint\StorageSense
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Time Synchronization\SynchronizeTime
C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Time Zone\SynchronizeTimeZone
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SideShow\SystemDataProviders
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Multimedia\SystemSoundsService
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\SystemTask
C:\Windows\System32\taskschd.dll
C:\Windows\System32\taskschd.msc
C:\Windows\System32\TaskSchdPS.dll
C:\Windows\System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\License Manager\TempSignedLicenseExchange
C:\Windows\System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TPM\Tpm-HASCertRetr
C:\Windows\System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TPM\Tpm-Maintenance
C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Bluetooth\UninstallDeviceTask
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Media Center\UpdateRecordPath
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UPnP\UPnPHostConfig
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CCE1708-B600-4932-8034-8692F7D4C5A2}
C:\Windows\System32\Tasks_Migrated\User_Feed_Synchronization-{9CCE1708-B600-4932-8034-8692F7D4C5A2}
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\UserTask
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
C:\Windows\System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
C:\Windows\System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc\WiFiTask
C:\Windows\System32\Tasks\Microsoft\Windows\WCM\WiFiTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\NlaSvc\WiFiTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WCM\WiFiTask
C:\Windows\System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WOF\WIM-Hash-Management
C:\Windows\System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WOF\WIM-Hash-Validation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Defender\Windows Defender Cleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Defender\Windows Defender Verification
C:\Windows\System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Location\WindowsActionDialog
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\WindowsParentalControls
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\WindowsParentalControlsMigration
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\WinSAT
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Maintenance\WinSAT
C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
C:\Windows\System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask
C:\Windows\System32\Tasks_Migrated\Microsoft\XblGameSave\XblGameSaveTask
C:\Windows\System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon
C:\Windows\System32\Tasks_Migrated\Microsoft\XblGameSave\XblGameSaveTaskLogon
C:\Windows\System32\Tasks_Migrated\{44F8EF0D-6116-4556-A439-59B34298EAE1}
C:\Windows\System32\Tasks_Migrated\{93F15C11-7E15-4726-AE8C-21F927221F09}
C:\Windows\System32\Tasks\{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}
C:\Windows\System32\Tasks_Migrated\{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}
C:\Windows\System32\Tasks_Migrated\{F3DE1933-B73E-4AD8-83BB-B8886240C951}
 
Last edited:
Probably just as well there's been a delay in suggesting anything further. Just experienced further issues with the PC which means that I'm unsure where that leaves this thread.

Noticed one of the CPU fans was slowing down, and it eventually stopped. Thought it may be part of some fan control so wasn't overly worried. I presently have two cpu fans and needed to use an adaptor from Maplin to get them both connected to the single motherboard plug. But now see both have stopped. (Unfortunately adaptor only offered one 3 wire plug, as required, and the other fan had to tolerate a 2 wire plug.) Meter probes are difficult to connect to check, but the voltage looks low to me. Unsure why that would result in no movement at all though. Annoyingly motherboard plug has 4 pins and no tag to ensure correct connection, not to mention next to no space to get the wires and fingers down to make the connection.

Can't imagine what we've done so far would affect the fans but something's happened. And to put the icing on top the cake I now see one of the three base fans in the case isn't moving also.

I don't know if it's fan problems or power supply problems or something else, but it's not in a good state at present.

Just a thought. Can one avoid the CPU_FAN motherboard plug altogether by installing some kind of fan controller ? In which case how would it be powered ?

One small update re the new fan issue. Against my better judgement I managed to pull the fan off of the cpu heatsink and I put a 9v battery across the red and black wires. Fan spun just fine. Must be a motherboard or power supply issue. :-(
 
Last edited:
Status
Not open for further replies.